Book Image

The Kubernetes Workshop

By : Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb
5 (1)
Book Image

The Kubernetes Workshop

5 (1)
By: Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb

Overview of this book

Thanks to its extensive support for managing hundreds of containers that run cloud-native applications, Kubernetes is the most popular open source container orchestration platform that makes cluster management easy. This workshop adopts a practical approach to get you acquainted with the Kubernetes environment and its applications. Starting with an introduction to the fundamentals of Kubernetes, you’ll install and set up your Kubernetes environment. You’ll understand how to write YAML files and deploy your first simple web application container using Pod. You’ll then assign human-friendly names to Pods, explore various Kubernetes entities and functions, and discover when to use them. As you work through the chapters, this Kubernetes book will show you how you can make full-scale use of Kubernetes by applying a variety of techniques for designing components and deploying clusters. You’ll also get to grips with security policies for limiting access to certain functions inside the cluster. Toward the end of the book, you’ll get a rundown of Kubernetes advanced features for building your own controller and upgrading to a Kubernetes cluster without downtime. By the end of this workshop, you’ll be able to manage containers and run cloud-based applications efficiently using Kubernetes.
Table of Contents (20 chapters)
Preface

Threat Modeling

It is far beyond the scope of this chapter to adequately teach many of the necessary disciplines of security so that you have a rigorous understanding of how modern workload security should be implemented and orchestrated. However, we will briefly gain an idea of how we should be thinking about it. Threat modeling is a discipline where we examine the various areas where our applications could be subject to an attack or unauthorized usage.

For example, consider an HTTP web server. It will typically have ports 80 and 443 exposed for serving web traffic, but it also acts as an entry point for any potential attackers. It may have a web management console exposed at a certain port. It may have certain other management ports open and API access to allow other software to manage it for automation purposes. The application runtime may need to regularly handle sensitive data. The entire end-to-end pipeline meant to create and deliver the application could expose various points...