Book Image

The Kubernetes Workshop

By : Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb
5 (1)
Book Image

The Kubernetes Workshop

5 (1)
By: Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb

Overview of this book

Thanks to its extensive support for managing hundreds of containers that run cloud-native applications, Kubernetes is the most popular open source container orchestration platform that makes cluster management easy. This workshop adopts a practical approach to get you acquainted with the Kubernetes environment and its applications. Starting with an introduction to the fundamentals of Kubernetes, you’ll install and set up your Kubernetes environment. You’ll understand how to write YAML files and deploy your first simple web application container using Pod. You’ll then assign human-friendly names to Pods, explore various Kubernetes entities and functions, and discover when to use them. As you work through the chapters, this Kubernetes book will show you how you can make full-scale use of Kubernetes by applying a variety of techniques for designing components and deploying clusters. You’ll also get to grips with security policies for limiting access to certain functions inside the cluster. Toward the end of the book, you’ll get a rundown of Kubernetes advanced features for building your own controller and upgrading to a Kubernetes cluster without downtime. By the end of this workshop, you’ll be able to manage containers and run cloud-based applications efficiently using Kubernetes.
Table of Contents (20 chapters)
Preface

Kubernetes RBAC

Before we dive into RBAC, recall from Chapter 4, How to Communicate with Kubernetes (API Server), how Kubernetes authorizes requests to the API. We learned that there are three stages – Authentication, Authorization, and AdmissionControl. We will learn more about Admission Controllers in Chapter 16, Kubernetes Admission Controllers.

Kubernetes supports multiple different methods of authenticating with the cluster, and you'll want to reference your cloud provider's documentation to get more details on their specific implementation.

Authorization logic is handled through something called RBAC. It stands for role-based access control and it's the foundation of how we constrain certain users and groups to the minimum necessary permissions to perform their job. This is based on a concept in software security called "the principle of least privilege." For example, if you are a software engineer for a credit card processing company, Payment...