Book Image

The Kubernetes Workshop

By : Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb
5 (1)
Book Image

The Kubernetes Workshop

5 (1)
By: Zachary Arnold, Sahil Dua, Wei Huang, Faisal Masood, Mélony Qin, Mohammed Abu Taleb

Overview of this book

Thanks to its extensive support for managing hundreds of containers that run cloud-native applications, Kubernetes is the most popular open source container orchestration platform that makes cluster management easy. This workshop adopts a practical approach to get you acquainted with the Kubernetes environment and its applications. Starting with an introduction to the fundamentals of Kubernetes, you’ll install and set up your Kubernetes environment. You’ll understand how to write YAML files and deploy your first simple web application container using Pod. You’ll then assign human-friendly names to Pods, explore various Kubernetes entities and functions, and discover when to use them. As you work through the chapters, this Kubernetes book will show you how you can make full-scale use of Kubernetes by applying a variety of techniques for designing components and deploying clusters. You’ll also get to grips with security policies for limiting access to certain functions inside the cluster. Toward the end of the book, you’ll get a rundown of Kubernetes advanced features for building your own controller and upgrading to a Kubernetes cluster without downtime. By the end of this workshop, you’ll be able to manage containers and run cloud-based applications efficiently using Kubernetes.
Table of Contents (20 chapters)
Preface

NetworkPolicies

NetworkPolicy objects in Kubernetes are essentially Network Access Control Lists but at the Pod and namespace level. They work by using label selection (such as Services) or by indicating a CIDR IP address range to allow on a particular port/protocol.

This is immensely helpful for ensuring security, especially when you have multiple microservices running on a cluster. Now, imagine you have a cluster that hosts many applications for your company. It hosts a marketing website that runs an open-source library, a database server with sensitive data, and an application server that controls access to that data. If the marketing website doesn't need to access the database, then there should be no reason for it to be allowed access to the database. By using a NetworkPolicy, we can prevent an exploit or a bug in the marketing website from allowing an attacker to expand that attack so that they can access your business data by preventing the marketing website Pod from...