Book Overview & Buying
Table Of Contents

Kubernetes - A Complete DevOps Cookbook

By : Karslioglu

4.5 (4)

Buy this Book

Kubernetes - A Complete DevOps Cookbook

4.5 (4)

By: Karslioglu

Buy this Book

Overview of this book

Kubernetes is a popular open source orchestration platform for managing containers in a cluster environment. With this Kubernetes cookbook, you’ll learn how to implement Kubernetes using a recipe-based approach. The book will prepare you to create highly available Kubernetes clusters on multiple clouds such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Azure, Alibaba, and on-premises data centers. Starting with recipes for installing and configuring Kubernetes instances, you’ll discover how to work with Kubernetes clients, services, and key metadata. You’ll then learn how to build continuous integration/continuous delivery (CI/CD) pipelines for your applications, and understand various methods to manage containers. As you advance, you’ll delve into Kubernetes' integration with Docker and Jenkins, and even perform a batch process and configure data volumes. You’ll get to grips with methods for scaling, security, monitoring, logging, and troubleshooting. Additionally, this book will take you through the latest updates in Kubernetes, including volume snapshots, creating high availability clusters with kops, running workload operators, new inclusions around kubectl and more. By the end of this book, you’ll have developed the skills required to implement Kubernetes in production and manage containers proficiently.

Preface

Who this book is for

What this book covers

To get the most out of this book

Sections

Get in touch

Building Production-Ready Kubernetes Clusters

Technical requirements

Configuring a Kubernetes cluster on Amazon Web Services

Configuring a Kubernetes cluster on Google Cloud Platform

Configuring a Kubernetes cluster on Microsoft Azure

Configuring a Kubernetes cluster on Alibaba Cloud

Configuring and managing Kubernetes clusters with Rancher

Configuring Red Hat OpenShift

Configuring a Kubernetes cluster using Ansible

Troubleshooting installation issues

Free Chapter

Operating Applications on Kubernetes

Technical requirements

Deploying workloads using YAML files

Deploying workloads using Kustomize

Deploying workloads using Helm charts

Deploying and operating applications using Kubernetes operators

Deploying and managing the life cycle of Jenkins X

Deploying and managing the life cycle of GitLab

Building CI/CD Pipelines

Technical requirements

Creating a CI/CD pipeline in Jenkins X

Creating a CI/CD pipeline in GitLab

Creating a CI/CD pipeline in CircleCI

Setting up a CI/CD pipeline using GitHub Actions

Setting up a CI/CD pipeline on Amazon Web Services

Setting up a CI/CD pipeline with Spinnaker on Google Cloud Build

Setting up a CI/CD pipeline on Azure DevOps

Automating Tests in DevOps

Technical requirements

Building event-driven automation with StackStorm

Automating tests with the Litmus framework

Automating Chaos Engineering with Gremlin

Automating your code review with Codacy

Detecting bugs and anti-patterns with SonarQube

Detecting license compliance issues with FOSSA

Preparing for Stateful Workloads

Technical requirements

Managing Amazon EBS volumes in Kubernetes

Managing GCE PD volumes in Kubernetes

Managing Azure Disk volumes in Kubernetes

Configuring and managing persistent storage using Rook

Configuring and managing persistent storage using OpenEBS

Setting up NFS for shared storage on Kubernetes

Troubleshooting storage issues

Disaster Recovery and Backup

Technical requirements

Configuring and managing S3 object storage using MinIO

Managing Kubernetes Volume Snapshots and restore

Application backup and recovery using Velero

Application backup and recovery using Kasten

Cross-cloud application migration

Scaling and Upgrading Applications

Technical requirements

Scaling applications on Kubernetes

Assigning applications to nodes

Creating an external load balancer

Creating an ingress service and service mesh using Istio

Creating an ingress service and service mesh using Linkerd

Auto-healing pods in Kubernetes

Managing upgrades through blue/green deployments

Observability and Monitoring on Kubernetes

Technical requirements

Monitoring in Kubernetes

Inspecting containers

Monitoring using Amazon CloudWatch

Monitoring using Google Stackdriver

Monitoring using Azure Monitor

Monitoring Kubernetes using Prometheus and Grafana

Monitoring and performance analysis using Sysdig

Managing the cost of resources using Kubecost

Securing Applications and Clusters

Technical requirements

Using RBAC to harden cluster security

Configuring Pod Security Policies

Using Kubernetes CIS Benchmark for security auditing

Building DevSecOps into the pipeline using Aqua Security

Monitoring suspicious application activities using Falco

Securing credentials using HashiCorp Vault

Logging with Kubernetes

Technical requirements

Accessing Kubernetes logs locally

Accessing application-specific logs

Building centralized logging in Kubernetes using the EFK stack

Logging Kubernetes using Google Stackdriver

Using a managed Kubernetes logging service

Logging for your Jenkins CI/CD environment

Other Books You May Enjoy

Leave a review - let other readers know what you think

Using RBAC to harden cluster security

In a complex system such as Kubernetes, authorization mechanisms are used to set who is allowed to make what changes to the cluster resources and manipulate them. Role-based access control (RBAC) is a mechanism that's highly integrated into Kubernetes that grants users and applications granular access to Kubernetes APIs.

As good practice, you should use the Node and RBAC authorizers together with the NodeRestriction admission plugin.

In this section, we will cover getting RBAC enabled and creating Roles and RoleBindings to grant applications and users access to the cluster resources.

Getting ready

Make sure you have an RBAC-enabled Kubernetes cluster ready (since Kubernetes 1.6, RBAC is enabled by default) and that kubectl and helm have been configured so that you can manage the cluster resources. Creating private keys will also require that you have the openssl tool before you attempt to create keys for users.

Clone the k8sdevopscookbook/src...

Tech Concepts

Programming languages

Tech Tools