Book Image

The Kubernetes Book

By : Nigel Poulton, Pushkar Joglekar
Book Image

The Kubernetes Book

By: Nigel Poulton, Pushkar Joglekar

Overview of this book

Kubernetes is the leading orchestrator of cloud-native apps. With knowledge of how to work with Kubernetes, you can easily deploy and manage applications on the cloud or in your on-premises data center. The book begins by introducing you to Kubernetes and showing you how to install it. You’ll learn how to use Kubernetes Services and bring stable and reliable networking to apps that are deployed on Kubernetes. You'll delve deep into the powerful storage subsystem of Kubernetes and learn how to leverage the variety of external storage backends in your applications. As the book progresses, it shows you how to use features such as DaemonSets, Helm, and RBAC to enhance your Kubernetes applications. You'll explore the six categories of identifying vulnerabilities and look at a few ways to prevent and mitigate them. You'll also look at ways to secure the software delivery pipeline by discussing some image-related best practices. The book ends by sharing with you some resources that’ll help take your Kubernetes knowledge to the next level. By the end of the book, you’ll have the confidence and skills to leverage all the features of Kubernetes to develop scalable applications.

Related Content you might be interested in

Current Title:

Small book image
The Kubernetes Book
Nigel Poulton | Pushkar Joglekar
Jun, 2019 | 228 pages
Small book image
The KCNA Book
Nigel Poulton
Jun, 2023 | 197 pages
Small book image
The DevOps 2.3 Toolkit
Viktor Farcic
Sep, 2018 | 418 pages
Small book image
The Kubernetes Bible
Nassim Kebbani | Russ McKendrick | Piotr Tylenda
Feb, 2022 | 680 pages
Table of Contents (23 chapters)
Preface
Preface
About the Book
Free Chapter
1
Chapter 1
Chapter 1
2
Kubernetes Primer
Kubernetes Primer
Kubernetes Background
Where did Kubernetes Come From?
A Data Center OS
Summary
3
Chapter 2
Chapter 2
4
Kubernetes Principles of Operation
Kubernetes Principles of Operation
Kubernetes from 40k Feet
Masters and Nodes
Summary
5
Chapter 3
Chapter 3
6
Installing Kubernetes
Installing Kubernetes
Play with Kubernetes
Docker Desktop
Minikube
Google Kubernetes Engine (GKE)
Summary
7
Chapter 4
Chapter 4
8
Working with Pods
Working with Pods
Pod Theory
Hands-On with Pods
Summary
9
Chapter 5
Chapter 5
10
Kubernetes Deployments
Kubernetes Deployments
Deployment Theory
How to Create a Deployment
Performing a Rolling Update
How to Perform a Rollback
Summary
11
Chapter 6
Chapter 6
12
Kubernetes Services
Kubernetes Services
Setting the Scene
Hands-On with Services
Real-World Example
Summary
13
Chapter 7
Chapter 7
14
Kubernetes Storage
Kubernetes Storage
The Big Picture
Storage Providers
The Container Storage Interface (CSI)
The Kubernetes Persistent Volume Subsystem
Storage Classes and Dynamic Provisioning
Demo
Summary
15
Chapter 8
Chapter 8
16
Other Important Kubernetes Stuff
Other Important Kubernetes Stuff
DaemonSets
StatefulSets
Jobs and CronJobs
Autoscaling
Role-Based Access Control (RBAC)
Helm
Summary
17
Chapter 9
Chapter 9
18
Threat Modeling Kubernetes
Threat Modeling Kubernetes
Threat Model
Spoofing
Tampering
Repudiation
Information Disclosure
Denial of Service
Elevation of Privilege
Pod Security Policies
Summary
19
Chapter 10
Chapter 10
20
Real-World Kubernetes Security
Real-World Kubernetes Security
CI/CD Pipeline
Infrastructure and Networking
Identity and Access Management (IAM)
Auditing and Security Monitoring
Real-World Example
Summary
21
Chapter 11
Chapter 11
22
What Next
What Next
Practice Makes Perfect
More Books
Events and Meetups
Feedback

Denial of Service

Denial of Service (DoS) is all about making something unavailable. There are many types of DoS attack, but a well-known variation is overloading a system to the point it can no longer serve requests. In the Kubernetes world, a potential attack might be to overload the API server so that cluster operations grind to a halt (even essential system services have to communicate via the API server).

Let's take a look at some potential Kubernetes systems that might be targets of DoS attacks, and some ways to protect against and mitigate them.

Protecting Cluster Resources against DoS Attacks

It's a time-honored best practice to replicate essential control plane services on multiple nodes for high availability (HA). Kubernetes is no different, and you should run multiple master nodes in an HA configuration for your production environments. Doing this will prevent a single master from becoming a single point of failure. In relation to certain types of DoS...

Previous Section
End of Section 7
Next Section