Book Image

Kubernetes and Docker - An Enterprise Guide

By : Scott Surovich, Marc Boorshtein
Book Image

Kubernetes and Docker - An Enterprise Guide

By: Scott Surovich, Marc Boorshtein

Overview of this book

Containerization has changed the DevOps game completely, with Docker and Kubernetes playing important roles in altering the flow of app creation and deployment. This book will help you acquire the knowledge and tools required to integrate Kubernetes clusters in an enterprise environment. The book begins by introducing you to Docker and Kubernetes fundamentals, including a review of basic Kubernetes objects. You’ll then get to grips with containerization and understand its core functionalities, including how to create ephemeral multinode clusters using kind. As you make progress, you’ll learn about cluster architecture, Kubernetes cluster deployment, and cluster management, and get started with application deployment. Moving on, you’ll find out how to integrate your container to a cloud platform and integrate tools including MetalLB, externalDNS, OpenID connect (OIDC), pod security policies (PSPs), Open Policy Agent (OPA), Falco, and Velero. Finally, you will discover how to deploy an entire platform to the cloud using continuous integration and continuous delivery (CI/CD). By the end of this Kubernetes book, you will have learned how to create development clusters for testing applications and Kubernetes components, and be able to secure and audit a cluster by implementing various open-source solutions including OpenUnison, OPA, Falco, Kibana, and Velero.
Table of Contents (20 chapters)
1
Section 1: Docker and Container Fundamentals
5
Section 2: Creating Kubernetes Development Clusters, Understanding objects, and Exposing Services
9
Section 3: Running Kubernetes in the Enterprise

Introducing Falco

Falco is an open source system from Sysdig that adds anomaly detection functionality for pods in Kubernetes clusters. Out of the box, Falco includes a base set of powerful, community-created rules that can monitor a number of potentially malicious events, including the following:

  • When a user attempts to modify a file under /etc
  • When a user spawns a shell on a pod
  • When a user stores sensitive information in a secret
  • When a pod attempts to make a call to the Kubernetes API server
  • Any attempts to modify a system ClusterRole
  • Or any other custom rule you create to meet your needs

When Falco is running on a Kubernetes cluster it watches events, and based on a set of rules, it logs events on the Falco pod that can be picked up by a system such as Fluentd, which would then forward the event to an external logging system.

In this chapter, we will explain the configuration of Falco using the technical requirements for our company scenario...