Book Image

Getting Started with Kubernetes - Third Edition

By : Jonathan Baier, Jesse White
Book Image

Getting Started with Kubernetes - Third Edition

By: Jonathan Baier, Jesse White

Overview of this book

Kubernetes has continued to grow and achieve broad adoption across various industries, helping you to orchestrate and automate container deployments on a massive scale. Based on the recent release of Kubernetes 1.12, Getting Started with Kubernetes gives you a complete understanding of how to install a Kubernetes cluster. The book focuses on core Kubernetes constructs, such as pods, services, replica sets, replication controllers, and labels. You will understand cluster-level networking in Kubernetes, and learn to set up external access to applications running in the cluster. As you make your way through the book, you'll understand how to manage deployments and perform updates with minimal downtime. In addition to this, you will explore operational aspects of Kubernetes , such as monitoring and logging, later moving on to advanced concepts such as container security and cluster federation. You'll get to grips with integrating your build pipeline and deployments within a Kubernetes cluster, and be able to understand and interact with open source projects. In the concluding chapters, you'll orchestrate updates behind the scenes, avoid downtime on your cluster, and deal with underlying cloud provider instability within your cluster. By the end of this book, you'll have a complete understanding of the Kubernetes platform and will start deploying applications on it.

Related Content you might be interested in

Current Title:

Small book image
Getting Started with Kubernetes - Third Edition
Jonathan Baier | Jesse White
Oct, 2018 | 470 pages
Small book image
Mastering Kubernetes
Gigi Sayfan
Apr, 2018 | 468 pages
Small book image
Kubernetes Cookbook
HuiChuan Chloe Lee | KeJou Carol Hsu | Hideto Saito
May, 2018 | 554 pages
Small book image
Cloud Native with Kubernetes
Alexander Raul
Jan, 2021 | 446 pages
Table of Contents (23 chapters)
Title Page
Title Page
Dedication
Dedication
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Introduction to Kubernetes
Introduction to Kubernetes
Technical requirements
A brief overview of containers
Why are containers so cool?
The advantages of Continuous Integration/Continuous Deployment
Microservices and orchestration
Our first clusters
Working with other providers
Summary
Questions
Further reading
2
Building a Foundation with Core Kubernetes Constructs
Building a Foundation with Core Kubernetes Constructs
Technical requirements
Core constructs
Our first Kubernetes application
Health checks
Application scheduling
Summary
Questions
Further reading
3
Working with Networking, Load Balancers, and Ingress
Working with Networking, Load Balancers, and Ingress
Technical requirements
Container networking
Advanced services
Service discovery
DNS
Multitenancy
A note on resource usage
Summary
Questions
Further reading
4
Implementing Reliable Container-Native Applications
Implementing Reliable Container-Native Applications
Technical requirements
How Kubernetes manages state
Deployments
Jobs
DaemonSets
Node selection
Summary
Questions
5
Exploring Kubernetes Storage Concepts
Exploring Kubernetes Storage Concepts
Technical requirements
Persistent storage
StatefulSets
Summary
Questions
Further reading
6
Application Updates, Gradual Rollouts, and Autoscaling
Application Updates, Gradual Rollouts, and Autoscaling
Technical requirements
Example setup
Scaling up
Smooth updates
Testing, releases, and cutovers
Application autoscaling
Scaling a cluster
Managing applications
Summary
Questions
Further reading
7
Designing for Continuous Integration and Delivery
Designing for Continuous Integration and Delivery
Technical requirements
Integrating Kubernetes with a continuous delivery pipeline
gulp.js
The Kubernetes plugin for Jenkins
Helm and Minikube
Bonus fun
Summary
Questions
Further reading
8
Monitoring and Logging
Monitoring and Logging
Technical requirements
Monitoring operations
Built-in monitoring
FluentD and Google Cloud Logging
Maturing our monitoring operations
Summary
Questions
Further reading
9
Operating Systems, Platforms, and Cloud and Local Providers
Operating Systems, Platforms, and Cloud and Local Providers
Technical requirements
The importance of standards
The OCI
CNCF
Standard container specification
CoreOS
Kubernetes with CoreOS
Tectonic
Hosted platforms
Summary
Further reading
10
Designing for High Availability and Scalability
Designing for High Availability and Scalability
Technical requirements
Introduction to high availability
HA best practices
Cluster life cycle
Summary
Questions
Further reading
11
Kubernetes SIGs, Incubation Projects, and the CNCF
Kubernetes SIGs, Incubation Projects, and the CNCF
Technical requirements
CNCF structure
Kubernetes SIGs
How to get involved
Summary
Questions
Further reading
12
Cluster Federation and Multi-Tenancy
Cluster Federation and Multi-Tenancy
Technical requirements
Introduction to federation
Why federation?
Setting up federation
True multi-cloud
Summary
Questions
Further reading
13
Cluster Authentication, Authorization, and Container Security
Cluster Authentication, Authorization, and Container Security
Basics of container security
Image repositories
Kubernetes cluster security
Securing sensitive application data (secrets)
Summary
Questions
Further reading
14
Hardening Kubernetes
Hardening Kubernetes
Ready for production
Lessons learned from production
Securing a cluster
Third-party companies
Summary
Questions
Further reading
15
Kubernetes Infrastructure Management
Kubernetes Infrastructure Management
Technical requirements
Planning a cluster
Upgrading the cluster
Scaling the cluster
Additional configuration options
Summary
Questions
Further reading
Assessments
Assessments
Chapter 1: Introduction to Kubernetes
Chapter 2: Building a Foundation with Core Kubernetes Constructs
Chapter 3: Working with Networking, Load Balancers, and Ingress
Chapter 4: Implementing Reliable, Container-Native Applications
Chapter 5: Exploring Kubernetes Storage Concepts
Chapter 6: Application Updates, Gradual Rollouts, and Autoscaling
Chapter 7: Designing for Continuous Integration and Delivery
Chapter 8: Monitoring and Logging
Chapter 10: Designing for High Availability and Scalability
Chapter 11: Kubernetes SIGs, Incubation Projects, and the CNCF
Chapter 12: Cluster Federation and Multi-Tenancy
Chapter 13: Cluster Authentication, Authorization, and Container Security
Chapter 14: Hardening Kubernetes
Chapter 15: Kubernetes Infrastructure Management
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Securing a cluster

Let's look at some other common recommendations for hardening your cluster in production. These use cases cover both intentional, malicious actions against your cluster, as well as accidental misuse. Let's take a look at what we can do to secure things.

First off, you want to ensure that access to the Kubernetes API is controlled. Given that all actions in Kubernetes are API-driven, we should secure this interface first. We can control access to this API with several settings:

  • Encode all traffic: In order to keep communication secure, you should make sure that Transport Level Security (TLS) is set up for API communication in the cluster. Most of the installation methods we've reviewed in this book create the necessary component certificates, but it's always on the cluster operators to identify all in-use local ports that may not use the more secure settings.
  • Authenticate your access: Just as with any large scale computer system, you want to ensure that the identity of a user...
Previous Section
End of Section 4
Next Section