Book Image

Hands-on Kubernetes on Azure, Third Edition - Third Edition

By : Nills Franssens, Shivakumar Gopalakrishnan, Gunther Lenz
Book Image

Hands-on Kubernetes on Azure, Third Edition - Third Edition

By: Nills Franssens, Shivakumar Gopalakrishnan, Gunther Lenz

Overview of this book

Containers and Kubernetes containers facilitate cloud deployments and application development by enabling efficient versioning with improved security and portability. With updated chapters on role-based access control, pod identity, storing secrets, and network security in AKS, this third edition begins by introducing you to containers, Kubernetes, and Azure Kubernetes Service (AKS), and guides you through deploying an AKS cluster in different ways. You will then delve into the specifics of Kubernetes by deploying a sample guestbook application on AKS and installing complex Kubernetes apps using Helm. With the help of real-world examples, you'll also get to grips with scaling your applications and clusters. As you advance, you'll learn how to overcome common challenges in AKS and secure your applications with HTTPS. You will also learn how to secure your clusters and applications in a dedicated section on security. In the final section, you’ll learn about advanced integrations, which give you the ability to create Azure databases and run serverless functions on AKS as well as the ability to integrate AKS with a continuous integration and continuous delivery (CI/CD) pipeline using GitHub Actions. By the end of this Kubernetes book, you will be proficient in deploying containerized workloads on Microsoft Azure with minimal management overhead.
Table of Contents (22 chapters)
1
Foreword
Free Chapter
2
Section 1: The Basics
5
Section 2: Deploying on AKS
11
Section 3: Securing your AKS cluster and workloads
16
Section 4: Integrating with Azure managed services
21
Index

Deploying offending workloads

To trigger recommendations and threat alerts in Azure Security Center, you will need to have offending workloads deployed on your cluster. In this section, you will deploy a number of workloads to your cluster that are either not configured according to best practices or even contain potentially malicious software such as crypto-miners. Let's have a look at the examples of offending workloads you can find in the code samples for this chapter:

  • crypto-miner.yaml: This file contains a deployment that will create a crypto-miner on your cluster.
    1   apiVersion: apps/v1
    2   kind: Deployment
    3   metadata:
    4     name: crypto-miner
    5     labels:
    6       app: mining
    7   spec:
    8     replicas: 1
    9     selector:
    10      matchLabels...