Book Image

Cloud Native with Kubernetes

By : Alexander Raul

Book Image

Cloud Native with Kubernetes

By: Alexander Raul

Overview of this book

Kubernetes is a modern cloud native container orchestration tool and one of the most popular open source projects worldwide. In addition to the technology being powerful and highly flexible, Kubernetes engineers are in high demand across the industry. This book is a comprehensive guide to deploying, securing, and operating modern cloud native applications on Kubernetes. From the fundamentals to Kubernetes best practices, the book covers essential aspects of configuring applications. You’ll even explore real-world techniques for running clusters in production, tips for setting up observability for cluster resources, and valuable troubleshooting techniques. Finally, you’ll learn how to extend and customize Kubernetes, as well as gaining tips for deploying service meshes, serverless tooling, and more on your cluster. By the end of this Kubernetes book, you’ll be equipped with the tools you need to confidently run and extend modern applications on Kubernetes.

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Section 1: Setting Up Kubernetes

Section 1: Setting Up Kubernetes

Free Chapter

Chapter 1: Communicating with Kubernetes

Chapter 1: Communicating with Kubernetes

Technical requirements

Introducing container orchestration

Kubernetes' architecture

Authentication and authorization on Kubernetes

Using kubectl and YAML

Further reading

Chapter 2: Setting Up Your Kubernetes Cluster

Chapter 2: Setting Up Your Kubernetes Cluster

Technical requirements

Options for creating a cluster

minikube – an easy way to start

Managed Kubernetes services

AWS – Elastic Kubernetes Service

Google Cloud – Google Kubernetes Engine

Microsoft Azure – Azure Kubernetes Service

Programmatic cluster creation tools

Creating a cluster with Kubeadm

Creating a cluster with Kops

Creating a cluster completely from scratch

Further reading

Chapter 3: Running Application Containers on Kubernetes

Chapter 3: Running Application Containers on Kubernetes

Technical requirements

Implementing Pods

Further reading

Section 2: Configuring and Deploying Applications on Kubernetes

Section 2: Configuring and Deploying Applications on Kubernetes

Chapter 4: Scaling and Deploying Your Application

Chapter 4: Scaling and Deploying Your Application

Technical requirements

Understanding Pod drawbacks and their solutions

Using ReplicaSets

Controlling Deployments

Harnessing the Horizontal Pod Autoscaler

Implementing DaemonSets

Understanding StatefulSets

Putting it all together

Further reading

Chapter 5: Services and Ingress – Communicating with the Outside World

Chapter 5: Services and Ingress – Communicating with the Outside World

Technical requirement

Understanding Services and cluster DNS

Implementing ClusterIP

Setting up a LoadBalancer Service

Creating an ExternalName Service

Configuring Ingress

Further reading

Chapter 6: Kubernetes Application Configuration

Chapter 6: Kubernetes Application Configuration

Technical requirements

Configuring containerized applications using best practices

Implementing ConfigMaps

Further reading

Chapter 7: Storage on Kubernetes

Chapter 7: Storage on Kubernetes

Technical requirements

Understanding the difference between volumes and persistent volumes

Persistent volumes

Persistent volumes without cloud storage

Further reading

Chapter 8: Pod Placement Controls

Chapter 8: Pod Placement Controls

Technical requirements

Identifying use cases for Pod placement

Using node selectors and node name

Implementing taints and tolerations

Controlling Pods with node affinity

Using inter-Pod affinity and anti-affinity

Further reading

Section 3: Running Kubernetes in Production

Section 3: Running Kubernetes in Production

Chapter 9: Observability on Kubernetes

Chapter 9: Observability on Kubernetes

Technical requirements

Understanding observability on Kubernetes

Using default observability tooling

Enhancing Kubernetes observability using the best of the ecosystem

Further reading

Chapter 10: Troubleshooting Kubernetes

Chapter 10: Troubleshooting Kubernetes

Technical requirements

Understanding failure modes for distributed applications

Troubleshooting Kubernetes clusters

Troubleshooting applications on Kubernetes

Further reading

Chapter 11: Template Code Generation and CI/CD on Kubernetes

Chapter 11: Template Code Generation and CI/CD on Kubernetes

Technical requirements

Understanding options for template code generation on Kubernetes

Implementing templates on Kubernetes with Helm and Kustomize

Understanding CI/CD paradigms on Kubernetes – in-cluster and out-of-cluster

Implementing in-cluster and out-of-cluster CI/CD with Kubernetes

Further reading

Chapter 12: Kubernetes Security and Compliance

Chapter 12: Kubernetes Security and Compliance

Technical requirements

Understanding security on Kubernetes

Reviewing CVEs and security audits for Kubernetes

Implementing tools for cluster configuration and container security

Handling intrusion detection, runtime security, and compliance on Kubernetes

Further reading

Section 4: Extending Kubernetes

Section 4: Extending Kubernetes

Chapter 13: Extending Kubernetes with CRDs

Chapter 13: Extending Kubernetes with CRDs

Technical requirements

How to extend Kubernetes with custom resource definitions

Self-managing functionality with Kubernetes operators

Using cloud-specific Kubernetes extensions

Integrating with the ecosystem

Further reading

Chapter 14: Service Meshes and Serverless

Chapter 14: Service Meshes and Serverless

Technical requirements

Using sidecar proxies

Adding a service mesh to Kubernetes

Implementing serverless on Kubernetes

Further reading

Chapter 15: Stateful Workloads on Kubernetes

Chapter 15: Stateful Workloads on Kubernetes

Technical requirements

Understanding stateful applications on Kubernetes

Deploying object storage on Kubernetes

Running DBs on Kubernetes

Implementing messaging and queues on Kubernetes

Further reading

Assessments

Chapter 1 – Communicating with Kubernetes

Chapter 2 – Setting Up Your Kubernetes Cluster

Chapter 3 – Running Application Containers on Kubernetes

Chapter 4 – Scaling and Deploying Your Application

Chapter 5 – Services and Ingress – Communicating with the Outside World

Chapter 6 – Kubernetes Application Configuration

Chapter 7 – Storage on Kubernetes

Chapter 8 – Pod Placement Controls

Chapter 9 – Observability on Kubernetes

Chapter 10 – Troubleshooting Kubernetes

Chapter 11 – Template Code Generation and CI/CD on Kubernetes

Chapter 12 – Kubernetes Security and Compliance

Chapter 13 – Extending Kubernetes with CRDs

Chapter 14 – Service Meshes and Serverless

Chapter 15 – Stateful Workloads on Kubernetes

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Reviewing CVEs and security audits for Kubernetes

Kubernetes has encountered several Common Vulnerabilities and Exposures (CVEs) in its storied history. The MITRE CVE database, at the time of writing, lists 73 CVE announcements from 2015 to 2020 when searching for kubernetes. Each one of these is related either directly to Kubernetes, or to a common open source solution that runs on Kubernetes (like the NGINX ingress controller, for instance).

Several of these were critical enough to require hotfixes to the Kubernetes source, and thus they list the affected versions in the CVE description. A full list of all CVEs related to Kubernetes can be found at https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=kubernetes. To give you an idea of some of the issues that have been found, let's review a few of these CVEs in chronological order.

Understanding CVE-2016-1905 – Improper admission control

This CVE was one of the first major security issues with production Kubernetes...