Book Image

Mastering Kubernetes - Third Edition

By : Gigi Sayfan

Book Image

Mastering Kubernetes - Third Edition

By: Gigi Sayfan

Overview of this book

The third edition of Mastering Kubernetes is updated with the latest tools and code enabling you to learn Kubernetes 1.18’s latest features. This book primarily concentrates on diving deeply into complex concepts and Kubernetes best practices to help you master the skills of designing and deploying large clusters on various cloud platforms. The book trains you to run complex stateful microservices on Kubernetes including advanced features such as horizontal pod autoscaling, rolling updates, resource quotas, and persistent storage backend. With the two new chapters, you will gain expertise in serverless computing and utilizing service meshes. As you proceed through the chapters, you will explore different options for network configuration and learn to set up, operate, and troubleshoot Kubernetes networking plugins through real-world use cases. Furthermore, you will understand the mechanisms of custom resource development and its utilization in automation and maintenance workflows. By the end of this Kubernetes book, you will graduate from an intermediate to advanced Kubernetes professional.

Preface

Who this book is for

What this book covers

To get the most out of this book

Understanding Kubernetes Architecture

Understanding Kubernetes Architecture

What is Kubernetes?

Kubernetes concepts

Diving into Kubernetes architecture in depth

Kubernetes runtimes

Continuous integration and deployment

Free Chapter

Creating Kubernetes Clusters

Creating a single-node cluster with Minikube

Creating a multi-node cluster with KinD

Creating a multi-node cluster with k3d

Comparing Minikube, KinD, and k3d

Creating clusters in the cloud (GCP, AWS, Azure)

Creating a bare-metal cluster from scratch

High Availability and Reliability

High Availability and Reliability

High availability concepts

High availability best practices

High availability, scalability, and capacity planning

Live cluster updates

Large cluster performance, cost, and design trade-offs

Securing Kubernetes

Securing Kubernetes

Understanding Kubernetes security challenges

Hardening Kubernetes

Running a multi-user cluster

Using Kubernetes Resources in Practice

Using Kubernetes Resources in Practice

Designing the Hue platform

Using Kubernetes to build the Hue platform

Separating internal and external services

Advanced scheduling

Using namespaces to limit access

Using kustomization for hierarchical cluster structures

Mixing non-cluster components

Evolving the Hue platform with Kubernetes

Managing Storage

Managing Storage

Persistent volumes walkthrough

Public cloud storage volume types – GCE, AWS, and Azure

GlusterFS and Ceph volumes in Kubernetes

Flocker as a clustered container data volume manager

Integrating enterprise storage into Kubernetes

Projecting volumes

Using out-of-tree volume plugins with FlexVolume

The Container Storage Interface

Running Stateful Applications with Kubernetes

Running Stateful Applications with Kubernetes

Stateful versus stateless applications in Kubernetes

Deploying and Updating Applications

Deploying and Updating Applications

Horizontal pod autoscaling

Performing rolling updates with autoscaling

Handling scarce resources with limits and quotas

Choosing and managing the cluster capacity

Pushing the envelope with Kubernetes

Packaging Applications

Packaging Applications

Understanding Helm

Creating your own charts

Exploring Advanced Networking

Exploring Advanced Networking

Understanding the Kubernetes networking model

Kubernetes networking solutions

Using network policies effectively

Load balancing options

Writing your own CNI plugin

Running Kubernetes on Multiple Clouds and Cluster Federation

Running Kubernetes on Multiple Clouds and Cluster Federation

The history of cluster federation on Kubernetes

Understanding cluster federation

Managing a Kubernetes Cluster Federation

Introducing the Gardener project

Serverless Computing on Kubernetes

Serverless Computing on Kubernetes

Understanding serverless computing

Serverless Kubernetes in the cloud

Kubernetes FaaS frameworks

Monitoring Kubernetes Clusters

Monitoring Kubernetes Clusters

Understanding observability

Logging with Kubernetes

Collecting metrics with Kubernetes

Distributed tracing with Jaeger

Troubleshooting problems

Utilizing Service Meshes

Utilizing Service Meshes

What is a service mesh?

Choosing a service mesh

Incorporating Istio into your Kubernetes cluster

Extending Kubernetes

Extending Kubernetes

Working with the Kubernetes API

Extending the Kubernetes API

Writing Kubernetes plugins

Employing access control webhooks

The Future of Kubernetes

The Future of Kubernetes

The Kubernetes momentum

The rise of managed Kubernetes platforms

Upcoming trends

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Employing access control webhooks

Kubernetes always provided ways for you to customize access control. In Kubernetes, access control can be denoted as triple-A: Authentication, Authorization, and Admission control. In early versions it was through plugins that required Go programming, installing into your cluster, registration, and other invasive procedures. Now, Kubernetes lets you customize authentication, authorization, and admission control webhooks. Here is the access control workflow:

Figure 15.6: Kubernetes access control workflow

Using an authentication webhook

Kubernetes lets you extend the authentication process by injecting a webhook for bearer tokens. It requires two pieces of information: how to access the remote authentication service and the duration of the authentication decision (it defaults to two minutes).

To provide this information and enable authentication webhooks, start the API server with the following command-line arguments:

...