Book Image

Mastering Kubernetes - Third Edition

By : Gigi Sayfan

Book Image

Mastering Kubernetes - Third Edition

By: Gigi Sayfan

Overview of this book

The third edition of Mastering Kubernetes is updated with the latest tools and code enabling you to learn Kubernetes 1.18’s latest features. This book primarily concentrates on diving deeply into complex concepts and Kubernetes best practices to help you master the skills of designing and deploying large clusters on various cloud platforms. The book trains you to run complex stateful microservices on Kubernetes including advanced features such as horizontal pod autoscaling, rolling updates, resource quotas, and persistent storage backend. With the two new chapters, you will gain expertise in serverless computing and utilizing service meshes. As you proceed through the chapters, you will explore different options for network configuration and learn to set up, operate, and troubleshoot Kubernetes networking plugins through real-world use cases. Furthermore, you will understand the mechanisms of custom resource development and its utilization in automation and maintenance workflows. By the end of this Kubernetes book, you will graduate from an intermediate to advanced Kubernetes professional.

Preface

Who this book is for

What this book covers

To get the most out of this book

Understanding Kubernetes Architecture

Understanding Kubernetes Architecture

What is Kubernetes?

Kubernetes concepts

Diving into Kubernetes architecture in depth

Kubernetes runtimes

Continuous integration and deployment

Free Chapter

Creating Kubernetes Clusters

Creating a single-node cluster with Minikube

Creating a multi-node cluster with KinD

Creating a multi-node cluster with k3d

Comparing Minikube, KinD, and k3d

Creating clusters in the cloud (GCP, AWS, Azure)

Creating a bare-metal cluster from scratch

High Availability and Reliability

High Availability and Reliability

High availability concepts

High availability best practices

High availability, scalability, and capacity planning

Live cluster updates

Large cluster performance, cost, and design trade-offs

Securing Kubernetes

Securing Kubernetes

Understanding Kubernetes security challenges

Hardening Kubernetes

Running a multi-user cluster

Using Kubernetes Resources in Practice

Using Kubernetes Resources in Practice

Designing the Hue platform

Using Kubernetes to build the Hue platform

Separating internal and external services

Advanced scheduling

Using namespaces to limit access

Using kustomization for hierarchical cluster structures

Mixing non-cluster components

Evolving the Hue platform with Kubernetes

Managing Storage

Managing Storage

Persistent volumes walkthrough

Public cloud storage volume types – GCE, AWS, and Azure

GlusterFS and Ceph volumes in Kubernetes

Flocker as a clustered container data volume manager

Integrating enterprise storage into Kubernetes

Projecting volumes

Using out-of-tree volume plugins with FlexVolume

The Container Storage Interface

Running Stateful Applications with Kubernetes

Running Stateful Applications with Kubernetes

Stateful versus stateless applications in Kubernetes

Deploying and Updating Applications

Deploying and Updating Applications

Horizontal pod autoscaling

Performing rolling updates with autoscaling

Handling scarce resources with limits and quotas

Choosing and managing the cluster capacity

Pushing the envelope with Kubernetes

Packaging Applications

Packaging Applications

Understanding Helm

Creating your own charts

Exploring Advanced Networking

Exploring Advanced Networking

Understanding the Kubernetes networking model

Kubernetes networking solutions

Using network policies effectively

Load balancing options

Writing your own CNI plugin

Running Kubernetes on Multiple Clouds and Cluster Federation

Running Kubernetes on Multiple Clouds and Cluster Federation

The history of cluster federation on Kubernetes

Understanding cluster federation

Managing a Kubernetes Cluster Federation

Introducing the Gardener project

Serverless Computing on Kubernetes

Serverless Computing on Kubernetes

Understanding serverless computing

Serverless Kubernetes in the cloud

Kubernetes FaaS frameworks

Monitoring Kubernetes Clusters

Monitoring Kubernetes Clusters

Understanding observability

Logging with Kubernetes

Collecting metrics with Kubernetes

Distributed tracing with Jaeger

Troubleshooting problems

Utilizing Service Meshes

Utilizing Service Meshes

What is a service mesh?

Choosing a service mesh

Incorporating Istio into your Kubernetes cluster

Extending Kubernetes

Extending Kubernetes

Working with the Kubernetes API

Extending the Kubernetes API

Writing Kubernetes plugins

Employing access control webhooks

The Future of Kubernetes

The Future of Kubernetes

The Kubernetes momentum

The rise of managed Kubernetes platforms

Upcoming trends

Other Books You May Enjoy

Other Books You May Enjoy

Index

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Hardening Kubernetes

The previous section cataloged and listed the variety of security challenges facing developers and administrators deploying and maintaining Kubernetes clusters. In this section, we will hone in on the design aspects, mechanisms, and features offered by Kubernetes to address some of the challenges. You can get to a pretty good state of security by judicious use of capabilities such as service accounts, network policies, authentication, authorization, admission control, AppArmor, and secrets.

Remember that a Kubernetes cluster is one part of a bigger system that includes other software systems, people, and processes. Kubernetes can't solve all problems. You should always keep in mind general security principles, such as defense in depth, a need-to-know basis, and the principle of least privilege. In addition, log everything you think may be useful in the event of an attack and have alerts for early detection when the system deviates from its state. It may...