The Kubernetes Book

By : Nigel Poulton, Pushkar Joglekar

The Kubernetes Book

By: Nigel Poulton, Pushkar Joglekar

Overview of this book

Kubernetes is the leading orchestrator of cloud-native apps. With knowledge of how to work with Kubernetes, you can easily deploy and manage applications on the cloud or in your on-premises data center. The book begins by introducing you to Kubernetes and showing you how to install it. You’ll learn how to use Kubernetes Services and bring stable and reliable networking to apps that are deployed on Kubernetes. You'll delve deep into the powerful storage subsystem of Kubernetes and learn how to leverage the variety of external storage backends in your applications. As the book progresses, it shows you how to use features such as DaemonSets, Helm, and RBAC to enhance your Kubernetes applications. You'll explore the six categories of identifying vulnerabilities and look at a few ways to prevent and mitigate them. You'll also look at ways to secure the software delivery pipeline by discussing some image-related best practices. The book ends by sharing with you some resources that’ll help take your Kubernetes knowledge to the next level. By the end of the book, you’ll have the confidence and skills to leverage all the features of Kubernetes to develop scalable applications.

Preface

About the Book

Free Chapter

Chapter 1

Kubernetes Primer

Kubernetes Background

Where did Kubernetes Come From?

A Data Center OS

Summary

Chapter 2

Kubernetes Principles of Operation

Kubernetes from 40k Feet

Masters and Nodes

Summary

Chapter 3

Installing Kubernetes

Play with Kubernetes

Docker Desktop

Minikube

Google Kubernetes Engine (GKE)

Summary

Chapter 4

Working with Pods

Pod Theory

Hands-On with Pods

Summary

Chapter 5

Kubernetes Deployments

Deployment Theory

How to Create a Deployment

Performing a Rolling Update

How to Perform a Rollback

Summary

Chapter 6

Kubernetes Services

Setting the Scene

Hands-On with Services

Real-World Example

Summary

Chapter 7

Kubernetes Storage

The Big Picture

Storage Providers

The Container Storage Interface (CSI)

The Kubernetes Persistent Volume Subsystem

Storage Classes and Dynamic Provisioning

Demo

Summary

Chapter 8

Other Important Kubernetes Stuff

Role-Based Access Control (RBAC)

Helm

Summary

Chapter 9

Threat Modeling Kubernetes

Information Disclosure

Denial of Service

Elevation of Privilege

Pod Security Policies

Summary

Chapter 10

Real-World Kubernetes Security

CI/CD Pipeline

Infrastructure and Networking

Identity and Access Management (IAM)

Auditing and Security Monitoring

Real-World Example

Summary

Chapter 11

What Next

Practice Makes Perfect

More Books

Events and Meetups

Feedback

Customer Reviews

5 star

4 star

3 star

2 star

1 star

Role-Based Access Control (RBAC)

Kubernetes implements a least-privilege RBAC subsystem. When enabled, it locks down a cluster and allows you to grant permissions based on specific users and groups.

The model is based on three major components:

Subjects
Operations
Resources

Subjects are users and groups, and these must be managed outside of Kubernetes. Operations are what the subject is allowed to do (create, list, or delete). Resources are objects on the cluster such as Pods. Put the three together, and you have an RBAC rule. For example, Abi (subject) is allowed to create (operation) Pods (resource).

RBAC has been stable (v1) since Kubernetes 1.8 and leverages two objects that are defined in the authorization.rbac.k8s.io API group. The two objects are Roles and RoleBindings. The Role object is where you define the resource and the operation that you want to allow, and the RoleBinding object connects it with a subject.

The Kubernetes Book

By : Nigel Poulton, Pushkar Joglekar

The Kubernetes Book

By: Nigel Poulton, Pushkar Joglekar

Overview of this book

Related Content you might be interested in

Current Title:

The Kubernetes Book

The KCNA Book

The DevOps 2.3 Toolkit

The Kubernetes Bible

Role-Based Access Control (RBAC)