Book Image

Getting Started with Kubernetes - Third Edition

By : Jonathan Baier, Jesse White
Book Image

Getting Started with Kubernetes - Third Edition

By: Jonathan Baier, Jesse White

Overview of this book

Kubernetes has continued to grow and achieve broad adoption across various industries, helping you to orchestrate and automate container deployments on a massive scale. Based on the recent release of Kubernetes 1.12, Getting Started with Kubernetes gives you a complete understanding of how to install a Kubernetes cluster. The book focuses on core Kubernetes constructs, such as pods, services, replica sets, replication controllers, and labels. You will understand cluster-level networking in Kubernetes, and learn to set up external access to applications running in the cluster. As you make your way through the book, you'll understand how to manage deployments and perform updates with minimal downtime. In addition to this, you will explore operational aspects of Kubernetes , such as monitoring and logging, later moving on to advanced concepts such as container security and cluster federation. You'll get to grips with integrating your build pipeline and deployments within a Kubernetes cluster, and be able to understand and interact with open source projects. In the concluding chapters, you'll orchestrate updates behind the scenes, avoid downtime on your cluster, and deal with underlying cloud provider instability within your cluster. By the end of this book, you'll have a complete understanding of the Kubernetes platform and will start deploying applications on it.

Related Content you might be interested in

Current Title:

Small book image
Getting Started with Kubernetes - Third Edition
Jonathan Baier | Jesse White
Oct, 2018 | 470 pages
Small book image
Mastering Kubernetes
Gigi Sayfan
Apr, 2018 | 468 pages
Small book image
Kubernetes Cookbook
HuiChuan Chloe Lee | KeJou Carol Hsu | Hideto Saito
May, 2018 | 554 pages
Small book image
Cloud Native with Kubernetes
Alexander Raul
Jan, 2021 | 446 pages
Table of Contents (23 chapters)
Title Page
Title Page
Dedication
Dedication
Packt Upsell
Packt Upsell
Contributors
Contributors
Preface
Preface
Free Chapter
1
Introduction to Kubernetes
Introduction to Kubernetes
Technical requirements
A brief overview of containers
Why are containers so cool?
The advantages of Continuous Integration/Continuous Deployment
Microservices and orchestration
Our first clusters
Working with other providers
Summary
Questions
Further reading
2
Building a Foundation with Core Kubernetes Constructs
Building a Foundation with Core Kubernetes Constructs
Technical requirements
Core constructs
Our first Kubernetes application
Health checks
Application scheduling
Summary
Questions
Further reading
3
Working with Networking, Load Balancers, and Ingress
Working with Networking, Load Balancers, and Ingress
Technical requirements
Container networking
Advanced services
Service discovery
DNS
Multitenancy
A note on resource usage
Summary
Questions
Further reading
4
Implementing Reliable Container-Native Applications
Implementing Reliable Container-Native Applications
Technical requirements
How Kubernetes manages state
Deployments
Jobs
DaemonSets
Node selection
Summary
Questions
5
Exploring Kubernetes Storage Concepts
Exploring Kubernetes Storage Concepts
Technical requirements
Persistent storage
StatefulSets
Summary
Questions
Further reading
6
Application Updates, Gradual Rollouts, and Autoscaling
Application Updates, Gradual Rollouts, and Autoscaling
Technical requirements
Example setup
Scaling up
Smooth updates
Testing, releases, and cutovers
Application autoscaling
Scaling a cluster
Managing applications
Summary
Questions
Further reading
7
Designing for Continuous Integration and Delivery
Designing for Continuous Integration and Delivery
Technical requirements
Integrating Kubernetes with a continuous delivery pipeline
gulp.js
The Kubernetes plugin for Jenkins
Helm and Minikube
Bonus fun
Summary
Questions
Further reading
8
Monitoring and Logging
Monitoring and Logging
Technical requirements
Monitoring operations
Built-in monitoring
FluentD and Google Cloud Logging
Maturing our monitoring operations
Summary
Questions
Further reading
9
Operating Systems, Platforms, and Cloud and Local Providers
Operating Systems, Platforms, and Cloud and Local Providers
Technical requirements
The importance of standards
The OCI
CNCF
Standard container specification
CoreOS
Kubernetes with CoreOS
Tectonic
Hosted platforms
Summary
Further reading
10
Designing for High Availability and Scalability
Designing for High Availability and Scalability
Technical requirements
Introduction to high availability
HA best practices
Cluster life cycle
Summary
Questions
Further reading
11
Kubernetes SIGs, Incubation Projects, and the CNCF
Kubernetes SIGs, Incubation Projects, and the CNCF
Technical requirements
CNCF structure
Kubernetes SIGs
How to get involved
Summary
Questions
Further reading
12
Cluster Federation and Multi-Tenancy
Cluster Federation and Multi-Tenancy
Technical requirements
Introduction to federation
Why federation?
Setting up federation
True multi-cloud
Summary
Questions
Further reading
13
Cluster Authentication, Authorization, and Container Security
Cluster Authentication, Authorization, and Container Security
Basics of container security
Image repositories
Kubernetes cluster security
Securing sensitive application data (secrets)
Summary
Questions
Further reading
14
Hardening Kubernetes
Hardening Kubernetes
Ready for production
Lessons learned from production
Securing a cluster
Third-party companies
Summary
Questions
Further reading
15
Kubernetes Infrastructure Management
Kubernetes Infrastructure Management
Technical requirements
Planning a cluster
Upgrading the cluster
Scaling the cluster
Additional configuration options
Summary
Questions
Further reading
Assessments
Assessments
Chapter 1: Introduction to Kubernetes
Chapter 2: Building a Foundation with Core Kubernetes Constructs
Chapter 3: Working with Networking, Load Balancers, and Ingress
Chapter 4: Implementing Reliable, Container-Native Applications
Chapter 5: Exploring Kubernetes Storage Concepts
Chapter 6: Application Updates, Gradual Rollouts, and Autoscaling
Chapter 7: Designing for Continuous Integration and Delivery
Chapter 8: Monitoring and Logging
Chapter 10: Designing for High Availability and Scalability
Chapter 11: Kubernetes SIGs, Incubation Projects, and the CNCF
Chapter 12: Cluster Federation and Multi-Tenancy
Chapter 13: Cluster Authentication, Authorization, and Container Security
Chapter 14: Hardening Kubernetes
Chapter 15: Kubernetes Infrastructure Management
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think
Index
Index

Kubernetes cluster security

Kubernetes has continued to add a number of security features in their latest releases and has a well-rounded set of control points that can be used in your cluster – everything from secure node communication to pod security and even the storage of sensitive configuration data.

Secure API calls

During every API call, Kubernetes applies a number of security controls. This security life cycle is depicted here:

API call life cycle

After secure TLS communication is established, the API server runs through authorization and authentication. Finally, an admission controller loop is applied to the request before it reaches the API server.

Secure node communication

Kubernetes supports the use of secure communication channels between the API server and any client, including the nodes themselves. Whether it's a GUI or command-line utility such as kubectl, we can use certificates to communicate with the API server. Hence, the API server is the central interaction point for any...

Previous Section
End of Section 4
Next Section