Part V. Application Environment, Configuration, and Security

The primary focus of the domain Application Environment, Configuration, and Security is configuring an application with security settings, defining and injecting configuration data, and specifying resource requirements. Two other aspects relevant to this domain are extending the Kubernetes API with custom resources, and the inner workings of processing requests to the Kubernetes API.

The following chapters cover these concepts:

• Chapter 16 touches on extending the Kubernetes API by introducing your own primitives. You will learn how to define, inspect, and create a CustomResourceDefinition (CRD) as a schema for instantiating objects to implement custom requirements not natively covered by Kubernetes.

• Chapter 17 describes the three phases that spring into action whenever a client like kubectl makes a call to the API server. More specifically, we’ll talk about the authentication phase and the authorization phase (including controlling permissions with RBAC). The chapter will also take you on a short excursion into the admission phase.

• Chapter 18 is all about resource management relevant to application developers. You will learn about container resource requirements and their impact on Pod scheduling and runtime behavior. This chapter will also cover enforcing aggregate resource consumption of objects living in a specific namespace with the help of resource quotas. Finally, we’ll dive into governing resource consumption ...