Book description
Master core Kubernetes concepts important to enterprises from security, policy, and management point-of-view. Learn to deploy a service mesh using Istio, build a CI/CD platform, and provide enterprise security to your clusters.
Key Features
- Extensively revised edition to cover the latest updates and new releases along with two new chapters to introduce Istio
- Get a firm command of Kubernetes from a dual perspective of an admin as well as a developer
- Understand advanced topics including load balancing, externalDNS, global load balancing, authentication integration, policy, security, auditing, backup, Istio and CI/CD
Book Description
Kubernetes has taken the world by storm, becoming the standard infrastructure for DevOps teams to develop, test, and run applications. With significant updates in each chapter, this revised edition will help you acquire the knowledge and tools required to integrate Kubernetes clusters in an enterprise environment.
The book introduces you to Docker and Kubernetes fundamentals, including a review of basic Kubernetes objects. You'll get to grips with containerization and understand its core functionalities such as creating ephemeral multinode clusters using KinD. The book has replaced PodSecurityPolicies (PSP) with OPA/Gatekeeper for PSP-like enforcement. You'll integrate your container into a cloud platform and tools including MetalLB, externalDNS, OpenID connect (OIDC), Open Policy Agent (OPA), Falco, and Velero. After learning to deploy your core cluster, you'll learn how to deploy Istio and how to deploy both monolithic applications and microservices into your service mesh. Finally, you will discover how to deploy an entire GitOps platform to Kubernetes using continuous integration and continuous delivery (CI/CD).
What you will learn
- Create a multinode Kubernetes cluster using KinD
- Implement Ingress, MetalLB, ExternalDNS, and the new sandbox project, K8GBConfigure a cluster OIDC and impersonation
- Deploy a monolithic application in Istio service mesh
- Map enterprise authorization to Kubernetes
- Secure clusters using OPA and GateKeeper
- Enhance auditing using Falco and ECK
- Back up your workload for disaster recovery and cluster migration
- Deploy to a GitOps platform using Tekton, GitLab, and ArgoCD
Who this book is for
This book is for anyone interested in DevOps, containerization, and going beyond basic Kubernetes cluster deployments. DevOps engineers, developers, and system administrators looking to enhance their IT career paths will also find this book helpful.
Although some prior experience with Docker and Kubernetes is recommended, this book includes a Kubernetes bootcamp that provides a description of Kubernetes objects to help you if you are new to the topic or need a refresher.
Table of contents
- Preface
- Docker and Container Essentials
- Deploying Kubernetes Using KinD
-
Kubernetes Bootcamp
- Technical requirements
- An overview of Kubernetes components
- Exploring the control plane
- Understanding the worker node components
- Interacting with the API server
-
Introducing Kubernetes resources
- Kubernetes manifests
- What are Kubernetes resources?
-
Reviewing Kubernetes resources
- ConfigMaps
- Endpoints
- Events
- Namespaces
- Nodes
- Persistent Volume Claims
- PVs
- Pods
- Replication controllers
- ResourceQuotas
- Secrets
- Service accounts
- Services
- CustomResourceDefinitions
- DaemonSets
- Deployments
- ReplicaSets
- StatefulSets
- HorizontalPodAutoscalers
- CronJobs
- Jobs
- Ingress
- NetworkPolicies
- PodSecurityPolicies
- ClusterRoleBindings
- ClusterRoles
- RoleBindings
- Roles
- CSI drivers
- CSI nodes
- Storage classes
- Summary
- Questions
-
Services, Load Balancing, ExternalDNS, and Global Balancing
- Technical requirements
- Exposing workloads to requests
- Introduction to load balancers
- Layer 7 load balancers
- Layer 4 load balancers
- Enhancing load balancers for the enterprise
- Making service names available externally
- Load balancing between multiple clusters
- Summary
- Questions
-
Integrating Authentication into Your Cluster
- Technical requirements
- Understanding how Kubernetes knows who you are
- Understanding OpenID Connect
-
Configuring KinD for OpenID Connect
-
Addressing the requirements
- Using LDAP and Active Directory with Kubernetes
- Mapping Active Directory groups to RBAC RoleBindings
- Kubernetes Dashboard access
- Kubernetes CLI access
- Enterprise compliance requirements
- Pulling it all together
- Deploying OpenUnison
- Configuring the Kubernetes API to use OIDC
- Verifying OIDC integration
- Using your tokens with kubectl
-
Addressing the requirements
- Introducing impersonation to integrate authentication with cloud-managed clusters
- Configuring your cluster for impersonation
- Configuring Impersonation without OpenUnison
- Authenticating from pipelines
- Summary
- Questions
- RBAC Policies and Auditing
- Deploying a Secured Kubernetes Dashboard
- Extending Security Using Open Policy Agent
- Node Security with GateKeeper
- Auditing Using Falco, DevOps AI, and ECK
-
Backing Up Workloads
- Technical requirements
- Understanding Kubernetes backups
- Performing an etcd backup
- Introducing and setting up VMware's Velero
- Using Velero to back up workloads
- Managing Velero using the CLI
- Restoring from a backup
- Summary
- Questions
- An Introduction to Istio
-
Building and Deploying Applications on Istio
- Technical requirements
- Comparing microservices and monoliths
- Deploying a monolith
- Building a microservice
- Do I need an API gateway?
- Summary
- Questions
- Provisioning a Platform
- Other Books You May Enjoy
- Index
Product information
- Title: Kubernetes – An Enterprise Guide - Second Edition
- Author(s):
- Release date: December 2021
- Publisher(s): Packt Publishing
- ISBN: 9781803230030
You might also like
book
Kubernetes and Docker - An Enterprise Guide
Apply Kubernetes beyond the basics of Kubernetes clusters by implementing IAM using OIDC and Active Directory, …
book
Kubernetes Best Practices, 2nd Edition
In this practical guide, four Kubernetes professionals with deep experience in distributed systems, enterprise application development, …
book
Managing Kubernetes
While Kubernetes has greatly simplified the task of deploying containerized applications, managing this orchestration framework on …
book
Kubernetes Operators
Operators are a way of packaging, deploying, and managing Kubernetes applications. A Kubernetes application doesn't just …