Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability
Stay at the forefront of cloud-native technologies with the eagerly awaited Kubernetes – An Enterprise Guide, Third Edition. Delve deep into Kubernetes and emerge with the latest insights to conquer today's dynamic enterprise challenges. This meticulously crafted edition equips you with the lat...
| Otros Autores: | , , |
|---|---|
| Formato: | Libro electrónico |
| Idioma: | Inglés |
| Publicado: |
Birmingham, England :
Packt Publishing Ltd
[2024]
|
| Edición: | Third edition |
| Colección: | Expert insight.
|
| Materias: | |
| Ver en Biblioteca Universitat Ramon Llull: | https://discovery.url.edu/permalink/34CSUC_URL/1im36ta/alma991009845438306719 |
Tabla de Contenidos:
- Cover
- Copyright
- Foreword
- Contributors
- Table of Contents
- Preface
- Chapter 1: Docker and Container Essentials
- Technical requirements
- Understanding the need for containerization
- Understanding why Kubernetes removed Docker
- Introducing Docker
- Docker versus Moby
- Understanding Docker
- Containers are ephemeral
- Docker images
- Image layers
- Persistent data
- Accessing services running in containers
- Installing Docker
- Preparing to install Docker
- Installing Docker on Ubuntu
- Granting Docker permissions
- Using the Docker CLI
- docker help
- docker run
- docker ps
- docker start and stop
- docker attach
- docker exec
- docker logs
- docker rm
- docker pull/run
- docker build
- Summary
- Questions
- Chapter 2: Deploying Kubernetes Using KinD
- Technical requirements
- Introducing Kubernetes components and objects
- Interacting with a cluster
- Using development clusters
- Why did we select KinD for this book?
- Working with a basic KinD Kubernetes cluster
- Understanding the node image
- KinD and Docker networking
- Keeping track of the nesting dolls
- Installing KinD
- Installing KinD - prerequisites
- Installing kubectl
- Installing the KinD binary
- Creating a KinD cluster
- Creating a simple cluster
- Deleting a cluster
- Creating a cluster config file
- Multi-node cluster configuration
- Customizing the control plane and Kubelet options
- Creating a custom KinD cluster
- Reviewing your KinD cluster
- KinD storage objects
- Storage drivers
- KinD storage classes
- Using KinD's Storage Provisioner
- Adding a custom load balancer for Ingress
- Creating the KinD cluster configuration
- The HAProxy configuration file
- Understanding HAProxy traffic flow
- Simulating a kubelet failure
- Summary
- Questions
- Chapter 3: Kubernetes Bootcamp.
- Technical requirements
- An overview of Kubernetes components
- Exploring the control plane
- The Kubernetes API server
- The etcd database
- kube-scheduler
- kube-controller-manager
- cloud-controller-manager
- Understanding the worker node components
- kubelet
- kube-proxy
- Container runtime
- Interacting with the API server
- Using the Kubernetes kubectl utility
- Understanding the verbose option
- General kubectl commands
- Introducing Kubernetes resources
- Kubernetes manifests
- What are Kubernetes resources?
- Reviewing Kubernetes resources
- Apiservices
- CertificateSigningRequests
- ClusterRoles
- ClusterRoleBindings
- ComponentStatus
- ConfigMaps
- ControllerRevisions
- CronJobs
- CSI drivers
- CSI nodes
- CSIStorageCapacities
- CustomResourceDefinitions
- DaemonSets
- Deployments
- Endpoints
- EndPointSlices
- Events
- FlowSchemas
- HorizontalPodAutoscalers
- IngressClasses
- Ingress
- Jobs
- LimitRanges
- LocalSubjectAccessReview
- MutatingWebhookConfiguration
- Namespaces
- NetworkPolicies
- Nodes
- PersistentVolumeClaims
- PersistentVolumes
- PodDisruptionBudgets
- Pods
- PodTemplates
- PriorityClasses
- PriorityLevelConfigurations
- ReplicaSets
- Replication controllers
- ResourceQuotas
- RoleBindings
- Roles
- RuntimeClasses
- Secrets
- SelfSubjectAccessReviews
- SelfSubjectRulesReviews
- Service accounts
- Services
- StatefulSets
- Storage classes
- SubjectAccessReviews
- TokenReviews
- ValidatingWebhookConfigurations
- VolumeAttachments
- Summary
- Questions
- Chapter 4: Services, Load Balancing, and Network Policies
- Technical requirements
- Exposing workloads to requests
- Understanding how Services work
- Creating a Service
- Using DNS to resolve services
- Understanding different service types
- The ClusterIP service
- The NodePort service.
- The LoadBalancer service
- The ExternalName service
- Introduction to load balancers
- Understanding the OSI model
- Layer 7 load balancers
- Name resolution and layer 7 load balancers
- Using nip.io for name resolution
- Creating Ingress rules
- Resolving Names in Ingress Controllers
- Using Ingress Controllers for non-HTTP traffic
- Layer 4 load balancers
- Layer 4 load balancer options
- Using MetalLB as a layer 4 load balancer
- Installing MetalLB
- Understanding MetalLB's custom resources
- MetalLB components
- Creating a LoadBalancer service
- Advanced pool configurations
- Disabling automatic address assignments
- Assigning a static IP address to a service
- Using multiple address pools
- IP pool scoping
- Handling buggy networks
- Using multiple protocols
- Introducing Network Policies
- Network policy object overview
- The podSelector
- The policyTypes
- Creating a Network Policy
- Tools to create network policies
- Summary
- Questions
- Chapter 5: External DNS and Global Load Balancing
- Technical requirements
- Making service names available externally
- Setting up ExternalDNS
- Integrating ExternalDNS and CoreDNS
- Adding an ETCD zone to CoreDNS
- ExternalDNS configuration options
- Creating a LoadBalancer service with ExternalDNS integration
- Integrating CoreDNS with an enterprise DNS server
- Exposing CoreDNS to external requests
- Configuring the primary DNS server
- Testing DNS forwarding to CoreDNS
- Load balancing between multiple clusters
- Introducing the Kubernetes Global Balancer
- Requirements for K8GB
- Deploying K8GB to a cluster
- Understanding K8GB load balancing options
- Customizing the Helm chart values
- Using Helm to install K8GB
- Delegating our load balancing zone
- Deploying a highly available application using K8GB.
- Adding an application to K8GB using custom resources
- Adding an application to K8GB using Ingress annotations
- Understanding how K8GB provides global load balancing
- Keeping the K8GB CoreDNS servers in sync
- Summary
- Questions
- Chapter 6: Integrating Authentication into Your Cluster
- Technical requirements
- Getting Help
- Understanding how Kubernetes knows who you are
- External users
- Groups in Kubernetes
- Service accounts
- Understanding OpenID Connect
- The OpenID Connect protocol
- Following OIDC and the API's interaction
- id_token
- Other authentication options
- Certificates
- Service accounts
- TokenRequest API
- Custom authentication webhooks
- Configuring KinD for OpenID Connect
- Addressing the requirements
- Using LDAP and Active Directory with Kubernetes
- Mapping Active Directory groups to RBAC RoleBindings
- Kubernetes Dashboard access
- Kubernetes CLI access
- Enterprise compliance requirements
- Pulling it all together
- Deploying OpenUnison
- Configuring the Kubernetes API to use OIDC
- Verifying OIDC integration
- Using your tokens with kubectl
- Introducing impersonation to integrate authentication with cloud-managed clusters
- What is Impersonation?
- Security considerations
- Configuring your cluster for impersonation
- Testing Impersonation
- Using Impersonation for Debugging
- Configuring Impersonation without OpenUnison
- Impersonation RBAC policies
- Default groups
- Inbound Impersonation
- Privileged Access to Clusters
- Using a Privileged User Account
- Impersonating a Privileged User
- Temporarily Authorizing Privilege
- Authenticating from pipelines
- Using tokens
- Using certificates
- Using a pipeline's identity
- Avoiding anti-patterns
- Summary
- Questions
- Answers
- Chapter 7: RBAC Policies and Auditing
- Technical requirements.
- Introduction to RBAC
- What's a Role?
- Identifying a Role
- Roles versus ClusterRoles
- Negative Roles
- Aggregated ClusterRoles
- RoleBindings and ClusterRoleBindings
- Combining ClusterRoles and RoleBindings
- Mapping enterprise identities to Kubernetes to authorize access to resources
- Implementing namespace multi-tenancy
- Kubernetes auditing
- Creating an audit policy
- Enabling auditing on a cluster
- Using audit2rbac to debug policies
- Summary
- Questions
- Answers
- Chapter 8: Managing Secrets
- Technical Requirements
- Getting Help
- Examining the difference between Secrets and Configuration Data
- Managing Secrets in an Enterprise
- Threats to Secrets at Rest
- Threats to Secrets in Transit
- Protecting Secrets in Your Applications
- Understanding Secrets Managers
- Storing Secrets as Secret Objects
- Sealed Secrets
- External Secrets Managers
- Using a Hybrid of External Secrets Management and Secret Objects
- Integrating Secrets into Your Deployments
- Volume Mounts
- Using Kubernetes Secrets
- Using Vault's Sidecar Injector
- Environment Variables
- Using Kubernetes Secrets
- Using the Vault Sidecar
- Using the Kubernetes Secrets API
- Using the Vault API
- Summary
- Questions
- Answers
- Chapter 9: Building Multitenant Clusters with vClusters
- Technical requirements
- Getting Help
- The Benefits and Challenges of Multitenancy
- Exploring the Benefits of Multitenancy
- The Challenges of Multitenant Kubernetes
- Using vClusters for Tenants
- Deploying vClusters
- Securely Accessing vClusters
- Accessing External Services from a vCluster
- Creating and Operating High-Availability vClusters
- Understanding vCluster High Availability
- Upgrading vClusters
- Building a Multitenant Cluster with Self Service
- Analyzing Requirements
- Designing the Multitenant Platform.
- Deploying Our Multitenant Platform.
