- Mastering Kubernetes
- Table of Contents
- Mastering Kubernetes
- Credits
- About the Author
- About the Reviewer
- www.PacktPub.com
- Customer Feedback
- Preface
- 1. Understanding Kubernetes Architecture
- 2. Creating Kubernetes Clusters
- 3. Monitoring, Logging, and Troubleshooting
- 4. High Availability and Reliability
- High-availability concepts
- High-availability best practices
- Live cluster upgrades
- Large-cluster performance, cost, and design trade-offs
- Summary
- 5. Configuring Kubernetes Security, Limits, and Accounts
- 6. Using Critical Kubernetes Resources
- Designing the Hue platform
- Using Kubernetes to build the Hue platform
- Separating internal and external services
- Using namespace to limit access
- Launching jobs
- Kubectl get pods
- Mixing non-cluster components
- Employing init containers for orderly pod bring-up
- Evolving the Hue platform with Kubernetes
- Summary
- 7. Handling Kubernetes Storage
- Persistent volumes walkthrough
- Public storage volume types - GCE, AWS, and Azure
- GlusterFS and Ceph volumes in Kubernetes
- Flocker as a clustered container data volume manager
- Integrating enterprise storage into Kubernetes
- Summary
- 8. Running Stateful Applications with Kubernetes
- Stateful versus stateless applications in Kubernetes
- Shared environment variables versus DNS records for discovery
- Running a Cassandra cluster in Kubernetes
- Summary
- 9. Rolling Updates, Scalability, and Quotas
- Horizontal pod autoscaling
- Performing rolling updates with autoscaling
- Handling scarce resources with limits and quotas
- Choosing and managing the cluster capacity
- Pushing the envelope with Kubernetes
- Summary
- 10. Advanced Kubernetes Networking
- Understanding the Kubernetes networking model
- Kubernetes networking solutions
- Using network policies effectively
- Load balancing options
- Writing your own CNI plugin
- Summary
- 11. Running Kubernetes on Multiple Clouds and Cluster Federation
- Understanding cluster federation
- Managing a Kubernetes cluster federation
- Setting up cluster federation from the ground up
- Initial setup
- Using the official hyperkube image
- Running the federation control plane
- Registering Kubernetes clusters with federation
- Updating KubeDNS
- Shutting down the federation
- Setting up cluster federation with Kubefed
- Running federated workloads
- Summary
- 12. Customizing Kubernetes - API and Plugins
- Working with the Kubernetes API
- Extending the Kubernetes API
- Writing Kubernetes plugins
- Writing an authorization plugin
- Summary
- 13. Handling the Kubernetes Package Manager
- 14. The Future of Kubernetes
- Index
In this chapter, we covered the many security challenges facing developers and administrators building systems and deploying applications on Kubernetes clusters. But we also explored the many security features and the flexible plugin-based security model that provides many ways to limit, control, and manage containers, pods, and nodes. Kubernetes already provides versatile solutions to most security challenges, and it will only get better as capabilities such as AppArmor and PodSecurityPolicy move from Beta status to general availability. Finally, we considered how to use namespaces to support multiple user communities or deployments in the same Kubernetes cluster.
In Chapter 6, Using Critical Kubernetes Resources, we will look in detail into many Kubernetes resources and concepts, and how to use them and combine them effectively. The Kubernetes object model is built on top of a solid foundation of a small number of generic concepts such as resources, manifests, and metadata. This empowers an extensible, yet surprisingly consistent, object model to expose a very diverse set of capabilities for developers and administrators.
-
No Comment