Kubernetes and Docker - An Enterprise Guide: Effectively containerize applications, integrate enterprise systems and scale applications in your enterprise 9781839213403
Containerization has changed the DevOps game completely, with Docker and Kubernetes playing important roles in altering
3,376 794 21MB
English Pages 526 Year 2020
Table of contents :
Cover
Title Page
Copyright and Credits
Dedication
About Packt
Foreword
Contributors
Table of Contents
Preface
Section 1: Docker and Container Fundamentals
Chapter 1: Docker and Container Essentials
Technical requirements
Understanding the need for containerization
Introducing Docker
Understanding Docker
Containers are ephemeral
Docker images
Image layers
Persistent data
Accessing services running in containers
Installing Docker
Preparing to install Docker
Installing Docker on Ubuntu
Granting Docker permissions
Using the Docker CLI
docker help
docker run
docker ps
docker start and stop
docker attach
docker exec
docker logs
docker rm
Summary
Questions
Chapter 2: Working with Docker Data
Technical requirements
Why you need persistent data
Docker volumes
Creating a volume using the CLI
Mounting a volume in a container
Mounting an existing volume
Mounting a volume in multiple containers
Listing Docker volumes
Cleaning up volumes
Docker bind mounts
Docker tmpfs mounts
Using a tmpfs mount in a container
Summary
Questions
Chapter 3: Understanding Docker Networking
Technical requirements
Exploring Docker networking
A quick TCP/IP port refresher
Binding a port to a service
Docker networking drivers
The default bridge network
Viewing the available networks
Retrieving details on a network
Creating user-defined bridge networks
Connecting a container to a user-defined network
Changing the network on a running container
Removing a network
Running a container without networking
Exposing container services
Exposing ports using a host network
Exposing ports using a bridge network
Summary
Questions
Section 2: Creating Kubernetes Development Clusters, Understanding objects, and Exposing Services
Chapter 4: Deploying Kubernetes Using KinD
Technical requirements
Introducing Kubernetes components and objects
Interacting with a cluster
Using development clusters
Why did we select KinD for this book?
Working with a base KinD Kubernetes cluster
Understanding the node image
KinD and Docker networking
Installing KinD
Installing KinD – prerequisites
Installing the KinD binary
Creating a KinD cluster
Creating a simple cluster
Deleting a cluster
Creating a cluster config file
Multi-node cluster configuration
Customizing the control plane and Kubelet options
Creating a custom KinD cluster
Installing Calico
Installing an Ingress controller
Reviewing your KinD cluster
KinD storage objects
Storage drivers
KinD storage classes
Using KinD's storage provisioner
Adding a custom load balancer for Ingress
Installation prerequisites
Creating the KinD cluster configuration
Deploying a custom HAProxy container
Understanding HAProxy traffic flow
Simulating a Kubelet failure
Deleting the HAProxy container
Summary
Questions
Chapter 5: Kubernetes Bootcamp
Technical requirements
An overview of Kubernetes components
Exploring the control plane
The Kubernetes API server
The Etcd database
kube-scheduler
kube-controller-manager
cloud-controller-manager
Understanding the worker node components
kubelet
kube-proxy
Container runtime
Interacting with the API server
Using the Kubernetes kubectl utility
Understanding the verbose option
General kubectl commands
Introducing Kubernetes objects
Kubernetes manifests
What are Kubernetes objects?
Reviewing Kubernetes objects
Summary
Questions
Chapter 6: Services, Load Balancing, and External DNS
Technical requirements
Exposing workloads to requests
Understanding how services work
Understanding different service types
Introduction to load balancers
Understanding the OSI model
Layer 7 load balancers
Name resolution and layer 7 load balancers
Using nip.io for name resolution
Creating an Ingress rules
Layer 4 load balancers
Layer 4 load balancer options
Using MetalLB as a layer 4 load balancer
Creating a LoadBalancer service
Adding multiple IP pools to MetalLB
Multiple protocol issues
Using multiple protocols with MetalLB
Using shared-IPs
Making service names available externally
Setting up external-dns
Integrating external-dns and CoreDNS
Adding an ETCD zone to CoreDNS
Creating a LoadBalancer service with external-dns integration
Summary
Questions
Section 3: Running Kubernetes in the Enterprise
Chapter 7: Integrating Authentication into Your Cluster
Technical requirements
Understanding how Kubernetes knows who you are
External users
Groups in Kubernetes
Service accounts
Understanding OpenID Connect
The OpenID Connect protocol
Following OIDC and the API's interaction
Other authentication options
Configuring KinD for OpenID Connect
Addressing the requirements
Deploying OIDC
Introducing impersonation to integrate authentication with cloud-managed clusters
What is Impersonation?
Security considerations
Configuring your cluster for impersonation
Testing impersonation
Configuring Impersonation without OpenUnison
Impersonation RBAC policies
Default groups
Summary
Questions
Chapter 8: RBAC Policies and Auditing
Technical requirements
Introduction to RBAC
What's a Role?
Identifying a Role
Roles versus ClusterRoles
Negative Roles
Aggregated ClusterRoles
RoleBindings and ClusterRoleBindings
Mapping enterprise identities to Kubernetes to authorize access to resources
Implementing namespace multi-tenancy
Kubernetes auditing
Creating an audit policy
Enabling auditing on a cluster
Using audit2rbac to debug policies
Summary
Questions
Chapter 9: Deploying a Secured Kubernetes Dashboard
Technical requirements
How does the dashboard know who you are?
Dashboard architecture
Authentication methods
Understanding dashboard security risks
Deploying an insecure dashboard
Using a token to log in
Deploying the dashboard with a reverse proxy
Local dashboards
Other cluster-level applications
Integrating the dashboard with OpenUnison
Summary
Questions
Chapter 10: Creating PodSecurityPolicies
Technical requirements
What is a PodSecurityPolicy?
Understanding the difference between containers and VMs
Container breakouts
Properly designing containers
Aren't they going away?
Enabling PSPs
Alternatives to PSPs
Summary
Questions
Chapter 11: Extending Security Using Open Policy Agent
Technical requirements
Introduction to dynamic admission controllers
What is OPA and how does it work?
OPA architecture
Rego, the OPA policy language
GateKeeper
Automated testing framework
Using Rego to write policies
Developing an OPA policy
Testing an OPA policy
Deploying policies to GateKeeper
Building dynamic policies
Debugging Rego
Using existing policies
Enforcing memory constraints
Enabling the GateKeeper cache
Mocking up test data
Building and deploying our policy
Enforcing Pod Security Policies using OPA
Summary
Questions
Chapter 12: Auditing using Falco and EFK
Technical requirements
Exploring auditing
Introducing Falco
Exploring Falco's configuration files
The falco.yaml configuration file
Falco rules config files
Creating and appending to custom rules
Deploying Falco
Falco kernel module
Creating a kernel module using installed kernel headers
Using headers to create the Falco module
Creating a kernel module using driverkit
Using the module on a cluster
Using the module in KinD
Deploying the Falco Daemonset
Deploying EFK
Summary
Questions
Chapter 13: Backing Up Workloads
Technical requirements
Understanding Kubernetes backups
Performing an etcd backup
Backing up the required certificates
Backing up the etcd database
Introducing and setting up Heptio's Velero
Velero requirements
Installing the Velero CLI
Installing Velero
Using Velero to back up workloads
Running a one-time cluster backup
Scheduling a cluster backup
Creating a custom backup
Managing Velero using the CLI
Using common Velero commands
Restoring from a backup
Restoring in action
Restoring a namespace
Using a backup to create workloads in a new cluster
Restoring a backup to the new cluster
Summary
Questions
Chapter 14: Provisioning a Platform
Technical requirements
Designing a pipeline
Opinionated platforms
Securing your pipeline
Building our platform's requirements
Choosing our technology stack
Preparing our cluster
Deploying cert-manager
Deploying the Docker container registry
Deploying OpenUnison
Deploying GitLab
Creating example projects
Deploying Tekton
Building Hello World
Building automatically
Deploying ArgoCD
Automating project onboarding using OpenUnison
Integrating GitLab
Integrating ArgoCD
Updating OpenUnison
Summary
Questions
Assessments
Other Books You May Enjoy
Index
![Enterprise GIS: Concepts and Applications [1 ed.]
1138478296, 9781138478299](https://dokumen.pub/img/200x200/enterprise-gis-concepts-and-applications-1nbsped-1138478296-9781138478299.jpg)
