Hands-On Kubernetes, Service Mesh and Zero-Trust: Build and manage secure applications using Kubernetes and Istio

Book Title
Inner title
Copyright
Dedicated
About the Authors
About the Reviewer
Acknowledgements
Preface
Code Bundle and Coloured Images
Piracy
Table of Contents
Chapter 1: Docker and 
Kubernetes 101
	Introduction
	Structure
	Objectives
	Introduction to Docker
	Introduction to Kubernetes
		Kubernetes architecture
		Principles of immutability, declarative and self-healing
	Installing Kubernetes
		Installing Kubernetes locally using Minikube
		Installing Kubernetes in Docker
	Kubernetes client
		Checking the version
		Checking the status of Kubernetes Master Daemons
		Listing all worker nodes and describing the worker node
	Strategies to validate cluster quality
		Cost-efficiency as measure of quality
	Conclusion
	Points to remember
	Multiple choice questions
		Answers
Chapter 2: PODs
	Introduction
	Structure
	Objectives
	Concept of Pods
	CRUD operations on Pods
		Creating and running Pods
		Listing Pods
		Deleting Pods
	Accessing PODs
		Accessing via port forwarding
		Running commands inside PODs using exec
		Accessing logs
	Managing resources
		Resource requests: Minimum and maximum limits to PODs
	Data persistence
		Internal: Using data volumes with PODs
		External: Data on remote disks
	Health checks
		Startup probe
		Liveness probe
		Readiness probe
	POD security
		Pod Security Standards
		Pod Security Admissions
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 3: HTTP Load Balancing with 
Ingress
	Introduction
	Structure
	Objectives
	Networking 101
		Configuring Kubeproxy
		Configuring container network interfaces
	Ingress specifications and Ingress controller
	Effective Ingress usage
		Utilizing hostnames
		Utilizing paths
	Advanced Ingress
		Running and managing multiple Ingress controllers
		Ingress and namespaces
		Path rewriting
		Serving TLS
	Alternate implementations
	API gateways
		Need for API gateways
	Securing network
		Securing via network policies
		Securing via third-party tool
	Best practices for securing a network
	Conclusion
	Points to remember
	Multiple choice questions
		Answers
	Questions
Chapter 4: Kubernetes Workload Resources
	Introduction
	Structure
	Objectives
	ReplicaSets
		Designing ReplicaSets
		Creating ReplicaSets
		Inspecting ReplicaSets
		Scaling ReplicaSets
		Deleting ReplicaSets
	Deployments
		Creating deployments
		Managing deployments
		Updating deployments
		Deployment strategies
		Monitoring deployment status
		Deleting deployments
	DaemonSets
		Creating DaemonSets
		Restricting DaemonSets to specific nodes
		Updating DaemonSets
		Deleting DaemonSets
	Kubernetes Jobs
		Jobs
		Job patterns
		Pod and container failures
		Cleaning up finished jobs automatically
		CronJobs
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 5: ConfigMap, Secrets, and 
Labels
	Introduction
	Structure
	Objectives
	ConfigMap
		Creating ConfigMap
		Consuming ConfigMaps
	Secrets
		Creating Secrets
		Consuming Secrets
	Managing ConfigMaps and Secrets
		Listing
		Creating
		Updating
	Applying and modifying labels
	Labels selectors
		Equality-based selector
		Set-based selectors
		Role of labels in Kubernetes architecture
	Defining annotations
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 6: Configuring Storage with 
Kubernetes
	Introduction
	Structure
	Objectives
	Storage provisioning in Kubernetes
		Volumes
		Persistent Volumes and Persistent Volume claims
		Storage class
		Using StorageClass for dynamic provisioning
	StatefulSets
		Properties of StatefulSets
		Volume claim templates
		Headless service
	Installing MongoDB on Kubernetes using StatefulSets
	Disaster recovery
	Container storage interface
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 7: Introduction to Service 
Discovery
	Introduction
	Structure
	Objectives
	What is service discovery?
		Client-side discovery pattern
		Server-side discovery pattern
	Service registry
	Registration patterns
		Self-registration pattern
		Third-party registration
	Service discovery in Kubernetes
		Service discovery using etcd
		Service discovery in Kubernetes via Kubeproxy and DNS
	Advance details
		Endpoints
		Manual service discovery
		Cluster IP environment variables
		Kubeproxy and cluster IPs
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 8: Zero Trust Using Kubernetes
	Introduction
	Structure
	Objectives
	Kubernetes security challenges
	Role-based access control (RBAC)
		Identity
	Role and role bindings
		Managing RBAC
		Aggregating cluster roles
		User groups for bindings
	Introduction to Zero Trust Architecture
		Recommendations for Kubernetes Pod security
		Recommendations for Kubernetes network security
		Recommendations for authentication and authorization
		Recommendations for auditing and threat detection
		Recommendation for application security practices
	Zero trust in Kubernetes
		Identity-based service to service accesses and communication
		Include secret and certificate management and hardened Kubernetes encryption
		Enable observability with audits and logging
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 9: Monitoring, Logging and 
Observability
	Introduction
	Structure
	Objectives
	Kubernetes observability deep dive
		Selecting metrics for SLIs
		Setting SLO
		Tracking error budgets
		Creating alerts
		Probes and uptime checks
	Pillars of Kubernetes observability
	Challenges in observability
	Exploring metrics using Prometheus and Grafana
		Installing Prometheus and Grafana
		Pushing custom metrics to Prometheus
		Creating dashboard on the metrics using Grafana
	Logging and tracing
		Logging using Fluentd
		Tracing with Open Telemetry using Jae
	Defining a typical SRE process
	Responsibilities of SRE
		Incident management
		Playbook maintenance
		Drills
	Selecting monitoring, metrics and visualization tools
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 10: Effective 
Scaling
	Introduction
	Structure
	Objectives
	Needs of scaling microservices individually
	Principles of scaling
	Challenges of scaling
	Introduction to auto scaling
	Types of scaling in K8s
		Horizontal pod scaling
		Vertical pod scaling
		Cluster autoscaling
		Standard metric scaling
		Custom Metric scaling
	Best practices of scaling
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 11: Introduction to Service Mesh and Istio
	Introduction
	Structure
	Objectives
	Why do you need a Service Mesh?
		Service discovery
		Load balancing the traffic
		Monitoring the traffic between services
		Collecting metrics
		Recovering from failure
	What is a Service Mesh?
	What is Istio?
	Istio architecture
		Data plane
		Control plane
	Installing Istio
		Installation using istioctl
	Cost of using a Service Mesh
		Data plane performance and resource consumption
		Control plane performance and resource consumption
	Customizing the Istio setup
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 12: Traffic Management Using Istio
	Introduction
	Structure
	Objectives
	Traffic management via gateways
		Virtual service and destination rule
	Controlling Ingress and Egress traffic
	Shifting traffic between versions
	Injecting faults for testing
	Timeouts and retries
	Circuit breaking
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 13: Observability Using Istio
	Introduction
	Structure
	Objectives
	Understanding the telemetry flow
	Sample application and proxy logs
	Visualizing Service Mesh with Kiali
	Querying Istio Metrics with Prometheus
	Monitoring dashboards with Grafana
	Distributed tracing
	Conclusion
	Points to remember
	Questions
		Answers
Chapter 14: Securing Your Services Using Istio
	Introduction
	Structure
	Objectives
	Identity Management with Istio
		Identity verification in TLS
		Certificate generation process in Istio
	Authentication with Istio
		Mutual TLS authentication
		Secure naming
		Peer authentication with a sample application
	Authorization with Istio
		Service authorization
		End user authorization
	Security architecture of Istio
	Conclusion
	Points to remember
	Questions
		Answers
Index
Back title