دسترسی نامحدود
برای کاربرانی که ثبت نام کرده اند
دانلود کتاب Kubernetes – An Enterprise Guide: Master containerized application deployments, integrate enterprise systems, 3rd Edition
دانلود کتاب Kubernetes – یک راهنمای سازمانی: استقرار برنامه های کاربردی کانتینری شده، یکپارچه سازی سیستم های سازمانی، نسخه سوم
مشخصات کتاب
Kubernetes – An Enterprise Guide: Master containerized application deployments, integrate enterprise systems, 3rd Edition
ویرایش: [Third Edition] نویسندگان: Marc Boorshtein &, Scott Surovich سری: ISBN (شابک) : 9781835086957 ناشر: Packt سال نشر: 2024 تعداد صفحات: 654 زبان: English فرمت فایل : EPUB (درصورت درخواست کاربر به PDF، EPUB یا AZW3 تبدیل می شود) حجم فایل: 19 Mb
قیمت کتاب (تومان) : 74,000
در صورت تبدیل فایل کتاب Kubernetes – An Enterprise Guide: Master containerized application deployments, integrate enterprise systems, 3rd Edition به فرمت های PDF، EPUB، AZW3، MOBI و یا DJVU می توانید به پشتیبان اطلاع دهید تا فایل مورد نظر را تبدیل نمایند.
توجه داشته باشید کتاب Kubernetes – یک راهنمای سازمانی: استقرار برنامه های کاربردی کانتینری شده، یکپارچه سازی سیستم های سازمانی، نسخه سوم نسخه زبان اصلی می باشد و کتاب ترجمه شده به فارسی نمی باشد. وبسایت اینترنشنال لایبرری ارائه دهنده کتاب های زبان اصلی می باشد و هیچ گونه کتاب ترجمه شده یا نوشته شده به فارسی را ارائه نمی دهد.
توضیحاتی درمورد کتاب به خارجی
فهرست مطالب
Preface
Who this book is for
What this book covers
To get the most out of this book
Supplementary content
Get in touch
Docker and Container Essentials
Technical requirements
Understanding the need for containerization
Understanding why Kubernetes removed Docker
Introducing Docker
Docker versus Moby
Understanding Docker
Containers are ephemeral
Docker images
Image layers
Persistent data
Accessing services running in containers
Installing Docker
Preparing to install Docker
Installing Docker on Ubuntu
Granting Docker permissions
Using the Docker CLI
docker help
docker run
docker ps
docker start and stop
docker attach
docker exec
docker logs
docker rm
docker pull/run
docker build
Summary
Questions
Join our book’s Discord space
Deploying Kubernetes Using KinD
Technical requirements
Introducing Kubernetes components and objects
Interacting with a cluster
Using development clusters
Why did we select KinD for this book?
Working with a basic KinD Kubernetes cluster
Understanding the node image
KinD and Docker networking
Keeping track of the nesting dolls
Installing KinD
Installing KinD – prerequisites
Installing kubectl
Installing the KinD binary
Creating a KinD cluster
Creating a simple cluster
Deleting a cluster
Creating a cluster config file
Multi-node cluster configuration
Customizing the control plane and Kubelet options
Creating a custom KinD cluster
Reviewing your KinD cluster
KinD storage objects
Storage drivers
KinD storage classes
Using KinD’s Storage Provisioner
Adding a custom load balancer for Ingress
Creating the KinD cluster configuration
The HAProxy configuration file
Understanding HAProxy traffic flow
Simulating a kubelet failure
Summary
Questions
Kubernetes Bootcamp
Technical requirements
An overview of Kubernetes components
Exploring the control plane
The Kubernetes API server
The etcd database
kube-scheduler
kube-controller-manager
cloud-controller-manager
Understanding the worker node components
kubelet
kube-proxy
Container runtime
Interacting with the API server
Using the Kubernetes kubectl utility
Understanding the verbose option
General kubectl commands
Introducing Kubernetes resources
Kubernetes manifests
What are Kubernetes resources?
Reviewing Kubernetes resources
Apiservices
CertificateSigningRequests
ClusterRoles
ClusterRoleBindings
ComponentStatus
ConfigMaps
ControllerRevisions
CronJobs
CSI drivers
CSI nodes
CSIStorageCapacities
CustomResourceDefinitions
DaemonSets
Deployments
Endpoints
EndPointSlices
Events
FlowSchemas
HorizontalPodAutoscalers
IngressClasses
Ingress
Jobs
LimitRanges
LocalSubjectAccessReview
MutatingWebhookConfiguration
Namespaces
NetworkPolicies
Nodes
PersistentVolumeClaims
PersistentVolumes
PodDisruptionBudgets
Pods
PodTemplates
PriorityClasses
PriorityLevelConfigurations
ReplicaSets
Replication controllers
ResourceQuotas
RoleBindings
Roles
RuntimeClasses
Secrets
SelfSubjectAccessReviews
SelfSubjectRulesReviews
Service accounts
Services
StatefulSets
Storage classes
SubjectAccessReviews
TokenReviews
ValidatingWebhookConfigurations
VolumeAttachments
Summary
Questions
Join our book’s Discord space
Services, Load Balancing, and Network Policies
Technical requirements
Exposing workloads to requests
Understanding how Services work
Creating a Service
Using DNS to resolve services
Understanding different service types
The ClusterIP service
The NodePort service
The LoadBalancer service
The ExternalName service
Introduction to load balancers
Understanding the OSI model
Layer 7 load balancers
Name resolution and layer 7 load balancers
Using nip.io for name resolution
Creating Ingress rules
Resolving Names in Ingress Controllers
Using Ingress Controllers for non-HTTP traffic
Layer 4 load balancers
Layer 4 load balancer options
Using MetalLB as a layer 4 load balancer
Installing MetalLB
Understanding MetalLB’s custom resources
MetalLB components
Creating a LoadBalancer service
Advanced pool configurations
Disabling automatic address assignments
Assigning a static IP address to a service
Using multiple address pools
IP pool scoping
Handling buggy networks
Using multiple protocols
Introducing Network Policies
Network policy object overview
The podSelector
The policyTypes
Creating a Network Policy
Tools to create network policies
Summary
Questions
External DNS and Global Load Balancing
Technical requirements
Making service names available externally
Setting up ExternalDNS
Integrating ExternalDNS and CoreDNS
Adding an ETCD zone to CoreDNS
ExternalDNS configuration options
Creating a LoadBalancer service with ExternalDNS integration
Integrating CoreDNS with an enterprise DNS server
Exposing CoreDNS to external requests
Configuring the primary DNS server
Testing DNS forwarding to CoreDNS
Load balancing between multiple clusters
Introducing the Kubernetes Global Balancer
Requirements for K8GB
Deploying K8GB to a cluster
Understanding K8GB load balancing options
Customizing the Helm chart values
Using Helm to install K8GB
Delegating our load balancing zone
Deploying a highly available application using K8GB
Adding an application to K8GB using custom resources
Adding an application to K8GB using Ingress annotations
Understanding how K8GB provides global load balancing
Keeping the K8GB CoreDNS servers in sync
Summary
Questions
Join our book’s Discord space
Integrating Authentication into Your Cluster
Technical requirements
Getting Help
Understanding how Kubernetes knows who you are
External users
Groups in Kubernetes
Service accounts
Understanding OpenID Connect
The OpenID Connect protocol
Following OIDC and the API’s interaction
id_token
Other authentication options
Certificates
Service accounts
TokenRequest API
Custom authentication webhooks
Configuring KinD for OpenID Connect
Addressing the requirements
Using LDAP and Active Directory with Kubernetes
Mapping Active Directory groups to RBAC RoleBindings
Kubernetes Dashboard access
Kubernetes CLI access
Enterprise compliance requirements
Pulling it all together
Deploying OpenUnison
Configuring the Kubernetes API to use OIDC
Verifying OIDC integration
Using your tokens with kubectl
Introducing impersonation to integrate authentication with cloud-managed clusters
What is Impersonation?
Security considerations
Configuring your cluster for impersonation
Testing Impersonation
Using Impersonation for Debugging
Configuring Impersonation without OpenUnison
Impersonation RBAC policies
Default groups
Inbound Impersonation
Privileged Access to Clusters
Using a Privileged User Account
Impersonating a Privileged User
Temporarily Authorizing Privilege
Authenticating from pipelines
Using tokens
Using certificates
Using a pipeline’s identity
Avoiding anti-patterns
Summary
Questions
Answers
RBAC Policies and Auditing
Technical requirements
Introduction to RBAC
What’s a Role?
Identifying a Role
Roles versus ClusterRoles
Negative Roles
Aggregated ClusterRoles
RoleBindings and ClusterRoleBindings
Combining ClusterRoles and RoleBindings
Mapping enterprise identities to Kubernetes to authorize access to resources
Implementing namespace multi-tenancy
Kubernetes auditing
Creating an audit policy
Enabling auditing on a cluster
Using audit2rbac to debug policies
Summary
Questions
Answers
Join our book’s Discord space
Managing Secrets
Technical Requirements
Getting Help
Examining the difference between Secrets and Configuration Data
Managing Secrets in an Enterprise
Threats to Secrets at Rest
Threats to Secrets in Transit
Protecting Secrets in Your Applications
Understanding Secrets Managers
Storing Secrets as Secret Objects
Sealed Secrets
External Secrets Managers
Using a Hybrid of External Secrets Management and Secret Objects
Integrating Secrets into Your Deployments
Volume Mounts
Using Kubernetes Secrets
Using Vault’s Sidecar Injector
Environment Variables
Using Kubernetes Secrets
Using the Vault Sidecar
Using the Kubernetes Secrets API
Using the Vault API
Summary
Questions
Answers
Building Multitenant Clusters with vClusters
Technical requirements
Getting Help
The Benefits and Challenges of Multitenancy
Exploring the Benefits of Multitenancy
The Challenges of Multitenant Kubernetes
Using vClusters for Tenants
Deploying vClusters
Securely Accessing vClusters
Accessing External Services from a vCluster
Creating and Operating High-Availability vClusters
Understanding vCluster High Availability
Upgrading vClusters
Building a Multitenant Cluster with Self Service
Analyzing Requirements
Designing the Multitenant Platform
Deploying Our Multitenant Platform
Summary
Questions
Answers
Join our book’s Discord space
Deploying a Secured Kubernetes Dashboard
Technical requirements
Getting help
How does the dashboard know who you are?
Dashboard architecture
Authentication methods
Understanding dashboard security risks
Exploring Dashboard Security Issues
Using a token to log in
Unencrypted Connections
Deploying the dashboard with a reverse proxy
Local dashboards
Other cluster-level applications
Integrating the dashboard with OpenUnison
What’s changed in the Kubernetes Dashboard 7.0
Summary
Questions
Answers
Extending Security Using Open Policy Agent
Technical requirements
Introduction to dynamic admission controllers
What is OPA and how does it work?
OPA architecture
Rego, the OPA policy language
Gatekeeper
Deploying Gatekeeper
Automated testing framework
Using Rego to write policies
Developing an OPA policy
Testing an OPA policy
Deploying policies to Gatekeeper
Building dynamic policies
Debugging Rego
Using existing policies
Enforcing Ingress policies
Enabling the Gatekeeper cache
Mocking up test data
Building and deploying our policy
Mutating objects and default values
Creating policies without Rego
Using Kubernetes’ validating admission policies
Summary
Questions
Answers
Join our book’s Discord space
Node Security with Gatekeeper
Technical requirements
What is node security?
Understanding the difference between containers and VMs
Container breakouts
Properly designing containers
Using and Debugging Distroless Images
Scanning Images for Known Exploits
Enforcing node security with Gatekeeper
What about Pod Security Policies?
What are the differences between PSPs, PSA, and Gatekeeper?
Authorizing node security policies
Deploying and debugging node security policies
Generating security context defaults
Enforcing cluster policies
Debugging constraint violations
Scaling policy deployment in multi-tenant clusters
Using Pod Security Standards to enforce Node Security
Summary
Questions
Answers
KubeArmor Securing Your Runtime
Technical requirements
What is runtime security?
Introducing KubeArmor
Introduction to Linux Security
Welcome to KubeArmor
Container security
Inline mitigation versus post-attack mitigation
Zero-day vulnerability
CI/CD pipeline integration
Robust auditing and logging
Enhanced container visibility
Least privilege tenet adherence
Policy enforcement
Staying in compliance
Policy impact testing
Multi-tenancy support
Cluster requirements for the exercises
Deploying KubeArmor
Enabling KubeArmor logging
KubeArmor and LSM policies
Creating a KubeArmorSecurityPolicy
Using karmor to interact with KubeArmor
karmor install and uninstall
karmor probe
karmor profile
karmor recommend
karmor logs
karmor vm
Summary
Questions
Answers
Join our book’s Discord space
Backing Up Workloads
Technical requirements
Understanding Kubernetes backups
Performing an etcd backup
Backing up the required certificates
Backing up the etcd database
Introducing and setting up VMware’s Velero
Velero requirements
Installing the Velero CLI
Installing Velero
Backup storage location
Deploying MinIO
Exposing MinIO and the console
Installing Velero
Using Velero to back up workloads and PVCs
Backing up PVCs
Using the opt-out approach
Using the opt-in approach
Limitations of backing up data
Running a one-time cluster backup
Scheduling a cluster backup
Creating a custom backup
Managing Velero using the CLI
Using common Velero commands
Listing Velero objects
Retrieving details for a Velero object
Creating and deleting objects
Restoring from a backup
Restoring in action
Restoring a deployment from a backup
Simulating a failure
Restoring a namespace
Using a backup to create workloads in a new cluster
Backing up the cluster
Building a new cluster
Restoring a backup to the new cluster
Installing Velero in the new cluster
Restoring a backup in a new cluster
Deleting the new cluster
Summary
Questions
Answers
Monitoring Clusters and Workloads
Technical Requirements
Getting Help
Managing Metrics in Kubernetes
How Kubernetes Provides Metrics
Deploying the Prometheus Stack
Introduction to Prometheus
How Does Prometheus Collect Metrics?
Common Kubernetes Metrics
Querying Prometheus with PromQL
Alerting with Alertmanager
How Do You Know Whether Something Is Broken?
Alerting Your Team Based on Metrics
Silencing Alerts
Visualizing Data with Grafana
Creating Your Own Graphs
Monitoring Applications
Why You Should Add Metrics to Your Applications
Adding Metrics to OpenUnison
Securing Access to the Metrics Endpoint
Securing Access to Your Monitoring Stack
Log Management in Kubernetes
Understanding Container Logs
Introducing OpenSearch
Deploying OpenSearch
Tracing Logs from Your Container to Your Console
Viewing Log Data in Kibana
Summary
Questions
Answers
Join our book’s Discord space
An Introduction to Istio
Technical requirements
Understanding the Control Plane and Data Plane
The Control Plane
The Data Plane
Why should you care about a Service mesh?
Workload observability
Traffic management
Blue/green deployments
Canary deployments
Finding issues before they happen
Security
Introduction to Istio concepts
Understanding the Istio components
Making the Control Plane simple with istiod
Understanding istio-ingressgateway
Understanding istio-egressgateway
Installing Istio
Downloading Istio
Installing Istio using a profile
Exposing Istio in a KinD cluster
Introducing Istio resources
Authorization policies
Example 1: Denying and allowing all access
Example 2: Allowing only GET methods to a workload
Example 3: Allowing requests from a specific source
Gateways
Virtual services
Destination rules
Peer authentication
Request authentication and authorization policies
Service entries
Sidecars
Envoy filters
WASM plugins
Deploying add-on components to provide observability
Installing Istio add-ons
Installing Kiali
Deploying an application into the Service mesh
Deploying your first application into the mesh
Using Kiali to observe mesh workloads
The Kiali overview screen
Using the Graph view
Using the Applications view
Using the Workloads view
Using the Services view
The Istio Config view
The future: Ambient mesh
Summary
Questions
Answers
Building and Deploying Applications on Istio
Technical requirements
Comparing microservices and monoliths
My history with microservices versus monolithic architecture
Comparing architectures in an application
Monolithic application design
Microservices design
Choosing between monoliths and microservices
Using Istio to help manage microservices
Deploying a monolith
Exposing our monolith outside our cluster
Configuring sticky sessions
Integrating Kiali and OpenUnison
Building a microservice
Deploying Hello World
Integrating authentication into our service
Authorizing access to our service
Telling your service who’s using it
Authorizing user entitlements
Authorizing in service
Using OPA with Istio
Creating an OPA Authorization Rule
Calling other services
Using OAuth2 Token Exchange
Passing tokens between services
Using simple impersonation
Do I need an API gateway?
Summary
Questions
Join our book’s Discord space
Provisioning a Multitenant Platform
Technical requirements
Designing a pipeline
Opinionated platforms
Securing your pipeline
Building our platform’s requirements
Choosing our technology stack
Designing our platform architecture
Securely managing a remote Kubernetes cluster
Securely pushing and pulling images
Using Infrastructure as Code for deployment
Automating tenant onboarding
Designing a GitOps strategy
Considerations for building an Internal Developer Platform
Summary
Questions
Answers
Building a Developer Portal
Technical Requirements
Fulfilling Compute Requirements
Using Cloud-Managed Kubernetes
Building a Home Lab
Customizing Nodes
Accessing Services on Your Nodes
Deploying Pulumi
Deploying our IDP
Setting Up Pulumi
Initial Deployment
Unsealing Vault
Completing the Harbor Configuration
Completing the GitLab Configuration
Generating a GitLab Runner
Generating a GitLab Personal Access Token
Finishing the Control Plane Rollout
Integrating Development and Production
Bootstrapping GitOps with OpenUnison
Onboarding a Tenant
Deploying an Application
Promoting to Production
Adding Users to a Tenant
Expanding Our Platform
Different Sources of Identity
Integrating Monitoring and Logging
Integrating Policy Management
Replacing Components
Summary
Questions
Answers
Join our book’s Discord space
Other Books You May Enjoy
Share your thohughts
Index
