book

Kubernetes and Docker - An Enterprise Guide

Name: Kubernetes and Docker - An Enterprise Guide
ISBN: 9781839213403

by Scott Surovich, Marc Boorshtein

November 2020

Intermediate to advanced

526 pages

10h 55m

English

Packt Publishing

Read now

Unlock full access

Kubernetes and Docker – An Enterprise Guide
Why subscribe?ForewordContributorsAbout the authorsAbout the reviewerPackt is searching for authors like you
Preface
Who this book is forWhat this book coversTo get the most out of this bookDownload the example code filesCode in ActionDownload the color imagesConventions usedGet in touchReviews
Section 1: Docker and Container Fundamentals
Chapter 1: Docker and Container Essentials
Technical requirementsUnderstanding the need for containerizationIntroducing DockerUnderstanding DockerContainers are ephemeralDocker imagesImage layersPersistent dataAccessing services running in containersInstalling DockerPreparing to install DockerInstalling Docker on UbuntuGranting Docker permissionsUsing the Docker CLIdocker helpdocker rundocker psdocker start and stopdocker attachdocker exec docker logsdocker rmSummaryQuestions
Chapter 2: Working with Docker Data
Technical requirementsWhy you need persistent dataDocker volumesCreating a volume using the CLIMounting a volume in a containerMounting an existing volumeMounting a volume in multiple containersListing Docker volumesCleaning up volumesDocker bind mountsDocker tmpfs mountsUsing a tmpfs mount in a containerSummaryQuestions
Chapter 3: Understanding Docker Networking
Technical requirementsExploring Docker networkingA quick TCP/IP port refresherBinding a port to a serviceDocker networking driversThe default bridge networkViewing the available networksRetrieving details on a networkCreating user-defined bridge networksConnecting a container to a user-defined networkChanging the network on a running containerRemoving a networkRunning a container without networkingExposing container servicesExposing ports using a host networkExposing ports using a bridge networkSummaryQuestions
Section 2: Creating Kubernetes Development Clusters, Understanding objects, and Exposing Services
Chapter 4: Deploying Kubernetes Using KinD
Technical requirementsIntroducing Kubernetes components and objectsInteracting with a clusterUsing development clustersWhy did we select KinD for this book?Working with a base KinD Kubernetes clusterUnderstanding the node imageKinD and Docker networkingKeeping track of the nesting dollsInstalling KinDInstalling KinD – prerequisitesInstalling KubectlInstalling GoInstalling the KinD binaryCreating a KinD clusterCreating a simple clusterDeleting a clusterCreating a cluster config fileMulti-node cluster configurationCustomizing the control plane and Kubelet optionsCreating a custom KinD clusterInstalling CalicoInstalling an Ingress controllerReviewing your KinD cluster KinD storage objectsStorage driversKinD storage classesUsing KinD's storage provisionerAdding a custom load balancer for IngressInstallation prerequisitesCreating the KinD cluster configurationDeploying a custom HAProxy containerUnderstanding HAProxy traffic flowSimulating a Kubelet failureDeleting the HAProxy containerSummaryQuestions
Chapter 5: Kubernetes Bootcamp
Technical requirementsAn overview of Kubernetes componentsExploring the control planeThe Kubernetes API serverThe Etcd databasekube-schedulerkube-controller-managercloud-controller-managerUnderstanding the worker node componentskubeletkube-proxyContainer runtimeInteracting with the API serverUsing the Kubernetes kubectl utilityUnderstanding the verbose optionGeneral kubectl commandsIntroducing Kubernetes objectsKubernetes manifestsWhat are Kubernetes objects?Reviewing Kubernetes objectsConfigMaps EndpointsEventsNamespacesNodesPersistent Volume Claims PVsPodsReplication controllersResourceQuotasSecretsService accountsServicesCustomResourceDefinitions DaemonSetsDeploymentsReplicaSets StatefulSetsHorizontalPodAutoscalers CronJobsJobsEventsIngresses NetworkPoliciesPodSecurityPoliciesClusterRoleBindingsClusterRolesRoleBindingsRolesCsiDriversCsiNodesStorageClassesSummaryQuestions
Chapter 6: Services, Load Balancing, and External DNS
Technical requirementsExposing workloads to requestsUnderstanding how services workCreating a serviceUsing DNS to resolve servicesUnderstanding different service typesThe ClusterIP serviceThe NodePort serviceThe LoadBalancer serviceThe ExternalName serviceIntroduction to load balancersUnderstanding the OSI modelLayer 7 load balancersName resolution and layer 7 load balancersUsing nip.io for name resolutionCreating an Ingress rulesLayer 4 load balancersLayer 4 load balancer optionsUsing MetalLB as a layer 4 load balancerInstalling MetalLBUnderstanding MetalLB's configuration fileMetalLB componentsCreating a LoadBalancer serviceAdding multiple IP pools to MetalLBUsing multiple protocolsMultiple protocol issuesUsing multiple protocols with MetalLB Using shared-IPsMaking service names available externallySetting up external-dnsIntegrating external-dns and CoreDNS Adding an ETCD zone to CoreDNSCreating a LoadBalancer service with external-dns integrationIntegrating CoreDNS with an enterprise DNSSummaryQuestions

Section 3: Running Kubernetes in the Enterprise
Chapter 7: Integrating Authentication into Your Cluster
Technical requirementsUnderstanding how Kubernetes knows who you areExternal usersGroups in KubernetesService accountsUnderstanding OpenID Connect The OpenID Connect protocolFollowing OIDC and the API's interactionid_tokenOther authentication optionsCertificatesService accountsTokenRequest APICustom authentication webhooksKeystoneConfiguring KinD for OpenID ConnectAddressing the requirementsUse Active Directory Federation ServicesMapping Active Directory Groups to RBAC RoleBindingsKubernetes Dashboard accessKubernetes CLI accessEnterprise compliance requirementsPulling it all togetherDeploying OIDCDeploying OpenUnisonConfiguring the Kubernetes API to use OIDCVerifying OIDC integrationUsing your tokens with kubectlIntroducing impersonation to integrate authentication with cloud-managed clusters What is Impersonation?Security considerationsConfiguring your cluster for impersonationTesting impersonationConfiguring Impersonation without OpenUnisonImpersonation RBAC policiesDefault groupsSummaryQuestions
Chapter 8: RBAC Policies and Auditing
Technical requirementsIntroduction to RBACWhat's a Role?Identifying a RoleRoles versus ClusterRolesNegative RolesAggregated ClusterRolesRoleBindings and ClusterRoleBindingsCombining ClusterRoles and RoleBindingsMapping enterprise identities to Kubernetes to authorize access to resourcesImplementing namespace multi-tenancyKubernetes auditing Creating an audit policyEnabling auditing on a clusterUsing audit2rbac to debug policiesSummaryQuestions
Chapter 9: Deploying a Secured Kubernetes Dashboard
Technical requirementsHow does the dashboard know who you are?Dashboard architectureAuthentication methodsUnderstanding dashboard security risksDeploying an insecure dashboardUsing a token to log inDeploying the dashboard with a reverse proxyLocal dashboardsOther cluster-level applicationsIntegrating the dashboard with OpenUnisonSummaryQuestions
Chapter 10: Creating PodSecurityPolicies
Technical requirementsWhat is a PodSecurityPolicy?Understanding the difference between containers and VMsContainer breakoutsProperly designing containersPSP detailsAssigning a PSPAren't they going away?Enabling PSPsAlternatives to PSPsSummaryQuestions
Chapter 11: Extending Security Using Open Policy Agent
Technical requirementsIntroduction to dynamic admission controllersWhat is OPA and how does it work?OPA architectureRego, the OPA policy languageGateKeeperDeploying GateKeeper Automated testing frameworkUsing Rego to write policiesDeveloping an OPA policyTesting an OPA policyDeploying policies to GateKeeperBuilding dynamic policiesDebugging RegoUsing existing policiesEnforcing memory constraintsEnabling the GateKeeper cacheMocking up test dataBuilding and deploying our policyEnforcing Pod Security Policies using OPASummaryQuestions
Chapter 12: Auditing using Falco and EFK
Technical requirementsExploring auditingIntroducing FalcoExploring Falco's configuration filesThe falco.yaml configuration fileFalco rules config filesUnderstanding rulesUnderstanding conditions (fields and values)Using macrosUnderstanding listsCreating and appending to custom rulesAppending to an existing ruleCreating a new ruleDeploying FalcoFalco kernel moduleCreating a kernel module using installed kernel headersUsing headers to create the Falco moduleCreating a kernel module using driverkitDriverkit requirementsInstalling Falco's driverkitCreating the module and adding it to the hostUsing the module on a clusterUsing the module in KinDDeploying the Falco DaemonsetCreating the Falco service account and serviceDeploying EFKCreating a new namespaceAdding chart repos to HelmDeploying the Elasticsearch chartDeploying FluentdDeploying FalcosidekickDeploying KibanaCreating an ingress rule for KibanaUsing the Kibana dashboardSummaryQuestions
Chapter 13: Backing Up Workloads
Technical requirementsUnderstanding Kubernetes backupsPerforming an etcd backupBacking up the required certificatesBacking up the etcd databaseIntroducing and setting up Heptio's VeleroVelero requirementsInstalling the Velero CLI Installing VeleroBackup storage locationDeploying MinIOExposing the MinIO dashboardCreating the S3 target configurationUsing Velero to back up workloadsRunning a one-time cluster backupScheduling a cluster backupCreating a custom backupManaging Velero using the CLIUsing common Velero commandsListing Velero objectsRetrieving details for a Velero objectCreating and deleting objectsRestoring from a backupRestoring in actionRestoring a deployment from a backupBacking up the namespaceSimulating a failureRestoring a namespaceUsing a backup to create workloads in a new clusterBacking up the clusterBuilding a new clusterRestoring a backup to the new clusterInstalling Velero in the new clusterRestoring a backup in a new clusterDeleting the new clusterSummaryQuestions
Chapter 14: Provisioning a Platform
Technical requirementsDesigning a pipelineOpinionated platformsSecuring your pipelineBuilding our platform's requirementsChoosing our technology stackPreparing our clusterDeploying cert-managerDeploying the Docker container registryDeploying OpenUnisonDeploying GitLabCreating example projectsDeploying TektonBuilding Hello WorldBuilding automaticallyDeploying ArgoCDAutomating project onboarding using OpenUnisonIntegrating GitLabIntegrating ArgoCDUpdating OpenUnisonSummaryQuestions
Assessments
Chapter 1Chapter 2Chapter 3Chapter 4Chapter 5Chapter 6Chapter 7Chapter 8Chapter 9Chapter 10Chapter 11Chapter 12Chapter 13Chapter 14
Other Books You May Enjoy
Leave a review - let other readers know what you think

Overview

This book, "Kubernetes and Docker - An Enterprise Guide", serves as a comprehensive resource for IT professionals aiming to master the deployment and management of Kubernetes clusters in enterprise environments. By exploring detailed examples and practical illustrations, you'll learn not only the fundamental principles but also advanced enterprise considerations, such as security, auditing, and backup.

What this Book will help me do

Learn to create and manage a multinode Kubernetes cluster using kind.
Integrate enterprise features such as OIDC, PSPs, and advanced auditing into Kubernetes workflows.
Implement CI/CD pipelines to efficiently deploy and manage enterprise Kubernetes environments.
Secure Kubernetes clusters by employing advanced open-source solutions like Falco and OPA.
Master the disaster recovery process with comprehensive workload backup tools.

Author(s)

Scott Surovich and Marc Boorshtein are experienced IT professionals passionate about DevOps and containerization technologies. Leveraging years of experience in enterprise technology implementations, they aim to offer practical guidance to complex technical tasks. Their collaborative teaching approach emphasizes equipping readers with knowledge to solve operational challenges.

Who is it for?

This book is well-suited for DevOps professionals, system administrators, and developers interested in both learning the basics of Kubernetes and Docker and diving deep into enterprise-level implementations. Whether you are a beginner with some exposure to container technologies or an intermediate professional looking to refine your skills, this guide provides structured, hands-on knowledge to help achieve those goals.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781839213403

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills