book

The Kubernetes Book - Second Edition

Name: The Kubernetes Book - Second Edition
ISBN: 9781835880302

by Nigel Poulton, Pushkar Joglekar

July 2024

Beginner to intermediate

330 pages

6h 48m

English

Packt Publishing

Read now

Unlock full access

0: Preface
Editions Paperbacks, hardbacks, eBooks, audio, and translationsThe sample app and GitHub repoWindows usersResponsible language
1: Kubernetes primer
Important Kubernetes backgroundKubernetes: the operating system of the cloudChapter summary
2: Kubernetes principles of operation
Kubernetes from 40K feetControl plane and worker nodesPackaging apps for KubernetesThe declarative model and desired statePodsDeploymentsService objects and stable networkingChapter summary
3: Getting Kubernetes
Create a Kubernetes cluster on your laptopCreate a hosted Kubernetes cluster in the cloudWorking with kubectlChapter summary
4: Working with Pods
Pod theoryMulti-container PodsHands-on with PodsClean upChapter Summary
5: Virtual clusters with Namespaces
Intro to NamespacesNamespace use casesDefault NamespacesCreating and managing NamespacesDeploying objects to NamespacesClean upChapter Summary
6: Kubernetes Deployments
Deployment theoryCreate a DeploymentManually scale the appPerform a rolling updatePerform a rollbackClean upChapter summary
7: Kubernetes Services
Service TheoryHands-on with ServicesClean upChapter Summary
8: Ingress
Setting the Scene for IngressIngress architectureHands-on with IngressClean upChapter summary
9: WebAssembly on Kubernetes
Wasm PrimerUnderstanding Wasm on KubernetesHands-on with Wasm on KubernetesChapter Summary

10: Service discovery deep dive
Setting the sceneThe service registryService registrationService discoveryService discovery and NamespacesTroubleshooting service discoveryClean upChapter summary
11: Kubernetes storage
The big pictureStorage ProvidersThe Container Storage Interface (CSI)The Kubernetes persistent volume subsystemDynamic provisioning with Storage ClassesHands-onClean upChapter Summary
12: ConfigMaps and Secrets
The big pictureConfigMap theoryHands-on with ConfigMapsHands-on with SecretsClean upChapter Summary
13: StatefulSets
StatefulSet theoryHands-on with StatefulSetsClean upChapter Summary
14: API security and RBAC
API security big pictureAuthenticationAuthorization (RBAC)Admission controlChapter summary
15: The Kubernetes API
Kubernetes API big pictureThe API serverThe APIClean upChapter summary
16: Threat modeling Kubernetes
Threat modelingSpoofingTamperingRepudiationInformation DisclosureDenial of ServiceElevation of privilegeChapter summary
17: Real-world Kubernetes security
Security in the software delivery pipelineWorkload isolationIdentity and access management (IAM)Auditing and security monitoringReal-world exampleChapter summary
Terminology
Outro
About the front coverA word on the book’s diagramsConnect with meFeedback and reviews
More from the author

Content preview from The Kubernetes Book - Second Edition

14: API security and RBAC

Kubernetes is API-centric and the API is served through the API server. In this chapter, you’ll follow a typical API request as it passes through various security-related checks.

The chapter is divided as follows:

API security big picture
Authentication
Authorization (RBAC)
Admission control

See Chapter 15 for an in-depth look at the API.

API security big picture

All of the following make CRUD-style requests to the API server (create, read, update, delete):

Operators and developers using kubectl
Pods
Kubelets
Control plane services
Kubernetes-native apps

Figure 14.1 shows the flow of a typical API request passing through the standard checks. The flow is the same, no matter where the request originates.

Figure ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Publisher Resources

ISBN: 9781835880302

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

The Kubernetes Book - Second Edition

by Nigel Poulton, Pushkar Joglekar