Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Kubernetes and Docker – An Enterprise Guide Why subscribe? Foreword Contributors About the authors About the reviewer Packt is searching for authors like you Preface
Who this book is for What this book covers To get the most out of this book Download the example code files Code in Action Download the color images Conventions used Get in touch Reviews
Section 1: Docker and Container Fundamentals Chapter 1: Docker and Container Essentials
Technical requirements Understanding the need for containerization
Introducing Docker
Understanding Docker
Containers are ephemeral Docker images Image layers Persistent data Accessing services running in containers
Installing Docker
Preparing to install Docker Installing Docker on Ubuntu Granting Docker permissions
Using the Docker CLI
docker help docker run docker ps docker start and stop docker attach docker exec docker logs docker rm
Summary Questions
Chapter 2: Working with Docker Data
Technical requirements Why you need persistent data Docker volumes
Creating a volume using the CLI Mounting a volume in a container Mounting an existing volume Mounting a volume in multiple containers Listing Docker volumes Cleaning up volumes
Docker bind mounts Docker tmpfs mounts
Using a tmpfs mount in a container
Summary Questions
Chapter 3: Understanding Docker Networking
Technical requirements Exploring Docker networking
A quick TCP/IP port refresher Binding a port to a service Docker networking drivers The default bridge network Viewing the available networks Retrieving details on a network
Creating user-defined bridge networks
Connecting a container to a user-defined network Changing the network on a running container Removing a network Running a container without networking Exposing container services Exposing ports using a host network Exposing ports using a bridge network
Summary Questions
Section 2: Creating Kubernetes Development Clusters, Understanding objects, and Exposing Services Chapter 4: Deploying Kubernetes Using KinD
Technical requirements Introducing Kubernetes components and objects
Interacting with a cluster
Using development clusters
Why did we select KinD for this book? Working with a base KinD Kubernetes cluster Understanding the node image KinD and Docker networking
Keeping track of the nesting dolls
Installing KinD
Installing KinD – prerequisites
Installing Kubectl Installing Go
Installing the KinD binary
Creating a KinD cluster
Creating a simple cluster Deleting a cluster Creating a cluster config file Multi-node cluster configuration Customizing the control plane and Kubelet options Creating a custom KinD cluster Installing Calico Installing an Ingress controller
Reviewing your KinD cluster
KinD storage objects Storage drivers KinD storage classes Using KinD's storage provisioner
Adding a custom load balancer for Ingress
Installation prerequisites Creating the KinD cluster configuration Deploying a custom HAProxy container Understanding HAProxy traffic flow Simulating a Kubelet failure Deleting the HAProxy container
Summary Questions
Chapter 5: Kubernetes Bootcamp
Technical requirements An overview of Kubernetes components Exploring the control plane
The Kubernetes API server The Etcd database kube-scheduler kube-controller-manager cloud-controller-manager
Understanding the worker node components
kubelet kube-proxy Container runtime
Interacting with the API server
Using the Kubernetes kubectl utility Understanding the verbose option General kubectl commands
Introducing Kubernetes objects
Kubernetes manifests What are Kubernetes objects? Reviewing Kubernetes objects
ConfigMaps Endpoints Events Namespaces Nodes Persistent Volume Claims PVs Pods Replication controllers ResourceQuotas Secrets Service accounts Services CustomResourceDefinitions DaemonSets Deployments ReplicaSets StatefulSets HorizontalPodAutoscalers CronJobs Jobs Events Ingresses NetworkPolicies PodSecurityPolicies ClusterRoleBindings ClusterRoles RoleBindings Roles CsiDrivers CsiNodes StorageClasses
Summary Questions
Chapter 6: Services, Load Balancing, and External DNS
Technical requirements Exposing workloads to requests
Understanding how services work
Creating a service Using DNS to resolve services
Understanding different service types
The ClusterIP service The NodePort service The LoadBalancer service The ExternalName service
Introduction to load balancers
Understanding the OSI model
Layer 7 load balancers
Name resolution and layer 7 load balancers Using nip.io for name resolution Creating an Ingress rules
Layer 4 load balancers
Layer 4 load balancer options Using MetalLB as a layer 4 load balancer
Installing MetalLB Understanding MetalLB's configuration file MetalLB components
Creating a LoadBalancer service Adding multiple IP pools to MetalLB
Using multiple protocols
Multiple protocol issues Using multiple protocols with MetalLB Using shared-IPs
Making service names available externally
Setting up external-dns Integrating external-dns and CoreDNS Adding an ETCD zone to CoreDNS Creating a LoadBalancer service with external-dns integration
Integrating CoreDNS with an enterprise DNS
Summary Questions
Section 3: Running Kubernetes in the Enterprise Chapter 7: Integrating Authentication into Your Cluster
Technical requirements Understanding how Kubernetes knows who you are
External users Groups in Kubernetes Service accounts
Understanding OpenID Connect
The OpenID Connect protocol Following OIDC and the API's interaction
id_token
Other authentication options
Certificates Service accounts TokenRequest API Custom authentication webhooks Keystone
Configuring KinD for OpenID Connect
Addressing the requirements
Use Active Directory Federation Services Mapping Active Directory Groups to RBAC RoleBindings Kubernetes Dashboard access Kubernetes CLI access Enterprise compliance requirements Pulling it all together
Deploying OIDC
Deploying OpenUnison Configuring the Kubernetes API to use OIDC Verifying OIDC integration Using your tokens with kubectl
Introducing impersonation to integrate authentication with cloud-managed clusters
What is Impersonation? Security considerations
Configuring your cluster for impersonation
Testing impersonation
Configuring Impersonation without OpenUnison
Impersonation RBAC policies Default groups
Summary
Questions
Chapter 8: RBAC Policies and Auditing
Technical requirements Introduction to RBAC What's a Role?
Identifying a Role Roles versus ClusterRoles Negative Roles Aggregated ClusterRoles RoleBindings and ClusterRoleBindings
Combining ClusterRoles and RoleBindings
Mapping enterprise identities to Kubernetes to authorize access to resources Implementing namespace multi-tenancy Kubernetes auditing
Creating an audit policy Enabling auditing on a cluster
Using audit2rbac to debug policies Summary Questions
Chapter 9: Deploying a Secured Kubernetes Dashboard
Technical requirements How does the dashboard know who you are?
Dashboard architecture Authentication methods
Understanding dashboard security risks
Deploying an insecure dashboard Using a token to log in
Deploying the dashboard with a reverse proxy
Local dashboards Other cluster-level applications
Integrating the dashboard with OpenUnison Summary Questions
Chapter 10: Creating PodSecurityPolicies
Technical requirements What is a PodSecurityPolicy?
Understanding the difference between containers and VMs Container breakouts Properly designing containers
PSP details Assigning a PSP
Aren't they going away? Enabling PSPs Alternatives to PSPs Summary Questions
Chapter 11: Extending Security Using Open Policy Agent
Technical requirements Introduction to dynamic admission controllers What is OPA and how does it work?
OPA architecture Rego, the OPA policy language GateKeeper
Deploying GateKeeper
Automated testing framework
Using Rego to write policies
Developing an OPA policy Testing an OPA policy Deploying policies to GateKeeper Building dynamic policies Debugging Rego Using existing policies
Enforcing memory constraints
Enabling the GateKeeper cache Mocking up test data Building and deploying our policy
Enforcing Pod Security Policies using OPA Summary Questions
Chapter 12: Auditing using Falco and EFK
Technical requirements Exploring auditing Introducing Falco Exploring Falco's configuration files
The falco.yaml configuration file Falco rules config files
Understanding rules Understanding conditions (fields and values) Using macros Understanding lists
Creating and appending to custom rules
Appending to an existing rule Creating a new rule
Deploying Falco Falco kernel module
Creating a kernel module using installed kernel headers Using headers to create the Falco module Creating a kernel module using driverkit
Driverkit requirements Installing Falco's driverkit Creating the module and adding it to the host
Using the module on a cluster Using the module in KinD Deploying the Falco Daemonset
Creating the Falco service account and service
Deploying EFK
Creating a new namespace Adding chart repos to Helm Deploying the Elasticsearch chart Deploying Fluentd Deploying Falcosidekick Deploying Kibana Creating an ingress rule for Kibana Using the Kibana dashboard
Summary Questions
Chapter 13: Backing Up Workloads
Technical requirements Understanding Kubernetes backups Performing an etcd backup
Backing up the required certificates Backing up the etcd database
Introducing and setting up Heptio's Velero
Velero requirements Installing the Velero CLI Installing Velero
Backup storage location Deploying MinIO Exposing the MinIO dashboard Creating the S3 target configuration
Using Velero to back up workloads
Running a one-time cluster backup Scheduling a cluster backup Creating a custom backup
Managing Velero using the CLI
Using common Velero commands
Listing Velero objects Retrieving details for a Velero object Creating and deleting objects
Restoring from a backup
Restoring in action
Restoring a deployment from a backup Backing up the namespace Simulating a failure
Restoring a namespace Using a backup to create workloads in a new cluster
Backing up the cluster Building a new cluster
Restoring a backup to the new cluster
Installing Velero in the new cluster Restoring a backup in a new cluster Deleting the new cluster
Summary Questions
Chapter 14: Provisioning a Platform
Technical requirements Designing a pipeline
Opinionated platforms Securing your pipeline Building our platform's requirements Choosing our technology stack
Preparing our cluster
Deploying cert-manager Deploying the Docker container registry Deploying OpenUnison
Deploying GitLab
Creating example projects
Deploying Tekton
Building Hello World Building automatically
Deploying ArgoCD Automating project onboarding using OpenUnison
Integrating GitLab Integrating ArgoCD Updating OpenUnison
Summary Questions
Assessments
Chapter 1 Chapter 2 Chapter 3 Chapter 4 Chapter 5 Chapter 6 Chapter 7 Chapter 8 Chapter 9 Chapter 10 Chapter 11 Chapter 12 Chapter 13 Chapter 14
Other Books You May Enjoy
Leave a review - let other readers know what you think
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion