Kubernetes - an Enterprise Guide: Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Birmingham
Packt Publishing, Limited
2024
|
| Ausgabe: | 3rd ed |
| Schlagworte: | |
| Online-Zugang: | DE-2070s |
| Beschreibung: | Description based on publisher supplied metadata and other sources |
| Beschreibung: | 1 Online-Ressource (683 Seiten) |
| ISBN: | 9781835081754 |
Internformat
MARC
| LEADER | 00000nam a2200000zc 4500 | ||
|---|---|---|---|
| 001 | BV050101238 | ||
| 003 | DE-604 | ||
| 007 | cr|uuu---uuuuu | ||
| 008 | 241218s2024 xx o|||| 00||| eng d | ||
| 020 | |a 9781835081754 |9 978-1-83508-175-4 | ||
| 035 | |a (ZDB-30-PQE)EBC31626042 | ||
| 035 | |a (ZDB-30-PAD)EBC31626042 | ||
| 035 | |a (ZDB-89-EBL)EBL31626042 | ||
| 035 | |a (OCoLC)1455133080 | ||
| 035 | |a (DE-599)BVBBV050101238 | ||
| 040 | |a DE-604 |b ger |e rda | ||
| 041 | 0 | |a eng | |
| 049 | |a DE-2070s | ||
| 082 | 0 | |a 307.342 | |
| 100 | 1 | |a Boorshtein, Marc |e Verfasser |4 aut | |
| 245 | 1 | 0 | |a Kubernetes - an Enterprise Guide |b Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| 250 | |a 3rd ed | ||
| 264 | 1 | |a Birmingham |b Packt Publishing, Limited |c 2024 | |
| 264 | 4 | |c ©2024 | |
| 300 | |a 1 Online-Ressource (683 Seiten) | ||
| 336 | |b txt |2 rdacontent | ||
| 337 | |b c |2 rdamedia | ||
| 338 | |b cr |2 rdacarrier | ||
| 500 | |a Description based on publisher supplied metadata and other sources | ||
| 505 | 8 | |a Cover -- Copyright Page -- Foreword -- Contributors -- Table of Contents -- Preface -- Chapter 1: Docker and Container Essentials -- Technical requirements -- Understanding the need for containerization -- Understanding why Kubernetes removed Docker -- Introducing Docker -- Docker versus Moby -- Understanding Docker -- Containers are ephemeral -- Docker images -- Image layers -- Persistent data -- Accessing services running in containers -- Installing Docker -- Preparing to install Docker -- Installing Docker on Ubuntu -- Granting Docker permissions -- Using the Docker CLI -- docker help -- docker run -- docker ps -- docker start and stop -- docker attach -- docker exec -- docker logs -- docker rm -- docker pull/run -- docker build -- Summary -- Questions -- Chapter 2: Deploying Kubernetes Using KinD -- Technical requirements -- Introducing Kubernetes components and objects -- Interacting with a cluster -- Using development clusters -- Why did we select KinD for this book? -- Working with a basic KinD Kubernetes cluster -- Understanding the node image -- KinD and Docker networking -- Keeping track of the nesting dolls -- Installing KinD -- Installing KinD - prerequisites -- Installing kubectl -- Installing the KinD binary -- Creating a KinD cluster -- Creating a simple cluster -- Deleting a cluster -- Creating a cluster config file -- Multi-node cluster configuration -- Customizing the control plane and Kubelet options -- Creating a custom KinD cluster -- Reviewing your KinD cluster -- KinD storage objects -- Storage drivers -- KinD storage classes -- Using KinD's Storage Provisioner -- Adding a custom load balancer for Ingress -- Creating the KinD cluster configuration -- The HAProxy configuration file -- Understanding HAProxy traffic flow -- Simulating a kubelet failure -- Summary -- Questions -- Chapter 3: Kubernetes Bootcamp | |
| 505 | 8 | |a Technical requirements -- An overview of Kubernetes components -- Exploring the control plane -- The Kubernetes API server -- The etcd database -- kube-scheduler -- kube-controller-manager -- cloud-controller-manager -- Understanding the worker node components -- kubelet -- kube-proxy -- Container runtime -- Interacting with the API server -- Using the Kubernetes kubectl utility -- Understanding the verbose option -- General kubectl commands -- Introducing Kubernetes resources -- Kubernetes manifests -- What are Kubernetes resources? -- Reviewing Kubernetes resources -- Apiservices -- CertificateSigningRequests -- ClusterRoles -- ClusterRoleBindings -- ComponentStatus -- ConfigMaps -- ControllerRevisions -- CronJobs -- CSI drivers -- CSI nodes -- CSIStorageCapacities -- CustomResourceDefinitions -- DaemonSets -- Deployments -- Endpoints -- EndPointSlices -- Events -- FlowSchemas -- HorizontalPodAutoscalers -- IngressClasses -- Ingress -- Jobs -- LimitRanges -- LocalSubjectAccessReview -- MutatingWebhookConfiguration -- Namespaces -- NetworkPolicies -- Nodes -- PersistentVolumeClaims -- PersistentVolumes -- PodDisruptionBudgets -- Pods -- PodTemplates -- PriorityClasses -- PriorityLevelConfigurations -- ReplicaSets -- Replication controllers -- ResourceQuotas -- RoleBindings -- Roles -- RuntimeClasses -- Secrets -- SelfSubjectAccessReviews -- SelfSubjectRulesReviews -- Service accounts -- Services -- StatefulSets -- Storage classes -- SubjectAccessReviews -- TokenReviews -- ValidatingWebhookConfigurations -- VolumeAttachments -- Summary -- Questions -- Chapter 4: Services, Load Balancing, and Network Policies -- Technical requirements -- Exposing workloads to requests -- Understanding how Services work -- Creating a Service -- Using DNS to resolve services -- Understanding different service types -- The ClusterIP service -- The NodePort service | |
| 505 | 8 | |a The LoadBalancer service -- The ExternalName service -- Introduction to load balancers -- Understanding the OSI model -- Layer 7 load balancers -- Name resolution and layer 7 load balancers -- Using nip.io for name resolution -- Creating Ingress rules -- Resolving Names in Ingress Controllers -- Using Ingress Controllers for non-HTTP traffic -- Layer 4 load balancers -- Layer 4 load balancer options -- Using MetalLB as a layer 4 load balancer -- Installing MetalLB -- Understanding MetalLB's custom resources -- MetalLB components -- Creating a LoadBalancer service -- Advanced pool configurations -- Disabling automatic address assignments -- Assigning a static IP address to a service -- Using multiple address pools -- IP pool scoping -- Handling buggy networks -- Using multiple protocols -- Introducing Network Policies -- Network policy object overview -- The podSelector -- The policyTypes -- Creating a Network Policy -- Tools to create network policies -- Summary -- Questions -- Chapter 5: External DNS and Global Load Balancing -- Technical requirements -- Making service names available externally -- Setting up ExternalDNS -- Integrating ExternalDNS and CoreDNS -- Adding an ETCD zone to CoreDNS -- ExternalDNS configuration options -- Creating a LoadBalancer service with ExternalDNS integration -- Integrating CoreDNS with an enterprise DNS server -- Exposing CoreDNS to external requests -- Configuring the primary DNS server -- Testing DNS forwarding to CoreDNS -- Load balancing between multiple clusters -- Introducing the Kubernetes Global Balancer -- Requirements for K8GB -- Deploying K8GB to a cluster -- Understanding K8GB load balancing options -- Customizing the Helm chart values -- Using Helm to install K8GB -- Delegating our load balancing zone -- Deploying a highly available application using K8GB. | |
| 505 | 8 | |a Adding an application to K8GB using custom resources -- Adding an application to K8GB using Ingress annotations -- Understanding how K8GB provides global load balancing -- Keeping the K8GB CoreDNS servers in sync -- Summary -- Questions -- Chapter 6: Integrating Authentication into Your Cluster -- Technical requirements -- Getting Help -- Understanding how Kubernetes knows who you are -- External users -- Groups in Kubernetes -- Service accounts -- Understanding OpenID Connect -- The OpenID Connect protocol -- Following OIDC and the API's interaction -- id_token -- Other authentication options -- Certificates -- Service accounts -- TokenRequest API -- Custom authentication webhooks -- Configuring KinD for OpenID Connect -- Addressing the requirements -- Using LDAP and Active Directory with Kubernetes -- Mapping Active Directory groups to RBAC RoleBindings -- Kubernetes Dashboard access -- Kubernetes CLI access -- Enterprise compliance requirements -- Pulling it all together -- Deploying OpenUnison -- Configuring the Kubernetes API to use OIDC -- Verifying OIDC integration -- Using your tokens with kubectl -- Introducing impersonation to integrate authentication with cloud-managed clusters -- What is Impersonation? -- Security considerations -- Configuring your cluster for impersonation -- Testing Impersonation -- Using Impersonation for Debugging -- Configuring Impersonation without OpenUnison -- Impersonation RBAC policies -- Default groups -- Inbound Impersonation -- Privileged Access to Clusters -- Using a Privileged User Account -- Impersonating a Privileged User -- Temporarily Authorizing Privilege -- Authenticating from pipelines -- Using tokens -- Using certificates -- Using a pipeline's identity -- Avoiding anti-patterns -- Summary -- Questions -- Answers -- Chapter 7: RBAC Policies and Auditing -- Technical requirements | |
| 505 | 8 | |a Introduction to RBAC -- What's a Role? -- Identifying a Role -- Roles versus ClusterRoles -- Negative Roles -- Aggregated ClusterRoles -- RoleBindings and ClusterRoleBindings -- Combining ClusterRoles and RoleBindings -- Mapping enterprise identities to Kubernetes to authorize access to resources -- Implementing namespace multi-tenancy -- Kubernetes auditing -- Creating an audit policy -- Enabling auditing on a cluster -- Using audit2rbac to debug policies -- Summary -- Questions -- Answers -- Chapter 8: Managing Secrets -- Technical Requirements -- Getting Help -- Examining the difference between Secrets and Configuration Data -- Managing Secrets in an Enterprise -- Threats to Secrets at Rest -- Threats to Secrets in Transit -- Protecting Secrets in Your Applications -- Understanding Secrets Managers -- Storing Secrets as Secret Objects -- Sealed Secrets -- External Secrets Managers -- Using a Hybrid of External Secrets Management and Secret Objects -- Integrating Secrets into Your Deployments -- Volume Mounts -- Using Kubernetes Secrets -- Using Vault's Sidecar Injector -- Environment Variables -- Using Kubernetes Secrets -- Using the Vault Sidecar -- Using the Kubernetes Secrets API -- Using the Vault API -- Summary -- Questions -- Answers -- Chapter 9: Building Multitenant Clusters with vClusters -- Technical requirements -- Getting Help -- The Benefits and Challenges of Multitenancy -- Exploring the Benefits of Multitenancy -- The Challenges of Multitenant Kubernetes -- Using vClusters for Tenants -- Deploying vClusters -- Securely Accessing vClusters -- Accessing External Services from a vCluster -- Creating and Operating High-Availability vClusters -- Understanding vCluster High Availability -- Upgrading vClusters -- Building a Multitenant Cluster with Self Service -- Analyzing Requirements -- Designing the Multitenant Platform | |
| 505 | 8 | |a Deploying Our Multitenant Platform | |
| 650 | 4 | |a Enterprise zones | |
| 700 | 1 | |a Surovich, Scott |e Sonstige |4 oth | |
| 700 | 1 | |a Price, Ed |e Sonstige |4 oth | |
| 776 | 0 | 8 | |i Erscheint auch als |n Druck-Ausgabe |a Boorshtein, Marc |t Kubernetes - an Enterprise Guide |d Birmingham : Packt Publishing, Limited,c2024 |z 9781835086957 |
| 912 | |a ZDB-30-PQE | ||
| 943 | 1 | |a oai:aleph.bib-bvb.de:BVB01-035438400 | |
| 966 | e | |u https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=31626042 |l DE-2070s |p ZDB-30-PQE |q HWR_PDA_PQE |x Aggregator |3 Volltext | |
Datensatz im Suchindex
| _version_ | 1818760561772462080 |
|---|---|
| adam_text | |
| any_adam_object | |
| author | Boorshtein, Marc |
| author_facet | Boorshtein, Marc |
| author_role | aut |
| author_sort | Boorshtein, Marc |
| author_variant | m b mb |
| building | Verbundindex |
| bvnumber | BV050101238 |
| collection | ZDB-30-PQE |
| contents | Cover -- Copyright Page -- Foreword -- Contributors -- Table of Contents -- Preface -- Chapter 1: Docker and Container Essentials -- Technical requirements -- Understanding the need for containerization -- Understanding why Kubernetes removed Docker -- Introducing Docker -- Docker versus Moby -- Understanding Docker -- Containers are ephemeral -- Docker images -- Image layers -- Persistent data -- Accessing services running in containers -- Installing Docker -- Preparing to install Docker -- Installing Docker on Ubuntu -- Granting Docker permissions -- Using the Docker CLI -- docker help -- docker run -- docker ps -- docker start and stop -- docker attach -- docker exec -- docker logs -- docker rm -- docker pull/run -- docker build -- Summary -- Questions -- Chapter 2: Deploying Kubernetes Using KinD -- Technical requirements -- Introducing Kubernetes components and objects -- Interacting with a cluster -- Using development clusters -- Why did we select KinD for this book? -- Working with a basic KinD Kubernetes cluster -- Understanding the node image -- KinD and Docker networking -- Keeping track of the nesting dolls -- Installing KinD -- Installing KinD - prerequisites -- Installing kubectl -- Installing the KinD binary -- Creating a KinD cluster -- Creating a simple cluster -- Deleting a cluster -- Creating a cluster config file -- Multi-node cluster configuration -- Customizing the control plane and Kubelet options -- Creating a custom KinD cluster -- Reviewing your KinD cluster -- KinD storage objects -- Storage drivers -- KinD storage classes -- Using KinD's Storage Provisioner -- Adding a custom load balancer for Ingress -- Creating the KinD cluster configuration -- The HAProxy configuration file -- Understanding HAProxy traffic flow -- Simulating a kubelet failure -- Summary -- Questions -- Chapter 3: Kubernetes Bootcamp Technical requirements -- An overview of Kubernetes components -- Exploring the control plane -- The Kubernetes API server -- The etcd database -- kube-scheduler -- kube-controller-manager -- cloud-controller-manager -- Understanding the worker node components -- kubelet -- kube-proxy -- Container runtime -- Interacting with the API server -- Using the Kubernetes kubectl utility -- Understanding the verbose option -- General kubectl commands -- Introducing Kubernetes resources -- Kubernetes manifests -- What are Kubernetes resources? -- Reviewing Kubernetes resources -- Apiservices -- CertificateSigningRequests -- ClusterRoles -- ClusterRoleBindings -- ComponentStatus -- ConfigMaps -- ControllerRevisions -- CronJobs -- CSI drivers -- CSI nodes -- CSIStorageCapacities -- CustomResourceDefinitions -- DaemonSets -- Deployments -- Endpoints -- EndPointSlices -- Events -- FlowSchemas -- HorizontalPodAutoscalers -- IngressClasses -- Ingress -- Jobs -- LimitRanges -- LocalSubjectAccessReview -- MutatingWebhookConfiguration -- Namespaces -- NetworkPolicies -- Nodes -- PersistentVolumeClaims -- PersistentVolumes -- PodDisruptionBudgets -- Pods -- PodTemplates -- PriorityClasses -- PriorityLevelConfigurations -- ReplicaSets -- Replication controllers -- ResourceQuotas -- RoleBindings -- Roles -- RuntimeClasses -- Secrets -- SelfSubjectAccessReviews -- SelfSubjectRulesReviews -- Service accounts -- Services -- StatefulSets -- Storage classes -- SubjectAccessReviews -- TokenReviews -- ValidatingWebhookConfigurations -- VolumeAttachments -- Summary -- Questions -- Chapter 4: Services, Load Balancing, and Network Policies -- Technical requirements -- Exposing workloads to requests -- Understanding how Services work -- Creating a Service -- Using DNS to resolve services -- Understanding different service types -- The ClusterIP service -- The NodePort service The LoadBalancer service -- The ExternalName service -- Introduction to load balancers -- Understanding the OSI model -- Layer 7 load balancers -- Name resolution and layer 7 load balancers -- Using nip.io for name resolution -- Creating Ingress rules -- Resolving Names in Ingress Controllers -- Using Ingress Controllers for non-HTTP traffic -- Layer 4 load balancers -- Layer 4 load balancer options -- Using MetalLB as a layer 4 load balancer -- Installing MetalLB -- Understanding MetalLB's custom resources -- MetalLB components -- Creating a LoadBalancer service -- Advanced pool configurations -- Disabling automatic address assignments -- Assigning a static IP address to a service -- Using multiple address pools -- IP pool scoping -- Handling buggy networks -- Using multiple protocols -- Introducing Network Policies -- Network policy object overview -- The podSelector -- The policyTypes -- Creating a Network Policy -- Tools to create network policies -- Summary -- Questions -- Chapter 5: External DNS and Global Load Balancing -- Technical requirements -- Making service names available externally -- Setting up ExternalDNS -- Integrating ExternalDNS and CoreDNS -- Adding an ETCD zone to CoreDNS -- ExternalDNS configuration options -- Creating a LoadBalancer service with ExternalDNS integration -- Integrating CoreDNS with an enterprise DNS server -- Exposing CoreDNS to external requests -- Configuring the primary DNS server -- Testing DNS forwarding to CoreDNS -- Load balancing between multiple clusters -- Introducing the Kubernetes Global Balancer -- Requirements for K8GB -- Deploying K8GB to a cluster -- Understanding K8GB load balancing options -- Customizing the Helm chart values -- Using Helm to install K8GB -- Delegating our load balancing zone -- Deploying a highly available application using K8GB. Adding an application to K8GB using custom resources -- Adding an application to K8GB using Ingress annotations -- Understanding how K8GB provides global load balancing -- Keeping the K8GB CoreDNS servers in sync -- Summary -- Questions -- Chapter 6: Integrating Authentication into Your Cluster -- Technical requirements -- Getting Help -- Understanding how Kubernetes knows who you are -- External users -- Groups in Kubernetes -- Service accounts -- Understanding OpenID Connect -- The OpenID Connect protocol -- Following OIDC and the API's interaction -- id_token -- Other authentication options -- Certificates -- Service accounts -- TokenRequest API -- Custom authentication webhooks -- Configuring KinD for OpenID Connect -- Addressing the requirements -- Using LDAP and Active Directory with Kubernetes -- Mapping Active Directory groups to RBAC RoleBindings -- Kubernetes Dashboard access -- Kubernetes CLI access -- Enterprise compliance requirements -- Pulling it all together -- Deploying OpenUnison -- Configuring the Kubernetes API to use OIDC -- Verifying OIDC integration -- Using your tokens with kubectl -- Introducing impersonation to integrate authentication with cloud-managed clusters -- What is Impersonation? -- Security considerations -- Configuring your cluster for impersonation -- Testing Impersonation -- Using Impersonation for Debugging -- Configuring Impersonation without OpenUnison -- Impersonation RBAC policies -- Default groups -- Inbound Impersonation -- Privileged Access to Clusters -- Using a Privileged User Account -- Impersonating a Privileged User -- Temporarily Authorizing Privilege -- Authenticating from pipelines -- Using tokens -- Using certificates -- Using a pipeline's identity -- Avoiding anti-patterns -- Summary -- Questions -- Answers -- Chapter 7: RBAC Policies and Auditing -- Technical requirements Introduction to RBAC -- What's a Role? -- Identifying a Role -- Roles versus ClusterRoles -- Negative Roles -- Aggregated ClusterRoles -- RoleBindings and ClusterRoleBindings -- Combining ClusterRoles and RoleBindings -- Mapping enterprise identities to Kubernetes to authorize access to resources -- Implementing namespace multi-tenancy -- Kubernetes auditing -- Creating an audit policy -- Enabling auditing on a cluster -- Using audit2rbac to debug policies -- Summary -- Questions -- Answers -- Chapter 8: Managing Secrets -- Technical Requirements -- Getting Help -- Examining the difference between Secrets and Configuration Data -- Managing Secrets in an Enterprise -- Threats to Secrets at Rest -- Threats to Secrets in Transit -- Protecting Secrets in Your Applications -- Understanding Secrets Managers -- Storing Secrets as Secret Objects -- Sealed Secrets -- External Secrets Managers -- Using a Hybrid of External Secrets Management and Secret Objects -- Integrating Secrets into Your Deployments -- Volume Mounts -- Using Kubernetes Secrets -- Using Vault's Sidecar Injector -- Environment Variables -- Using Kubernetes Secrets -- Using the Vault Sidecar -- Using the Kubernetes Secrets API -- Using the Vault API -- Summary -- Questions -- Answers -- Chapter 9: Building Multitenant Clusters with vClusters -- Technical requirements -- Getting Help -- The Benefits and Challenges of Multitenancy -- Exploring the Benefits of Multitenancy -- The Challenges of Multitenant Kubernetes -- Using vClusters for Tenants -- Deploying vClusters -- Securely Accessing vClusters -- Accessing External Services from a vCluster -- Creating and Operating High-Availability vClusters -- Understanding vCluster High Availability -- Upgrading vClusters -- Building a Multitenant Cluster with Self Service -- Analyzing Requirements -- Designing the Multitenant Platform Deploying Our Multitenant Platform |
| ctrlnum | (ZDB-30-PQE)EBC31626042 (ZDB-30-PAD)EBC31626042 (ZDB-89-EBL)EBL31626042 (OCoLC)1455133080 (DE-599)BVBBV050101238 |
| dewey-full | 307.342 |
| dewey-hundreds | 300 - Social sciences |
| dewey-ones | 307 - Communities |
| dewey-raw | 307.342 |
| dewey-search | 307.342 |
| dewey-sort | 3307.342 |
| dewey-tens | 300 - Social sciences |
| discipline | Soziologie |
| edition | 3rd ed |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>00000nam a2200000zc 4500</leader><controlfield tag="001">BV050101238</controlfield><controlfield tag="003">DE-604</controlfield><controlfield tag="007">cr|uuu---uuuuu</controlfield><controlfield tag="008">241218s2024 xx o|||| 00||| eng d</controlfield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781835081754</subfield><subfield code="9">978-1-83508-175-4</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PQE)EBC31626042</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-30-PAD)EBC31626042</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(ZDB-89-EBL)EBL31626042</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1455133080</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(DE-599)BVBBV050101238</subfield></datafield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">DE-604</subfield><subfield code="b">ger</subfield><subfield code="e">rda</subfield></datafield><datafield tag="041" ind1="0" ind2=" "><subfield code="a">eng</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-2070s</subfield></datafield><datafield tag="082" ind1="0" ind2=" "><subfield code="a">307.342</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Boorshtein, Marc</subfield><subfield code="e">Verfasser</subfield><subfield code="4">aut</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">Kubernetes - an Enterprise Guide</subfield><subfield code="b">Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">3rd ed</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Birmingham</subfield><subfield code="b">Packt Publishing, Limited</subfield><subfield code="c">2024</subfield></datafield><datafield tag="264" ind1=" " ind2="4"><subfield code="c">©2024</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 Online-Ressource (683 Seiten)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="500" ind1=" " ind2=" "><subfield code="a">Description based on publisher supplied metadata and other sources</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Cover -- Copyright Page -- Foreword -- Contributors -- Table of Contents -- Preface -- Chapter 1: Docker and Container Essentials -- Technical requirements -- Understanding the need for containerization -- Understanding why Kubernetes removed Docker -- Introducing Docker -- Docker versus Moby -- Understanding Docker -- Containers are ephemeral -- Docker images -- Image layers -- Persistent data -- Accessing services running in containers -- Installing Docker -- Preparing to install Docker -- Installing Docker on Ubuntu -- Granting Docker permissions -- Using the Docker CLI -- docker help -- docker run -- docker ps -- docker start and stop -- docker attach -- docker exec -- docker logs -- docker rm -- docker pull/run -- docker build -- Summary -- Questions -- Chapter 2: Deploying Kubernetes Using KinD -- Technical requirements -- Introducing Kubernetes components and objects -- Interacting with a cluster -- Using development clusters -- Why did we select KinD for this book? -- Working with a basic KinD Kubernetes cluster -- Understanding the node image -- KinD and Docker networking -- Keeping track of the nesting dolls -- Installing KinD -- Installing KinD - prerequisites -- Installing kubectl -- Installing the KinD binary -- Creating a KinD cluster -- Creating a simple cluster -- Deleting a cluster -- Creating a cluster config file -- Multi-node cluster configuration -- Customizing the control plane and Kubelet options -- Creating a custom KinD cluster -- Reviewing your KinD cluster -- KinD storage objects -- Storage drivers -- KinD storage classes -- Using KinD's Storage Provisioner -- Adding a custom load balancer for Ingress -- Creating the KinD cluster configuration -- The HAProxy configuration file -- Understanding HAProxy traffic flow -- Simulating a kubelet failure -- Summary -- Questions -- Chapter 3: Kubernetes Bootcamp</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Technical requirements -- An overview of Kubernetes components -- Exploring the control plane -- The Kubernetes API server -- The etcd database -- kube-scheduler -- kube-controller-manager -- cloud-controller-manager -- Understanding the worker node components -- kubelet -- kube-proxy -- Container runtime -- Interacting with the API server -- Using the Kubernetes kubectl utility -- Understanding the verbose option -- General kubectl commands -- Introducing Kubernetes resources -- Kubernetes manifests -- What are Kubernetes resources? -- Reviewing Kubernetes resources -- Apiservices -- CertificateSigningRequests -- ClusterRoles -- ClusterRoleBindings -- ComponentStatus -- ConfigMaps -- ControllerRevisions -- CronJobs -- CSI drivers -- CSI nodes -- CSIStorageCapacities -- CustomResourceDefinitions -- DaemonSets -- Deployments -- Endpoints -- EndPointSlices -- Events -- FlowSchemas -- HorizontalPodAutoscalers -- IngressClasses -- Ingress -- Jobs -- LimitRanges -- LocalSubjectAccessReview -- MutatingWebhookConfiguration -- Namespaces -- NetworkPolicies -- Nodes -- PersistentVolumeClaims -- PersistentVolumes -- PodDisruptionBudgets -- Pods -- PodTemplates -- PriorityClasses -- PriorityLevelConfigurations -- ReplicaSets -- Replication controllers -- ResourceQuotas -- RoleBindings -- Roles -- RuntimeClasses -- Secrets -- SelfSubjectAccessReviews -- SelfSubjectRulesReviews -- Service accounts -- Services -- StatefulSets -- Storage classes -- SubjectAccessReviews -- TokenReviews -- ValidatingWebhookConfigurations -- VolumeAttachments -- Summary -- Questions -- Chapter 4: Services, Load Balancing, and Network Policies -- Technical requirements -- Exposing workloads to requests -- Understanding how Services work -- Creating a Service -- Using DNS to resolve services -- Understanding different service types -- The ClusterIP service -- The NodePort service</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">The LoadBalancer service -- The ExternalName service -- Introduction to load balancers -- Understanding the OSI model -- Layer 7 load balancers -- Name resolution and layer 7 load balancers -- Using nip.io for name resolution -- Creating Ingress rules -- Resolving Names in Ingress Controllers -- Using Ingress Controllers for non-HTTP traffic -- Layer 4 load balancers -- Layer 4 load balancer options -- Using MetalLB as a layer 4 load balancer -- Installing MetalLB -- Understanding MetalLB's custom resources -- MetalLB components -- Creating a LoadBalancer service -- Advanced pool configurations -- Disabling automatic address assignments -- Assigning a static IP address to a service -- Using multiple address pools -- IP pool scoping -- Handling buggy networks -- Using multiple protocols -- Introducing Network Policies -- Network policy object overview -- The podSelector -- The policyTypes -- Creating a Network Policy -- Tools to create network policies -- Summary -- Questions -- Chapter 5: External DNS and Global Load Balancing -- Technical requirements -- Making service names available externally -- Setting up ExternalDNS -- Integrating ExternalDNS and CoreDNS -- Adding an ETCD zone to CoreDNS -- ExternalDNS configuration options -- Creating a LoadBalancer service with ExternalDNS integration -- Integrating CoreDNS with an enterprise DNS server -- Exposing CoreDNS to external requests -- Configuring the primary DNS server -- Testing DNS forwarding to CoreDNS -- Load balancing between multiple clusters -- Introducing the Kubernetes Global Balancer -- Requirements for K8GB -- Deploying K8GB to a cluster -- Understanding K8GB load balancing options -- Customizing the Helm chart values -- Using Helm to install K8GB -- Delegating our load balancing zone -- Deploying a highly available application using K8GB.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Adding an application to K8GB using custom resources -- Adding an application to K8GB using Ingress annotations -- Understanding how K8GB provides global load balancing -- Keeping the K8GB CoreDNS servers in sync -- Summary -- Questions -- Chapter 6: Integrating Authentication into Your Cluster -- Technical requirements -- Getting Help -- Understanding how Kubernetes knows who you are -- External users -- Groups in Kubernetes -- Service accounts -- Understanding OpenID Connect -- The OpenID Connect protocol -- Following OIDC and the API's interaction -- id_token -- Other authentication options -- Certificates -- Service accounts -- TokenRequest API -- Custom authentication webhooks -- Configuring KinD for OpenID Connect -- Addressing the requirements -- Using LDAP and Active Directory with Kubernetes -- Mapping Active Directory groups to RBAC RoleBindings -- Kubernetes Dashboard access -- Kubernetes CLI access -- Enterprise compliance requirements -- Pulling it all together -- Deploying OpenUnison -- Configuring the Kubernetes API to use OIDC -- Verifying OIDC integration -- Using your tokens with kubectl -- Introducing impersonation to integrate authentication with cloud-managed clusters -- What is Impersonation? -- Security considerations -- Configuring your cluster for impersonation -- Testing Impersonation -- Using Impersonation for Debugging -- Configuring Impersonation without OpenUnison -- Impersonation RBAC policies -- Default groups -- Inbound Impersonation -- Privileged Access to Clusters -- Using a Privileged User Account -- Impersonating a Privileged User -- Temporarily Authorizing Privilege -- Authenticating from pipelines -- Using tokens -- Using certificates -- Using a pipeline's identity -- Avoiding anti-patterns -- Summary -- Questions -- Answers -- Chapter 7: RBAC Policies and Auditing -- Technical requirements</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Introduction to RBAC -- What's a Role? -- Identifying a Role -- Roles versus ClusterRoles -- Negative Roles -- Aggregated ClusterRoles -- RoleBindings and ClusterRoleBindings -- Combining ClusterRoles and RoleBindings -- Mapping enterprise identities to Kubernetes to authorize access to resources -- Implementing namespace multi-tenancy -- Kubernetes auditing -- Creating an audit policy -- Enabling auditing on a cluster -- Using audit2rbac to debug policies -- Summary -- Questions -- Answers -- Chapter 8: Managing Secrets -- Technical Requirements -- Getting Help -- Examining the difference between Secrets and Configuration Data -- Managing Secrets in an Enterprise -- Threats to Secrets at Rest -- Threats to Secrets in Transit -- Protecting Secrets in Your Applications -- Understanding Secrets Managers -- Storing Secrets as Secret Objects -- Sealed Secrets -- External Secrets Managers -- Using a Hybrid of External Secrets Management and Secret Objects -- Integrating Secrets into Your Deployments -- Volume Mounts -- Using Kubernetes Secrets -- Using Vault's Sidecar Injector -- Environment Variables -- Using Kubernetes Secrets -- Using the Vault Sidecar -- Using the Kubernetes Secrets API -- Using the Vault API -- Summary -- Questions -- Answers -- Chapter 9: Building Multitenant Clusters with vClusters -- Technical requirements -- Getting Help -- The Benefits and Challenges of Multitenancy -- Exploring the Benefits of Multitenancy -- The Challenges of Multitenant Kubernetes -- Using vClusters for Tenants -- Deploying vClusters -- Securely Accessing vClusters -- Accessing External Services from a vCluster -- Creating and Operating High-Availability vClusters -- Understanding vCluster High Availability -- Upgrading vClusters -- Building a Multitenant Cluster with Self Service -- Analyzing Requirements -- Designing the Multitenant Platform</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">Deploying Our Multitenant Platform</subfield></datafield><datafield tag="650" ind1=" " ind2="4"><subfield code="a">Enterprise zones</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Surovich, Scott</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="700" ind1="1" ind2=" "><subfield code="a">Price, Ed</subfield><subfield code="e">Sonstige</subfield><subfield code="4">oth</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Erscheint auch als</subfield><subfield code="n">Druck-Ausgabe</subfield><subfield code="a">Boorshtein, Marc</subfield><subfield code="t">Kubernetes - an Enterprise Guide</subfield><subfield code="d">Birmingham : Packt Publishing, Limited,c2024</subfield><subfield code="z">9781835086957</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-30-PQE</subfield></datafield><datafield tag="943" ind1="1" ind2=" "><subfield code="a">oai:aleph.bib-bvb.de:BVB01-035438400</subfield></datafield><datafield tag="966" ind1="e" ind2=" "><subfield code="u">https://ebookcentral.proquest.com/lib/hwr/detail.action?docID=31626042</subfield><subfield code="l">DE-2070s</subfield><subfield code="p">ZDB-30-PQE</subfield><subfield code="q">HWR_PDA_PQE</subfield><subfield code="x">Aggregator</subfield><subfield code="3">Volltext</subfield></datafield></record></collection> |
| id | DE-604.BV050101238 |
| illustrated | Not Illustrated |
| indexdate | 2024-12-18T07:00:35Z |
| institution | BVB |
| isbn | 9781835081754 |
| language | English |
| oai_aleph_id | oai:aleph.bib-bvb.de:BVB01-035438400 |
| oclc_num | 1455133080 |
| open_access_boolean | |
| owner | DE-2070s |
| owner_facet | DE-2070s |
| physical | 1 Online-Ressource (683 Seiten) |
| psigel | ZDB-30-PQE ZDB-30-PQE HWR_PDA_PQE |
| publishDate | 2024 |
| publishDateSearch | 2024 |
| publishDateSort | 2024 |
| publisher | Packt Publishing, Limited |
| record_format | marc |
| spelling | Boorshtein, Marc Verfasser aut Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability 3rd ed Birmingham Packt Publishing, Limited 2024 ©2024 1 Online-Ressource (683 Seiten) txt rdacontent c rdamedia cr rdacarrier Description based on publisher supplied metadata and other sources Cover -- Copyright Page -- Foreword -- Contributors -- Table of Contents -- Preface -- Chapter 1: Docker and Container Essentials -- Technical requirements -- Understanding the need for containerization -- Understanding why Kubernetes removed Docker -- Introducing Docker -- Docker versus Moby -- Understanding Docker -- Containers are ephemeral -- Docker images -- Image layers -- Persistent data -- Accessing services running in containers -- Installing Docker -- Preparing to install Docker -- Installing Docker on Ubuntu -- Granting Docker permissions -- Using the Docker CLI -- docker help -- docker run -- docker ps -- docker start and stop -- docker attach -- docker exec -- docker logs -- docker rm -- docker pull/run -- docker build -- Summary -- Questions -- Chapter 2: Deploying Kubernetes Using KinD -- Technical requirements -- Introducing Kubernetes components and objects -- Interacting with a cluster -- Using development clusters -- Why did we select KinD for this book? -- Working with a basic KinD Kubernetes cluster -- Understanding the node image -- KinD and Docker networking -- Keeping track of the nesting dolls -- Installing KinD -- Installing KinD - prerequisites -- Installing kubectl -- Installing the KinD binary -- Creating a KinD cluster -- Creating a simple cluster -- Deleting a cluster -- Creating a cluster config file -- Multi-node cluster configuration -- Customizing the control plane and Kubelet options -- Creating a custom KinD cluster -- Reviewing your KinD cluster -- KinD storage objects -- Storage drivers -- KinD storage classes -- Using KinD's Storage Provisioner -- Adding a custom load balancer for Ingress -- Creating the KinD cluster configuration -- The HAProxy configuration file -- Understanding HAProxy traffic flow -- Simulating a kubelet failure -- Summary -- Questions -- Chapter 3: Kubernetes Bootcamp Technical requirements -- An overview of Kubernetes components -- Exploring the control plane -- The Kubernetes API server -- The etcd database -- kube-scheduler -- kube-controller-manager -- cloud-controller-manager -- Understanding the worker node components -- kubelet -- kube-proxy -- Container runtime -- Interacting with the API server -- Using the Kubernetes kubectl utility -- Understanding the verbose option -- General kubectl commands -- Introducing Kubernetes resources -- Kubernetes manifests -- What are Kubernetes resources? -- Reviewing Kubernetes resources -- Apiservices -- CertificateSigningRequests -- ClusterRoles -- ClusterRoleBindings -- ComponentStatus -- ConfigMaps -- ControllerRevisions -- CronJobs -- CSI drivers -- CSI nodes -- CSIStorageCapacities -- CustomResourceDefinitions -- DaemonSets -- Deployments -- Endpoints -- EndPointSlices -- Events -- FlowSchemas -- HorizontalPodAutoscalers -- IngressClasses -- Ingress -- Jobs -- LimitRanges -- LocalSubjectAccessReview -- MutatingWebhookConfiguration -- Namespaces -- NetworkPolicies -- Nodes -- PersistentVolumeClaims -- PersistentVolumes -- PodDisruptionBudgets -- Pods -- PodTemplates -- PriorityClasses -- PriorityLevelConfigurations -- ReplicaSets -- Replication controllers -- ResourceQuotas -- RoleBindings -- Roles -- RuntimeClasses -- Secrets -- SelfSubjectAccessReviews -- SelfSubjectRulesReviews -- Service accounts -- Services -- StatefulSets -- Storage classes -- SubjectAccessReviews -- TokenReviews -- ValidatingWebhookConfigurations -- VolumeAttachments -- Summary -- Questions -- Chapter 4: Services, Load Balancing, and Network Policies -- Technical requirements -- Exposing workloads to requests -- Understanding how Services work -- Creating a Service -- Using DNS to resolve services -- Understanding different service types -- The ClusterIP service -- The NodePort service The LoadBalancer service -- The ExternalName service -- Introduction to load balancers -- Understanding the OSI model -- Layer 7 load balancers -- Name resolution and layer 7 load balancers -- Using nip.io for name resolution -- Creating Ingress rules -- Resolving Names in Ingress Controllers -- Using Ingress Controllers for non-HTTP traffic -- Layer 4 load balancers -- Layer 4 load balancer options -- Using MetalLB as a layer 4 load balancer -- Installing MetalLB -- Understanding MetalLB's custom resources -- MetalLB components -- Creating a LoadBalancer service -- Advanced pool configurations -- Disabling automatic address assignments -- Assigning a static IP address to a service -- Using multiple address pools -- IP pool scoping -- Handling buggy networks -- Using multiple protocols -- Introducing Network Policies -- Network policy object overview -- The podSelector -- The policyTypes -- Creating a Network Policy -- Tools to create network policies -- Summary -- Questions -- Chapter 5: External DNS and Global Load Balancing -- Technical requirements -- Making service names available externally -- Setting up ExternalDNS -- Integrating ExternalDNS and CoreDNS -- Adding an ETCD zone to CoreDNS -- ExternalDNS configuration options -- Creating a LoadBalancer service with ExternalDNS integration -- Integrating CoreDNS with an enterprise DNS server -- Exposing CoreDNS to external requests -- Configuring the primary DNS server -- Testing DNS forwarding to CoreDNS -- Load balancing between multiple clusters -- Introducing the Kubernetes Global Balancer -- Requirements for K8GB -- Deploying K8GB to a cluster -- Understanding K8GB load balancing options -- Customizing the Helm chart values -- Using Helm to install K8GB -- Delegating our load balancing zone -- Deploying a highly available application using K8GB. Adding an application to K8GB using custom resources -- Adding an application to K8GB using Ingress annotations -- Understanding how K8GB provides global load balancing -- Keeping the K8GB CoreDNS servers in sync -- Summary -- Questions -- Chapter 6: Integrating Authentication into Your Cluster -- Technical requirements -- Getting Help -- Understanding how Kubernetes knows who you are -- External users -- Groups in Kubernetes -- Service accounts -- Understanding OpenID Connect -- The OpenID Connect protocol -- Following OIDC and the API's interaction -- id_token -- Other authentication options -- Certificates -- Service accounts -- TokenRequest API -- Custom authentication webhooks -- Configuring KinD for OpenID Connect -- Addressing the requirements -- Using LDAP and Active Directory with Kubernetes -- Mapping Active Directory groups to RBAC RoleBindings -- Kubernetes Dashboard access -- Kubernetes CLI access -- Enterprise compliance requirements -- Pulling it all together -- Deploying OpenUnison -- Configuring the Kubernetes API to use OIDC -- Verifying OIDC integration -- Using your tokens with kubectl -- Introducing impersonation to integrate authentication with cloud-managed clusters -- What is Impersonation? -- Security considerations -- Configuring your cluster for impersonation -- Testing Impersonation -- Using Impersonation for Debugging -- Configuring Impersonation without OpenUnison -- Impersonation RBAC policies -- Default groups -- Inbound Impersonation -- Privileged Access to Clusters -- Using a Privileged User Account -- Impersonating a Privileged User -- Temporarily Authorizing Privilege -- Authenticating from pipelines -- Using tokens -- Using certificates -- Using a pipeline's identity -- Avoiding anti-patterns -- Summary -- Questions -- Answers -- Chapter 7: RBAC Policies and Auditing -- Technical requirements Introduction to RBAC -- What's a Role? -- Identifying a Role -- Roles versus ClusterRoles -- Negative Roles -- Aggregated ClusterRoles -- RoleBindings and ClusterRoleBindings -- Combining ClusterRoles and RoleBindings -- Mapping enterprise identities to Kubernetes to authorize access to resources -- Implementing namespace multi-tenancy -- Kubernetes auditing -- Creating an audit policy -- Enabling auditing on a cluster -- Using audit2rbac to debug policies -- Summary -- Questions -- Answers -- Chapter 8: Managing Secrets -- Technical Requirements -- Getting Help -- Examining the difference between Secrets and Configuration Data -- Managing Secrets in an Enterprise -- Threats to Secrets at Rest -- Threats to Secrets in Transit -- Protecting Secrets in Your Applications -- Understanding Secrets Managers -- Storing Secrets as Secret Objects -- Sealed Secrets -- External Secrets Managers -- Using a Hybrid of External Secrets Management and Secret Objects -- Integrating Secrets into Your Deployments -- Volume Mounts -- Using Kubernetes Secrets -- Using Vault's Sidecar Injector -- Environment Variables -- Using Kubernetes Secrets -- Using the Vault Sidecar -- Using the Kubernetes Secrets API -- Using the Vault API -- Summary -- Questions -- Answers -- Chapter 9: Building Multitenant Clusters with vClusters -- Technical requirements -- Getting Help -- The Benefits and Challenges of Multitenancy -- Exploring the Benefits of Multitenancy -- The Challenges of Multitenant Kubernetes -- Using vClusters for Tenants -- Deploying vClusters -- Securely Accessing vClusters -- Accessing External Services from a vCluster -- Creating and Operating High-Availability vClusters -- Understanding vCluster High Availability -- Upgrading vClusters -- Building a Multitenant Cluster with Self Service -- Analyzing Requirements -- Designing the Multitenant Platform Deploying Our Multitenant Platform Enterprise zones Surovich, Scott Sonstige oth Price, Ed Sonstige oth Erscheint auch als Druck-Ausgabe Boorshtein, Marc Kubernetes - an Enterprise Guide Birmingham : Packt Publishing, Limited,c2024 9781835086957 |
| spellingShingle | Boorshtein, Marc Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability Cover -- Copyright Page -- Foreword -- Contributors -- Table of Contents -- Preface -- Chapter 1: Docker and Container Essentials -- Technical requirements -- Understanding the need for containerization -- Understanding why Kubernetes removed Docker -- Introducing Docker -- Docker versus Moby -- Understanding Docker -- Containers are ephemeral -- Docker images -- Image layers -- Persistent data -- Accessing services running in containers -- Installing Docker -- Preparing to install Docker -- Installing Docker on Ubuntu -- Granting Docker permissions -- Using the Docker CLI -- docker help -- docker run -- docker ps -- docker start and stop -- docker attach -- docker exec -- docker logs -- docker rm -- docker pull/run -- docker build -- Summary -- Questions -- Chapter 2: Deploying Kubernetes Using KinD -- Technical requirements -- Introducing Kubernetes components and objects -- Interacting with a cluster -- Using development clusters -- Why did we select KinD for this book? -- Working with a basic KinD Kubernetes cluster -- Understanding the node image -- KinD and Docker networking -- Keeping track of the nesting dolls -- Installing KinD -- Installing KinD - prerequisites -- Installing kubectl -- Installing the KinD binary -- Creating a KinD cluster -- Creating a simple cluster -- Deleting a cluster -- Creating a cluster config file -- Multi-node cluster configuration -- Customizing the control plane and Kubelet options -- Creating a custom KinD cluster -- Reviewing your KinD cluster -- KinD storage objects -- Storage drivers -- KinD storage classes -- Using KinD's Storage Provisioner -- Adding a custom load balancer for Ingress -- Creating the KinD cluster configuration -- The HAProxy configuration file -- Understanding HAProxy traffic flow -- Simulating a kubelet failure -- Summary -- Questions -- Chapter 3: Kubernetes Bootcamp Technical requirements -- An overview of Kubernetes components -- Exploring the control plane -- The Kubernetes API server -- The etcd database -- kube-scheduler -- kube-controller-manager -- cloud-controller-manager -- Understanding the worker node components -- kubelet -- kube-proxy -- Container runtime -- Interacting with the API server -- Using the Kubernetes kubectl utility -- Understanding the verbose option -- General kubectl commands -- Introducing Kubernetes resources -- Kubernetes manifests -- What are Kubernetes resources? -- Reviewing Kubernetes resources -- Apiservices -- CertificateSigningRequests -- ClusterRoles -- ClusterRoleBindings -- ComponentStatus -- ConfigMaps -- ControllerRevisions -- CronJobs -- CSI drivers -- CSI nodes -- CSIStorageCapacities -- CustomResourceDefinitions -- DaemonSets -- Deployments -- Endpoints -- EndPointSlices -- Events -- FlowSchemas -- HorizontalPodAutoscalers -- IngressClasses -- Ingress -- Jobs -- LimitRanges -- LocalSubjectAccessReview -- MutatingWebhookConfiguration -- Namespaces -- NetworkPolicies -- Nodes -- PersistentVolumeClaims -- PersistentVolumes -- PodDisruptionBudgets -- Pods -- PodTemplates -- PriorityClasses -- PriorityLevelConfigurations -- ReplicaSets -- Replication controllers -- ResourceQuotas -- RoleBindings -- Roles -- RuntimeClasses -- Secrets -- SelfSubjectAccessReviews -- SelfSubjectRulesReviews -- Service accounts -- Services -- StatefulSets -- Storage classes -- SubjectAccessReviews -- TokenReviews -- ValidatingWebhookConfigurations -- VolumeAttachments -- Summary -- Questions -- Chapter 4: Services, Load Balancing, and Network Policies -- Technical requirements -- Exposing workloads to requests -- Understanding how Services work -- Creating a Service -- Using DNS to resolve services -- Understanding different service types -- The ClusterIP service -- The NodePort service The LoadBalancer service -- The ExternalName service -- Introduction to load balancers -- Understanding the OSI model -- Layer 7 load balancers -- Name resolution and layer 7 load balancers -- Using nip.io for name resolution -- Creating Ingress rules -- Resolving Names in Ingress Controllers -- Using Ingress Controllers for non-HTTP traffic -- Layer 4 load balancers -- Layer 4 load balancer options -- Using MetalLB as a layer 4 load balancer -- Installing MetalLB -- Understanding MetalLB's custom resources -- MetalLB components -- Creating a LoadBalancer service -- Advanced pool configurations -- Disabling automatic address assignments -- Assigning a static IP address to a service -- Using multiple address pools -- IP pool scoping -- Handling buggy networks -- Using multiple protocols -- Introducing Network Policies -- Network policy object overview -- The podSelector -- The policyTypes -- Creating a Network Policy -- Tools to create network policies -- Summary -- Questions -- Chapter 5: External DNS and Global Load Balancing -- Technical requirements -- Making service names available externally -- Setting up ExternalDNS -- Integrating ExternalDNS and CoreDNS -- Adding an ETCD zone to CoreDNS -- ExternalDNS configuration options -- Creating a LoadBalancer service with ExternalDNS integration -- Integrating CoreDNS with an enterprise DNS server -- Exposing CoreDNS to external requests -- Configuring the primary DNS server -- Testing DNS forwarding to CoreDNS -- Load balancing between multiple clusters -- Introducing the Kubernetes Global Balancer -- Requirements for K8GB -- Deploying K8GB to a cluster -- Understanding K8GB load balancing options -- Customizing the Helm chart values -- Using Helm to install K8GB -- Delegating our load balancing zone -- Deploying a highly available application using K8GB. Adding an application to K8GB using custom resources -- Adding an application to K8GB using Ingress annotations -- Understanding how K8GB provides global load balancing -- Keeping the K8GB CoreDNS servers in sync -- Summary -- Questions -- Chapter 6: Integrating Authentication into Your Cluster -- Technical requirements -- Getting Help -- Understanding how Kubernetes knows who you are -- External users -- Groups in Kubernetes -- Service accounts -- Understanding OpenID Connect -- The OpenID Connect protocol -- Following OIDC and the API's interaction -- id_token -- Other authentication options -- Certificates -- Service accounts -- TokenRequest API -- Custom authentication webhooks -- Configuring KinD for OpenID Connect -- Addressing the requirements -- Using LDAP and Active Directory with Kubernetes -- Mapping Active Directory groups to RBAC RoleBindings -- Kubernetes Dashboard access -- Kubernetes CLI access -- Enterprise compliance requirements -- Pulling it all together -- Deploying OpenUnison -- Configuring the Kubernetes API to use OIDC -- Verifying OIDC integration -- Using your tokens with kubectl -- Introducing impersonation to integrate authentication with cloud-managed clusters -- What is Impersonation? -- Security considerations -- Configuring your cluster for impersonation -- Testing Impersonation -- Using Impersonation for Debugging -- Configuring Impersonation without OpenUnison -- Impersonation RBAC policies -- Default groups -- Inbound Impersonation -- Privileged Access to Clusters -- Using a Privileged User Account -- Impersonating a Privileged User -- Temporarily Authorizing Privilege -- Authenticating from pipelines -- Using tokens -- Using certificates -- Using a pipeline's identity -- Avoiding anti-patterns -- Summary -- Questions -- Answers -- Chapter 7: RBAC Policies and Auditing -- Technical requirements Introduction to RBAC -- What's a Role? -- Identifying a Role -- Roles versus ClusterRoles -- Negative Roles -- Aggregated ClusterRoles -- RoleBindings and ClusterRoleBindings -- Combining ClusterRoles and RoleBindings -- Mapping enterprise identities to Kubernetes to authorize access to resources -- Implementing namespace multi-tenancy -- Kubernetes auditing -- Creating an audit policy -- Enabling auditing on a cluster -- Using audit2rbac to debug policies -- Summary -- Questions -- Answers -- Chapter 8: Managing Secrets -- Technical Requirements -- Getting Help -- Examining the difference between Secrets and Configuration Data -- Managing Secrets in an Enterprise -- Threats to Secrets at Rest -- Threats to Secrets in Transit -- Protecting Secrets in Your Applications -- Understanding Secrets Managers -- Storing Secrets as Secret Objects -- Sealed Secrets -- External Secrets Managers -- Using a Hybrid of External Secrets Management and Secret Objects -- Integrating Secrets into Your Deployments -- Volume Mounts -- Using Kubernetes Secrets -- Using Vault's Sidecar Injector -- Environment Variables -- Using Kubernetes Secrets -- Using the Vault Sidecar -- Using the Kubernetes Secrets API -- Using the Vault API -- Summary -- Questions -- Answers -- Chapter 9: Building Multitenant Clusters with vClusters -- Technical requirements -- Getting Help -- The Benefits and Challenges of Multitenancy -- Exploring the Benefits of Multitenancy -- The Challenges of Multitenant Kubernetes -- Using vClusters for Tenants -- Deploying vClusters -- Securely Accessing vClusters -- Accessing External Services from a vCluster -- Creating and Operating High-Availability vClusters -- Understanding vCluster High Availability -- Upgrading vClusters -- Building a Multitenant Cluster with Self Service -- Analyzing Requirements -- Designing the Multitenant Platform Deploying Our Multitenant Platform Enterprise zones |
| title | Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| title_auth | Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| title_exact_search | Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| title_full | Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| title_fullStr | Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| title_full_unstemmed | Kubernetes - an Enterprise Guide Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| title_short | Kubernetes - an Enterprise Guide |
| title_sort | kubernetes an enterprise guide master containerized application deployments integrate enterprise systems and achieve scalability |
| title_sub | Master Containerized Application Deployments, Integrate Enterprise Systems, and Achieve Scalability |
| topic | Enterprise zones |
| topic_facet | Enterprise zones |
| work_keys_str_mv | AT boorshteinmarc kubernetesanenterpriseguidemastercontainerizedapplicationdeploymentsintegrateenterprisesystemsandachievescalability AT surovichscott kubernetesanenterpriseguidemastercontainerizedapplicationdeploymentsintegrateenterprisesystemsandachievescalability AT priceed kubernetesanenterpriseguidemastercontainerizedapplicationdeploymentsintegrateenterprisesystemsandachievescalability |