Hands-On Kubernetes, Service Mesh and Zero-Trust : Build and Manage Secure Applications Using Kubernetes and Istio
(Visualizza in formato marc)
(Visualizza in BIBFRAME)
| Autore: |
Dubey Swapnil
|
| Titolo: |
Hands-On Kubernetes, Service Mesh and Zero-Trust : Build and Manage Secure Applications Using Kubernetes and Istio
|
| Pubblicazione: | Delhi : , : BPB Publications, , 2023 |
| ©2023 | |
| Edizione: | 1st ed. |
| Descrizione fisica: | 1 online resource (376 pages) |
| Altri autori: |
KulkarniMandar J
|
| Nota di contenuto: | Book Title -- Inner title -- Copyright -- Dedicated -- About the Authors -- About the Reviewer -- Acknowledgements -- Preface -- Code Bundle and Coloured Images -- Piracy -- Table of Contents -- Chapter 1: Docker and Kubernetes 101 -- Introduction -- Structure -- Objectives -- Introduction to Docker -- Introduction to Kubernetes -- Kubernetes architecture -- Principles of immutability, declarative and self-healing -- Installing Kubernetes -- Installing Kubernetes locally using Minikube -- Installing Kubernetes in Docker -- Kubernetes client -- Checking the version -- Checking the status of Kubernetes Master Daemons -- Listing all worker nodes and describing the worker node -- Strategies to validate cluster quality -- Cost-efficiency as measure of quality -- Conclusion -- Points to remember -- Multiple choice questions -- Answers -- Chapter 2: PODs -- Introduction -- Structure -- Objectives -- Concept of Pods -- CRUD operations on Pods -- Creating and running Pods -- Listing Pods -- Deleting Pods -- Accessing PODs -- Accessing via port forwarding -- Running commands inside PODs using exec -- Accessing logs -- Managing resources -- Resource requests: Minimum and maximum limits to PODs -- Data persistence -- Internal: Using data volumes with PODs -- External: Data on remote disks -- Health checks -- Startup probe -- Liveness probe -- Readiness probe -- POD security -- Pod Security Standards -- Pod Security Admissions -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 3: HTTP Load Balancing with Ingress -- Introduction -- Structure -- Objectives -- Networking 101 -- Configuring Kubeproxy -- Configuring container network interfaces -- Ingress specifications and Ingress controller -- Effective Ingress usage -- Utilizing hostnames -- Utilizing paths -- Advanced Ingress -- Running and managing multiple Ingress controllers. |
| Ingress and namespaces -- Path rewriting -- Serving TLS -- Alternate implementations -- API gateways -- Need for API gateways -- Securing network -- Securing via network policies -- Securing via third-party tool -- Best practices for securing a network -- Conclusion -- Points to remember -- Multiple choice questions -- Answers -- Questions -- Chapter 4: Kubernetes Workload Resources -- Introduction -- Structure -- Objectives -- ReplicaSets -- Designing ReplicaSets -- Creating ReplicaSets -- Inspecting ReplicaSets -- Scaling ReplicaSets -- Deleting ReplicaSets -- Deployments -- Creating deployments -- Managing deployments -- Updating deployments -- Deployment strategies -- Monitoring deployment status -- Deleting deployments -- DaemonSets -- Creating DaemonSets -- Restricting DaemonSets to specific nodes -- Updating DaemonSets -- Deleting DaemonSets -- Kubernetes Jobs -- Jobs -- Job patterns -- Pod and container failures -- Cleaning up finished jobs automatically -- CronJobs -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 5: ConfigMap, Secrets, and Labels -- Introduction -- Structure -- Objectives -- ConfigMap -- Creating ConfigMap -- Consuming ConfigMaps -- Secrets -- Creating Secrets -- Consuming Secrets -- Managing ConfigMaps and Secrets -- Listing -- Creating -- Updating -- Applying and modifying labels -- Labels selectors -- Equality-based selector -- Set-based selectors -- Role of labels in Kubernetes architecture -- Defining annotations -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 6: Configuring Storage with Kubernetes -- Introduction -- Structure -- Objectives -- Storage provisioning in Kubernetes -- Volumes -- Persistent Volumes and Persistent Volume claims -- Storage class -- Using StorageClass for dynamic provisioning -- StatefulSets -- Properties of StatefulSets -- Volume claim templates. | |
| Headless service -- Installing MongoDB on Kubernetes using StatefulSets -- Disaster recovery -- Container storage interface -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 7: Introduction to Service Discovery -- Introduction -- Structure -- Objectives -- What is service discovery? -- Client-side discovery pattern -- Server-side discovery pattern -- Service registry -- Registration patterns -- Self-registration pattern -- Third-party registration -- Service discovery in Kubernetes -- Service discovery using etcd -- Service discovery in Kubernetes via Kubeproxy and DNS -- Advance details -- Endpoints -- Manual service discovery -- Cluster IP environment variables -- Kubeproxy and cluster IPs -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 8: Zero Trust Using Kubernetes -- Introduction -- Structure -- Objectives -- Kubernetes security challenges -- Role-based access control (RBAC) -- Identity -- Role and role bindings -- Managing RBAC -- Aggregating cluster roles -- User groups for bindings -- Introduction to Zero Trust Architecture -- Recommendations for Kubernetes Pod security -- Recommendations for Kubernetes network security -- Recommendations for authentication and authorization -- Recommendations for auditing and threat detection -- Recommendation for application security practices -- Zero trust in Kubernetes -- Identity-based service to service accesses and communication -- Include secret and certificate management and hardened Kubernetes encryption -- Enable observability with audits and logging -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 9: Monitoring, Logging and Observability -- Introduction -- Structure -- Objectives -- Kubernetes observability deep dive -- Selecting metrics for SLIs -- Setting SLO -- Tracking error budgets -- Creating alerts. | |
| Probes and uptime checks -- Pillars of Kubernetes observability -- Challenges in observability -- Exploring metrics using Prometheus and Grafana -- Installing Prometheus and Grafana -- Pushing custom metrics to Prometheus -- Creating dashboard on the metrics using Grafana -- Logging and tracing -- Logging using Fluentd -- Tracing with Open Telemetry using Jae -- Defining a typical SRE process -- Responsibilities of SRE -- Incident management -- Playbook maintenance -- Drills -- Selecting monitoring, metrics and visualization tools -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 10: Effective Scaling -- Introduction -- Structure -- Objectives -- Needs of scaling microservices individually -- Principles of scaling -- Challenges of scaling -- Introduction to auto scaling -- Types of scaling in K8s -- Horizontal pod scaling -- Vertical pod scaling -- Cluster autoscaling -- Standard metric scaling -- Custom Metric scaling -- Best practices of scaling -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 11: Introduction to Service Mesh and Istio -- Introduction -- Structure -- Objectives -- Why do you need a Service Mesh? -- Service discovery -- Load balancing the traffic -- Monitoring the traffic between services -- Collecting metrics -- Recovering from failure -- What is a Service Mesh? -- What is Istio? -- Istio architecture -- Data plane -- Control plane -- Installing Istio -- Installation using istioctl -- Cost of using a Service Mesh -- Data plane performance and resource consumption -- Control plane performance and resource consumption -- Customizing the Istio setup -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 12: Traffic Management Using Istio -- Introduction -- Structure -- Objectives -- Traffic management via gateways -- Virtual service and destination rule. | |
| Controlling Ingress and Egress traffic -- Shifting traffic between versions -- Injecting faults for testing -- Timeouts and retries -- Circuit breaking -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 13: Observability Using Istio -- Introduction -- Structure -- Objectives -- Understanding the telemetry flow -- Sample application and proxy logs -- Visualizing Service Mesh with Kiali -- Querying Istio Metrics with Prometheus -- Monitoring dashboards with Grafana -- Distributed tracing -- Conclusion -- Points to remember -- Questions -- Answers -- Chapter 14: Securing Your Services Using Istio -- Introduction -- Structure -- Objectives -- Identity Management with Istio -- Identity verification in TLS -- Certificate generation process in Istio -- Authentication with Istio -- Mutual TLS authentication -- Secure naming -- Peer authentication with a sample application -- Authorization with Istio -- Service authorization -- End user authorization -- Security architecture of Istio -- Conclusion -- Points to remember -- Questions -- Answers -- Index -- Back title. | |
| Titolo autorizzato: | Hands-On Kubernetes, Service Mesh and Zero-Trust |
| ISBN: | 93-5551-867-6 |
| 93-5551-868-4 | |
| Formato: | Materiale a stampa  |
| Livello bibliografico | Monografia |
| Lingua di pubblicazione: | Inglese |
| Record Nr.: | 9910860877703321 |
| Lo trovi qui: | Univ. Federico II |
| Opac: | Controlla la disponibilità qui |