Share this page!

Enter URL or ID to Unroll

You can paste full URL like: https://x.com/threadreaderapp/status/1644127596119195649
or just the ID like: 1644127596119195649

How to get URL link on X (Twitter) App

  1. On the Twitter thread, click on or icon on the bottom
  2. Click again on or Share Via icon
  3. Click on Copy Link to Tweet
  4. Paste it above and click "Unroll Thread"!
  5. More info at Twitter Help
View Regular
Bilgin Ibryam Profile picture
Bilgin Ibryam
@bibryam
🦆Author of Kubernetes Patterns 👔Product Manager @diagridio 🏗️Former Architect Red Hat ✍️Distributed Systems & Cloud 💡Patterns Collector & Book Reviews👇

May 10, 2022, 15 tweets

📕Another week, another book review📕
"Kubernetes – An Enterprise Guide - 2nd edition"
tl;dr: An extensive (580page) guide into Kubernetes ecosystem with an emphasis on #Networking & #Security 🧵👇

Security is a multi-dimensional concern, and I ♥️how this book covers it from all angles: container, nodes, networking, supply chain…with recommended projects, setups and code included!

There is a gentle intro to Docker, but also explanation why it is removed from Kubernetes 👍 and what is the error that everybody faces at the start 😂

A good look into Kubernetes objects and deploying it using KinD

Communicating with Kind cluster running locally 😵‍💫 but also installing Calico, MetalLB, HAProxy, Ingress controller, global load balancing with K8GB, simulating a kubelet failure..🤕

OpenID Connect API interaction sequence diagram (and also configuring the Kubernetes to use OIDC)

Using Kubernetes Dashboard with #Impersonation

Node Security and Container breakouts

Properly designing containers is hard... see next item

Talking about enterprise Kubernetes and security, I loved these tiny gems in the book👍

Anomaly detection with Falco:
• When a user attempts to modify a file under /etc
• When a user spawns a shell on a pod
• When a user stores sensitive information in a secret
• When a pod attempts to make a call to the Kubernetes API server
• Attempts to modify a ClusterRole

A step-by-step Kubernetes backups with Velero:
• Migrate clusters
• Create a development cluster from a production cluster
• Recover a cluster from a disaster
• Recover data from persistent volumes
• Namespace and deployment recovery

A pretty good coverage of Istio, Prometheus, Kiali, Jaeger, with gotchas such as this one: spot the difference between allow all access and deny all

There is a good example of managing monolithic and microservices based applications with Istio.
A not so good diagram visualizing how a microservices architecture looks like 🧐 (notice the data layer)

Overall, I loved the security and networking angle of the book, combined with the practical intro to the ecosystem of projects that make Kubernetes what it is today👍

Share this Scrolly Tale with your friends.

A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.

Keep scrolling