📕Another week, another book review📕
"Kubernetes – An Enterprise Guide - 2nd edition"
tl;dr: An extensive (580page) guide into Kubernetes ecosystem with an emphasis on #Networking & #Security 🧵👇
"Kubernetes – An Enterprise Guide - 2nd edition"
tl;dr: An extensive (580page) guide into Kubernetes ecosystem with an emphasis on #Networking & #Security 🧵👇
Security is a multi-dimensional concern, and I ♥️how this book covers it from all angles: container, nodes, networking, supply chain…with recommended projects, setups and code included!
There is a gentle intro to Docker, but also explanation why it is removed from Kubernetes 👍 and what is the error that everybody faces at the start 😂
A good look into Kubernetes objects and deploying it using KinD
Communicating with Kind cluster running locally 😵💫 but also installing Calico, MetalLB, HAProxy, Ingress controller, global load balancing with K8GB, simulating a kubelet failure..🤕
OpenID Connect API interaction sequence diagram (and also configuring the Kubernetes to use OIDC)
Using Kubernetes Dashboard with #Impersonation
Node Security and Container breakouts
Properly designing containers is hard... see next item
Talking about enterprise Kubernetes and security, I loved these tiny gems in the book👍
Anomaly detection with Falco:
• When a user attempts to modify a file under /etc
• When a user spawns a shell on a pod
• When a user stores sensitive information in a secret
• When a pod attempts to make a call to the Kubernetes API server
• Attempts to modify a ClusterRole
• When a user attempts to modify a file under /etc
• When a user spawns a shell on a pod
• When a user stores sensitive information in a secret
• When a pod attempts to make a call to the Kubernetes API server
• Attempts to modify a ClusterRole
A step-by-step Kubernetes backups with Velero:
• Migrate clusters
• Create a development cluster from a production cluster
• Recover a cluster from a disaster
• Recover data from persistent volumes
• Namespace and deployment recovery
• Migrate clusters
• Create a development cluster from a production cluster
• Recover a cluster from a disaster
• Recover data from persistent volumes
• Namespace and deployment recovery
A pretty good coverage of Istio, Prometheus, Kiali, Jaeger, with gotchas such as this one: spot the difference between allow all access and deny all
There is a good example of managing monolithic and microservices based applications with Istio.
A not so good diagram visualizing how a microservices architecture looks like 🧐 (notice the data layer)
A not so good diagram visualizing how a microservices architecture looks like 🧐 (notice the data layer)
Overall, I loved the security and networking angle of the book, combined with the practical intro to the ecosystem of projects that make Kubernetes what it is today👍
• • •
Missing some Tweet in this thread? You can try to
force a refresh
