Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Material for The Kubernetes Course

Nigel Poulton

The author is letting you choose the price you pay for this book!

Pick Your Price...
PDF
EPUB
WEB
About

About

About the Book

Share this book

Categories

Cloud ComputingKubernetesDockerDevOpsComputers and Programming

Feedback

Email the author

Price

Pick Your Price...

Minimum price

$19.00

$29.00

You pay

$29.00

Author earns

$23.20
$

All prices are in US $. You can pay in US $ or in your local currency when you check out.

EU customers: prices exclude VAT, which is added during checkout.

...Or Buy With Credits!

Number of credits (Minimum 2)

2
The author will earn $24.00 from your purchase!
You can get credits monthly with a Reader Membership

Author

About the Author

Nigel Poulton

Nigel is a self confessed technology addict who is hell-bent on creating the best Kubernetes and cloud learning resources on the planet. He's the author of over 16 video training courses at Pluralsight, as well as more at A Cloud Guru, Udemy and more... He's active on Twitter, creates weekly and monthly Kubernetes videos on YouTube, and his website is the best place for links to learn about Kubernetes. When he's not rocking it with Kubernetes, he likes cars and football.

Leanpub Podcast

Episode 178

An Interview with Nigel Poulton

Contents

Table of Contents

1: Preface

  1. 1.1: The sample app and GitHub repo
  2. Exercise 1
  3. 1.2: Windows users
  4. 1.3: Terminology and responsible language
  5. 1.4: Feedback
  6. Quiz 1

2: Kubernetes primer

  1. 2.1: Important Kubernetes background
  2. 2.1.1: Orchestration
  3. 2.1.2: Containerization
  4. 2.1.3: Cloud native
  5. 2.1.4: Microservices
  6. 2.1.5: Where did Kubernetes come from
  7. 2.1.6: Kubernetes and Docker
  8. 2.1.7: What about Docker Swarm
  9. 2.1.8: Kubernetes and Borg: Resistance is futile!
  10. 2.1.9: Kubernetes–what’s in the name
  11. Exercise 2
  12. 2.2: Kubernetes: the operating system of the cloud
  13. 2.2.1: Application scheduling
  14. Exercise 3
  15. 2.3: Chapter summary
  16. Quiz 2

3: Kubernetes principles of operation

  1. 3.1: Kubernetes from 40K feet
  2. 3.1.1: Kubernetes: Cluster
  3. 3.1.2: Kubernetes: Orchestrator
  4. Exercise 4
  5. 3.2: Control plane and worker nodes
  6. 3.2.1: The control plane
  7. 3.2.1.1: The API server
  8. 3.2.1.2: The cluster store
  9. 3.2.1.3: Controllers and the controller manager
  10. 3.2.1.4: The scheduler
  11. 3.2.1.5: The cloud controller manager
  12. 3.2.1.6: Control Plane summary
  13. 3.2.2: Worker nodes
  14. 3.2.2.1: Kubelet
  15. 3.2.2.2: Runtime
  16. 3.2.2.3: Kube-proxy
  17. Exercise 5
  18. 3.3: Packaging apps for Kubernetes
  19. Exercise 6
  20. 3.4: The declarative model and desired state
  21. Exercise 7
  22. 3.5: Pods
  23. 3.5.1: Pods and containers
  24. 3.5.2: Pod anatomy
  25. 3.5.3: Pod scheduling
  26. 3.5.4: Pods as the unit of scaling
  27. 3.5.5: Pod lifecycle
  28. 3.5.6: Pod immutability
  29. Exercise 8
  30. 3.6: Deployments
  31. Exercise 9
  32. 3.7: Service objects and stable networking
  33. Exercise 10
  34. 3.8: Chapter summary
  35. Exercise 11
  36. Quiz 3

4: Getting Kubernetes

  1. 4.1: Install everything with Docker Desktop
  2. 4.1.1: Create a Docker account
  3. 4.1.2: Install Docker Desktop
  4. 4.1.3: Deploy Docker Desktop’s built-in multi-node Kubernetes cluster
  5. Exercise 12
  6. 4.2: Linode Kubernetes Engine (LKE)
  7. 4.3: Build a Kubernetes cluster in the Linode Cloud
  8. 4.3.1: Sign up for a Linode account
  9. 4.3.2: Create your LKE cluster
  10. Exercise 13
  11. 4.4: Configure kubectl
  12. 4.4.1: If you don’t have a kubeconfig file
  13. 4.4.2: If you already have a kubeconfig file
  14. Exercise 14
  15. 4.5: Test your LKE cluster
  16. Exercise 15
  17. 4.6: More about kubectl and your kubeconfig file
  18. Exercise 16
  19. 4.7: Chapter summary
  20. Exercise 17
  21. Quiz 4

5: Working with Pods

  1. 5.1: Pod theory
  2. 5.1.0.1: Pods are an abstraction layer
  3. 5.1.0.2: Pods augment workloads
  4. 5.1.0.3: Pods enable resource sharing
  5. 5.1.0.4: Pods and scheduling
  6. 5.1.1: Deploying Pods
  7. 5.1.2: Pod lifecycle
  8. 5.1.2.1: Restart Policies
  9. 5.1.3: Static Pods vs controllers
  10. 5.1.4: The pod network
  11. Exercise 18
  12. 5.2: Multi-container Pods
  13. 5.2.1: Multi-container Pods: Init containers
  14. 5.2.2: Multi-container Pods: Sidecars
  15. 5.2.3: Pod theory summary
  16. Exercise 19
  17. 5.3: Hands-on with Pods
  18. 5.3.1: Pod manifest files
  19. 5.3.2: Manifest files: Empathy as Code
  20. 5.3.3: Deploying Pods from a manifest file
  21. 5.3.4: Introspecting Pods
  22. 5.3.4.1: kubectl get
  23. 5.3.4.2: kubectl describe
  24. 5.3.4.3: kubectl logs
  25. 5.3.5: kubectl exec
  26. 5.3.6: Pod hostnames
  27. 5.3.7: Check Pod immutability
  28. 5.3.8: Resource requests and resource limits
  29. 5.3.9: Multi-container Pod example–init container
  30. 5.3.10: Multi-container Pod example–sidecar container
  31. Exercise 20
  32. 5.4: Clean up
  33. Exercise 21
  34. 5.5: Chapter Summary
  35. Exercise 22
  36. Quiz 5

6: Virtual clusters with Namespaces

  1. 6.1: Intro to Namespaces
  2. Exercise 23
  3. 6.2: Namespace use cases
  4. Exercise 24
  5. 6.3: Default Namespaces
  6. Exercise 25
  7. 6.4: Creating and managing Namespaces
  8. 6.4.1: Configure kubectl for a specific Namespace
  9. Exercise 26
  10. 6.5: Deploying objects to Namespaces
  11. Exercise 27
  12. 6.6: Clean up
  13. Exercise 28
  14. 6.7: Chapter Summary
  15. Exercise 29
  16. Quiz 6

7: Kubernetes Deployments

  1. 7.1: Deployment theory
  2. 7.1.1: Deployments and Pods
  3. 7.1.2: Deployments and ReplicaSets
  4. 7.1.3: A quick word on scaling
  5. 7.1.4: It’s all about the state
  6. 7.1.4.1: Declarative vs Imperative
  7. 7.1.4.2: Controllers and reconciliation
  8. 7.1.5: Rolling updates with Deployments
  9. 7.1.6: Rollbacks
  10. Exercise 30
  11. 7.2: Create a Deployment
  12. 7.2.1: Inspecting Deployments
  13. 7.2.2: Accessing the app
  14. Exercise 31
  15. 7.3: Manually scale the app
  16. Exercise 32
  17. 7.4: Perform a rolling update
  18. 7.4.1: Pausing and resuming rollouts
  19. Exercise 33
  20. 7.5: Perform a rollback
  21. 7.5.1: Rollouts and labels
  22. Exercise 34
  23. 7.6: Clean up
  24. Exercise 35
  25. 7.7: Chapter summary
  26. Quiz 7

8: Kubernetes Services

  1. 8.1: Service Theory
  2. 8.1.1: Labels and loose coupling
  3. 8.1.2: Behind the scenes with EndpointSlices
  4. 8.1.3: Service types
  5. 8.1.3.1: ClusterIP Services - Accessing apps from inside the cluster
  6. 8.1.3.2: NodePort Services - Accessing apps from outside the cluster
  7. 8.1.3.3: LoadBalancer Services - Accessing apps via load balancers
  8. 8.1.4: Summary of Service theory
  9. Exercise 36
  10. 8.2: Hands-on with Services
  11. 8.2.1: Working with Services imperatively
  12. 8.2.2: The declarative way
  13. 8.2.2.1: A Service manifest file
  14. 8.2.2.2: Inspecting Services
  15. 8.2.2.3: EndpointSlice objects
  16. Exercise 37
  17. 8.3: Clean up
  18. Exercise 38
  19. 8.4: Chapter Summary
  20. Exercise 39
  21. Quiz 8

9: Ingress

  1. 9.1: Setting the Scene for Ingress
  2. Exercise 40
  3. 9.2: Ingress architecture
  4. Exercise 41
  5. 9.3: Hands-on with Ingress
  6. 9.3.1: Install the NGINX Ingress controller
  7. 9.3.2: Ingress classes
  8. 9.3.3: Configure host-based and path-based routing
  9. 9.3.3.1: Deploy the sample environment
  10. 9.3.3.2: Create the Ingress object
  11. 9.3.3.3: Inspecting Ingress objects
  12. 9.3.3.4: Configure DNS name resolution
  13. 9.3.3.5: Test the Ingress
  14. Exercise 42
  15. 9.4: Clean up
  16. Exercise 43
  17. 9.5: Chapter summary
  18. Exercise 44
  19. Quiz 9

10: Wasm on Kubernetes

  1. 10.1: Wasm Primer
  2. 10.1.1: Wasm security
  3. 10.1.2: Wasm portability
  4. 10.1.3: Wasm performance
  5. 10.1.4: Quick recap
  6. Exercise 45
  7. 10.2: Understanding Wasm on Kubernetes
  8. Exercise 46
  9. 10.3: Hands-on with Wasm on Kubernetes
  10. 10.3.1: Install and test the pre-requisites
  11. 10.3.2: Write and compile the Wasm app
  12. 10.3.3: Build an OCI image and push it to an OCI registry
  13. 10.3.4: Build and configure a new multi-node Kubernetes cluster for Wasm
  14. 10.3.5: Deploy and test the app
  15. 10.3.6: Clean up
  16. Exercise 47
  17. 10.4: Chapter Summary
  18. Exercise 48
  19. Quiz 10

11: Service discovery deep dive

  1. 11.1: Setting the scene
  2. Exercise 49
  3. 11.2: The service registry
  4. Exercise 50
  5. 11.3: Service registration
  6. Exercise 51
  7. 11.4: Service discovery
  8. 11.4.1: ClusterIP routing
  9. 11.4.2: Summarising service discovery
  10. Exercise 52
  11. 11.5: Service discovery and Namespaces
  12. 11.5.1: Service discovery example
  13. Exercise 53
  14. 11.6: Troubleshooting service discovery
  15. Exercise 54
  16. 11.7: Clean up
  17. 11.8: Chapter summary
  18. Exercise 55
  19. Quiz 11

12: Kubernetes storage

  1. 12.1: The big picture
  2. Exercise 56
  3. 12.2: Storage Providers
  4. Exercise 57
  5. 12.3: The Container Storage Interface (CSI)
  6. Exercise 58
  7. 12.4: The Kubernetes persistent volume subsystem
  8. Exercise 59
  9. 12.5: Dynamic provisioning with Storage Classes
  10. 12.5.1: A StorageClass YAML
  11. 12.5.2: Working with StorageClasses
  12. 12.5.3: Additional volume settings
  13. 12.5.3.1: Access mode
  14. 12.5.3.2: Reclaim policy
  15. Exercise 60
  16. 12.6: Hands-on
  17. 12.6.1: Use an existing StorageClass
  18. 12.6.2: Create and use a new StorageClass
  19. Exercise 61
  20. 12.7: Clean up
  21. Exercise 62
  22. 12.8: Chapter Summary
  23. Exercise 63
  24. Quiz 12

13: ConfigMaps and Secrets

  1. 13.1: The big picture
  2. 13.1.1: What it looks like in a decoupled world
  3. Exercise 64
  4. 13.2: ConfigMap theory
  5. 13.2.1: How ConfigMaps work
  6. 13.2.2: ConfigMaps and Kubernetes-native apps
  7. Exercise 65
  8. 13.3: Hands-on with ConfigMaps
  9. 13.3.1: Creating ConfigMaps imperatively
  10. 13.3.2: Inspecting ConfigMaps
  11. 13.3.3: Creating ConfigMaps declaratively
  12. 13.3.4: Injecting ConfigMap data into Pods and containers
  13. 13.3.4.1: ConfigMaps and environment variables
  14. 13.3.4.2: ConfigMaps and container startup commands
  15. 13.3.4.3: ConfigMaps and volumes
  16. Exercise 66
  17. 13.4: Hands-on with Secrets
  18. 13.4.1: Are Kubernetes Secrets secure?
  19. 13.4.2: Creating Secrets
  20. 13.4.3: Using Secrets in Pods
  21. Exercise 67
  22. 13.5: Clean up
  23. Exercise 68
  24. 13.6: Chapter Summary
  25. Exercise 69
  26. Quiz 13

14: StatefulSets

  1. 14.1: StatefulSet theory
  2. 14.1.1: StatefulSet Pod naming
  3. 14.1.2: Ordered creation and deletion
  4. 14.1.3: Deleting StatefulSets
  5. 14.1.4: StatefulSets and Volumes
  6. 14.1.5: Handling failures
  7. 14.1.6: Network ID and headless Services
  8. Exercise 70
  9. 14.2: Hands-on with StatefulSets
  10. 14.2.1: Deploy the StorageClass
  11. 14.2.2: Create a governing headless Service
  12. 14.2.3: Deploy the StatefulSet
  13. 14.2.4: Testing peer discovery
  14. 14.2.5: Scaling StatefulSets
  15. 14.2.6: Rollouts
  16. 14.2.7: Test a Pod failure
  17. 14.2.8: Test a node failure
  18. 14.2.9: Deleting StatefulSets
  19. Exercise 71
  20. 14.3: Clean up
  21. 14.4: Chapter Summary
  22. Exercise 72
  23. Quiz 14

15: API security and RBAC

  1. 15.1: API security big picture
  2. Exercise 73
  3. 15.2: Authentication
  4. 15.2.1: Checking your current authentication setup
  5. Exercise 74
  6. 15.3: Authorization (RBAC)
  7. 15.3.1: RBAC big picture
  8. 15.3.2: Users and Permissions
  9. 15.3.2.1: Looking closer at rules
  10. 15.3.3: Cluster-level users and permissions
  11. 15.3.4: Real-world example
  12. 15.3.5: Summarizing authorization
  13. Exercise 75
  14. 15.4: Admission control
  15. Exercise 76
  16. 15.5: Chapter summary
  17. Exercise 77
  18. Quiz 15

16: The Kubernetes API

  1. 16.1: Kubernetes API big picture
  2. 16.1.1: JSON serialization
  3. 16.1.2: API analogy
  4. Exercise 78
  5. 16.2: The API server
  6. 16.2.1: A word on REST and RESTful
  7. 16.2.2: Hands-on
  8. 16.2.3: A word on CRUD
  9. Exercise 79
  10. 16.3: The API
  11. 16.3.1: The core API group
  12. 16.3.2: Named API groups
  13. 16.3.3: Inspecting the API
  14. 16.3.4: Alpha beta and stable
  15. 16.3.5: Resource deprecation
  16. 16.3.6: Extending the API
  17. 16.3.7: Clean up
  18. Exercise 80
  19. 16.4: Chapter summary
  20. Exercise 81
  21. Quiz 16

17: Threat modeling Kubernetes

  1. 17.1: Threat modeling
  2. Exercise 82
  3. 17.2: Spoofing
  4. 17.2.1: Securing communications with the API server
  5. 17.2.2: Securing Pod communications
  6. Exercise 83
  7. 17.3: Tampering
  8. 17.3.1: Tampering with Kubernetes components
  9. 17.3.2: Tampering with applications running on Kubernetes
  10. Exercise 84
  11. 17.4: Repudiation
  12. Exercise 85
  13. 17.5: Information Disclosure
  14. 17.5.1: Protecting cluster data
  15. 17.5.2: Protecting data in Pods
  16. Exercise 86
  17. 17.6: Denial of Service
  18. 17.6.1: Protecting cluster resources against DoS attacks
  19. 17.6.2: Protecting the API Server against DoS attacks
  20. 17.6.3: Protecting the cluster store against DoS attacks
  21. 17.6.4: Protecting application components against DoS attacks
  22. Exercise 87
  23. 17.7: Elevation of privilege
  24. 17.7.1: Protecting the API server
  25. 17.7.2: Protecting Pods
  26. 17.7.2.1: Do not run processes as root
  27. 17.7.2.2: Capability dropping
  28. 17.7.2.3: Filter syscalls
  29. 17.7.2.4: Mandatory Access Controls
  30. 17.7.2.5: Prevent privilege escalation by containers
  31. 17.7.3: Standardizing Pod Security with PSS and PSA
  32. 17.7.4: Pod Security Standards (PSS)
  33. 17.7.5: Pod Security Admission (PSA)
  34. 17.7.6: PSA examples
  35. 17.7.6.1: Alternatives to Pod Security Admission
  36. 17.7.7: Towards a more secure Kubernetes
  37. Exercise 88
  38. 17.8: Chapter summary
  39. Quiz 17

18: Real-world Kubernetes security

  1. 18.1: Security in the software delivery pipeline
  2. 18.1.1: Image Repositories
  3. 18.1.2: Use approved base images
  4. 18.1.3: Manage the need for non-standard base images
  5. 18.1.4: Control access to images
  6. 18.1.5: Moving images from non-production to production
  7. 18.1.6: Vulnerability scanning
  8. 18.1.7: Configuration as code
  9. 18.1.8: Sign container images
  10. 18.1.9: Image promotion workflow
  11. Exercise 89
  12. 18.2: Workload isolation
  13. 18.2.1: Cluster-level workload isolation
  14. 18.2.1.1: Namespaces and soft multi-tenancy
  15. 18.2.1.2: Namespaces and hard multi-tenancy
  16. 18.2.2: Node isolation
  17. 18.2.3: Runtime isolation
  18. 18.2.4: Network isolation
  19. 18.2.4.1: Kubernetes and overlay networking
  20. 18.2.4.2: Kubernetes and BGP
  21. 18.2.4.3: How this impacts firewalls
  22. 18.2.4.4: Packet capture
  23. Exercise 90
  24. 18.3: Identity and access management (IAM)
  25. 18.3.1: Managing Remote SSH access to cluster nodes
  26. 18.3.1.1: Multi-factor authentication (MFA)
  27. Exercise 91
  28. 18.4: Security monitoring and auditing
  29. 18.4.1: Baseline best practices
  30. 18.4.2: Container and Pod lifecycle events
  31. 18.4.3: Forensic checkpointing
  32. 18.4.4: Application logs
  33. 18.4.5: Actions performed by users
  34. 18.4.6: Managing log data
  35. 18.4.7: Alerting for security-relevant events
  36. 18.4.8: Migrating existing apps to Kubernetes
  37. Exercise 92
  38. 18.5: Real-world example
  39. Exercise 93
  40. 18.6: Chapter summary
  41. Quiz 18

19: Terminology

  1. Exercise 94
  2. Quiz 19

20: Outro and what next

  1. 20.1: Docker, containers, and AI
  2. 20.2: Get involved with the community
  3. 20.3: Connect with me

21: About the authors

  1. 21.1: Author: Nigel Poulton
  2. 21.2: Contributing author: Pushkar Joglekar

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub