Hands-On Kubernetes on Azure: Use Azure Kubernetes Service to automate management, scaling, and deployment of containerized applications [3 ed.] 9781801079945, 1801079943

Table of contents :
Cover
FM
Table of Contents
Preface
Foreword
Section 1: The Basics
Chapter 1: Introduction to containers and Kubernetes
The software evolution that brought us here
Microservices
Advantages of running microservices
Disadvantages of running microservices
DevOps
Fundamentals of containers
Container images
Kubernetes as a container orchestration platform
Pods in Kubernetes
Deployments in Kubernetes
Services in Kubernetes
Azure Kubernetes Service
Summary
Chapter 2: Getting started with Azure Kubernetes Service
Different ways to create an AKS cluster
Getting started with the Azure portal
Creating your first AKS cluster
A quick overview of your cluster in the Azure portal
Accessing your cluster using Azure Cloud Shell
Deploying and inspecting your first demo application
Deploying the demo application
Summary
Section 2: Deploying on AKS
Chapter 3: Application deployment on AKS
Deploying the sample guestbook application step by step
Introducing the application
Deploying the Redis master
Examining the deployment
Redis master with a ConfigMap
Complete deployment of the sample guestbook application
Exposing the Redis master service
Deploying the Redis replicas
Deploying and exposing the front end
The guestbook application in action
Installing complex Kubernetes applications using Helm
Installing WordPress using Helm
Summary
Chapter 4: Building scalable applications
Scaling your application
Manually scaling your application
Scaling the guestbook front-end component
Using the HPA
Scaling your cluster
Manually scaling your cluster
Scaling your cluster using the cluster autoscaler
Upgrading your application
Upgrading by changing YAML files
Upgrading an application using kubectl edit
Upgrading an application using kubectl patch
Upgrading applications using Helm
Summary
Chapter 5: Handling common failures in AKS
Handling node failures
Solving out-of-resource failures
Fixing storage mount issues
Starting the WordPress installation
Using persistent volumes to avoid data loss
Summary
Chapter 6: Securing your application with HTTPS
Setting up Azure Application Gateway as a Kubernetes ingress
Creating a new application gateway
Setting up the AGIC
Adding an ingress rule for the guestbook application
Adding TLS to an ingress
Installing cert-manager
Installing the certificate issuer
Creating the TLS certificate and securing the ingress
Summary
Chapter 7: Monitoring the AKS cluster and the application
Commands for monitoring applications
The kubectl get command
The kubectl describe command
Debugging applications
Readiness and liveness probes
Building two web containers
Experimenting with liveness and readiness probes
Metrics reported by Kubernetes
Node status and consumption
Pod consumption
Using AKS Diagnostics
Azure Monitor metrics and logs
AKS Insights
Summary
Section 3: Securing your AKS cluster and workloads
Chapter 8: Role-based access control in AKS
RBAC in Kubernetes explained
Enabling Azure AD integration in your AKS cluster
Creating a user and group in Azure AD
Configuring RBAC in AKS
Verifying RBAC for a user
Summary
Chapter 9: Azure Active Directory pod‑managed identities in AKS
An overview of Azure AD pod-managed identities
Setting up a new cluster with Azure AD pod-managed identities
Linking an identity to your cluster
Using a pod with managed identity
Summary
Chapter 10: Storing secrets in AKS
Different secret types in Kubernetes
Creating secrets in Kubernetes
Creating Secrets from files
Creating secrets manually using YAML files
Creating generic secrets using literals in kubectl
Using your secrets
Secrets as environment variables
Secrets as files
Installing the Azure Key Vault provider for Secrets Store CSI driver
Creating a managed identity
Creating a key vault
Installing the CSI driver for Key Vault
Using the Azure Key Vault provider for Secrets Store CSI driver
Mounting a Key Vault secret as a file
Using a Key Vault secret as an environment variable
Summary
Chapter 11: Network security in AKS
Networking and network security in AKS
Control plane networking
Workload networking
Control plane network security
Securing the control plane using authorized IP ranges
Securing the control plane using a private cluster
Workload network security
Securing the workload network using an internal load balancer
Securing the workload network using network security groups
Securing the workload network using network policies
Summary
Section 4: Integrating with Azure managed services
Chapter 12: Connecting an application to an Azure database
Azure Service Operator
What is ASO?
Installing ASO on your cluster
Creating a new AKS cluster
Creating a managed identity
Creating a key vault
Setting up ASO on your cluster
Deploying Azure Database for MySQL using ASO
Creating an application using the MySQL database
Summary
Chapter 13: Azure Security Center for Kubernetes
Setting up Azure Security Center for Kubernetes
Deploying offending workloads
Analyzing configuration using Azure Secure Score
Neutralizing threats using Azure Defender
Summary
Chapter 14: Serverless functions
Various functions platforms
Setting up the prerequisites
Azure Container Registry
Creating a VM
Creating an HTTP-triggered Azure function
Creating a queue-triggered function
Creating a queue
Creating a queue-triggered function
Scale testing functions
Summary
Chapter 15: Continuous integration and continuous deployment for AKS
CI/CD process for containers and Kubernetes
Setting up Azure and GitHub
Setting up a CI pipeline
Setting up a CD pipeline
Summary
Final thoughts
Index