Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

About the Authors

Index

A

A/B testing (see canary deployments)
ABAC (Attribute-Based Access Control), ABAC, Authorization Best Practices
access control
- NetworkPolicy API and, Network Security Policy
- role-based (see RBAC)
- secrets and, Managing Authentication with Secrets
admission controllers, Admission Controllers, Admission Control and Authorization-Admission Control Best Practices
- best practices, Admission Control Best Practices-Admission Control Best Practices
- ConfigMap/Secrets and, Common Best Practices for the ConfigMap and Secrets APIs
- defined, What Are They?
- importance of, Why Are They Important?
- sidecars and, Extending Kubernetes Clusters
- types, Admission Controller Types
- webhook configuration, Configuring Admission Webhooks-Configuring Admission Webhooks
affinity/anti-affinity, Pod Affinity and Anti-Affinity
alert fatigue, Alerting
alert thresholds, Alerting
alerting
- best practices, Alerting
- overview, Alerting
Amazon EC2, Monitoring Tools
Amazon Web Services (AWS), Exporting Services by Using Internal Load Balancers
anomaly detection, Intrusion and Anomaly Detection Tooling
application configuration, Configuring an Application with ConfigMaps
application platforms
- approaches to developing higher-level abstractions, Approaches to Developing Higher-Level Abstractions
- best practices for building, Building Application Platforms Best Practices
- building on top of Kubernetes, Building Higher-Level Application Patterns on Top of Kubernetes-Summary
- design considerations, Design Considerations When Building Platforms-Support Existing Mechanisms for Service and Service Discovery
- design considerations when building platforms, Design Considerations When Building Platforms-Support Existing Mechanisms for Service and Service Discovery
- extending Kubernetes, Extending Kubernetes-Extending the Kubernetes User Experience
- extending Kubernetes clusters, Extending Kubernetes Clusters-Extending Kubernetes Clusters
- extending Kubernetes UX, Extending the Kubernetes User Experience
- support for existing mechanisms for service/service discovery, Support Existing Mechanisms for Service and Service Discovery
- support for exporting to a container image, Support Exporting to a Container Image
application scaling, Application Scaling
Application Service, Managing Configuration Files
Attribute-Based Access Control (ABAC), ABAC, Authorization Best Practices
authentication, Secrets and, Managing Authentication with Secrets-Managing Authentication with Secrets
authorization, Authorization-Authorization Best Practices
- ABAC module, ABAC
- best practices, Authorization Best Practices
- modules, Authorization Modules-Webhook
- webhook module, Webhook
autoscaling, for machine learning, Machine Leaning on Kubernetes Best Practices
AWS (Amazon Web Services), Exporting Services by Using Internal Load Balancers
AWS Container Insights, Monitoring Tools
Azure, Exporting Services by Using Internal Load Balancers
Azure Container Instances, Monitoring Tools
Azure CosmosDB, Multicluster Design Concerns
Azure Kubernetes Service, Monitoring Tools
Azure Monitor, Monitoring Tools

B

Berkeley Packet Filter (BPF), Intrusion and Anomaly Detection Tooling
best effort QoS, Resource Limits and Pod Quality of Service
black-box monitoring, Monitoring Techniques
blast radius, Testing in Production, Why Multiple Clusters?
blue/green deployments, Deployment Strategies
BPF (Berkeley Packet Filter), Intrusion and Anomaly Detection Tooling
bricking, Building a Development Cluster
burstable QoS, Resource Limits and Pod Quality of Service

C

cAdvisor, cAdvisor
canary deployments, Deployment Strategies
canary region, Canary Region
Canonical Name (see CNAME-based Kubernetes Services)
CD (see continuous delivery; continuous deployment; CI/CD pipeline)
certificate-based authentication, Onboarding Users
chaos engineering, Testing in Production
chaos experiment, A Simple Chaos Experiment
Chaos Toolkit, A Simple Chaos Experiment
chart (Helm file collection), Parameterizing Your Application by Using Helm
checkpoints, Checkpoints and saving models
CI (see continuous integration)
CI/CD pipeline, Continuous Integration, Testing, and Deployment-Summary
- best practices for, Best Practices for CI/CD
- chaos experiment, A Simple Chaos Experiment
- container builds, Container Builds
- container image tagging, Container Image Tagging
- continuous deployment (CD), Continuous Deployment-Deployment Strategies
- deployment strategies, Deployment Strategies-Deployment Strategies
- rolling upgrade, Performing a Rolling Upgrade
- setting up CD, Setting Up CD
- setting up CI, Setting Up CI-Setting Up CI
- testing, Testing
- testing in production, Testing in Production-Testing in Production
- version control, Version Control
Classless Inter-Domain Routing (CIDR), Kubenet
Cloud Spanner, Multicluster Design Concerns
CloudWatch Container Insights, Monitoring Tools
Cluster API, Managing Multiple Cluster Deployments
Cluster Autoscaler add-on, Cluster autoscaling
cluster scaling, Cluster Scaling
- autoscaling, Cluster autoscaling
- manual, Manual scaling
cluster-level services, Cluster-Level Services
ClusterIP service type, Service Type ClusterIP
clusters
- extending, Extending Kubernetes Clusters-Extending Kubernetes Clusters
- mixed workload, for machine learning, Machine Leaning on Kubernetes Best Practices
- multiple (see multiple clusters)
- shared vs. one per developer, Building a Development Cluster
CNAME-based Kubernetes Services, CNAME-Based Services for Stable DNS Names
CNI plug-in
- about, The CNI Plug-in
- best practices, CNI Best Practices
compliance, multicluster design and, Why Multiple Clusters?
config resource, Data Replication
ConfigMaps
- best practices, Common Best Practices for the ConfigMap and Secrets APIs-Common Best Practices for the ConfigMap and Secrets APIs
- common best practices for ConfigMap and Secrets APIs, Common Best Practices for the ConfigMap and Secrets APIs-Common Best Practices for the ConfigMap and Secrets APIs
- configuration with, ConfigMaps
- configuring an application with, Configuring an Application with ConfigMaps
- DNS server and, CNAME-Based Services for Stable DNS Names
configuration
- common best practices for ConfigMap and Secrets APIs, Common Best Practices for the ConfigMap and Secrets APIs-Common Best Practices for the ConfigMap and Secrets APIs
- Secrets for, Secrets
- with ConfigMaps, Configuring an Application with ConfigMaps, ConfigMaps
configuration drift, Continuous Deployment
constraint resource, Defining Constraints
constraint templates
- defining, Introducing Gatekeeper, Defining Constraint Templates
- elements of, Constraint template
constraints
- best practices, Policy and Governance Best Practices
- defining, Defining Constraints
- Gatekeeper and, Constraint
- operational characteristics, Defining Constraints
Consul, Service Meshes, Multicluster Design Concerns
container
- intrusion/anomaly detection tooling, Intrusion and Anomaly Detection Tooling
- workload isolation and RuntimeClass, Workload Isolation and RuntimeClass-Workload Isolation and RuntimeClass Best Practices
Container Advisor (cAdvisor), cAdvisor
container builds, Container Builds
container image tagging, Container Image Tagging
container images (see image management)
Container Insights, Monitoring Tools
Container Network Interface (CNI) (see CNI plug-in)
Container Storage Interface (CSI), Container Storage Interface and FlexVolume
continuous delivery (CD), Multicluster Design Concerns
- (see also CI/CD pipeline)
continuous deployment (CD), Continuous Deployment-Deployment Strategies
- defined, Continuous Deployment
- deployment strategies, Deployment Strategies-Deployment Strategies
- setting up, Setting Up CD
continuous integration (CI), Continuous Integration
- (see also CI/CD pipeline)
- defined, Continuous Integration
- setting up, Setting Up CI-Setting Up CI
control-plane components, Kubernetes Metrics Overview
Core CNI project, The CNI Plug-in
CoreDNS server, CNAME-Based Services for Stable DNS Names
CSI (Container Storage Interface), Container Storage Interface and FlexVolume
custom controllers, Deployment and Management Patterns
Custom Metrics API, Metrics Server, HPA with Custom Metrics
custom resource definitions (CRDs), Managing Namespaces, Introducing Gatekeeper
- adding resources to existing cluster with, Extending Kubernetes Clusters
- constraint templates as, Defining Constraint Templates
- defined, Deployment and Management Patterns

D

data replication
- Gatekeeper and, Data Replication
- multicluster design and, Multicluster Design Concerns
data scientists, machine learning and, Data Scientist Concerns
database
- deploying a simple stateful database, Deploying a Simple Stateful Database-Deploying a Simple Stateful Database
- making accessible from Kubernetes (see importing services into Kubernetes)
Datadog, Monitoring Tools
dataset storage, for machine learning, Dataset storage and distribution among worker nodes during training
debugging, Enabling Testing and Debugging
- (see also logging)
declarative model, Managing Configuration Files, Releases
DefaultStorageClass admission plug-in, Storage Classes
dependencies, installation of, Initial Setup
deployment
- best policy/governance practices, Policy and Governance Best Practices
- sample code for, Putting It All Together-Putting It All Together
- stateful database, Deploying a Simple Stateful Database-Deploying a Simple Stateful Database
- strategies for CI/CD pipeline, Deployment Strategies-Deployment Strategies
- versioning, releases, and rollouts, Versioning, Releases, and Rollouts-Summary
Deployment object, Enabling Active Development
Deployment resource, Creating a Replicated Application
developer workflows (see workflows)
development cluster
- building, Building a Development Cluster
- goals, Goals
- onboarding users, Onboarding Users-Onboarding Users
- setting up shared cluster for multiple developers, Setting Up a Shared Cluster for Multiple Developers-Cluster-Level Services
development environment, Setting Up a Development Environment Best Practices
disruption budgets, PodDisruptionBudgets
distributed training, Distributed Training on Kubernetes, Machine Leaning on Kubernetes Best Practices
DNS servers/resolvers, CNAME-Based Services for Stable DNS Names
Docker image, Container Image Tagging
docker-registry secrets, Secrets
Domain Name System (DNS), Load-Balancing Traffic Around the World
dot notation, Versioning
drivers, machine learning, Libraries, Drivers, and Kernel Modules
dynamic admission controllers, Admission Controller Types

E

EFK (Elasticsearch, Fluentd, and Kibana) stack, Logging by Using an EFK Stack-Logging by Using an EFK Stack, Deployment and Management Patterns
exporting services from Kubernetes, Exporting Services from Kubernetes-Integrating External Machines and Kubernetes
- integrating external machines and Kubernetes, Integrating External Machines and Kubernetes
- internal load balancers for, Exporting Services by Using Internal Load Balancers
- NodePorts for, Exporting Services on NodePorts
external identity systems, Onboarding Users
external services
- best practices for connecting cluster and external services, Connecting Cluster and External Services Best Practices
- exporting services from Kubernetes, Exporting Services from Kubernetes-Integrating External Machines and Kubernetes
- importing services into Kubernetes, Importing Services into Kubernetes-Active Controller-Based Approaches
- integrating with Kubernetes, Integrating External Services and Kubernetes-Summary
- sharing services between Kubernetes, Sharing Services Between Kubernetes
- third-party tools, Third-Party Tools
ExternalName service type, Service Type ExternalName

F

failurePolicy field, Admission Control Best Practices
Falco, Intrusion and Anomaly Detection Tooling
feature flag, Deployment Strategies
Federation, Kubernetes Federation-Kubernetes Federation
Federation v2 (KubeFed), Kubernetes Federation-Kubernetes Federation
filesystem layout, Managing Configuration Files
flaky tests, Goals
flat networks, Multicluster Design Concerns
FlexVolume, Container Storage Interface and FlexVolume
Fluentd, Logging by Using an EFK Stack
Flux, The GitOps Approach to Managing Clusters-The GitOps Approach to Managing Clusters
Four Golden Signals, Monitoring Patterns, CNI Best Practices

G

Gardener, Multicluster Management Tools
Gatekeeper, Introducing Gatekeeper-Gatekeeper Next Steps
- audit and, Audit
- constraint, Constraint
- constraint templates, Constraint template
- data replication, Data Replication
- defining constraint templates, Defining Constraint Templates
- defining constraints, Defining Constraints
- demonstration content, Becoming Familiar with Gatekeeper
- example policies, Example Policies
- next steps for, Gatekeeper Next Steps
- rego and, Rego
- terminology, Gatekeeper Terminology
- UX, UX
GCP Stackdriver, Monitoring Tools
generic secrets, Secrets
Git, Managing Configuration Files
GitOps, The GitOps Approach to Managing Clusters-The GitOps Approach to Managing Clusters
GKE (Google Kubernetes Engine), Monitoring Tools
global deployment, Worldwide Application Distribution and Staging-Summary
- best practices, Worldwide Rollout Best Practices
- canary region, Canary Region
- constructing a global rollout, Constructing a Global Rollout
- distributing your image, Distributing Your Image
- identifying region types, Identifying Region Types
- load-balancing traffic, Load-Balancing Traffic Around the World
- parameterizing your deployment, Parameterizing Your Deployment
- pre-rollout validation, Pre-Rollout Validation-Pre-Rollout Validation
- reliably rolling out software, Reliably Rolling Out Software Around the World-Constructing a Global Rollout
- responding to problems, When Something Goes Wrong
Google Cloud Spanner, Multicluster Design Concerns
Google Four Golden Signals, Monitoring Patterns, CNI Best Practices
Google Kubernetes Engine (GKE), Monitoring Tools
Grafana, Monitoring Kubernetes Using Prometheus
graphics processing units (GPUs), Model Training on Kubernetes-Training your first model on Kubernetes
guaranteed QoS, Resource Limits and Pod Quality of Service

H

hard multitenancy, Why Multiple Clusters?
Hardware Security Module (HSM), Best practices specific to secrets
headless service, Creating a TCP Load Balancer by Using Services, Service Type ClusterIP
Heapster, Metrics Server
Helm
- life cycle hook with, Common Best Practices for the ConfigMap and Secrets APIs
- parameterizing an application with, Parameterizing Your Application by Using Helm-Parameterizing Your Application by Using Helm
- rollouts and, Best Practices for Versioning, Releases, and Rollouts
- testing with, Testing
- Tiller as default service account, RBAC Best Practices
- tracking releases with, Releases
helm lint, Testing
Horizontal Pod Autoscaler (HPA), Metrics Server, Application Scaling-HPA with Custom Metrics, Scaling with HPA
HSM (Hardware Security Module), Best practices specific to secrets
HTTP protocol management, Ingress and Ingress Controllers
HTTP traffic, external Ingress for, Setting Up an External Ingress for HTTP Traffic
hyperparameter tuning, Model Training on Kubernetes

I

image management, Best Practices for Image Management
importing services into Kubernetes, Importing Services into Kubernetes-Active Controller-Based Approaches
- active controller-based approaches, Active Controller-Based Approaches
- CNAME-based services for stable DNS names, CNAME-Based Services for Stable DNS Names
- selector-less services for stable IP addresses, Selector-Less Services for Stable IP Addresses
InfluxDB, Monitoring Tools
Infrastructure as Code (IaC), Multicluster Design Concerns
Infrastructure as Software, Deployment and Management Patterns
Ingress
- about, Ingress and Ingress Controllers
- best practices, Services and Ingress Controllers Best Practices
- routing traffic to a static file server with, Using Ingress to Route Traffic to a Static File Server-Using Ingress to Route Traffic to a Static File Server
- setting up for HTTP traffic, Setting Up an External Ingress for HTTP Traffic
integration testing, Pre-Rollout Validation-Pre-Rollout Validation
internal load balancers, exporting services using, Exporting Services by Using Internal Load Balancers
intrusion detection, Intrusion and Anomaly Detection Tooling
involuntary disruptions, PodDisruptionBudgets
Istio, Service Meshes

J

journal service (see setting up a basic service)
JSON, YAML versus, Managing Configuration Files
Just in Time (JIT) access systems, RBAC Best Practices

K

kernel modules, Libraries, Drivers, and Kernel Modules
Kibana, Logging by Using an EFK Stack
KQueen, Multicluster Management Tools
kube-proxy, Integrating External Machines and Kubernetes
kube-state-metrics, kube-state-metrics
kube-system namespace, Admission Control Best Practices
kubectl
- audit results and, Audit
- CRDs and, Managing Namespaces
- debugging tools, Enabling Testing and Debugging
- expanding UX with, Extending the Kubernetes User Experience
- namespace flag, Managing Resources by Using Namespaces
kubectx, Multicluster Management Tools
KubeFed (Federation v2), Kubernetes Federation-Kubernetes Federation
Kubenet
- about, Kubenet
- best practices, Kubenet Best Practices
kubens, Multicluster Management Tools
Kubernetes Federation, Kubernetes Federation-Kubernetes Federation
Kubernetes scheduler, Kubernetes Scheduler-Taints and Tolerations
- advanced scheduling techniques, Advanced Scheduling Techniques-Taints and Tolerations
- nodeSelector, nodeSelector
- pod affinity/anti-affinity, Pod Affinity and Anti-Affinity
- predicate function, Predicates
- priorities, Priorities
- taints, Taints and Tolerations-Taints and Tolerations
- tolerations, Taints and Tolerations
Kubernetes Services
- creating TCP load balancer with, Creating a TCP Load Balancer by Using Services
- elements of, Active Controller-Based Approaches
Kubernetes Volumes (see Volumes)

L

libraries, machine learning, Libraries, Drivers, and Kernel Modules
Limit (resource request), Creating a Replicated Application
LimitRange, LimitRange
Linkerd2, Service Meshes
linters, Extending Kubernetes Clusters
liveness probes, Alerting
load balancing, Load-Balancing Traffic Around the World
LoadBalancer service type, Service Type LoadBalancer
logging, Logging Overview-Logging
- alerting and, Alerting
- best practices, Logging
- EFK stack for, Logging by Using an EFK Stack-Logging by Using an EFK Stack
- metrics collection versus log collection, Metrics Versus Logs
- overview, Logging Overview-Logging Overview
- tools for, Tools for Logging
Logging as a Service (LaaS), Cluster-Level Services

M

machine learning, Running Machine Learning in Kubernetes-Summary
- advantages of Kubernetes for, Why Is Kubernetes Great for Machine Learning?
- best practices, Machine Leaning on Kubernetes Best Practices
- checkpoints and saving models, Checkpoints and saving models
- data scientist concerns, Data Scientist Concerns
- dataset storage/distribution among worker nodes during training, Dataset storage and distribution among worker nodes during training
- distributed training, Distributed Training on Kubernetes
- for Kubernetes cluster admins, Machine Learning for Kubernetes Cluster Admins-Specialized Protocols
- libraries, drivers, and kernel modules, Libraries, Drivers, and Kernel Modules
- model training, Model Training on Kubernetes-Libraries, Drivers, and Kernel Modules
- networking, Networking
- resource constraints, Resource Constraints
- scheduling idiosyncrasies, Scheduling idiosyncrasies
- specialized hardware, Specialized Hardware
- specialized protocols, Specialized Protocols
- storage, Storage
- workflow phases, Machine Learning Workflow
master branch, Version Control
Message Passing Interface (MPI), Specialized Protocols
metrics
- cAdvisor, cAdvisor
- choosing metrics to monitor, What Metrics Do I Monitor?
- kube-state-metrics, kube-state-metrics
- log collection versus metrics collection, Metrics Versus Logs
- metrics-server, Metrics Server
- overview, Kubernetes Metrics Overview-kube-state-metrics
Metrics Aggregator, HPA with Custom Metrics
Metrics API, Metrics Server
Metrics Server API, HPA with Custom Metrics
metrics-server, Metrics Server
Microsoft Azure, Exporting Services by Using Internal Load Balancers
Microsoft Azure CosmosDB, Multicluster Design Concerns
Microsoft Azure Monitor, Monitoring Tools
MNIST dataset, Training your first model on Kubernetes
modules, authorization, Authorization Modules-Webhook
monitoring, Monitoring and Logging in Kubernetes-Monitoring Kubernetes Using Prometheus
- best practices, Monitoring
- choosing metrics to monitor, What Metrics Do I Monitor?
- cloud provider tools, Monitoring Tools
- Kubernetes metrics overview, Kubernetes Metrics Overview-kube-state-metrics
- metrics vs. logs, Metrics Versus Logs
- patterns, Monitoring Patterns
- Prometheus for, Monitoring Kubernetes Using Prometheus-Monitoring Kubernetes Using Prometheus
- techniques for, Monitoring Techniques
- tools for, Monitoring Tools-Monitoring Tools
MPI (Message Passing Interface), Specialized Protocols
multiple clusters, Managing Multiple Clusters-Summary
- best practices for management of, Managing Multiple Clusters Best Practices
- deployment/management patterns, Deployment and Management Patterns
- design concerns, Multicluster Design Concerns
- GitOps approach to managing, The GitOps Approach to Managing Clusters-The GitOps Approach to Managing Clusters
- Kubernetes Federation, Kubernetes Federation-Kubernetes Federation
- managing, Managing Multiple Clusters-Summary
- managing deployments of, Managing Multiple Cluster Deployments-Deployment and Management Patterns
- reasons for having, Why Multiple Clusters?-Why Multiple Clusters?
- tools for managing, Multicluster Management Tools
MutatingWebhookConfiguration, Configuring Admission Webhooks
mutation, Admission Control Best Practices

N

namespaces
- aligning workloads to, Network Policy Best Practices
- as scopes for deployment of services, Setting Up a Shared Cluster for Multiple Developers
- creating/securing, Creating and Securing a Namespace-Creating and Securing a Namespace
- for resource management, Managing Resources by Using Namespaces
- managing, Managing Namespaces
- multitenancy and, Why Multiple Clusters?
- setting ResourceQuotas on, ResourceQuota-ResourceQuota
naming, of images, Best Practices for Image Management
NCCL (NVIDIA Collective Communications Library), Specialized Protocols
Netflix, chaos engineering at, Testing in Production
network address translation (NAT), Multicluster Design Concerns
networking, Networking, Network Security, and Service Mesh-Network Policy Best Practices
- Kubernetes network principles, Kubernetes Network Principles-Kubernetes Network Principles
- machine learning and, Networking
- plug-ins, Network Plug-ins-CNI Best Practices
- security policy, Network Security Policy-Network Policy Best Practices
- service API and, Services in Kubernetes-Services and Ingress Controllers Best Practices
NetworkPolicy API, Network Security Policy-Network Policy Best Practices
- about, Network Security Policy-Network Security Policy
- best practices, Network Policy Best Practices
NGINX, Using Ingress to Route Traffic to a Static File Server, Pod Affinity and Anti-Affinity, Ingress and Ingress Controllers
NodePorts, Service Type NodePort, Exporting Services on NodePorts
nodeSelector, nodeSelector
NoSQL databases, Multicluster Design Concerns
NVIDIA Collective Communications Library (NCCL), Specialized Protocols
NVIDIA device plug-in, Specialized Hardware

O

onboarding, Goals, Onboarding Users-Onboarding Users
Open Policy Agent (OPA), Cloud-Native Policy Engine
- data replication and, Data Replication
- Gatekeeper and, Gatekeeper Terminology
operational management, Multicluster Design Concerns
Operator Framework, Operators
Operators (cloud native software), Operators

P

parameterizing
- global deployments, Parameterizing Your Deployment
- of application with Helm, Parameterizing Your Application by Using Helm-Parameterizing Your Application by Using Helm
passwords, Managing Authentication with Secrets-Managing Authentication with Secrets
PersistentVolume, Deploying a Simple Stateful Database, PersistentVolume
PersistentVolumeClaim, Deploying a Simple Stateful Database, PersistentVolumeClaims
plug-ins
- admission control best practices, Admission Control Best Practices
- CNI, The CNI Plug-in
- Kubenet, Kubenet-CNI Best Practices
- network, Network Plug-ins-CNI Best Practices
PodDisruptionBudget, PodDisruptionBudgets
pods
- admission controllers, Admission Controllers
- affinity/anti-affinity, Pod Affinity and Anti-Affinity
- disruption budgets, PodDisruptionBudgets
- LimitRange, LimitRange
- resource limits and QoS, Resource Limits and Pod Quality of Service-Resource Limits and Pod Quality of Service
- resource management, Pod Resource Management-Vertical Pod Autoscaler
- resource request, Resource Request
- security, Pod and Container Security-PodSecurityPolicy Next Steps
PodSecurityPolicy API, PodSecurityPolicy API-PodSecurityPolicy Next Steps, Why Are They Important?
- best practices, PodSecurityPolicy Best Practices
- challenges in real-world environments, PodSecurityPolicy Challenges
- enabling, Enabling PodSecurityPolicy-Enabling PodSecurityPolicy
- example, Anatomy of a PodSecurityPolicy-Anatomy of a PodSecurityPolicy
policy and governance, Policy and Governance for Your Cluster-Summary
- admission controllers and, Why Are They Important?
- audit, Audit
- best practices, Policy and Governance Best Practices
- cloud-native policy engine, Cloud-Native Policy Engine
- Gatekeeper (see Gatekeeper)
- importance of, Why Policy and Governance Are Important
- Kubernetes context for, How Is This Policy Different?
predicate function, Predicates
preStop hook, Deployment Strategies, StatefulSet and Operator Best Practices
priority value, Priorities
Prometheus, Monitoring Tools
- monitoring multiple clusters with, Deployment and Management Patterns-Deployment and Management Patterns
- monitoring with, Monitoring Kubernetes Using Prometheus-Monitoring Kubernetes Using Prometheus
prometheus-operator, Deployment and Management Patterns-Deployment and Management Patterns

Q

Quality of Service (QoS), resource limits and, Resource Limits and Pod Quality of Service-Resource Limits and Pod Quality of Service

R

Rancher, Multicluster Management Tools
RBAC (role-based access control), RBAC-RBAC Best Practices
- best practices, RBAC Best Practices-RBAC Best Practices
- locking down admission webhook configurations, Admission Control Best Practices
- main components, RBAC Primer
- PodSecurityPolicy API and, Anatomy of a PodSecurityPolicy, PodSecurityPolicy Best Practices
- RoleBinding, RoleBindings
- roles, Roles
- rules, Rules
- subjects, Subjects
RDMA (Remote Direct Memory Access), Networking
readiness probe, Deployment Strategies
recreate strategy, Rollouts
RED (rate, errors, duration) monitoring pattern, Monitoring Patterns
Redis, Managing Authentication with Secrets-Managing Authentication with Secrets
rego
- defined, Rego
- policy definition and, Defining Constraint Templates
releases, Releases, Best Practices for Versioning, Releases, and Rollouts
Remote Direct Memory Access (RDMA), Networking
ReplicaSet, Creating a Replicated Application, Rollouts, Stateful Applications
Request (resource request), Creating a Replicated Application
resource management, Resource Management-Summary
- admission controllers and, Why Are They Important?
- advanced scheduling techniques, Advanced Scheduling Techniques-Taints and Tolerations
- application scaling, Application Scaling
- best practices, Resource Management Best Practices
- cluster scaling, Cluster Scaling
- HPA with custom metrics, Scaling with HPA
- Kubernetes scheduler, Kubernetes Scheduler-Taints and Tolerations
- LimitRange, LimitRange
- namespaces for, Managing Resources by Using Namespaces
- pod disruption budgets, PodDisruptionBudgets
- pods, Pod Resource Management-Vertical Pod Autoscaler
- resource limits and pod QoS, Resource Limits and Pod Quality of Service-Resource Limits and Pod Quality of Service
- resource request, Resource Request
- setting ResourceQuotas on namespaces, ResourceQuota-ResourceQuota
- Vertical Pod Autoscaler, Vertical Pod Autoscaler
Resource Metrics API, Metrics Server
resource request, Resource Request
ResourceQuotas, Creating and Securing a Namespace, ResourceQuota-ResourceQuota
role-based access control (see RBAC)
RoleBinding, Creating and Securing a Namespace, RoleBindings
rolling updates, Deployment Strategies-Deployment Strategies
rolling upgrade, Performing a Rolling Upgrade
rollingUpdate, Rollouts
rollouts, Rollouts
- best practices for, Best Practices for Versioning, Releases, and Rollouts
- strategies for CI/CD pipeline, Deployment Strategies-Deployment Strategies
- worldwide, Reliably Rolling Out Software Around the World-Constructing a Global Rollout
rules, in RBAC, Rules
RuntimeClass
- about, Workload Isolation and RuntimeClass-Runtime Implementations
- best practices, Workload Isolation and RuntimeClass Best Practices
- implementations, Runtime Implementations
- using, Using RuntimeClass
- workload isolation and, Workload Isolation and RuntimeClass-Workload Isolation and RuntimeClass Best Practices

S

scaling
- application (see application scaling)
- application scaling, Application Scaling
- clusters (see cluster scaling)
- HPA with custom metrics, Scaling with HPA
- VPA, Vertical Pod Autoscaler
scheduler (see Kubernetes scheduler)
scoping, admission webhook, Admission Control Best Practices
secret password, Managing Authentication with Secrets
Secrets
- best practices specific to, Best practices specific to secrets
- common best practices for ConfigMap and Secrets APIs, Common Best Practices for the ConfigMap and Secrets APIs-Common Best Practices for the ConfigMap and Secrets APIs
- configuration with, Secrets
- managing authentication with, Managing Authentication with Secrets-Managing Authentication with Secrets
security, RBAC
- (see also admission controllers; authorization)
- admission controllers, Admission Controllers
- admission controllers and, Why Are They Important?
- admission webhook best practices, Admission Control Best Practices
- intrusion/anomaly detection tooling, Intrusion and Anomaly Detection Tooling
- multicluster design and, Why Multiple Clusters?
- NetworkPolicy API, Network Security Policy-Network Policy Best Practices
- pods, Pod and Container Security-PodSecurityPolicy Next Steps
- PodSecurityPolicy API, PodSecurityPolicy API-PodSecurityPolicy Next Steps
- RBAC, RBAC-RBAC Best Practices
selector-less Kubernetes Services, Selector-Less Services for Stable IP Addresses
semantic versioning, Versioning, Best Practices for Versioning, Releases, and Rollouts
service API, Services in Kubernetes-Services and Ingress Controllers Best Practices
- best practices, Services and Ingress Controllers Best Practices
- ClusterIP service type, Service Type ClusterIP
- ExternalName service type, Service Type ExternalName
- Ingress/Ingress controllers, Ingress and Ingress Controllers
- LoadBalancer service type, Service Type LoadBalancer
- NodePort service type, Service Type NodePort
service discovery, Multicluster Design Concerns
service mesh, Service Meshes-Service Mesh Best Practices
- about, Service Meshes-Service Meshes
- best practices, Service Mesh Best Practices
Service Mesh Interface (SMI), Service Meshes
service type
- ClusterIP, Service Type ClusterIP
- ExternalName, Service Type ExternalName
- LoadBalancer, Service Type LoadBalancer
- NodePort, Service Type NodePort
Service-Level Objectives (SLOs), Alerting
services, Creating a TCP Load Balancer by Using Services
- (see also Kubernetes Services)
- cluster-level, Cluster-Level Services
- creating TCP load balancer with, Creating a TCP Load Balancer by Using Services
- deployment best practices, Deploying Services Best Practices
- external (see external services)
- setting up basic (see setting up a basic service)
setting up a basic service, Setting Up a Basic Service-Summary
- application overview, Application Overview
- configuring an application with ConfigMaps, Configuring an Application with ConfigMaps
- creating a replicated application, Creating a Replicated Application-Creating a Replicated Application
- creating a replicated service using deployments, Creating a Replicated Service Using Deployments-Creating a Replicated Application
- creating a TCP load balancer by using Services, Creating a TCP Load Balancer by Using Services
- deploying a simple stateful database, Deploying a Simple Stateful Database-Deploying a Simple Stateful Database
- deploying services best practices, Deploying Services Best Practices
- image management best practices, Best Practices for Image Management
- managing authentication with Secrets, Managing Authentication with Secrets-Managing Authentication with Secrets
- managing configuration files, Managing Configuration Files
- parameterizing application with Helm, Parameterizing Your Application by Using Helm-Parameterizing Your Application by Using Helm
- setting up external Ingress for HTTP traffic, Setting Up an External Ingress for HTTP Traffic
- using Ingress to route traffic to a static file server, Using Ingress to Route Traffic to a Static File Server-Using Ingress to Route Traffic to a Static File Server
shared cluster
- cluster-level services, Cluster-Level Services
- creating/securing namespace, Creating and Securing a Namespace-Creating and Securing a Namespace
- managing namespaces, Managing Namespaces
- onboarding users, Onboarding Users-Onboarding Users
- setting up for multiple developers, Setting Up a Shared Cluster for Multiple Developers-Cluster-Level Services
sidecar containers, Extending Kubernetes Clusters
sidecar pattern, Logging Overview
Sidecar proxies, Service Meshes
SLOs (Service-Level Objectives), Alerting
smart scheduling, Machine Leaning on Kubernetes Best Practices
SMI (Service Mesh Interface), Service Meshes
soft multitenancy, Why Multiple Clusters?
Software as a Service (SaaS)
- hard multitenancy and, Why Multiple Clusters?
- state management and, Deploying a Simple Stateful Database
Stackdriver Kubernetes Engine Monitoring, Monitoring Tools
standard admission controllers, Admission Controller Types
state
- Kubernetes storage, Kubernetes Storage-Kubernetes Storage Best Practices
  - (see also storage)
- managing, Managing State and Stateful Applications-Summary
- volumes and volume mounts, Volumes and Volume Mounts
stateful applications, Stateful Applications-Summary
- Operators, Operators
- StatefulSets, StatefulSets
stateful database, Deploying a Simple Stateful Database-Deploying a Simple Stateful Database
StatefulSets
- about, StatefulSets
- best practices, StatefulSet and Operator Best Practices
static file server, Using Ingress to Route Traffic to a Static File Server-Using Ingress to Route Traffic to a Static File Server
storage
- best practices, Kubernetes Storage Best Practices
- for machine learning, Storage
- PersistentVolume, Deploying a Simple Stateful Database, PersistentVolume
- PersistentVolumeClaim, Deploying a Simple Stateful Database, PersistentVolumeClaims
- PersistentVolumeClaims, PersistentVolumeClaims
- state and, Kubernetes Storage-Kubernetes Storage Best Practices
- StorageClass objects, Storage Classes
subjects, in RBAC, Subjects
supply-chain attacks, Best Practices for Image Management
Sysdig Monitor, Monitoring Tools

T

taint-based eviction, Taints and Tolerations
taints, Taints and Tolerations-Taints and Tolerations, Machine Leaning on Kubernetes Best Practices
TCP (Transmission Control Protocol), Setting Up an External Ingress for HTTP Traffic, Creating a TCP Load Balancer by Using Services
TCP load balancer, Creating a TCP Load Balancer by Using Services
templating system, Parameterizing Your Application by Using Helm
Terraform, Multicluster Design Concerns
test flakiness, Goals
testing, Goals
- chaos experiment for, A Simple Chaos Experiment
- CI/CD pipeline, Testing
- developer workflows and, Enabling Testing and Debugging
- in production, Testing in Production-Testing in Production
- pre-global rollout validation, Pre-Rollout Validation-Pre-Rollout Validation
Tiller, RBAC Best Practices
time to live (TTL), Managing Namespaces
tls secret, Secrets
tolerations, Taints and Tolerations, Machine Leaning on Kubernetes Best Practices
traffic shifting (see blue/green deployments)
Transmission Control Protocol (TCP), Setting Up an External Ingress for HTTP Traffic, Creating a TCP Load Balancer by Using Services
Transport Layer Security (TLS) secret, Secrets
Transport Layer Security (TLS) termination, Ingress and Ingress Controllers
troubleshooting, When Something Goes Wrong
TTL (time to live), Managing Namespaces

U

USE (utilization, saturation, errors) monitoring pattern, Monitoring Patterns
UX (user experience)
- extending/enhancing, Extending the Kubernetes User Experience
- Gatekeeper and, UX

V

ValidatingWebhookConfiguration, Configuring Admission Webhooks
validation, pre-global rollout, Pre-Rollout Validation-Pre-Rollout Validation
versioning, Versioning
- best practices for, Best Practices for Versioning, Releases, and Rollouts
- ConfigMap and, Configuring an Application with ConfigMaps
- for CI/CD pipeline, Version Control
Vertical Pod Autoscaler (VPA), Metrics Server, Vertical Pod Autoscaler
Visual Studio (VS) Code, Enabling Testing and Debugging
volumeMounts, Common Best Practices for the ConfigMap and Secrets APIs, Volumes and Volume Mounts
Volumes, Managing Authentication with Secrets, Volumes and Volume Mounts
- best practices, Volume Best Practices
- defined, Managing Authentication with Secrets
- FlexVolume, Container Storage Interface and FlexVolume
- PersistentVolume, Deploying a Simple Stateful Database, PersistentVolume
- PersistentVolumeClaim, Deploying a Simple Stateful Database, PersistentVolumeClaims
voluntary evictions, PodDisruptionBudgets
VPA (Vertical Pod Autoscaler), Metrics Server, Vertical Pod Autoscaler
VS (Visual Studio) Code, Enabling Testing and Debugging

W

Weaveworks Flux, The GitOps Approach to Managing Clusters-The GitOps Approach to Managing Clusters
web application firewall (WAF), Exporting Services from Kubernetes
webhook authorization module, Webhook
webhook configuration, Configuring Admission Webhooks-Configuring Admission Webhooks
white-box monitoring, Monitoring Techniques
worker-node components, Kubernetes Metrics Overview
workflows, Developer Workflows-Summary
- building a development cluster, Building a Development Cluster
- development environment best practices, Setting Up a Development Environment Best Practices
- enabling active development, Enabling Active Development
- enabling developer workflows, Enabling Developer Workflows
- enabling testing/debugging, Enabling Testing and Debugging
- goals for building out development clusters, Goals
- initial setup, Initial Setup
- setting up shared cluster for multiple developers, Setting Up a Shared Cluster for Multiple Developers-Cluster-Level Services
workload isolation, Workload Isolation and RuntimeClass Best Practices
- (see also PodSecurityPolicy API; RuntimeClass)
worldwide application distribution/staging (see global deployment)

Y

YAML, JSON versus, Managing Configuration Files

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

3.145.59.187