, , , , e.a.

Oracle Cloud Infrastructure - A Guide to Building Cloud Native Applications

Paperback Engels 2023 9780137902538
Verwachte levertijd ongeveer 9 werkdagen

Samenvatting

Oracle Cloud Infrastructure: A Guide to Building Cloud Native Applications

Cloud native development is a modern approach to designing, building, deploying, and managing applications. This approach takes advantage of the benefits of utility computing from providers, such as Oracle Cloud Infrastructure (OCI), and emphasizes automation, elasticity, and resilience.

OCI is a next-generation cloud designed to run any application faster and more securely for less. It includes the tools used to build new cloud native applications and to run existing enterprise applications without rearchitecting them.

Whether you are new to the cloud or just new to OCI, this book provides an overview of the OCI services needed to build cloud native applications. You will learn OCI concepts and terminology How to manage Infrastructure as Code using modern tools and platforms OCI’s breadth of cloud native services How to operate the managed Kubernetes service (Container Engine for Kubernetes) at scale How to configure a cluster for advanced use cases, and use specialized hardware capabilities How to use cloud native application deployment platforms and observability tools How to secure applications, data, and the underlying infrastructure using open-source and OCI native security tools and processes

The culmination of the book is an open-source sample application composed of microservices that incorporates the tools and concepts shared throughout the book and is available on GitHub.

Specificaties

ISBN13:9780137902538
Taal:Engels
Bindwijze:Paperback

Lezersrecensies

Wees de eerste die een lezersrecensie schrijft!

Inhoudsopgave

<p><strong>Chapter 1</strong> Introduction to Oracle Cloud<br> Infrastructure 1<br> Realms, Regions, and Availability<br> Domains 2<br> Tenancies and Compartments 4<br> Controlling Access to Resources 5<br> Cloud Guard and Security Zones 10<br> Service Limits and Cost Management 11<br> Getting Started with Your Tenancy 14<br> Setting Up Users and Groups 14<br> Setting Up API Keys and Auth Tokens 15<br> Planning How Your Teams Will Use OCI 16<br> Summary 18<br> References 18<br> <strong>Chapter 2</strong> Infrastructure Automation and Management 19<br> One Set of APIs, Different Ways to Call Them 19<br> A Quick Terraform Primer 20<br> A Basic Introduction to the Terraform Language 23<br> Terraform State Tracking 25<br> The OCI Terraform Provider 26<br> Setting Up the OCI Terraform Provider 26<br> Managing OCI Resources with Terraform 29<br> Simplifying Infrastructure Management with the Resource Manager Service 31<br> Helm and Kubernetes Providers 33<br> Generating Resource Manager Stacks 36<br> Resource Discovery 36<br> Drift Detection 38<br> Generating a User Interface from Terraform Configurations with a Custom Schema 38<br> Publishing Your Stacks with Deploy Buttons 49<br> Managing Multiregion and Multicloud Configurations 51<br> Summary 53<br> References 54<br> <strong>Chapter 3</strong> Cloud Native Services on Oracle Cloud Infrastructure 55<br> Oracle Container Image Registry 56<br> Working with OCIR 58<br> Image Signing 59<br> Image Scanning 60<br> Creating Containers from Images 61<br> Compute Instances 62<br> Container Instances 63<br> Container Engine for Kubernetes 65<br> Service Mesh 69<br> Serverless Functions 71<br> API Gateways 73<br> Components of an API Gateway 74<br> Working with the API Gateway Service 75<br> Messaging Systems 79<br> Streaming 80<br> Understanding the Streaming Service 81<br> Working with the OCI Streaming Service 82<br> OCI Events Service 88<br> Summary 91<br> References 91<br> <strong>Chapter 4</strong> Understanding Container Engine for Kubernetes 93<br> Monoliths and Microservices 93<br> Containers 94<br> Container Orchestration and Kubernetes 95<br> Oracle Container Engine for Kubernetes 96<br> OCI-Managed Components and Customer-Managed Components 97<br> Control Plane 97<br> Data Plane 98<br> Billable Components 99<br> Kubernetes Concepts 100<br> Cloud Controller Manager 101<br> Nodes and Node Pools 102<br> Node Pool Properties 103<br> Worker Node Images and Shapes 103<br> Kubernetes Labels 108<br> SSH Keys 109<br> Tagging Your Resources 110<br> Creating a Cluster 110<br> Quick Create Cluster Workflow 111<br> Custom Create Cluster Workflow 113<br> Using the OCI Command-Line Interface 117<br> Using the Terraform Provider and Modules 122<br> Automation and Terraform Code Generation 123<br> Asynchronous Cluster Creation 124<br> Cluster Topology Considerations 124<br> Using Multiple Node Pools 124<br> Scheduling Workloads on Specific Nodes 125<br> Kubernetes Networking 127<br> Container Network Interface (CNI) 127<br> OCI VCN-Native Pod Networking CNI 129<br> Flannel CNI 130<br> Kubernetes Storage 130<br> StorageClass: Flex Volume and CSI Plug-ins 131<br> Updating the Default Storage Class 131<br> File System Storage 133<br> Kubernetes Load Balancer Support 137<br> Working with the OCI Load Balancer Service 137<br> SSL Termination with OCI Load Balancer 140<br> Working with the OCI Network Load Balancer Service 142<br> Specifying Reserved Public IP Addresses 144<br> Commonly Used Annotations 144<br> Understanding Security List Management Modes 146<br> Using Node Label Selectors 147<br> Security Considerations for Your Cluster 149<br> Cluster Topology and Configuration Security Considerations 150<br> Authorization Using Workload Identity and Instance Principls 156<br> Securing Access to the Cluster 160<br> OCI IAM and Kubernetes RBAC 161<br> Federation with an IDP 162<br> Summary 162<br> References 163<br> <strong>Chapter 5</strong> Container Engine for Kubernetes in Practice 165<br> Kubernetes Version Support 166<br> Upgrading the Control Plane 167<br> Upgrading the Data Plane 169<br> Upgrading an Existing Node Pool 170<br> Upgrading by Adding a Node Pool 173<br> Alternative Host OS (Not Kubernetes Version) Upgrade Options 175<br> Scaling a Cluster 175<br> Manual Scaling 175<br> Autoscaling 176<br> Scaling Workloads and Infrastructure Together 194<br> Autoscaler Best Practices 195<br> Cluster Access and Token Generation 196<br> Service Account Authentication 197<br> Configuring DNS 199<br> Configuring Node Local DNS Cache 201<br> Configuring ExternalDNS 202<br> Cluster Add-ons 203<br> Configuring Add-ons 203<br> Disabling Add-ons 205<br> Observability: Prometheus and Grafana 205<br> Monitoring Stack Components 205<br> Installing the kube-prometheus-stack 205<br> Operators and OCI Service Operator for Kubernetes 208<br> Getting Started with Operators on OKE 209<br> Operators for OCI, Oracle Database, and Oracle WebLogic 210<br> Troubleshooting Nodes with Node Doctor 214<br> Configuring SR-IOV Interfaces for Pods on OKE Using Multus 218<br> Using Bare Metal Nodes 218<br> Using Virtual Machine Nodes 226<br> Summary 238<br> References 239<br> <strong>Chapter 6</strong> Securing Your Workloads and Infrastructure 241<br> Kubernetes Security Challenges 241<br> Concepts of Kubernetes Security 242<br> 4Cs of Kubernetes Security 242<br> Securing Oracle Cloud Infrastructure Container Engine for Kubernetes (OKE) 243<br> Private Clusters 244<br> Kubernetes Role-Based Access Control (RBAC) with OCI IAM Groups 248<br> Data Encryption and Key Management Service 250<br> Audit Logging 253<br> Security Zones 255<br> Network Security Groups (NSGs) 256<br> Web Application Firewall (WAF) 257<br> Network Firewall 262<br> Allowed Registries 264<br> Cloud Guard 266<br> Hardening Containers and OKE Worker Nodes 267<br> Container Scanning 268<br> Container Image Signing 270<br> Center for Internet Security (CIS)<br> Kubernetes Benchmarks 270<br> Using SELinux with OKE 272<br> Worker Nodes Limited Access 275<br> Securing Your Workloads 275<br> Security Context 275<br> syscalls and seccomp 278<br> Open Policy Agent (OPA) 280<br> OPA Gatekeeper 283<br> Open Web Application Security Project (OWASP) 285<br> Supporting Tools 287<br> External Container Scanning Tools 287<br> CIS-CAT Pro Assessor 287<br> Kube-bench 289<br> AppArmor 291<br> Falco 293<br> Tracee 293<br> Trivy 294<br> National Institute of Standards and Technology (NIST) Kubernetes Benchmarks 294<br> NIST Kubernetes Benchmarks 295<br> National Checklist Program Repository 296<br> National Vulnerability Database 296<br> NIST SP 800-190 Application Container Security Guide 296<br> Summary 296<br> References 297<br> <strong>Chapter 7</strong> Serverless Platforms and Applications 299<br> Container Instances 300<br> Architecture 300<br> Using Container Instances 301<br> Serverless Functions 305<br> OCI Functions 306<br> Using OCI Functions 306<br> Building Your First Function 308<br> Adding an API Gateway 314<br> Function Logs and Distributed Tracing 315<br> Service Mesh 319<br> Using the Service Mesh 320<br> Adding a Service Mesh to an Application 321<br> Summary 330<br> References 330<br> <strong>Chapter 8</strong> Observability 331<br> OCI Monitoring 331<br> Alarms 336<br> OCI Logging 338<br> Service Logs 340<br> Custom Logs 341<br> Audit Logs 343<br> Auditing OKE Activity 345<br> Advanced Observability in OCI 347<br> Logging Analytics 347<br> Enabling and Using Logging Analytics 349<br> Prometheus and Grafana with OKE 349<br> Using the OCI DataSource Plug-ins for Grafana 353<br> eBPF-Based Monitoring with Tetragon on OKE 353<br> Tetragon: eBPF-Based Security Observability and Enforcement 354<br> Running Tetragon on Oracle Container Engine for Kubernetes (OKE) 355<br> Summary 359<br> References 360<br> <strong>Chapter 9</strong> DevOps and Deployment Automation 361<br> OCI DevOps Service 362<br> Code Repositories 363<br> Triggers 364<br> Build Pipelines 364<br> Artifacts 368<br> Environments 370<br> Deployment Pipelines 370<br> Elastically Scaling Jenkins on Kubernetes 376<br> Setting Up Jenkins on OKE 377<br> GitOps with ArgoCD 380<br> Setting Up Argo CD on OKE 381<br> Summary 384<br> References 384<br> <strong>Chapter 10</strong> Bringing It Together: MuShop 385<br> Architecture 386<br> Source Code Structure 388<br> Services 390<br> Storefront 390<br> API 391<br> Catalog 391<br> Carts 392<br> User 392<br> Orders 393<br> Fulfillment 393<br> Payment 394<br> Assets 394<br> DBTools 394<br> Edge Router 394<br> Events 395<br> Newsletter Subscription 395<br> Load 395<br> Building the Services 395<br> Infrastructure Automation 398<br> Helm Charts 399<br> Utilities and Supporting Components 402<br> Deploying MuShop 403<br> Summary 405<br> References 406<br> <br> <br> 9780137902538 TOC 10/30/2023<br> <br> </p>

Managementboek Top 100

Rubrieken

Populaire producten

    Personen

      Trefwoorden

        Oracle Cloud Infrastructure - A Guide to Building Cloud Native Applications