- An understanding of Kubernetes
- Experience with Linux
Audience
- Administrators
- Kubernetes Users
This course will take participants to the journey from the idea of cloud native application up to a running solution in the Kubernetes cluster.
To achieve the final state we will: build the images (using the source code delivered by the trainer), run the app in pure Docker environment, build Kubernetes cluster (on prem kubeadm managed cluster or cloud managed), create Kubernetes manifest files and move the app to Kubernetes fully scalable and highly available solution.
During all the steps, we will search for weak points and solutions, to make the app and cluster better, more secure, more reliable and compliant with best practices.
1. Introduction to Cloud Native Applications
- Building Docker images
- Running the app in pure Docker environment
2. Starting the app in existing Kubernetes cluster
- Base configuration
- Pod design
- Deployments
- Services and load balancing (different types)
- Volumes (persistence of application state)
- Ingress and Ingress controllers
- Troubleshooting
3. Building a few node Kubernetes cluster from scratch
- Initializing kubeadm single-master cluster
- Creating a cluster in the cloud (managed solutions)
- Options for Highly Available Topology
- Choosing components and add-ons (network, volumes, ingress, monitoring, etc)
- Growing and upgrading the cluster
4. Making the application better
- Other controllers (daemon sets, stateful sets, jobs and cron jobs)
- Rolling upgrade, blue-green deployment, canary deployment
- Multi-container pods
- Init containers and hooks
- Liveness, readiness and startup probes
- CPU and memory constraints, resource limits for a namespace
- Using Helm for managing deployments
- Horizontal Pod Autoscaler
- Scheduling (selectors, affinity and anti-affinity rules)
- Volumes in details (ConfigMaps, PVC, PV, StorageClasses, Rook project)
5. Security
- Supply Chain Security
- Monitoring, Logging and Runtime Security
- Service accounts and Role Base Access Control
- Kubernetes network policy
- Security context
- Linux capabilities, AppArmor, seccomp
- Secrets and secrets encryption at rest
- Container runtime sandboxes (gVisor)
- Open Policy Agent (OPA) and GateKeeper
* any of the topics can be skipped on the group request to give more time to other more exciting areas.