Kubernetes & Kubernetes Advanced Combined

Kubernetes has evolved over the years into a comprehensive solution for container orchestration with plenty of integration practices. However, it is still not a platform that is ready for direct user use and requires knowledge of the whole system.

The training focuses on the advanced management and operation of the Kubernetes cluster. We expect common knowledge of Kubernetes and focus on related topics such as integration with CI / CD, storage, resource allocation. Last but not least, cluster security is emphasized.

This course is a combination of the following two courses:

Audience:

  • Application developers
  • Cloud Platform Engineer
  • IT systems designers

Prerequisites:

  • Basic Kubernetes terminology and architecture (pod, service, deployment...)
  • Using terminal to run commands

Course goals:

This traning is intended to be a Kubernetes deep dive and some prior Kubernetes experience is required. We are focusing on advanced topics like real workload management, LCM and cluster security. Most of the topics are demonstrated on live enviroment and every attendee will get and opportunity to test everyting on dedicated cluster.

It's planned that some topics will be skipped according to attendee preferences and others will be presented in detail.

About the instructor: Ronald Harmsen

Ronald Harmsen is a senior consultant and instructor based in the Netherlands. Ronald has been professionally developing software since 1997 and has chosen .NET as his primary development environment since version 1.0. He has extensive experience in developing web applications with ASP.NET, ASP.NET MVC, WCF, Silverlight and HTML5.

Ronald is passionate about software architecture and improving performance of both applications and development teams. He focuses on building high quality software and is member of the board at the Institute for Software Quality.

Course content:

Workload

  • Understanding Kubernetes
  • Deployment of multi-pod application
  • PID 1 in container
  • Probes - liveness, readiness
  • Resource limits, default limits, evictions
  • DNS in cluster - CoreDNS, DNS discovery
  • Config management and discovery
  • downwardAPI
  • Persistent volumes
  • Using hooks and initContainers
  • StatefulSets
  • Horizontal Pod Autoscaler
  • Batch and periodic jobs
  • Network and DNS settings
  • Namespaces and capabilities

Control plane

  • Kubernets daemons (etcd, apiserver, scheduler, cm, proxy, kubelet)
  • Etcd - RAFT, benchmarks, backup and recovery, monitoring
  • Kubernetes API - (metrics, health)
  • Advanced scheduling (selectors, affinities, taints), manual scheduling
  • Custom scheduler
  • Pod priority and preemption, QoS
  • Running containers - CRI interface, cri-o, Docker
  • Autoscale DNS service
  • Container registry
  • High-Availability
  • Conformance tests
  • Admission controllers

Nodes

  • Kubelet monitoring
  • Anatomy of failed node
  • Kubelet certificate management
  • Live reconfiguration
  • Node maintenance

Networking

  • CNI - Kubernetes networking
  • LoadBalancer
  • Ingress

Storage

  • PersistentVolumes
  • Using hostPath volumes
  • CSI - Container Storage Interface
  • Managing volumes in public cloud

Operation

  • Prometheus monitoring for cluster and applications
  • Logging
  • Kubenetes metrics pipeline
  • Upgrading Kubernetes
  • Troubleshooting the cluster

Security

  • Security in Kubernetes - RBAC, Identities
  • Cluster hardening - Disable host networking, disable hostPid, drop capabilities
  • Audit and audit2rbac
  • Security context
  • Segmentating the cluster
  • Securing Kubelet

Other

  • Custom resources (CRD)
  • Kubectl plugins
  • Managed offerings (GKE, EKS, AKS)
  • Cloud provider plugins

Other relevant courses

2 days
Classroom
2 days
Classroom