Kubernetes Advanced
Kubernetes has evolved over the years into a comprehensive solution for container orchestration with plenty of integration practices. However, it is still not a platform that is ready for direct user use and requires knowledge of the whole system.
The training focuses on the advanced management and operation of the Kubernetes cluster. We expect common knowledge of Kubernetes and focus on related topics such as integration with CI / CD, storage, resource allocation. Last but not least, cluster security is emphasized.
Audience:
- Application developers
- Cloud Platform Engineer
- IT systems designers
Prerequisites:
- Fundamental course Kubernetes
- Basic Kubernetes terminology and architecture (pod, service, deployment, ...)
- Using terminal to run commands
Course goals:
This traning is intended to be a Kubernetes deep dive and some prior Kubernetes experience is required. We are focusing on advanced topics like real workload management, LCM and cluster security. Most of the topics are demonstrated on live enviroment and every attendee will get and opportunity to test everyting on dedicated cluster.
It's planned that some topics will be skipped according to attendee preferences and others will be presented in detail.
Tomáš Kukrál - instructor of the course
Tomas develops the edge cloud platform based on Kubernetes at Volterra. In the past, he worked for Mirantis and was in charge of designing Kubernetes clusters and delivering them to their customers. In his free time he is involved in parachuting and cycling.
Course content:
Workload
- Understanding Kubernetes
- Deployment of multi-pod application
- PID 1 in container
- Probes - liveness, readiness
- Resource limits, default limits, evictions
- DNS in cluster - CoreDNS, DNS discovery
- Config management and discovery
- downwardAPI
- Persistent volumes
- Using hooks and initContainers
- StatefulSets
- Horizontal Pod Autoscaler
- Batch and periodic jobs
- Network and DNS settings
- Namespaces and capabilities
Control plane
- Kubernets daemons (etcd, apiserver, scheduler, cm, proxy, kubelet)
- Etcd - RAFT, benchmarks, backup and recovery, monitoring
- Kubernetes API - (metrics, health)
- Advanced scheduling (selectors, affinities, taints), manual scheduling
- Custom scheduler
- Pod priority and preemption, QoS
- Running containers - CRI interface, cri-o, Docker
- Autoscale DNS service
- Container registry
- High-Availability
- Conformance tests
- Admission controllers
Nodes
- Kubelet monitoring
- Anatomy of failed node
- Kubelet certificate management
- Live reconfiguration
- Node maintenance
Networking
- CNI - Kubernetes networking
- LoadBalancer
- Ingress
Storage
- PersistentVolumes
- Using hostPath volumes
- CSI - Container Storage Interface
- Managing volumes in public cloud
Operation
- Prometheus monitoring for cluster and applications
- Logging
- Kubenetes metrics pipeline
- Upgrading Kubernetes
- Troubleshooting the cluster
Security
- Security in Kubernetes - RBAC, Identities
- Cluster hardening - Disable host networking, disable hostPid, drop capabilities
- Audit and audit2rbac
- Security context
- Segmentating the cluster
- Securing Kubelet
Other
- Custom resources (CRD)
- Kubectl plugins
- Managed offerings (GKE, EKS, AKS)
- Cloud provider plugins
