At the end of the course, all participants receive a certificate of attendance. This certificate includes the training duration and contents, and proves the attendee’s knowledge of the emerging technology. Each student gets a free CKA/CKAD exam voucher after completing the training.





This four day course teaches students both fundamental and advanced Kubernetes topics in the first three days. Students will deploy Kubernetes cluster to GCP using kops, learn how to store configuration in ConfigMaps and internals of the cluster networking. They will be able to efficiently deploy and operate their applications on top of the cloud-native platform. The fourth day is deep dive into Kubernetes internals including kubelet, API server, scheduling algorithm and networking model. After completing the course students are able to design and implement Kubernetes clusters effectively.

Who should attend?

Architects, Operators and DevOps engineers who are planning to bootstrap and operate fault tolerant Kubernetes clusters in production;

Operators and DevOps engineers who are planning to bootstrap and operate fault tolerant Kubernetes clusters in production; Everyone who wants to be prepared to pass the Certified Kubernetes Administrator exam successfully.

Course objectives

The course is intended to onboard operators and DevOps engineers to the Kubernetes platform, providing the students with:

An understanding of how Kubernetes handles container-based distributed workloads.

Practical skills required to spin up a Kubernetes cluster.

The experience required to successfully operate and manage Kubernetes clusters.

Program

Day 1

a) Introduction

Theory:

Introductions

Useful links for the course

Agenda

Schedule

Overview of the training methodology

b) Containers

Theory:

Different ways of packaging software

Container benefits

Container implementation

Sample app architecture

Practice:

Use Dockerfile to package a sample app into a container

Run the app in a container

Expose ports

Mount Volumes

Connect from one container to another using DNS

Deploy a container using host and bridge mode, examine the difference

Upload the image to the Container Registry

c) Kubernetes Architecture

Theory:

Kubernetes components

Managed Kubernetes platforms

Infrastructure providers

Deployment automation

Practice:

Deploy Kubernetes to GCP

d) Pods



Theory:

Pods

Pod Lifecycle

Practice:

Deploy the Sample App to Kubernetes

Deploy a pod using a custom image

Use exec to connect to deployed running container inside a pod

e) Services

Theory:

Service types

Proxy modes

Service discovery (ENV, DNS)

Practice:

Connect Sample App components together using service

Use DNS service discovery

Use LoadBalancer service to expose the app

Implement blue-green deployment pattern using services

f) Secrets and ConfigMaps

Theory:



Use cases for Secrets and ConfigMaps

Different ways of mapping Secrets into containers

Practice:

Modify the sample app to use Secrets and ConfigMaps to externalize application credentials and configuration

g) Sidecars and Init Containers

Theory:

Multi-container pod design

Use cases for using init containers

Practice:

Deploy init container that runs application DB migrations

Deploy a simple sidecar container, examine how networking works between containers in a pod.

h) Affinity and Anti-affinity

Theory:

When to use pod/node affinity/anti-affinity

Some details about Kubernetes scheduler and how it uses affinity settings

Practice:

Configure node/pod affinity and anti-affinity to configure how Kubernetes schedules containers

i) Pod limits

Theory:

Difference between requests and limits pod settings

Limit types

The default behavior when limits and requests are unset

Practice:

Verify how high resource usage by a single pod can affect the whole node

Set limits to enforce resource limitation

Verify that limits are applied





Day 2

a) Deployments

Theory:

Deployments and ReplicaSets

Deployment rolling updates behavior

Practice:

Redeploy sample app using the deployment object

Scale the deployment

Update and rollout the deployment

View deployment history

Rollback the deployment

Configure deployment rollover parameters

b) Health Checks

Theory:

Difference between liveness and readiness probes

Health Checks types (exec, TCP, HTTP)

Practice:

Define a custom liveness probe

Define a custom readiness probe

Test that the probes are working

Experiment with probe types

c) Autoscaling

Theory:

How pod autoscaling works

Horizontal vs vertical autoscaling

Practice:

Define horizontal autoscaler to the sample app

Test the autoscaler

d) Jobs

Theory:

Jobs use cases

Difference between Jobs and CronJobs

Practice:

Create a CronJob to automate sample app database backup

e) Volumes and Data

Theory:

Persistency in kubernetes

PersistentVolumes and PersistentVolumeClaims

Storage Classes

Practice:

Use a Persistent Volume to Store sample app data

Convert the volume to PersistentVolumeClaim

Create and test a STorage Class

f) Managing clustered stateful applications

Theory:

StatefullSet (use cases and difference from Deployments)

Using Headless Services in combination with StatefullSets

Using ReadinesProbes in a combination with StatefullSets

Practice:

Prepare MySQL Galera cluster docker image

Prepare headless service needed to perform service discovery during cluster bootstrap

Deploy Galera cluster as a StatefullSet

Attach PersistentVolumeClaim to each node in the StatefullSet

g) Ingress

Theory:

Ingress vs LoadBalancer services

Types of Ingress (GCP LB, nginx, etc)

Configuring ingress

Ingress in on-prem installations

Practice:

Serve app traffic from the Ingress instead of LoadBalancer service

Use static IP with Ingress

Specify app domain

Add SSL support





Day 3

a) Helm

Theory:

Helm architecture

How to secure Helm

Practice:

Use Helm to deploy a sample service

Write a sample Helm chart

b) Logging

Theory:

Logging architecture in Kubernetes

Logging patterns (sidecar, node agent, etc)

ELK architecture

ELK authentication and authorization

Practice:

Use helm to deploy ELK

Reverse engineer ELK helm chart

Deploy custom ELK based on the manifests from the helm chart

Access cluster components logs

Access application logs

Use filters in kibana, setup custom dashboards

c) Monitoring

Theory:

Monitoring architecture

Metric sources (container metrics, API metrics, etc)

Prometheus architecture

Practice:

Use helm to deploy Prometheus

Reverse engineer Prometheus deployment

Deploy custom Prometheus based on the manifests from the helm chart

Check default dashboards in grafana

Create a custom dashboard

Use Prometheus UI to run queries

Use AlertManager to setup custom alert

d) CI/CD



Theory:

Building CI/CD pipelines with Kubernetes

Deployment patterns (Canary, blue-green deployments)

Using Jenkins with Kubernetes

Practice:

Deploy Jenkins

Create pipeline to build the sample app

Add deployment stage

Add test stage

Use canary deployments with Jenkins

Deploy in different environments (dev, test)

Rollback the deployment





Day 4

a) Managing Kubernetes cluster

Theory:

Kubernete installers (kubeadm, kops, kubespray)

Using managed Kubernetes

Cluster updates and upgrades

Isolating nodes with different characteristics (node pools)

Practice:

Use gcloud cli to deploy and upgrade a managed kubernetes cluster

Use kops to deploy and upgrade a cluster

Use terraform to initialize infrastructure for kubespray

Use kubespray to deploy and upgrade a cluster

Verify that all clusters are working

b) Authentication in Kubernetes

Theory:

User, groups and service accounts

Authentication strategies (Client Certs, Bearer tokens, Authenticating Proxy, etc)

OAuth2 and OpenID Connect

Practice:

Examine ClientCert workflow: Create a user by signing generating a cert and signing it with cluster CA

Examine the Bearer Tokens workflow: use service account tokens

Reconfigure API server to use OpenID Connect

с) Namespaces and RBAC (Authorization in Kubernetes)

Theory:

Role and ClusterRole

Binding roles

Practice:

Create and configure namespaces

Create and assign Roles and ClusterRoles

Check that roles are enforced

Apply namespace resource limits

d) Istio

Theory:

Istio use cases and features

Istio architecture

Practice:

Install and configure Istio

Deploy the sample app with an istio sidecar

Use Istio monitoring and tracing

Setup Route Rules and Virtual Services

Use Request Routing

Use Fault Injection

Use Traffic Mirroring

Use Circuit Breaking

Controll ingress traffic [Using Istio Ingress]

Use Traffic Shifting

Use Rate-limiting with Memorystore and Redis

Prerequisites

A laptop with:

An SSH terminal client (like ssh or Putty)

A tool to transfer files over SSH (like scp)

A web browser (Chrome/Firefox)

Internet connection (outgoing connections on TCP ports 22, 80, 8080 and 443)

Access to the Google Cloud Platform and Google Cloud Console

Payment info:

If you would like to get an invoice for your company to pay for this training, please email to training@altoros.com and provide us with the following info: Name of your Company/Division which you would like to be invoiced; Name of the person the invoice should be addressed to; Mailing address; Purchase order # to put on the invoice (if required by your company).



Read Kubernetes news and insights on our blog : https://www.altoros.com/blog/tag/cloud-native/

Watch free recorded webinars on Cloud-Native-related topics (choose tag CLOUD FOUNDRY)

! Please note the training is contingent upon having 5 attendees. If we don't have enough tickets sold, we will cancel the training and refund your money one week prior to the training. Thanks for your understanding.









This training is provided by Altoros, Cloud Foundry Summit approved training provider. Altoros has delivered training to VMware, SAP, EMC, Hospira, Siemens, Fidelity, and many others.