Kubernetes (using minikube or AWS)

Duration: 3 days

During this course you can either use minikube or use your own AWS account to perform the labs.

Please find the course objectives below:

Introduction

Kubernetes

  • Introduction to kubernetes
  • Understand the need for orchestration
  • History of kubernetes
  • Kubernetes as a microservices platform

Kubernetes Architecture

  • Understand Master and Nodes
  • Introduce master components APIServer, Controller-Manager, Scheduler and etcd
  • Introduce node components kubelet, kube-proxy and the container runtime
  • Discuss other components (kube-dns, dashboard)
  • Discuss monitoring (cAdvisor, Prometheus, Elasticsearch)

Minikube

  • Introduce minikube
  • Understand what is included and which additional components can be enabled
  • Installing and starting minikube
  • Docker and minikube

AWS (optional)

  • Setting up a Kubernetes cluster using AWS
  • Introduction to EKS
  • Proivisionin worker nodes
  • Understanding kubernetes and volume storage
  • Installing the kubernetes dashboard on your cluster
  • Using the aws CLI tool

Introduction to kubectl

  • Interacting with your cluster using kubectl
  • Configuring clusters
  • Managing credentials
  • Setting up different contexts and switching between them
  • Basic kubectrl commands

Kubernetes Objects and Resources

Introduction to Objects

  • managing objects using kubectl
  • Understand different categories (workload, services, config etc)
  • Using yaml to define objects
  • introduction to the yaml syntax
  • Organising yaml files
  • Understand meta-data
  • Appreciate labels (define and use them in selectors)
  • Use annotations to add addtional information
  • Understand and use namespaces
  • Manage objects inside namespaces

Workload and Service Objects Introduction

  • Understand and define Pods
  • Appreciate the power and ease of ReplicaSets
  • Understand how Deployments ease working with workload objects
  • Introduce Services
  • Understand the relation between Service, Deployment, ReplicaSet and Pods

Pods

  • Understand the Pods life-cycle
  • Defining container(s) inside a pod
  • Understand container isolation (and what shared such as IPC, UTS etc)
  • Defining pods using yaml
  • Understand how controllers may define pods (using templates)
  • Interacting with a pod (logging, exec commands )

Deployments

  • Introduce the Deployment API
  • Define ReplicaSets using replicas
  • Changing and replacing deployments
  • Scaling and auto-scaling deployments
  • Triggering and Managing rolling updates
  • Managing rollouts (revert back, use and manage deployment history, etc)
  • Discuss and appreciate canary deployments
  • Managing the pods health
  • Manage container failure (restartPolicy)
  • Using probes to monitor service availability (e.g, livenessProbe, readinessProbe)

Containers

  • Setting up resource requiremnts and limits (CPU, RAM)
  • Understanding the container's environment variables
  • Populating the environment using references (fieldRef and resourceFieldRef)
  • Introduce *initContainers**

Services

  • Understand the problems solved by services
  • Appreciate label selectors
  • Creating Services using yaml
  • Understand the concepts of endpoints
  • Understand basic Service Networking
  • Using kube-dns to find service by name
  • Understand the difference between service types (ClusterIP, NodePort, LoadBalancer)
  • Accessing external services using ExternalName
  • Understand session affinity
  • Appreciate how services can be found by pods (e.g, environment variables, kube-dns)

Ingress

  • Introduce Ingress
  • Discuss various scenarios
  • Using Ingress with StatefulSets
  • Configure paths
  • Using subdomains and virtual hosts
  • Setting up TLS and SSL Termination
  • Configure Ingress using annotations

Volumes

  • Introduce the concept and need for volumes
  • Using node based volumes (hostPath, EmptyDir)
  • Using persistent network volumes (e.g, nfs)
  • Introduce cloud volumes (gcePersistentDisk, awsElasticBlockStore, azureDisk)
  • List other standard volume types (secret, configMap, downwardAPI)
  • Define and use persistentVolumeClaim and PersistentVolumeClaims
  • Using initContainers to initialise data (e.g, git clone)
  • Work with StatefulSets and volumes

Pod Scheduling

  • Introduce the node selection process
  • Scheduling pods to nodes using node selectors
  • Keeping pods away from nodes using taints and tolerations
  • Inviting pods to nodes using affinity
  • Co-locating (or not) pods using podAffinity and podAntiAffinity
  • Work with DaemonSet
  • Understand Jobs and recurring ones using CronJob
  • Monitoring CronJobs using a job monitor

Configuration and Secret data

  • Introduce configMaps
  • Defining configMaps using yaml
  • Accessing ConfigMaps through the environment (using envFrom)
  • Mounting config data using configMap volumes
  • Reloading and dynamic config data
  • Understand the challenges for sensitive data
  • Introduce Secrets
  • Defining and using Secrets
  • Setting up a private docker registry (Nexus)

Security

API Server Security

  • introduce kubernetes security architecture
  • Understand the different between human users and service accounts
  • List different authentication techniques (SSL certificates, tokens, etc)
  • Understand the use of JWT tokens
  • Using tokens inside the pods (mounted secrets)
  • Understand kubernetes authorisation mechanism (verbs/resources)
  • List different authorisation modules (Node, RBAC etc)

RBAC

  • Explain RBAC
  • Understand and define Role and ClusterRole
  • Defining access rules
  • Binding roles to users and service accounts (RoleBinding/ClusterRoleBinding)
  • Accessing the API Server from a pod

Extra Demos with chalk-n-talk

These are some of the topics we demonstrate depending on the group composition and if time allows.

  • Kubernetes installation techniques (including on cloud)
  • Introduce the Ingress Controller
  • Monitoring (cAdvisor, Prometheus, Fluentd)
  • Managing packages using Helm
For an onsite course please contact us