Kubernetes Administration & Configuration

Part of our "Kubernetes & MSA" courses

3 days

Course Overview

This course prepares cluster administrators to install, setup, configure and maintain a kubernetes cluster. This course is an excellent preparation for the CKA exam while at the same time preparing your team for real-life situations.

Course Prerequisites

Students must be familiar with using kubernetes and should have an understanding of the basic kubernetes objects such as nodes, pods, deployments and services. We recommend students to follow our Core Kubernetes course before attending this course.


This course is foremost intended to prepare cluster administrators to be able to set-up, configure and maintain a cluster in working environment. At edc we always value project and company value over personal values and certifications. We therefore explain more than is needed for the CKA exam and focus on skill and knowledge required to be a cluster administrator.

For those that are seeking certification, How this course map to the CKA requirements?

  • Cluster Architecture, Installation & Configuration: this is the core of this course
  • Workloads & Scheduling: basics covered in Core Kubernetes, define namespace wide resource limit defaults and scheduling details (e.g, affinity, toleration's etc) are covered during this course.
  • Service & Networking: basics covered in Core Kubernetes while CNI and network policies are covered in this course
  • Storage: mostly covered in Core Kubernetes. During this course we explore on-prem storage solutions
  • troubleshooting: application troubleshooting is part of Core Kubernetes, during this course we cover general cluster and nodes related problems

During the workshop student will set-up and configure a 5-node kubernetes cluster with a HA control-plane.

Cluster Architecture

  • Recap of k8s architecture (Masters and Worker Nodes)
  • Recap control plane components (APIServer, Controller-Manager, Scheduler and etcd)
  • Choosing a container runtime environment (docker, containerd, cri-o)
  • Discuss the role of Container Network Interface (CNI)
  • A deeper dive into the role of etcd
  • Planning a cluster (e.g, size, machine types, etc)


  • Discuss different installation techniques (kubeadm, kops, …)
  • Using kubeadm to install a cluster
  • Setup a control plane
  • Installing a CNI implementation
  • Setup an initial worker nodes
  • Adding masters to your cluster
  • Configuring kubeadm using YAML
  • Setup a HA etcd cluster
  • understand etcd
  • Introduce raft (consensus algorithm)
  • Topologies for Highly Available clusters (HA) (stacked vs external etcd nodes)

Configuring Role Based Access Control (RBAC)

  • recap RBAC
  • Planning user-access
  • User access workflows
  • Managing cluster administrators and users using RBAC
  • Limiting object and namespace access
  • Using OpenID (OIDC) to authenticate cluster users
  • Integrating with LDAP


  • Configuring your k8s installation
  • Introduce etcd admin tools etcdctl and etcdutl
  • Backing-up your etcd configuration
  • Scaling worker nodes (adding/removing nodes)
  • Discuss Upgrading strategies
  • Upgrade a cluster to a new k8s version
  • General Configuration tuning Best Practices
  • Installation and configuration troubleshooting


Monitoring using Prometheus/Grafana

  • Using Prometheus
  • Installing and configuring Prometheus/Grafana (basics)
  • Discuss federation and scalability-
  • Understand prometheus Service Discovery
  • Using prometheus relabeling
  • Understand the structure of a metric
  • Understand the different metric types (counter, gauge, histogram, …)
  • Adding Service Monitors
  • Using Grafana dashboards
  • Importing existing dashboards

Log aggregation with Loki

  • introduce Loki
  • Understand the Architecture of Loki
  • Appreciate the indexing behaviour of Loki
  • Discuss benefits of using Loki over other logging solutions
  • Discuss Loki configuration (promtail, storage, scraping, …)
  • Setting up Loki using helm


  • Recap volumes
  • Reiterate the different between static and dynamic storage provisioning
  • Setting up storage classes
  • Discuss on-prem dynamic storage solutions
  • Setting up a distributed storage solution (Rook/Ceph)
  • Monitoring storage

Workloads & Scheduling


  • recap of container resources (requests/limits)
  • setting up default resource limits per namespace
  • Define and manage resource sonatas
  • Monitoring workload resource

Pod Scheduling

  • Introduce the node selection process
  • Scheduling pods to nodes using node selectors
  • Keeping pods away from nodes using taints and tolerations
  • Inviting pods to nodes using affinity
  • Co-locating (or not) pods using podAffinity and podAntiAffinity


  • Recap networking objects (services, ingress, …)
  • Discuss kubeproxy
  • Using LoadBalancer service types for on-prem clusters


  • Explain Network Policies
  • Understand the default behaviour in kubernetes
  • Protecting your Network
  • Protecting your Pods
  • Allowing and Denying traffic Ingress and *Egress
  • Isolating namespaces
  • Allowing based on pods and/or namespaces
  • Allowing based on IP Addresses
  • Port level access
  • Policy Patterns
  • Encrypting secrets at rest (etcd)

Technology stacks (Discussion)

  • Recap Cluster Observability and monitoring
  • Recap Cluster logging (ELK/Elastic Stack, Kibana, Loki, Grafana)
  • RecapResource and performance monitoring (Prometheus, Grafana)
  • Reiterate the importance of gitops
  • Discuss solutions for Secrets
  • Tools for Managing certificates
  • Using replication for namespace-bound objects
  • Other tools

Public Events

Currently we have no public courses planned for Kubernetes Administration & Configuration

Private Events

Do you have a team that needs a Kubernetes Administration & Configuration course?

Contact Us

Send us a message

This Kubernetes Administration & Configuration course looks very interesting, I do however have a question