Online
Classroom

Kubernetes Administration & Configuration

Part of our "Kubernetes & Cloud" courses

4 days

thumb image

Course Overview

Designed for cluster administrators, this course covers essential Kubernetes setup and maintenance. It provides a solid foundation for the CKA exam while emphasizing real-world skills. Unlike many competitors, we focus on practical, project-based learning. Participants who complete the course will be well-prepared for both the exam and actual work environments.

Course Prerequisites

Students must be familiar with using kubernetes and should have an understanding of the basic kubernetes objects such as nodes, pods, deployments and services. We recommend students to follow our Core Kubernetes course before attending this course.

Outline

This course is engineered for cluster administrators, offering comprehensive training in installing, setting up, and configuring a Kubernetes cluster. While it serves as an excellent primer for the CKA exam, its true strength lies in preparing participants for real-world scenarios. Unlike many competitors, we prioritize hands-on, project-centric skills. Participants who actively complete the course will be well-prepared for the CKA exam and, more importantly, will have the specialized expertise to make a meaningful impact in real-world operations.

For those that are seeking certification, and wonder how this course maps to the CKA requirements:

  • Cluster Architecture, Installation & Configuration: this is the core of this course
  • Workloads & Scheduling: basics covered in Core Kubernetes, define namespace wide resource limit defaults and scheduling details (e.g., affinity, toleration's etc.) are covered during this course.
  • Service & Networking: basics covered in Core Kubernetes while CNI and network policies are covered in this course
  • Storage: mostly covered in Core Kubernetes. During this course we explore on-prem storage solutions
  • troubleshooting: application troubleshooting is part of Core Kubernetes, during this course we cover general cluster and nodes related problems

During the workshop, students will set up and configure a 5-node kubernetes cluster with a HA control-plane.

Cluster Architecture

  • Recap of k8s architecture (Master and Worker Nodes)
  • Recap control plane components (APIServer, Controller-Manager, Scheduler and etcd)
  • Choosing a container runtime environment (docker, containerd, cri-o)
  • Discuss the role of Container Network Interface (CNI)
  • A deeper dive into the role of etcd
  • Planning a cluster (e.g, size, machine types, etc)

Installation

  • Discuss different installation techniques (kubeadm, kops, …)
  • Using kubeadm to install a cluster
  • Set up a control plane
  • Using your own image registry for the control-plane (and cluster)
  • Discuss Admission Plugins
  • Installing a CNI implementation
  • Set up an initial worker nodes
  • Adding masters to your cluster
  • Configuring kubeadm using YAML
  • Setup a HA etcd cluster
  • understand etcd
  • Introduce raft (consensus algorithm)
  • Topologies for Highly Available clusters (HA) (stacked vs external etcd nodes)

Configuring Role-Based Access Control (RBAC)

  • recap RBAC
  • Planning user-access
  • User access workflows
  • Managing cluster administrators and users using RBAC
  • Limiting object and namespace access
  • Using OpenID (OIDC) to authenticate cluster users
  • Integrating with LDAP

Configuration

  • Configuring your k8s installation
  • Introduce etcd admin tools etcdctl and etcdutl
  • Backing-up your etcd configuration
  • Scaling worker nodes (adding/removing nodes)
  • Discuss Upgrading strategies
  • Upgrade a cluster to a new k8s version
  • General Configuration tuning Best Practices
  • Installation and configuration troubleshooting

Monitoring

Monitoring using Prometheus/Grafana

  • Using Prometheus
  • Installing and configuring Prometheus/Grafana (basics)
  • Discuss federation and scalability-
  • Understand prometheus Service Discovery
  • Using prometheus relabeling
  • Understand the structure of a metric
  • Understand the different metric types (counter, gauge, histogram, …)
  • Adding Service Monitors
  • Using Grafana dashboards
  • Importing existing dashboards

Log aggregation with Loki

  • introduce Loki
  • Understand the Architecture of Loki
  • Appreciate the indexing behaviour of Loki
  • Discuss the benefits of using Loki over other logging solutions
  • Discuss Loki configuration (promtail, storage, scraping, …)
  • Setting up Loki using helm

Storage

  • Recap volumes
  • Reiterate the different between static and dynamic storage provisioning
  • Setting up storage classes
  • Discuss on-prem dynamic storage solutions
  • Setting up a distributed storage solution (Rook/Ceph)
  • Monitoring storage

Workloads & Scheduling

Resources

  • recap of container resources (requests/limits)
  • setting up default resource limits per namespace
  • Define and manage resource sonatas
  • Monitoring workload resource

Pod Scheduling

  • Introduce the node selection process
  • Scheduling pods to nodes using node selectors
  • Keeping pods away from nodes using taints and tolerations
  • Inviting pods to nodes using affinity
  • Co-locating (or not) pods using podAffinity and podAntiAffinity

Networking

  • Recap networking objects (services, ingress, …)
  • Discuss kubeproxy
  • Using LoadBalancer service types for on-prem clusters

CoreDNS

  • overview of core-dns
  • recap of DNS records in kubernetes (A/AAAA/SRV/CNAME/…)
  • Understanding the default configuration
  • Configure upstream nameservers
  • Configure logging

Kube proxy

  • recap the role of kube-proxy
  • explore different modes (iptables, ipvs)
  • understand how kube-proxy uses iptables
  • discuss issues with using iptables
  • performance tuning for iptables mode
  • configure and explore IPVS
  • use different IPVS schedulers

MetalLB

  • Introduce MetalLB as a load-balancer for on-prem clusters
  • Understand the architecture of MetalLB
  • Pros and cons of Layer-2 vs BGP
  • Confusing IP pools for MetalLB
  • Using MetalLB CRDs

Network Policies

  • Explain Network Policies
  • Understand the default behaviour in kubernetes
  • Protecting your Network
  • Protecting your Pods
  • Allowing and Denying traffic Ingress and *Egress
  • Isolating namespaces
  • Allowing based on pods and/or namespaces
  • Allowing based on IP Addresses
  • Port level access
  • Policy Patterns
  • Encrypting secrets at rest (etcd)

Technology stacks (Discussion)

  • Recap Cluster Observability and monitoring
  • Recap Cluster logging (ELK/Elastic Stack, Kibana, Loki, Grafana)
  • RecapResource and performance monitoring (Prometheus, Grafana)
  • Reiterate the importance of gitops
  • Discuss solutions for Secrets
  • Tools for Managing certificates
  • Using replication for namespace-bound objects
  • Other tools

Private Events

Is your team in need of a Kubernetes Administration & Configuration course?

Send us a message, and we'll get in touch, without any obligation.

languages:
enfrnl

Upcoming Public Events

Currently we have no public courses planned for Kubernetes Administration & Configuration

This Kubernetes Administration & Configuration course looks very interesting, I do however have a question