CN251 is an intensive cloud native training bootcamp for IT professionals looking to develop skills in deploying and administering containerized applications in Kubernetes.
Course overview:
Over the course of five days, students will start with learning about first principles for application containerization followed by learning how to stand up a containerized application in Kubernetes, and, finally, ramping up the skills for day-1 operating tasks for managing a Kubernetes production environment. CN251 is an ideal course for those who need to accelerate the development of their IT skills for a rapidly-changing technology landscape.
Course content:
This course combines all topics of CN100, CN120, and CN220
Containerization motivations and implementation
• Usecases
• Comparison to virtual machines
Creating, managing and auditing containers
• Container implementation from the Linux kernel
• Container lifecycle details
• Core container creation, auditing and management CLI
Best practices in container image design
• Layered filesystem implementation and performance implications
• Creating images with Dockerfiles
• Optimising image builds with multi-stage builds and image design best practices
Single-host container networking
• Docker native networking model
• Software defined networks for containers
• Docker-native single-host service discovery and routing
Provisioning external storage
• Docker volume creation and management
• Best practices and usecases for container-external storage.
Kubernetes Application Essentials
• Make effective use of pod architecture
• Deploy workloads as Kubernetes controllers
• Provision configuration at runtime to Kubernetes workloads
• Network pods together across a cluster using native services
• Provision highly available storage to Kubernetes workloads
• Package an application as a Helm chart
Kubernetes High Availability
• Review the basic architecture of a Kubernetes cluster
• Install a well-validated HA Kubernetes cluster on a collection of hosts
• Load balance kubectl commands across an HA Kubernetes cluster
Managing Application Deployment
• Review how pods are scheduled on worker nodes
• Examine the node selector
• Discuss implementing the impact of taints and tolerations for Kubernetes workloads
• Review both pod and node affinity and anti-affinity
Releasing Application Updates
• Discuss releasing updates to applications running on the Kubernetes platform
• Explore native tooling for updating application
• Examine how Helm manages updating applications
Application High Availability
• Review the architecture required to achieve high availability for applications
• Discuss best practices for using liveness and readiness probes
• Explore Kubernetes auto-scaling of applications
• Discuss how to prioritizing Kubernetes workloads
Routing Network Traffic
• Discuss network routing options within Kubernetes
• Discuss the benefits of the Ingress controller and object
• Examine the Ingress object and controller pattern
Provisioning Storage
• Review available storage options for applications
• Discuss constraints of persistent storage in a standard Kubernetes cluster deployment
• Examine the storageClass object
Kube Security: Implementing RBAC
• Discuss RBAC implementation within Kubernetes
• Examine Kubernetes RBAC components
• Review Auditing within Kubernetes
• Determine how to enable Auditing within a Kubernetes cluster
Kubernetes Network Security
• Review the the Kubernetes Networking Model
• Discuss how Network Security is managed within the Kubernetes cluster
• Examine managing network security with native and non-native Kubernetes tooling
• Explain the native method of creating Network Policies
Securing an Application Workload
• Identify security mechanisms available to security between containers, pods, and the Kubernetes cluster
• Discuss strategies for enabling flexibility within security policy while maintaining security compliance
• Examine how to enable Pod Security Policies
Multi-Tenancy in Kubernetes
• Discuss multi-tenancy in a Kubernetes cluster
• Examine native Kubernetes objects used for enabling multi-tenancy capability
• Discuss multi-tenancy methods for Kubernetes
Target audience:
General technical audiences & IT professionals
Prerequisites:
Attendees should meet the following prerequisites:
• At least six months experience in cloud infrastructure administration
• Familiarity with the Bash shell
• Filesystem navigation and manipulation
• Command line text editors like vim or nano
• Common tooling like curl, wget and ping
• Familiarity with YAML and JSON notation