Course Overview
Kubernetes is a transformative technology that elevates your company's operations. This course offers top-tier materials and is led by expert instructors committed to your satisfaction. Ideal for teams aiming to enhance their professional capabilities, this course is a pivotal asset. We offer flexible delivery options, including private sessions or comprehensive online experiences.
Course Prerequisites
Students are expected to have basic knowledge of a Container runtime such as Docker. At a bare minimum students should be familiar with Images, Containers, Volumes, Repositories. During the course we're using Docker. An understanding of basic docker CLI commands is helpful. We advice students to follow our DOCKER-CORE course.
Though not required, it is helpful to have an understanding of linux and basis of networking .
Outline
Unlock transformative potential with our Kubernetes course, delivered by expert instructors committed to your satisfaction. This course is not just an excellent gateway to the CKAD exam; it's an investment in your team's real-world capabilities. We prioritize project-focused skills over individual certifications, ensuring you gain essential workplace competencies. Whether you opt for a private course or a detailed online experience, elevate your department's professional standing with this game-changing offering.
How does this course map to the CKAD requirements?
- Application Design and Build: Fully covered during his course. Make sure you also have the skills as covered in our Core Docker course.
- Application Deployment: Managing deployments (including canary) and helm are fully covered during this course.
- Application Observability and Maintenance: This is a crucial part of the course. In addition to explaining the required concepts, students value the hands-on approach of this course that provides a lot of opportunities to debug, troubleshoot and monitor application behaviour.
- Application Environment, Configuration and Security: You will be deploying real-life applications that require plenty of configuration and secrets. We'll also explore security and how to access the kubernetes API server using service accounts and hence have to set up the security for that.
- Services and Networking: You'll get plenty of exposure to using and troubleshooting service access, including external services through ingress rules. We introduce network policy (full details of these policies are further explored in our Kubernetes Admin course.)
We also offer a Kubernetes Admin course more geared towards Administrators, but is also valuable to Developers.
Introduction
Kubernetes
- Introduction to kubernetes
- Understand the need for orchestration
- History of kubernetes
- Kubernetes as a microservice platform
Kubernetes Architecture
- Understand Master and Worker Nodes
- Understand the role of the Container Runtime Interface
- Discuss different runtimes (docker, containerd, cri-o)
- Introduce the control plane components
- Introduce master components APIServer, Controller-Manager, Scheduler and etcd
- Introduce node components kubelet, kube-proxy and the container runtime
- Discuss other components (kube-dns, dashboard)
Minikube
- Introduce minikube
- Understand what is included and which additional components can be enabled
- Installing and starting minikube
- Using Docker and minikube
Introduction to kubectl
- Interacting with your cluster using kubectl
- Appreciate the declarative nature
- Use adhoc imperative commands
- Configuring clusters
- Managing kubeconfig
- Setting up different contexts and switching between them
- Basic kubectl commands
- patching resources
- use service-side apply (SSA)
Kubernetes Objects and Resources
Introduction to Objects
- managing objects using kubectl
- Understand different categories (workload, services, config etc.)
- Using yaml to define objects
- introduction to the yaml syntax
- Organizing yaml files
- Understand meta-data
- Appreciate labels (define and use them in selectors)
- Use annotations to add additional information
- Understand and use namespaces
- Manage objects inside namespaces
Workload and Service Objects Introduction
- Understand and define Pods
- Appreciate the power and ease of ReplicaSets
- Understand how Deployments ease working with workload objects
- Introduce Services
- Understand the relation between Service, Deployment, ReplicaSet and Pods
Pods
- Understand the Pods life-cycle
- Defining container(s) inside a pod
- Understand container isolation (and what is shared, such as IPC, UTS etc.)
- Defining pods using yaml
- Understand how controllers may define pods (using templates)
- Interacting with a pod (logging, exec commands)
Deployments
- Introduce the Deployment API
- Define ReplicaSets to define replicas
- Changing and replacing deployments
- Scaling and auto-scaling deployments
- Understand and change the securityContext
- Triggering and Managing rolling updates
- Managing rollouts (revert back, use and manage deployment history, etc.)
- Discuss and appreciate canary deployments
- Using initContainers for initialization
- Discuss the side-car pattern
- Using initContainers for side-cars
Services
- Understand the problems solved by services
- Appreciate label selectors
- Creating Services using yaml
- Understand the concepts of endpoints
- Understand basic Service Networking
- Using kube-dns to find service by name
- Understand the difference between service types (ClusterIP, NodePort, LoadBalancer)
- Accessing external services using ExternalName
- Understand session affinity
- Appreciate how services can be found by pods (e.g, environment variables, kube-dns)
- Discuss and use MetalLB (cloud-native load-balancer) for on-prem clusters
Managing Pods and Containers
- Understanding the container's environment variables
- Managing the pods health
- Manage container failure (restartPolicy)
- Using probes to monitor container availability (e.g., startupProbe,livenessProbe, readinessProbe)
- best practices for probes (configuration, when not to use, impact on rolling updates etc.)
- Setting up resource requirements and limits (CPU, RAM, storage)
- Populating the environment using references (fieldRef and resourceFieldRef)
- Setup Quotas
- Discuss security context
- Manage UID and GID of container processes
- Discuss hardening pod and container security
- use Pod Priority and pod disruption policies
Auto scaling
- Introduce the different auto-scaling solutions (horizontal, vertical, cluster)
- introduce the Horizontal Pod Autoscaler (HPA)
- Understand the different types of HPA (resource/custom/external)
- Discuss the HPA algorithm and various time related configurations (forbidden windows, sync periods, …)
- Define Resource type HPAs
- Define custom type HPAs (using prometheus)
- Add scale up and down behavior
Ingress
- Introduce Ingress
- Using Ingress with StatefulSets
- Configure paths
- Using subdomains and virtual hosts
- Setting up TLS and SSL Termination
- Configuring reverse-proxy features: CORS, *DoS protection, Redirects, …
- Configure Ingress using annotations
- Use Ingress for basic authentication
- Integrate external authentication (OIDC/LDAP) with Ingress
Gateway API (Introduction)
- Introduce Gateway API
- Understand the rational and differences with Ingress
- Discuss the role-based approach
- Define Gateways for your cluster
- Define HTTPRoutes to manage traffic to applications
- Discuss other protocols (e.g., GRPCRoute)
- Use the gateway API for different traffic management scenarios
Storage and Persistence(Volumes)
- Introduce the concept and need for volumes
- Using ephemeral volumes (hostPath, EmptyDir)
- Introduce cloud volumes (gcePersistentDisk, awsElasticBlockStore, azureDisk)
- List other standard volume types (secret, configMap, downwardAPI, projected, …)
- Define and use PersistentVolumeClaim (PV) and PersistentVolumeClaims (PVC)
- Understand the difference between static and dynamic provisioning
- Statically provision PVs
- Understand the implications of choosing retention policies
- Appreciate the concept of StorageClass resources
- Use dynamic provisioning of pvs
- Choose file vs block volume types
- Understand how to extend storage capabilities using CSI Drivers
- Use local volume types for replication-aware applications (e.g., Kafka)
- fix file permissions using securityContext
Stateful Sets
- Introduce StatefulSets (sts)
- Discuss scaling stateful services (and use-cases)
- understand the relation between sts and persistent volumes claims
- Understand the role of headless (and "headful") services
- Introduce and discuss operators to ease management of stateful services
More controllers
- Work with DaemonSet
- Understand Jobs and recurring ones using CronJob
- Monitoring CronJobs using a job monitor
Configuration and Secrets
- Introduce configMaps
- Defining configMaps using yaml
- Accessing ConfigMaps through the environment (using envFrom)
- Mounting config data using configMap volumes
- Reloading and dynamic config data
- Understand the challenges of sensitive data
- Introduce Secrets
- Defining and using Secrets
- Setting up a private docker registry (Nexus)
- Discuss secret management (HashiCorp Vault/Sealed Secrets/…)
Security
API Server Security
- introduce kubernetes security architecture
- Understand the different between human users and service accounts
- List different authentication techniques (SSL certificates, tokens, etc)
- Understand the use of JWT tokens
- Using tokens inside the pods (mounted secrets)
- Understand kubernetes authorisation mechanism (verbs/resources)
- List different authorisation modules (Node, RBAC etc)
- Assigning users to standard ClusterRoles
- Using CertificateSigningRequest to sign user certificates
- Introduce Network Policies
- Allowing and Denying traffic Ingress and Egress
RBAC
- Explain RBAC
- Understand and define Role and ClusterRole
- Defining access rules
- Binding roles to service accounts (RoleBinding/ClusterRoleBinding)
- Accessing the API Server from a pod
Kustomize
- Introduction to Kustomize
- Discuss the benefits of Kustomize
- Understand bases and the directory structures
- Understand Resources
- Introduce low-level constructs (generators, transformers and validators)
- List the convenience constructs
- Force labels/annotations on resources
- Managing names and namespaces
- Defining ConfigMaps and Secrets
- Create, merge or replace configMaps/Secrets
- Using vars for basic reflection
- Override Deployments image, replicas
- Introduce Patches
- Using strategic merge patches
- Using JSON 6902 patches
- Introduce and use Components
Tooling
Introduction
- Overview of common stacks
- Appreciate Operators
Helm
- Introduction to Helm (helm 3)
- Understanding charts
- Installing and configuring releases
- Rolling-out new versions
Monitoring Prometheus/Grafana/Loki
- Using Prometheus (Operator)
- Understand the Architecture of Prometheus
- Understand the structure of a metric
- Discuss instrumentation techniques (using java, go , python, …)
- Understand the different metric types (counter, gauge, histogram, …)
- Installing and configuring Prometheus/Grafana (basics)
- Discuss federation and scalability
- List the CustomResourceDefinitions
- Adding Service Monitors
- Preparing applications to expose metrics (e.g., Spring Boot)
- Using exporters
- Using Grafana dashboards
- Importing existing dashboards
- Discuss and add Loki
Kubernetes Operators
- introduction to the *operator pattern
- Appreciate Custom Resource Definitions (CRDs)
- Discuss implementation languages, platforms and SDKs (e.g., operator SDK, kube-rs, … )
- Discuss and use Database operators (e.g., Crunchy Data, PGO, Zalando, …)
- Use operators in your cluster