Cloud Native Operations Bootcamp

General technical audiences & IT professionals

This course combines all topics of CN100, CN120, and CN220

Containerization motivations and implementation

• Usecases
• Comparison to virtual machines

Creating, managing and auditing containers

• Container implementation from the Linux kernel
• Container lifecycle details
• Core container creation, auditing and management CLI

Best practices in container image design

• Layered filesystem implementation and performance implications
• Creating images with Dockerfiles
• Optimising image builds with multi-stage builds and image design best practices

Single-host container networking

• Docker native networking model
• Software defined networks for containers
• Docker-native single-host service discovery and routing

Provisioning external storage

• Docker volume creation and management
• Best practices and usecases for container-external storage.

Kubernetes Application Essentials

• Make effective use of pod architecture
• Deploy workloads as Kubernetes controllers
• Provision configuration at runtime to Kubernetes workloads
• Network pods together across a cluster using native services
• Provision highly available storage to Kubernetes workloads
• Package an application as a Helm chart

Kubernetes High Availability

• Review the basic architecture of a Kubernetes cluster
• Install a well-validated HA Kubernetes cluster on a collection of hosts
•  Load balance kubectl commands across an HA Kubernetes cluster

Managing Application Deployment

• Review how pods are scheduled on worker nodes
• Examine the node selector
• Discuss implementing the impact of taints and tolerations for Kubernetes workloads
• Review both pod and node affinity and anti-affinity

Releasing Application Updates

• Discuss releasing updates to applications running on the Kubernetes platform 
• Explore native tooling for updating application
• Examine how Helm manages updating applications

Application High Availability

• Review the architecture required to achieve high availability for applications 
• Discuss best practices for using liveness and readiness probes
• Explore Kubernetes auto-scaling of applications
• Discuss how to prioritizing Kubernetes workloads

Routing Network Traffic

• Discuss network routing options within Kubernetes 
• Discuss the benefits of the Ingress controller and object 
• Examine the Ingress object and controller pattern

Provisioning Storage

• Review available storage options for applications
• Discuss constraints of persistent storage in a standard Kubernetes cluster deployment
• Examine the storageClass object

Kube Security: Implementing RBAC

• Discuss RBAC implementation within Kubernetes
• Examine Kubernetes RBAC components
• Review Auditing within Kubernetes
• Determine how to enable Auditing within a Kubernetes cluster

Kubernetes Network Security

• Review the the Kubernetes Networking Model
• Discuss how Network Security is managed within the Kubernetes cluster
• Examine managing network security with native and non-native Kubernetes tooling
• Explain the native method of creating Network Policies

Securing an Application Workload

• Identify security mechanisms available to security between containers, pods, and the Kubernetes cluster
• Discuss strategies for enabling flexibility within security policy while maintaining security compliance
• Examine how to enable Pod Security Policies

Multi-Tenancy in Kubernetes

• Discuss multi-tenancy in a Kubernetes cluster
• Examine native Kubernetes objects used for enabling multi-tenancy capability 
• Discuss multi-tenancy methods for Kubernetes

Attendees should meet the following prerequisites:

• At least six months experience in cloud infrastructure administration
• Familiarity with the Bash shell
  • Filesystem navigation and manipulation
  • Command line text editors like vim or nano
  • Common tooling like curl, wget and ping
• Familiarity with YAML and JSON notation

Lab Requirements:

• Laptop with WiFi connectivity
• Attendees should have the latest Chrome or Firefox installed, and a free account at strigo.io.