Kubernetes for Developers

Duration: 0 Days

Method:

Course Code: KU1020

Audience

This course is intended for developers that need to understand all aspects of how to containerize, host, deploy, and configure an application in a multi-node cluster.

Description

In this course students learn how to containerize, host, deploy and configure an application in a multi-node cluster. Students begin with a simple script, then define application resources and use core primitives to build, monitor, and troubleshoot scalable applications in Kubernetes. Students will be working with network plugins, security, and cloud storage, and will be exposed to many of the features needed to deploy an application in a production environment.

Objectives

Upon successful completion of this course, the student will be able to:

Learn how to containerize and deploy a new Python script
Understand and configure the deployment with ConfigMaps, Secrets, and SecurityContexts
Understand multi-container pod design
Learn to configure probes for pod health
Learn to update and roll back an application
Understand how to implement services and set NetworkPolicies
Learn how to use PersistentVolumeClaims for state persistence

Prerequisites

Students should be familiar with a programming language and be comfortable with basic Linux command line and file editing skills. Knowledge of Microservices with Kubernetes, Docker, and Continuous Integration.

Topics

I. Kubernetes Core Concepts
- Kubernetes Basics
- What is Kubernetes?
- Container Orchestration
- Kubernetes Architecture
- Kubernetes Concepts
- Cluster and Namespace
- Nodes
- Master
- Pod
- Using Pods to Group Containers
- Label
- Label Syntax
- Annotation
- Label Selector
- Replication Controller and Replica Set
- Service
- Storage Volume
- Secret
- Resource Quota
- Authentication and Authorization
- Routing
- Docker Registry
II. Kubernetes Architecture
- Architecture Diagram
- Components
- Kubernetes Cluster
- Master Node
- Kube-Control-Manager
- Nodes
- Other Components
- Interacting with Kubernetes
III. Build
- What is Docker
- Where Can I Run Docker?
- Docker and Containerization on Linux
- Linux Kernel Features: cgroups and namespaces
- The Docker-Linux Kernel Interfaces
- Containerizing an Application
- Building Docker Images using Dockerfile
- Sample Dockerfile
- Environment Variables
- Environment Variables - Example
- Arguments
- Multi-stage Builds
- Multi-stage Builds (Contd.)
- Stop at a Specific Build Stage
- RUN
- EXPOSE
- EXPOSE (Contd.)
- COPY
- ADD
- CMD
- ENTRYPOINT
- CMD vs. ENTRYPOINT
- VOLUME
- Build the Image
- Build the Image (contd.)
- .dockerignore
- Dockerfile – Best Practices
- Dockerfile - Best Practices (contd.)
- Published Ports
- Docker Documentation
- Docker Registry
- Hosting a Local Registry
- Hosting a Local Registry (contd.)
- Deploying to Kubernetes
- Deploying to Kubernetes (contd.)
- Running Commands in a Container
- Multi-Container Pod
- Multi-Container Pod (contd.)
IV. Design
- Traditional Applications
- Virtual Machines
- Containerized Applications
- Decoupled Resources
- Transience
- Flexible Framework
- Application Resource Usage
- Measuring Resource Usage
- Docker Resource Usage Statistics
- Docker Container Resource Constraints
- Docker Run Command Resource Flags
- Using Label Selectors
- Equality Based Label Selector
- Set Based Label Selector
- Multi-Container Pods
- Sidecar Container
- Sidecar Container Uses
- Adapter Container
V. Deployment Configuration
- Introduction to Volumes
- Container OS file system storage
- Docker Volumes
- Kubernetes Volumes
- Volume Specs
- K8S Volume Types
- Cloud Resource Types
- emptyDir
- Using an emptyDir Volume
- Other Volume Types
- Persistent Volumes
- Creating a Volume
- Persistent Volume Claim
- Persistent Volume
- Pod that uses Persistent Volume
- Dynamic Volume Provisioning
- Requesting Dynamic Storage
- Secrets
- Creating Secrets from Files
- Creating Secrets from Literals
- Using Secrets
- configMaps
- Creating configMaps from Literals
- Creating configMaps from files
- Using configMaps
- Security Context
- Security Context Usage
- Deployment Configuration Status
- Replicas
- Scaling
- Rolling Updates
VI. Security
- Security Overview
- API Server
- API & Security
- - /.kube/config
- - /.kube/config (contd.)
- Kubernetes Access Control Layers
- Authentication
- Authorization
- ABAC Authorization
- ABAC - Policy Format
- ABAC - Examples
- RBAC Authorization
- Role and ClusterRole
- Role - Example
- ClusterRole - Example
- RoleBinding and ClusterRoleBinding
- RoleBinding - Example
- ClusterRoleBinding - Example
- Authorization Modes - Node
- Authorization Modes - ABAC
- Admission Controller
- Network
- Policies
- Network Policies - Examples
- Network Policies - Pod Isolation
- Network Policies - Internet Access for Pods
- Network Policies - New Deployments
VII. Exposing Applications
- Kubernetes Services
- Service Resources
- Service Type
- ClusterIP
- NodePort
- NodePort from Service Spec
- LoadBalancer
- LoadBalancer from Service Spec
- ExternalName
- Accessing Applications
- Service Without a Selector
- Ingress
- Ingress Resource Example
- Ingress Controller
- Service Mesh
VIII. Troubleshooting Kubernetes
- Troubleshooting Overview
- Objects in Kubernetes
- Relationships in Kubernetes
- Operations in Kubernetes
- Understanding the Issue
- Troubleshooting Tools
- Troubleshooting Commands
- Troubleshooting Pods
- Troubleshooting the Cluster
- Cluster Failure Modes
- Monitoring
- Monitoring Applications
- Accessing Logs
- Logging Tools
- Conformance Testing
IX. Lab Exercises
- Lab 1. Getting Started with Kubernetes
- Lab 2. Building a Docker Image with Dockerfile
- Lab 3. Deploying to Kubernetes
- Lab 4. Implementing the Sidecar Pattern
- Lab 5. Deploying Applications
- Lab 6. Implementing RBAC Security
- Lab 7. Accessing Applications
- Lab 8. Troubleshooting