Completek8s Classroomnotes 22/Jun/2023

Ways of Working

  • Collaboration: We will be using Microsoft Teams
  • Practical Sessions: 2 hours every day
    • Weekday (Tue-Fri): 7-9 AM IST
    • Weekend (Sat-Sun): 7-9 AM IST
  • Which Laptop?
    • Windows => Video Player
    • All the stuff can be done using any system

Docker

  • Introduction
  • Why Containers
  • Alternative Options
  • Microservices and Containers
  • Docker Components
  • Docker Networking
  • Docker Volumes
  • Docker Plugins
  • Building Docker Images
  • Standards:
    • OCI
    • CNM
  • Windows Docker Containers
  • Customize Docker
  • Docker Security
  • Docker Enterprise
  • Docker Image Scans
  • Docker Compose
  • Intro to Swarm (*)
  • Registries
    • Docker Registry
    • Docker Hub
    • ACR
    • ECR
    • GCR
    • JFrog

Kubernetes (k8s)

  • Why K8s
  • k8s architecture
  • Workloads and Controllers
    • Pod
    • ReplicaSets
    • DaemonSets
    • Deployments
    • StatefulSets
    • Service
    • Ingress
    • Endpoints
    • Endpoint Slices
    • Jobs
    • CronJobs
  • Policies:
    • NetworkPolicy
    • PodSecurityPolicy
    • PodDisruptionBudget
  • Storage:
    • Volumes
    • PersistentVolumes
    • StorageClasses
    • CSI
    • Persistent Volume Claims
  • Networking:
    • CNI
    • CNI Plugins
  • Scheduling:
    • Pod Affinity
    • Node Affinity
    • Taints and toleration
  • Scaling:
    • Horizontal Pod Scaling
    • Vertical Pod Scaling
    • Auto Scaling
    • Node Auto scaler
    • Cluster Auto scaler
  • Configurations:
    • Config Maps
    • Secrets
    • Security Contexts
    • Resource Boundaries
    • Service Accounts
  • Multi-Container Pods
  • Health Probes
  • Debugging in k8s
    • Ephemeral Container
    • Troubleshoot pods
    • Interactive shells
  • Design of Pods
    • Labels
    • Annotations
    • Deployment
    • Restart Behaviors
    • Jobs/Cron Jobs
    • Configuring Retained history
  • Services & Networking
    • Port Mappings
    • Accessing Services
    • Network Policies
    • Restricting Access to Ports
  • State Persistence
    • CSI
    • Static vs Dynamic Provisioning
  • Cluster Architecture => Installation and Configurations
    • RBAC:
      • Overview
      • Subject
      • Service Account
      • Assinging SA to a Pod
      • RBAC API Primitives
      • Roles
      • Role Binding
      • Namespace and Cluster wide RBAC
      • Aggregate RBAC Rules
    • Installation
    • Make HA Cluster
    • Backing up and Restoring etcd
  • Scheduling:
    • Container Resource Requests
    • Templating tools:
      • yq
      • Kustomize
      • Helm
  • Networking:
    • Service
    • Ingress
    • CORE DNS
    • Choosing a right CNI Plugin
  • Storage:
    • Configuring PVs
  • Troubleshooting:
    • Logging:
      • Cluster loggin
      • Node Loggin
    • Troubleshoot pods
    • Trouble shoot cluster failure
  • Network policies to restrict
    • Pod-Pod
  • kube-bench
  • Fixing security issues
  • Creating an ingres with TLS Termination
  • Protect Node metadata and Endpoints
  • Protect GUI Elements
  • Cluster Hardening
    • Restricting API Server
    • Update k8s frequently
  • System Hardening
    • Minimize HostOS footprint
    • Minimize IAM Roles
    • Minimize External Access to Network
    • Kernel Hardening tools
      • AppArmour
      • SecComp
    • Minimizing Microservice Vulnerabiliies
      • Secrets
      • mTLS
      • Security Domains
    • Static Image Scaning
      • Hadolint
      • kubesec
    • Runtime Security
      • Behavior Analysis
      • Container immutability
      • Audit logs
  • Networking:
    • AKS
    • EKS
    • GKE
  • Argo CD
  • Service Mesh
    • Istio
      • Data Plane: Envoy
      • Istio Gateways
      • Traffic Control
      • Resilence
      • Observability:
        • Jaeger
        • kiali
        • Grafana
      • Securing Microservice
    • Linkerd
  • Helm
  • Production K8s:
    • Secret Management
    • Admission Controllers
    • Identity
    • Platform Services
    • Autoscaling
    • Multitenancy
    • Platform Abstractions
  • K8s Patterns
    • Predictable Demands
      • Pod Priority
      • Capacity Planning
    • Behavioral Patterns
      • Batch Jobs
      • Periodic Jobs
      • Daemon Service
      • Singleton Service
      • Stateless Service
      • Stateful Services
    • Structural
      • Init Containers
      • Side Cars
      • Adaptors
      • Ambassador
    • Configuration
      • Immutable Configuration
      • EnvVar Configuration
    • Security
      • Process Containement
      • Network Segmentation
      • Secure Configuration
      • Access Control
    • Advanced
      • Operator
      • Elastic Scaling
      • Image Builder
  • Observability:
    • Prometheus
    • Grafana
    • Basic look at cloud monitoring
  • Practical Highlights
    • Deploying and managing
      • monolith
      • Microservice
      • Event based microservices
    • Technology:
      • .net
      • java
      • python
      • nodejs
      • angular
      • react
  • CRD
  • Operator framework
  • Rancher

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

About continuous learner

devops & cloud enthusiastic learner