Kubernetes operations - infra, build and deployment

This course provides additional resources and training for our Kubernetes basic and advanced courses. We are focusing on running production apps in Kubernetes cluster and providing additional guidance for extending the cluster with must-have features like LMA, backups and multicluster deployment scenarios.

There’ll be  multi-node cluster provisioned for everyone and we’ll demonstrate cluster installation as well as installation of additional LMA tooling. Best practises and security threats will be taken into account and demonstrated on the clusters. Our goal will be to join all clusters in a single multi cluster environment and ship applications using CD pipelines.

Target audience:

administrator, dev/ops, infrastructure architect, system engineer

Requirements:

• basic Kubernetes knowledge
• using command line and SSH
• elementary networking

Goals:

• Demonstration ways to install and upgrade Kubernetes cluster
• Present various LMA tools
• Kubernetes cluster security
• Build and deployment pipelines and best practises

Course autor

TOMÁŠ KUKRÁL

Tomas develops the edge cloud platform based on Kubernetes at Volterra. In the past, he worked for Mirantis and was in charge of designing Kubernetes clusters and delivering them to their customers. In his free time he is involved in parachuting and cycling. In the beginning, Tomáš prepared the course and created practical labs. Currently, the course can be taught by various instructors.

Outline:

Kubenetes cluster

• Installation
• Basic component of control plane
• Public Kubernetes offering
• Terraform vs native tools

Logging

• Collecting logs from containers, nodes and control-plane components
• Sending logs to Loki
• Promtail and fluent/d/bit
• Analysing logs from containers and infrastructure
• Best practises for loggin

Monitoring

• Prometheus federace, metric filtering
• Grafana, Alertmanager
• Managing alerts with Karma
• Visibility for usage of container resources
• Etcd monitoring

Build

• Building images from source code
• Container registries
• Signing and validating images
• Deployment
• Using CRD
• ArgoCD, Argo Events, Argo Workflow
• Tekton pipelines
• Deployment tooling comparison
• Using operators for application ma

Backup

• Restoring cluster configuration
• Disaster recovery and moving application between clusters
• Sending application backups out of the cluster

Security

• Security scanning and vulnerability analysis for container images
• Encrypting Kubernetes objects
• Kubernetes audit
• Authorization and authentication for cluster application
• RBAC rules and best practises
• Best practises cluster configuration
• Certificates for Kubernetes control-plane and node
• Certificate rotation
• Kubernetes certificate signing

Networking

• Routing traffic in multi-node cluster
• Calico networking
• Encrypting traffic with Wireguard
• Sniffing and debugging pod traffic
• Debugging kube-proxy iptables rules
• Networking policies

Multicluster

• Intercluster communition
• NetworkPolicy in multicluster environemnt
• Deployment orchestration
• Synchronization of resources in multiple clusters