11/01/21 - AVT - Virtual-Instructor Led - Virtual-Instructor Led
12/14/21 - AVT - Virtual-Instructor Led - Virtual-Instructor Led
- Design patterns that you can implement in Kubernetes to build and run scalable systems in production
- Apply existing security policies in a Kubernetes ecosystem
- Extend the Kubernetes API to operate systems more easily
- Develop stateful services using Kubernetes
- Use Istio in a microservices system
- Create, deploy, and test scalable and fault-tolerant applications
- Work with Telepresence, GitOps, and Flux
Part 1: Core Concepts
We’ll go deep into different terms of Kubernetes to understand what it takes to build and run scalable systems in production. There are design patterns that you can implement in Kubernetes to extend an existing application without having to change the source code, like a sidecar pattern.
- Kubernetes architecture
- Imperative commands and descriptive manifests
- Pods, deployments, services, namespaces, DaemonSets
- Exercise: Working with Pods
- Exercise: Working with ReplicaSet
- Exercise: Working with Deployments
- Exercise: Working with Services
- Init containers
- Exercise: Working with StatefulSet
- Working with multiple clusters (kubeconfig)
- Kubernetes design patterns
Part 2: Networking in Kubernetes
Understanding how networking works in Kubernetes is important because it will help you to configure networking patterns like service discovery for a microservices architecture. But another concept that is taking more relevance are service meshes. We’ll explore what a service mesh is, and we’ll practice using one of the most popular ones: Istio.
- Ingress networking
- Exercise :Working with Ingress
- Networking policies
- Exercise: Working with Networking Policies
- What’s a service mesh?
- Introduction to Istio
- Observability with Istio
- Networking security with Istio
- Canary releases with Istio
- Exercise: Working with Istio
Part 3: Creating Scalable and Fault-Tolerant Applications
Kubernetes has a lot of great features built in by implementing the controller pattern. But in many cases, our applications need to include small configurations to help Kubernetes make better decisions to support reliable applications. We’ll see what changes are needed in the applications, and then we’ll deploy and test a sample application.
- Working with configuration
- Exercise: Working with ConfigMaps
- Working with probes
- Exercise: Working with Probes
- Configuring requests and limits
- Taints and tolerations
- Exercise: Working with Taints and Tolerations
- Node selectors
- Configuring scaling policies
- Exercise: Configuring scaling policies
Part 4: Development Workflow in Kubernetes
Kubernetes doesn’t have to change the way developers build applications, but they might want to be involved or test in their local workstations when they’re done with their application changes. We’ll discuss some recommended practices and tools.
- Packaging and managing applications with Helm
- Exercise: Working with Helm
- Continuous delivery in Kubernetes
- Exercise: Continuous Delivery with Flux
- Logging and monitoring systems
- Troubleshooting application failures
- Exercise: Troubleshooting Applications
- Development Toolbox: State of the art
Part 5: Developing Stateful Services
Stateless services are great for certain use cases, but there are scenarios where an application needs to be able to store data permanently, or at least work with data that is not ephemeral. Databases are one example.
- Understanding persistent volumes
- Exercise: Working with PV and PVC
- Backup and restore in Kubernetes
- Exercise: Backup and restore with Velero
- Databases in Kubernetes
Part 6: Security Practices and Recommendations
Kubernetes is not secure by default, and there are many considerations that you need to be aware of if before exposing your applications to the public internet. Companies usually have existing security policies, so we’ll cover how these security practices apply in a Kubernetes ecosystem.
- Authentication and Authorization
- Integration with AWS and IAM
- Docker image and pods security
- Pod Security Context and Policies
- Secrets encryption using KMS
- Exercise: Security in Kubernetes
Part 7: Extending the Kubernetes API
There are times where we need to extend the Kubernetes API to operate systems more easily. Not everyone will need to build something to extend the Kubernetes API, but it’s very valuable to understand the what, when, and how of custom resource definitions and the operator pattern.
- Custom Resource Definition (CRD)
- Custom Controllers
- Operator Pattern
- Operator Framework
- Exercise: Creating an Operator
Part 8: What’s Next for Kubernetes?
We’ll discuss other topics related to Kubernetes that might not fit everyone’s use cases, but that as a Kubernetes user you might want to be aware of. For instance, we’ll talk a little bit about having federated clusters, hybrid workloads, and several important tools from the CNCF.
Students need foundational level knowledge DevOps practices, intermediate Kubernetes experience, and familiarity with working on the command line in a Linux environment.
If you don't meet the above requirements, we strongly encourage you to take the Introduction to Kubernetes course before taking this course.
- Software Developers
- Software Engineers
- DevOps Engineers
- Frontend Engineers
- Backend Engineers
- Full Stack Developers
- ML/AI Engineers
- Cloud Engineers
- Cloud Architects