CN210: Docker Enterprise Operations

Explore all the operations features of the Docker Enterprise Platform

Description

In this operations-focused course, you’ll deep dive into all the features of the Docker Enterprise platform, and discover how it enables a secure software supply chain from development to production. We’ll discuss managing and enhancing your Kubernetes and Swarm applications through Universal Control Plane, how to harden image security by building pipelines in Docker Trusted Registry, and how to enhance the security of the Docker Enterprise platform via operational best practices.

Who Should Attend

This course is targeted at students with the following:

  • Motivations: Leverage all the features of Universal Control Plane and Docker Trusted registry to securely manage containerized applications in a cloud or datacenter.
  • Roles: System Operators & Administrators

Lab Requirements

  • Laptop with WiFi connectivity
  • Attendees should have the latest Chrome or Firefox installed, and a free account at strigo.io.

Course Objectives

  • Docker Enterprise architecture
    • DE usage patterns
    • Containerized components of DE
    • Networking & System requirements for DE
    • Installing UCP & DTR
    • UCP & DTR high availability
  • Access control in Docker Enterprise
    • UCP and DTR RBAC systems
    • PKI, client bundle and API authentication
    • Swarm and Kubernetes access control comparison
  • Deploying Swarm and Kubernetes applications on UCP
    • Orchestrator architecture
    • Swarm and Kubernetes networking and architecture comparison
    • Application deployment on UCP
  • Container networking patterns
    • Routing and service discovery for stateful and stateless applications on Swarm and Kubernetes
    • Ingress vs. cluster internal routing
    • L7 routing featuring sticky sessions and path based routing in Swarm and Kubernetes
    • Introduction to Istio service mesh
    • Canary and Blue-Green deployment patterns in UCP
  • Cluster-wide logging patterns
    • Engine log management
    • UCP audit logging
    • Log aggregation and management
  • Enhancing platform security
    • Options for improving host-level container security
    • Kubernetes admission controllers and pod security policies
    • Container network encryption
    • Kubernetes network policies
  • Content Trust in DTR
    • Man-in-the-middle mitigation per the Update Framework
    • Setting up content trust keys
    • Signing images with content trust
  • Security Scanning in DTR
    • Security scanning setup
    • Interpreting and filtering scanner reuslts
  • Building image pipelines with webhooks and image promotion
    • Continuous integration pipeline tools
    • Triggering webhooks
    • Automatic and manual image promotion through pipeline stages
  • DTR Image Management
    • Tag pruning and garbage collection
    • DTR sizing for development and production clusters
    • DTR content caching

VIEW PUBLIC CLASS SCHEDULE
REQUEST PRIVATE TRAINING