CN220 centers on developing the skills and knowledge needed for Day-1 Kubernetes operations for managing applications. Using best practices as guiding principles, students will engage in topics pertaining to the Kubernetes architecture to make informed decisions for production workloads. Topics include configuring resource availability for applications, implementing advanced scheduling for applications, and administering user roles and permissions for the Kubernetes cluster. Kubernetes Operations and System Integration teams will benefit greatly as they plan and deploy their Kubernetes production environments.

This course is targeted at students with the following:

• Skills: CN120 (or equivalent) experience

• Motivations: Perform core ‘day-1’ operational tasks on Kubernetes

• Roles: Infrastructure and Integration engineers tasked with day-to-day application workload management; IT professionals looking to expand skills in Kubernetes administration

• Laptop with WiFi connectivity

• Attendees should have the latest Chrome or Firefox installed, and a free account at strigo.io.

• Kubernetes High Availability

  • Review the basic architecture of a Kubernetes cluster

  • Install a well-validated HA Kubernetes cluster on a collection of hosts

  •  Load balance kubectl commands across an HA Kubernetes cluster

• Managing Application Deployment

  • Review how pods are scheduled on worker nodes

  • Examine the node selector

  • Discuss implementing the impact of taints and tolerations for Kubernetes workloads

  • Review both pod and node affinity and anti-affinity

• Releasing Application Updates

  • Discuss releasing updates to applications running on the Kubernetes platform 

  • Explore native tooling for updating application

  • Examine how Helm manages updating applications

• Application High Availability

  • Review the architecture required to achieve high availability for applications 

  • Discuss best practices for using liveness and readiness probes

  • Explore Kubernetes auto-scaling of applications

  • Discuss how to prioritize Kubernetes workloads

• Routing Network Traffic

  • Discuss network routing options within Kubernetes 

  • Discuss the benefits of the Ingress controller and object 

  • Examine the Ingress object and controller pattern

• Provisioning Storage

  • Review available storage options for applications

  • Discuss constraints of persistent storage in a standard Kubernetes cluster deployment

  • Examine the storageClass object

• Kube Security: Implementing RBAC

  • Discuss RBAC implementation within Kubernetes

  • Examine Kubernetes RBAC components

  • Review Auditing within Kubernetes

  • Determine how to enable Auditing within a Kubernetes cluster

• Kubernetes Network Security

  • Review the Kubernetes Networking Model

  • Discuss how Network Security is managed within the Kubernetes cluster

  • Examine managing network security with native and non-native Kubernetes tooling

  • Explain the native method of creating Network Policies

• Securing an Application Workload

  • Identify security mechanisms available to security between containers, pods, and the Kubernetes cluster

  • Discuss strategies for enabling flexibility within security policy while maintaining security compliance

  • Examine how to enable Pod Security Policies

• Multi-Tenancy in Kubernetes

  • Discuss multi-tenancy in a Kubernetes cluster

  • Examine native Kubernetes objects used for enabling multi-tenancy capability 

  • Discuss multi-tenancy methods for Kubernetes