In this operations-focused course, you’ll deep dive into all the features of the Docker Enterprise platform, and discover how it enables a secure software supply chain from development to production. We’ll discuss managing and enhancing your Kubernetes and Swarm applications through Universal Control Plane, how to harden image security by building pipelines in Docker Trusted Registry, and how to enhance the security of the Docker Enterprise platform via operational best practices.

• Motivations: Perform core ‘day-1’ operational tasks on Kubernetes

• Roles: Infrastructure and Integration engineers tasked with day-to-day application workload management; IT professionals looking to expand skills in Kubernetes administration

• Familiarity with the bash shell

• Filesystem navigation and manipulation

• Command line text editors like vim or nano

• Common tooling like curl, wget and ping

• Familiarity with YAML and JSON notation

• CN120 course or equivalent experience

• Laptop with WiFi connectivity

• Attendees should have the latest Chrome or Firefox installed, and a free account at strigo.io

• Kubernetes High Availability

  • Review the basic architecture of a Kubernetes cluster

  • Install a well-validated HA Kubernetes cluster on a collection of hosts

  • Load balance kubectl commands across an HA Kubernetes cluster

• Managing Application Deployment

  • Review how pods are scheduled on worker nodes

  • Examine the node selector

  • Discuss implementing the impact of taints and tolerations for Kubernetes workloads

  • Review both pod and node affinity and anti-affinity

• Releasing Application Updates

  • Discuss releasing updates to applications running on the Kubernetes platform

  • Explore native tooling for updating application

  • Examine how Helm manages updating applications

• Application High Availability

  • Review the architecture required to achieve high availability for applications

  • Discuss best practices for using liveness and readiness probes

  • Explore Kubernetes auto-scaling of applications

  • Discuss how to prioritizing Kubernetes workloads

• Routing Network Traffic

  • Discuss network routing options within Kubernetes

  • Discuss the benefits of the Ingress controller and object

  • Examine the Ingress object and controller pattern

• Provisioning Storage

  • Review available storage options for applications

  • Discuss constraints of persistent storage in a standard Kubernetes cluster deployment

  • Examine the storageClass object

• Kube Security: Implementing RBAC

  • Discuss RBAC implementation within Kubernetes

  • Examine Kubernetes RBAC components

  • Review Auditing within Kubernetes

  • Determine how to enable Auditing within a Kubernetes cluster

• Kubernetes Network Security

  • Review the the Kubernetes Networking Model

  • Discuss how Network Security is managed within the Kubernetes cluster

  • Examine managing network security with native and non-native Kubernetes tooling

  • Explain the native method of creating Network Policies

• Securing an Application Workload

  • Identify security mechanisms available to security between containers, pods, and the Kubernetes cluster

  • Discuss strategies for enabling flexibility within security policy while maintaining security compliance

  • Examine how to enable Pod Security Policy

• Multi-Tenancy in Kubernetes

  • Discuss multi-tenancy in a Kubernetes cluster

  • Examine native Kubernetes objects used for enabling multi-tenancy capability

  • Discuss multi-tenancy methods for Kubernetes