WA3239
Advanced Kubernetes Training
This Kubernetes (K8s) course goes beyond the fundamentals to teach attendees how to manage software updates, use access logs to troubleshoot issues, set up deployments, check health, and more.
Now that you are comfortable deploying containerized applications, master Kubernetes (K8s) to keep up with best practices to tackle the challenges that arise once an application has been deployed.
Course Details
Duration
4 days
Prerequisites
- Taken WA3003 or GL340 or have equivalent experience
- Understanding of Docker basics
- Familiarity with working at a terminal or command prompt
Target Audience
- Software Developers
- DevOps Personnel
- Platform Engineers
Skills Gained
- Understand Kubernetes deployment strategies like "Ramped", "Canary" and "a/b testing"
- Autoscale applications based on network load and available resources
- Recognize common K8s design patterns
- Configure and take advantage of Kubernetes' built-in logging features
- Setup and use cluster-level logging with the ELK logging stack
- Design and configure liveness and readiness health check probes
- Take advantage of best practices for workload and pods
- Learn the correct ways to configure persistent volumes
- Review methods for tightening cluster security
- Understand service mesh capabilities and benefits
- Implement observability for your cluster using built-in and 3rd party tools
Course Outline
- Deployment Strategies
- Rolling Updates
- Parameters for Rolling Updates
- Strategy Parameters in Deployment Specs
- Deployment Strategies
- Recreate
- Ramped
- Blue/Green
- Canary
- a/b Testing
- Deployment Status
- History
- Versioning of Deployments
- Labeling a Deployment Version in Kubernetes
- Versioning with Helm
- Deployment Tools
- Autoscaling
- Autoscaling
- HorizonalPodAutoscaler (HPA)
- Autoscale Command
- Autoscale Yaml
- Generating Traffic for Testing
- Response to Changing Traffic
- Get HPA --watch Mode
- Scaling Based on Requested Resources
- Scaling Based on Direct Value
- Metrics Types for Scaling
- Scaling Based on Multiple Metrics
- Design Patterns
- Design Patterns
- Core Patterns Overview
- Predictable Demands
- Health Probe
- Automated Placement/Scheduling
- Structural Patterns Overview
- Init Container
- Sidecar
- Ambassador
- Adapter
- Scatter/Gather
- Work Queue
- Leader/Primary Active Election
- Service Mesh Pattern
- Behavioral Patterns Overview
- Batch
- Stateful Service
- Service Discovery
- Advanced Patterns Overview
- Controller
- Operator
- Logging and Monitoring in K8s
- Logging in Kubernetes
- Application Logging
- Cluster Level Logging
- Pod and Container Logs
- Log Rotation
- Configuring Kubernetes Log Rotation
- Kubernetes System Component Logs
- Log Locations
- External Log Systems
- Cluster Level Logging
- Node Logging Agent
- Sidecar Container Logging
- Direct Log Publishing Architecture
- Logging Backend Systems
- External Log Systems Overview
- ELK Logging Stack
- EFK Logging Stack
- Google Cloud's Operations Suite
- K8s Probes and Heath Check Best Practices
- Probes in Kubernetes
- Health States
- Order of Probes
- Health as Determined by Controllers
- Pod Restart Policies
- Probe Handler Types
- "exec" Probe Type Example
- "tcpSocket" Probe Type Example
- "httpGet" Probe Type Example
- "httpGet" Endpoint Example Code
- Setting a Liveness Probe
- Liveness Probe (cont.)
- Setting a Readiness Probe
- Checking for Probes
- Liveness Probe Best Practices
- Readiness Probe Best Practices
- Workload and Pod Best Practices
- Workloads
- Best Practices
- Keep Kubernetes Updated
- The Right K8s Resource for Your Workload
- Workload Resources
- Use Smaller Container Images
- Always Set Resource Requests and Limits
- Implement the Appropriate Health Probes
- Implement Role Based Access Control (RBAC)
- Use Namespaces
- Storage and Security Best Practices
- Kubernetes Storage
- StorageClass Resources
- Storage Best Practices
- Including PVCs in container configurations
- Keeping PVs independent of container configurations
- Creating and using default storage classes
- Giving StorageClasses meaningful names
- Security Best Practices
- Use third-party Authentication
- Protect the Kubernetes etcd data store
- Isolate Kubernetes Nodes
- Look for Anomalous Network Communications
- Use Process Whitelisting
- Turn on Audit Logging
- Lock Down Kubelet
- Service Mesh
- What is a Service Mesh
- Service Mesh Advantages
- Service Mesh Features
- Service Discovery
- Load Balancing
- Reliability/Failure Recovery
- Observability
- Security/Encryption
- Downsides to Service Mesh
- Service Mesh Implementations
- Installing a Typical Service Mesh
- Observability
- Observability
- Components of Observability
- Logs
- Metrics
- Performance Metrics
- Traces
- Observability Tools
- FluentD
- Prometheus
- Prometheous Architecture Diagram
- Jaeger
- Jaeger User Interface
- Grafana
- Grafana Visualization Components
- Lab Exercises
- Lab 01. Playing with Version, History, and Rolling Updates
- Lab 02. Autoscaling
- Lab 03. Game_Name that Pattern
- Lab 04. Logging and Monitoring with native K8s tools
- Lab 05. Setting up External Logging in K8s
- Lab 06. Setting up Readiness Probes and Health Checks
- Lab 07. Design Game_Best Workload for your App
- Lab 08. Running CIS checks using kube-bench
- Lab 09. Setting up a basic service mesh
- Lab 10. Pixie Demo_Tracing
- Lab 11. Troubleshooting and Debugging in K8s