O'Reilly logo
live online training icon Live Online training

Advanced Kubernetes in Practice

Deploying stateful applications, and managing and securing the Kubernetes cluster

Viktor Farcic

Kubernetes is an open source system used to automate the deployment and management of containerized applications. This course will walk you through the advanced aspects and management of Kubernetes clusters.

You will dive deep into the core operational concepts of Kubernetes, such as managing resources, automating and maintaining workflows, and deploying stateful applications. We will also cover concepts around securing your Kubernetes cluster.

By the end of this course, you will be capable of easily orchestrating updates, reducing the downtime of your cluster, and resolving every possible instability within your Kubernetes cluster.

What you'll learn-and how you can apply it

You will learn how to:

  • Use ConfigMaps to inject configurations into containers
  • Use Secrets to inject confidential information into containers
  • Divide a cluster into Namespaces that provide isolation, increased security, and -avoid undesirable effects applications can have on each other
  • Secure your clusters
  • Manage resources (CPU and memory) required by your applications
  • Persist state of your applications across failures
  • Deploy and manage your stateful applications

This training course is for you because...

The course is aimed at DevOps Engineers, developers and IT Operations who want to gain proficiency and confidence with Kubernetes, and enhance the DevOps culture using Kubernetes.

Prerequisites

Materials, downloads, or Supplemental Content needed in advance

If you are a Windows user, please make sure that your Git client is configured to check out the code AS-IS. Otherwise, Windows might change carriage returns to the Windows format. You will also need an AWS account and AWS CLI. Please note that it should be free from any customizations and limitations your company might have introduced. If in doubt, please use your personal account.

Please double check that VirtualBox, minikube, and kubectl work by executing:

minikube start --vm-driver=virtualbox

kubectl get nodes

minikube delete

Prerequisites

The DevOps 2.3 Toolkit: Kubernetes: Deploying and managing highly-available and fault-tolerant applications at scale

Learning Docker, Second Edition

Docker Cookbook

About your instructor

Schedule

The timeframes are only estimates and may vary according to how the class is progressing

DAY 1

Section 1: Using ConfigMaps To Inject Configuration Files (50 mins)

ConfigMaps allow us to keep configurations separate from application images. Such separation is useful when other alternatives are not a good fit.

Break : 10 mins

Section 2: Using Secrets To Hide Confidential Information (50 mins)

We cannot treat all information equally. Sensitive data needs to be handled with additional care. Kubernetes provides an additional level of protection through Secrets.

Break : 10 mins

Section 3: Dividing A Cluster Into Namespaces (50 mins)

Applications and corresponding objects often need to be separated from each other to avoid conflicts and other undesired effects.

Break : 10 mins

Section 4: Securing Kubernetes Clusters (1 hour)

Security implementation is a game between a team with a total lock-down strategy and a team that plans to win by providing complete freedom to everyone. You can think of it as a battle between anarchists and totalitarians. The only way the game can be won is if both blend into something new. The only viable strategy is freedom without sacrificing security (too much).

DAY 2

Section 5: Managing Resources (1 hour)

Without an indication how much CPU and memory a container needs, Kubernetes has no other option than to treat all containers equally. That often produces a very uneven distribution of resource usage. Asking Kubernetes to schedule containers without resource specifications is like entering a taxi driven by a blind person.

Break : 10 mins

Section 6: Persisting State (1 hour)

Having fault-tolerance and high-availability is of no use if we lose application state during rescheduling. Having state is unavoidable, and we need to preserve it no matter what happens to our applications, servers, or even a whole datacenter.

Break : 10 mins

Section 7: Deploying Stateful Applications At Scale (1 hour)

Stateless and stateful application are quite different in their architecture. Those differences need to be reflected in Kubernetes as well. The fact that we can use Deployments with PersistentVolumes does not mean that is the best way to run stateful applications.

Wrap-up: Summary, Discussions, Q&A (50 mins)