Skip to content

kubernetes-training

Versions

  1. Kubernetes: v1.21.2 (released on 2021-06-18)
  2. kustomize: v4.2.0 (released on 2021-07-02)
  3. Helm: 3.6.3 (released on 2021-07-15)
  4. Traefik: v2.9.0
  5. ArgoCD: v2.2.3 (released on 2022-01-19)
  6. Prometheus-Operator: v0.53.1 (released on 2021-12-20)
  7. Prometheus: Latest
  8. Grafana: Latest
  9. Strimzi: 0.24.0 (released on 2021-06-24)
  10. Kind: v0.11.1 (released on 2021-05-28)
  11. Ingress Nginx Controller: v0.48.0 (released on 2021-07-15)
  12. Conftest: 0.25.0 (released on 2021-05-08)
  13. Istio: 1.12.2 (released on 2022-01-19)
  14. PostgresOperator: v1.7.1 (released on 2021-11-04)
  15. Cert Manager: v1.7.1 (released on 2022-02-05)

Contents

  1. Kubernetes Cluster
    1. kubernetes-the-hard-way
    2. Kubeadm in local
    3. kind
  2. Kubernetes Features
    1. Autoscaler HPA with custom metrics
    2. amazon-eks-workshop
  3. Kubernetes Components
    1. kubernetes-scheduler
    2. etcd
    3. kube-apiserver
    4. kube-controller-manager
    5. kube-proxy
    6. kubelet
  4. Kubernetes Extensions
    1. kubernetes-operator
    2. kubernetes-scheduler
    3. plugins (todo)
  5. Deloyment Managemet
    1. Knative
    2. Skaffold (todo)
  6. Networking
    1. traefik
    2. ingress-nginx-controller
  7. Middleware (Operator)
    1. strimzi
    2. eck
  8. Service Proxy, Discovery, and, Mesh
    1. istio
  9. Monitoring
    1. Prometheus
    2. Prometheus Operator
    3. [Thanos (todo)] https://thanos.io/
    4. Grafana
    5. Grafana Operator
    6. Grafana Loki
    7. [Grafana Tempo (todo)] https://grafana.com/docs/tempo/latest/
    8. [Jaeger (todo)] https://www.jaegertracing.io/
  10. Security
    1. open-policy-agent
    2. Cert Manager
  11. Yaml Management
    1. Helm
    2. Helm vs Kustomize
  12. CI/CD
    1. Conftest
    2. ArgoCD
    3. Kyverno https://kyverno.io/
    4. Polaris https://www.fairwinds.com/polaris
  13. Machine Learning
    1. kubeflow
  14. Databases
    1. [Vitess] https://github.com/vitessio/vitess
    2. [TiDB] https://github.com/pingcap/tidb
    3. [TimescaleDB] https://github.com/timescale/timescaledb-kubernetes
    4. mysql-operator
    5. postgres-operator

Cloud Native Trail Map

  • https://github.com/cncf/trailmap
  • https://www.cncf.io/blog/2018/03/08/introducing-the-cloud-native-landscape-2-0-interactive-edition/

alt text

1. CONTAINERIZATION

  1. Containers 101: attach vs. exec - what's the difference?

2. CI/CD

2.1 ArgoCD

3. ORCHESTRATION & APPLICATION DEFINITION

3.1 Kubernetes

Useful Commands

  • DNS
    kubectl apply -f https://k8s.io/examples/admin/dns/dnsutils.yaml
    kubectl exec -i -t dnsutils -- nslookup kubernetes.default
    
  • Debug with ephemeral containers (alpha in 1.22, beta in 1.23)
    kubectl run ephemeral-demo --image=k8s.gcr.io/pause:3.1 --restart=Never
    kubectl debug -it ephemeral-demo --image=busybox --target=ephemeral-demo
    
  • Create pod with busyboxy-curl
    kubectl run -it --rm=true busybox --image=yauritux/busybox-curl --restart=Never
    

Set up Kubernetes Cluster with kubeadm (local)

kubeadm-local

Set up Kubernetes Cluster on GCP (kubernetes-the-hard-way)

Kubernetes The Hard Way

Kubernetes Components

  1. kubernetes-scheduler
  2. etcd
  3. kube-apiserver
  4. kube-controller-manager
  5. kube-proxy
  6. kubelet

More Practices of Applications on Kubernetes

3.2 Helm

  1. Create Helm chart.

    helm create <chart-name e.g. helm-example>
    
  2. Update files under templates and values.yaml

  3. Test apply.

    helm install helm-example --debug ./helm-example
    
  4. Make a package.

    helm package helm-example
    
  5. Create repository and set index.

    helm repo index ./ --url https://nakamasato.github.io/helm-charts-repo
    
  6. Install a chart.

    helm repo add nakamasato https://nakamasato.github.io/helm-charts-repo
    helm repo update # update the repository info
    helm install example-from-my-repo nakamasato/helm-example
    

4. OBSERVABILITY & ANALYTICS

4.1. Prometheus

4.2. Prometheus Operator

TBD

  • fluentd
  • Jaeger
  • Open Tracing

5. SERVICE PROXY, DISCOVERY & MESH

5.1. Istio

TBD

  • envoy
  • CoreDNS
  • Linkerd

6. NETWORKING, POLICY & SECURITY

6.1 Open Policy Agent

gatekeeper

  1. Install gatekeeper

    kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml
    
  2. Create ConstraintTemplate

  3. Create custom policy defined in the previous step.

conftest

  1. Write policy in policy directory.

    deny[msg] {
      input.kind = "Deployment"
      not input.spec.template.spec.nodeSelector
      msg = "Deployment must have nodeSelector"
    }
    
  2. Write tests in the same directory.

    test_no_nodeSelector {
      deny["Deployment must have nodeSelector"] with input as
      {
        "kind": "Deployment",
        "spec": {
          "template": {
            "spec": {
              "containers": [
              ],
            }
          }
        }
      }
    }
    
  3. Run test.

    conftest verify
    
    1 tests, 1 passed, 0 warnings, 0 failures, 0 exceptions
    
  4. Validate a manifest file.

    conftest test manifests/valid/deployment.yaml
    
    1 tests, 1 passed, 0 warnings, 0 failures, 0 exceptions
    

TBD

  • CNI
  • falco

7. DISTRIBUTED DATABASE & STORAGE

7.1. etcd

TBD

8. STREAMING & MESSAGING

TBD

  • gRPC
  • NATS
  • cloudevents

9. CONTAINER REGISTRY & RUNTIME

TBD

  • containerd
  • harbor
  • cri-o

10. SOFTWARE DISTRIBUTION

TBD

  • TUF
  • notaru