kubernetes-training

Versions

1. Kubernetes: v1.21.2 (released on 2021-06-18)
2. kustomize: v4.2.0 (released on 2021-07-02)
3. Helm: 3.6.3 (released on 2021-07-15)
4. Traefik: v2.9.0
5. ArgoCD: v2.2.3 (released on 2022-01-19)
6. Prometheus-Operator: v0.53.1 (released on 2021-12-20)
7. Prometheus: Latest
8. Grafana: Latest
9. Strimzi: 0.24.0 (released on 2021-06-24)
10. Kind: v0.11.1 (released on 2021-05-28)
11. Ingress Nginx Controller: v0.48.0 (released on 2021-07-15)
12. Conftest: 0.25.0 (released on 2021-05-08)
13. Istio: 1.12.2 (released on 2022-01-19)
14. PostgresOperator: v1.7.1 (released on 2021-11-04)
15. Cert Manager: v1.7.1 (released on 2022-02-05)

Contents

1. Kubernetes Cluster
   1. kubernetes-the-hard-way
   2. Kubeadm in local
   3. kind
2. Kubernetes Features
   1. Autoscaler HPA with custom metrics
   2. amazon-eks-workshop
3. Kubernetes Components
   1. kubernetes-scheduler
   2. etcd
   3. kube-apiserver
   4. kube-controller-manager
   5. kube-proxy
   6. kubelet
4. Kubernetes Extensions
   1. kubernetes-operator
   2. kubernetes-scheduler
   3. plugins (todo)
5. Namespaces
   1. hierarchical namespaces (HNC)
6. Deloyment Managemet
   1. Knative
   2. Skaffold (todo)
7. Networking
   1. Kubernetes Gateway API
      1. Envoy Gateway
      2. Istio
      3. Kong
      4. NGINX Kubernetes Gateway
      5. traefik
   2. Ingress
      1. ingress-nginx-controller
8. Middleware (Operator)
   1. strimzi
   2. eck
9. Service Proxy, Discovery, and, Mesh
   1. istio
10. Monitoring
    1. Prometheus
    2. Prometheus Operator
    3. [Thanos (todo)] https://thanos.io/
    4. Grafana
    5. Grafana Operator
    6. Grafana Loki
    7. Grafana Tempo
    8. [Jaeger (todo)] https://www.jaegertracing.io/
11. Security
    1. open-policy-agent
    2. Cert Manager
12. Yaml Management
    1. Helm
    2. Helm vs Kustomize
13. CI/CD
    1. Conftest
    2. ArgoCD
    3. Kyverno https://kyverno.io/
    4. Polaris https://www.fairwinds.com/polaris
14. Machine Learning
    1. kubeflow
15. Databases
    1. [Vitess] https://github.com/vitessio/vitess
    2. [TiDB] https://github.com/pingcap/tidb
    3. [TimescaleDB] https://github.com/timescale/timescaledb-kubernetes
    4. mysql-operator
    5. postgres-operator

Cloud Native Trail Map

• https://github.com/cncf/trailmap
• https://www.cncf.io/blog/2018/03/08/introducing-the-cloud-native-landscape-2-0-interactive-edition/

1. CONTAINERIZATION

1. Containers 101: attach vs. exec - what's the difference?

2. CI/CD

2.1 ArgoCD

3. ORCHESTRATION & APPLICATION DEFINITION

3.1 Kubernetes

Useful Commands

• DNS

  kubectl apply -f https://k8s.io/examples/admin/dns/dnsutils.yaml
  kubectl exec -i -t dnsutils -- nslookup kubernetes.default
  

• Debug with ephemeral containers (alpha in 1.22, beta in 1.23)

  kubectl run ephemeral-demo --image=k8s.gcr.io/pause:3.1 --restart=Never
  kubectl debug -it ephemeral-demo --image=busybox --target=ephemeral-demo
  

• Create pod with busyboxy-curl

  kubectl run -it --rm=true busybox --image=yauritux/busybox-curl --restart=Never
  

Set up Kubernetes Cluster with kubeadm (local)

kubeadm-local

Set up Kubernetes Cluster on GCP (kubernetes-the-hard-way)

Kubernetes The Hard Way

Kubernetes Components

1. kubernetes-scheduler
2. etcd
3. kube-apiserver
4. kube-controller-manager
5. kube-proxy
6. kubelet

More Practices of Applications on Kubernetes

3.2 Helm

1. Create Helm chart.

   helm create <chart-name e.g. helm-example>
   

2. Update files under templates and values.yaml

3. Test apply.

   helm install helm-example --debug ./helm-example
   

4. Make a package.

   helm package helm-example
   

5. Create repository and set index.

   helm repo index ./ --url https://nakamasato.github.io/helm-charts-repo
   

6. Install a chart.

   helm repo add nakamasato https://nakamasato.github.io/helm-charts-repo
   helm repo update # update the repository info
   helm install example-from-my-repo nakamasato/helm-example
   

4. OBSERVABILITY & ANALYTICS

4.1. Prometheus

4.2. Prometheus Operator

4.3. Opentelemetry & Jaeger

TBD

• fluentd

5. SERVICE PROXY, DISCOVERY & MESH

5.1. Istio

5.2. Envoy

TBD

• CoreDNS
• Linkerd

6. NETWORKING, POLICY & SECURITY

6.1 Open Policy Agent

gatekeeper

1. Install gatekeeper

   kubectl apply -f https://raw.githubusercontent.com/open-policy-agent/gatekeeper/master/deploy/gatekeeper.yaml
   

2. Create ConstraintTemplate

3. Create custom policy defined in the previous step.

conftest

1. Write policy in policy directory.

   deny[msg] {
     input.kind = "Deployment"
     not input.spec.template.spec.nodeSelector
     msg = "Deployment must have nodeSelector"
   }
   

2. Write tests in the same directory.

   test_no_nodeSelector {
     deny["Deployment must have nodeSelector"] with input as
     {
       "kind": "Deployment",
       "spec": {
         "template": {
           "spec": {
             "containers": [
             ],
           }
         }
       }
     }
   }
   

3. Run test.

   conftest verify
   
   1 tests, 1 passed, 0 warnings, 0 failures, 0 exceptions
   

4. Validate a manifest file.

   conftest test manifests/valid/deployment.yaml
   
   1 tests, 1 passed, 0 warnings, 0 failures, 0 exceptions
   

TBD

• CNI
• falco

7. DISTRIBUTED DATABASE & STORAGE

7.1. etcd

TBD

• Vitess
• Rook
• TiDB
• TimescaleDB

8. STREAMING & MESSAGING

TBD

• gRPC
• NATS
• cloudevents

9. CONTAINER REGISTRY & RUNTIME

TBD

• containerd
• harbor
• cri-o

10. SOFTWARE DISTRIBUTION

TBD

• TUF
• notaru