Course Outline
Introduction to Self-Managed Kubernetes
- Kubernetes architecture and core components
- Managed vs self-managed Kubernetes trade-offs
- Vendor lock-in concerns and sovereignty benefits
- Deployment options: kubeadm, kOps, and manual installation
Planning Your Infrastructure
- Hardware sizing for control plane and worker nodes
- High availability requirements and topologies
- OS selection and preparation (Ubuntu, RHEL, Rocky Linux)
- Network prerequisites and firewall configuration
Installing Container Runtimes
- Container runtime options: containerd vs CRI-O
- Installing and configuring containerd
- Installing and configuring CRI-O
- Runtime security considerations
Bootstrapping the Cluster with kubeadm
- Installing kubeadm, kubelet, and kubectl
- Initializing the first control plane node
- Configuring kubeconfig for cluster access
- Joining additional control plane nodes for HA
- Joining worker nodes to the cluster
Configuring High Availability
- Stacked vs external etcd topologies
- Setting up HAProxy or Keepalived for API server load balancing
- Certificate management and renewal
- Backup and recovery strategies for etcd
Container Networking
- CNI plugin selection: Calico, Cilium, Flannel, Weave
- Installing and configuring Calico
- Network policies for security
- Node-to-node communication and pod networking
- Exposing services without cloud load balancers
Service Load Balancing
- MetalLB for bare-metal load balancing
- Configuring Layer 2 and BGP modes
- Keepalived and HAProxy alternatives
- Ingress controller deployment (nginx, Traefik)
Storage Solutions
- Storage class and CSI driver concepts
- Local persistent volumes
- NFS provisioner setup
- Distributed storage options: Ceph RBD, OpenEBS
- Snapshot and cloning capabilities
Cluster Security
- Certificate authority and PKI management
- RBAC configuration and service accounts
- Pod security standards and admission controllers
- Securing the API server and etcd
- Image signing and verification
Self-Hosted Container Registry
- Harbor registry deployment
- Docker Registry setup
- Image replication and vulnerability scanning
- Registry authentication and integration
Monitoring and Observability
- Prometheus and Grafana stack deployment
- VictoriaMetrics as lightweight alternative
- Node and pod metrics collection
- Custom alerting rules and dashboards
- Log aggregation with Loki or Fluentd
Cluster Maintenance
- Kubernetes version upgrades using kubeadm
- Rolling updates for control plane components
- Certificate rotation procedures
- Node maintenance and cordoning
Backup and Disaster Recovery
- etcd backup and restore procedures
- Velero for cluster resource and PV backup
- Cross-site replication strategies
- Testing recovery procedures
Multi-Cluster Management
- Rancher or Portainer for cluster management
- Cluster federation concepts
- Workload distribution strategies
Requirements
- An understanding of containers and containerization
- Experience with Linux system administration
- Basic networking knowledge
- Familiarity with command line tools and SSH
Audience
- DevOps/SRE engineers
- System administrators
- Technical architects
- Infrastructure engineers seeking vendor independence
Testimonials (3)
Encouraging and openness to expanding the discussion on topics related to the training scope but with the specific context of our company
Michal Koscinski - Volkswagen Poznan Sp. z o.o.
Course - Docker, Kubernetes and OpenShift 3 for Administrators
Machine Translated
About the microservices and how to maintenance kubernetes
Yufri Isnaini Rochmat Maulana - Bank Indonesia
Course - Advanced Platform Engineering: Scaling with Microservices and Kubernetes
How trainer deliver knowledge so effectively
