# Training Plan

### Day1: Understanding Kubernetes

* Understand host networking configuration on the cluster nodes
* Understand connectivity between Pods
* Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
* Know how to use Ingress controllers and Ingress resources
* Know how to configure and use CoreDNS
* Choose an appropriate container network interface plugin
* Understand deployments and how to perform rolling update and rollbacks
* Use ConfigMaps and Secrets to configure applications
* Know how to scale applications
* Understand the primitives used to create robust, self-healing, application deployments

### Day2: Kubernetes Security – Calico

* Use Network security policies to restrict cluster level access
* Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)
* Properly set up Ingress objects with security control
* Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones
* Appropriately use kernel hardening tools such as AppArmor, seccomp

### Day3: Kubernetes Security – Calico

* Use and Understand Calico Networking
* Use Calico Policy Rules for Hosts, Services and Istio
* Calico and Kuberntes Ingress and Egress Management Policies

 

### Day4: Kubernetes Security – Istio Service Mesh

* Explore the Istio architecture and its components
* Install the Istio service mesh in Kubernetes using Helm and manually
* Control ingress and egress traffic in the service mesh
* Apply path, header, and weight-based routing strategies
* Perform Blue/Green and Canary deployments with Istio
* Implement service resiliency using timeouts, circuit breakers, bulkheads and retries