Training Plan

Day1: Understanding Kubernetes

  • Understand host networking configuration on the cluster nodes

  • Understand connectivity between Pods

  • Understand ClusterIP, NodePort, LoadBalancer service types and endpoints

  • Know how to use Ingress controllers and Ingress resources

  • Know how to configure and use CoreDNS

  • Choose an appropriate container network interface plugin

  • Understand deployments and how to perform rolling update and rollbacks

  • Use ConfigMaps and Secrets to configure applications

  • Know how to scale applications

  • Understand the primitives used to create robust, self-healing, application deployments

Day2: Kubernetes Security – Calico

  • Use Network security policies to restrict cluster level access

  • Use CIS benchmark to review the security configuration of Kubernetes components (etcd, kubelet, kubedns, kubeapi)

  • Properly set up Ingress objects with security control

  • Exercise caution in using service accounts e.g. disable defaults, minimize permissions on newly created ones

  • Appropriately use kernel hardening tools such as AppArmor, seccomp

Day3: Kubernetes Security – Calico

  • Use and Understand Calico Networking

  • Use Calico Policy Rules for Hosts, Services and Istio

  • Calico and Kuberntes Ingress and Egress Management Policies

Day4: Kubernetes Security – Istio Service Mesh

  • Explore the Istio architecture and its components

  • Install the Istio service mesh in Kubernetes using Helm and manually

  • Control ingress and egress traffic in the service mesh

  • Apply path, header, and weight-based routing strategies

  • Perform Blue/Green and Canary deployments with Istio

  • Implement service resiliency using timeouts, circuit breakers, bulkheads and retries

PreviousVirtual Training PracticesNextTools and Configuration

Last updated