Kubernetes: Mega - rate 120,000 rub. from Slurm, training 1 month, Date: December 27, 2023.

Topic No. 1. Introduction

Topic No. 2. Creating a failover cluster from the inside

Analysis of the Kubernetes architecture and various methods for ensuring high availability.
Creating a cluster manually using the kubeadm utility.

Topic No. 3. User Authentication in a Cluster

Authentication and authorization of users in the k8s cluster, authentication mechanisms, practical work on setting up the integration of Active Directory and Kubernetes.

Topic No. 4. Network Policy

Review of popular networking plugins for Kubernetes. Studying the mechanism for configuring a cluster firewall in Kubernetes.

Topic No. 5. Security and highly available applications in a cluster

Let's get acquainted with Kubernetes tools that make working in Kubernetes more secure and the application more fault-tolerant. Let's learn how to control how developers specify Limits/Requests, and how to prohibit the use of root containers in Namespace.

Topic No. 6. Kubernetes under the hood

We analyze in detail the work of scheduler, API Server, Controller manager, and learn how to make our own operators for Kubernetes.

Topic No. 7. Stateful applications in a cluster

Let's talk about how to run a database in Kubernetes and whether it's worth doing. Let's discuss which databases are better suited for running and which ones are less suitable. Let's discuss what pitfalls there are when running databases in Kubernetes.

Topic No. 8. Keeping secrets

Techniques for working with secrets in Kubernetes. Hashicorp Vault integration, automated transfer of settings from Vault to the application using a webhook from Banzai Clod.

Topic No. 9. Horizontal Pod Autoscaler

Let's understand autoscaling applications in a cluster. In practice, we look at the working mechanisms. We connect custom metrics to the cluster autoscaler.

Topic No. 10. Cluster backup

Methods for backing up a cluster and applications running in it. Practical examples of backup for manifests using Velero as an example.

Topic No. 11. Rotating certificates in a cluster

The kubeadm utility creates service certificates for Control Plane with a validity period of 1 year: what to do to renew the certificates on time so that your cluster can operate for longer than a year.

Topic No. 12. Deploy

We look at alternative mechanisms for deploying applications to a cluster, understand what a Service mesh is and why it is needed, and look at Istio in practice.

Topic No. 13. Open Policy Agent

• What is Open Policy Agent (OPA) and why is it the future?
• How can you validate all objects that are created in Kubernetes using one admission-controller.
• How and with what to replace an outdated PSP, while gaining additional useful functions.
• How to implement Gatekeeper into a large production cluster without breaking anything.
• What are the pitfalls when implementing OPA/Gatekeeper.

Topic No. 14. Own operator K8s

Let's look at the basic concepts that are needed to create an operator (CRD - Custom Resource Definition, controllers).
Let's show in practice how you can write your own operator using the Operator SDK tool without a single line of code.

Topic No. 15. Service Mesh

We look at alternative mechanisms for deploying applications to a cluster, understand what a Service mesh is and why it is needed, and look at Istio in practice.