This course provides fundamental knowledge of linux containers and their orchestration using kubernetes (k8s).
It assumes participant linux knowledge but no other container related knowledge is necessary.This course:
  • Explains and demonstrates building blocks of linux containers using standard linux tools.  This way, participants should have idea what container as isolated environment is.
  • Explains automatization of previous process by creating container images and spinning containers in container runtime and other possibilities like image management, exposing ports, persistent storage,  etc. Here, distinction between “full containers” as in lxc/lxd vs “microcontainers” as in docker/containerd is explained and demonstrated.  Simple lxd container is first created and reviewed.  Then, docker is explained and lot of examples and docker possibilities are shown here.
  • Explains need for container orchestration and present architecture of kubernetes (k8s) platform and its usage. Redundant multimaster/multiworker environment is created using native kubernets tools. Then, in the number of labs, workload concepts like Pod, Deployment, StatefullSet, DaemonSet, and other concepts like ConfigMaps, Secrets, storage concepts, are explained and demonstrated. Exposing of services is important concept so  various possibilities are described and demonstrated.
To get better understanding of whole process, beside “standard” container images available on public repositories, participants will create own simple image and deploy it in docker and later in kuberneters. This approach will ensure better understanding of whole process and architechture.
Note that this course has continuation in Understanding and using linux containers and Kubernetes v1.1, 2nd part as 5 days (duration of this course) is not enough to cover all topics.

 

Course content:

 

Part1: Container concepts and underlying mechanisms

Goal: to describe linux possibilities and manualy implement isolated process environments, limit their resources and show image layering capabilities. This way, we can easily compare situation we have in docker and kubernetes with manualy created isolated environment
Isolation: introduction to chroot and linux namespaces
Unsharing with network, process and other namespaces
Using overlay based filesystems for templates
Resource management and isolation: cgroups overview
Using cgroups for resource isolation
Using cgroups for resource limitation/scheduling
Part2: Containers and technologies
LXC/LDX full container approach vs Docker microservices approach
LXD example
Creating ubuntu container
Quick analysis of processes, networking, fs
Docker

Instalation

Basic usage

Examine container implementation

Entering container

Detaching and attaching

Stopping and restarting

Commiting image from container

Setting startup program for image

Container logs

Prepare network script and test

Publish port

Environment variables

Docker volumes

Internal network connectivity

Default and custom networks

Building image

Unprivileged image

Export container filesystem to inspect content on host

Copy files from and to container from host

Inspecting runnning container filesystem and network config

Load and save image

Docker compose

CA setup and use for local registry

Instructor – setup CA setup and use for local registry

Student – trust CA setup and use for local registry

Student – prepare certificate request

Sign certificate

Student – download signed certificate

Prepare registry

Publish image to repo and fetch

Docker architecture and underlying container runtimes

Part3: Kubernets platform
Need for container orchestarion
Kubernets model and components;  Containers and Pods, Nodes,  Control plane components, Networking model; Controller concept
Installing redundant cluster:

Load balancers

Setting up servers, installing and configuring docker, installing k8s packages

Ansible playbook for install

Ansible playbook exec results for install

Check docker on km node

Pushing top level certificate to servers

Install additional packages

Bootstrapping the cluster

First master node km11

Master nodes km12 and km13

Worker nodes kw21 and kw22

Fetch admin credentials and install k8 client

 

Working on cluster – underestanding and using kubernetes

Completions, editor

Default namespace, pods, formatting output

Create namespace

Create pod using imperative command, examine underlying container

Examine restart behaviour

No pause-resume possibility

Examine node restart behavior for pod

Create pod using apply

Interpod communication, external traffic

Multicontainer pod

Init containers and probe

Services – ClusterIP

Services – load balancing

Probes

Volumes

Prepare and test nfs server

Create PersistentVolume

Prepare services and pod for test but without using volume

Test pod with volume

Expose pod outside of kubernetes using NodePort

ReplicaSet

Deployment

StatefulSet

Prepare automatic volume provisioning for StatefulSet lab

Headless service

StatefulSet lab

DaemonSet

Job and CronJob

Environmet vars, ConfigMap, Secrets

Pulling images from private registries

Part4: Kubernets platform, continuation (covered in separate course)

Note: folowing topics are  NOT covered in this course, rather in Understanding and using linux containers and Kubernetes v1.1, 2nd part , as 5 days (duration of this course) is not enough to cover all topics. Topics are provided here just to have complete info for both courses.

Kubernetes API, AAAA with RBAC overview

Example – non namespaced request

Example – namespaced request

Example – non resource request

Service accounts, RBAC

Users and RBAC

Kubernetes dashboard

Service type LoadBalancer

Metal LB files for version in this materials

Ingress

Ingres nginx implementation and examples

Scheduler

Scheduling, Taints, Tollerations – theory

Scheduling examples

Limiting pod network access

Metrics server

Pod resources

Helm