# Operations 28th - 29th September 2022 ## Welcome Welcome to the 2 day Kubernetes Operations workshop from [Control Plane](https://control-plane.io) Slides and exercises will be shared at the end of the course. ## TL;DR ### Links - [HackMD - Operations](https://hackmd.io/@0DD9_nHFTU2hTu42VtojIw/HJjjTqeMs) - [HackMD - Fundamentals](https://hackmd.io/H3kJKCWXQQ2V-9gsavLWAA) - [Exercises](https://control.training/operations) - [Materials - Operations](https://drive.google.com/drive/folders/1RFejQ2DXle_Uj6CcYlqK-4ECV1lFjy66?usp=sharing) - [Google Cloud](https://console.cloud.google.com/) ### Trainers - [Ahmed Gaber](mailto:ahmedgabercp@gmail.com) - [Sophia󠁢 Mexi-Jones󠁷󠁬󠁳󠁿](mailto:sophia.mexi-jones@control-plane.io) --- ## Schedule ### Day 1 | Time | Task | | ------------ | --------------- | | 09:00 | Setting up | | 09:30 | Content | | 10:30 | **Break** | | 10:45 | Content | | 12:00 | **Lunch** | | 13:00 | Content | | 15:00 | **Break** | | 15:15 | Content | | 17:00 | Closing Day 1 | ### Day 2 | Time | Task | | ------------ | --------------- | | 09:00 | Setting up | | 09:30 | Content | | 10:30 | **Break** | | 10:45 | Content | | 12:00 | **Lunch** | | 13:00 | Content | | 15:00 | **Break** | | 15:15 | Debugging | | 17:00 | Closing Day 2 | --- ## Videos - [Kubernetes System Components](https://vimeo.com/414518402/0dbdc85f5f) - [Installation Methods](https://vimeo.com/414526709/1db196994d) - [Logging and Monitoring](https://vimeo.com/414519291/cec3ababed) - [Multitenancy](https://vimeo.com/414519516/5314e6af02) - [Cluster State](https://vimeo.com/414518273/5e623fae1c) - [Zero Downtime Deployments slides](https://vimeo.com/414526430/e44986311f) - [Secrets Management](https://vimeo.com/414519796/62dbd25e4d) - [Testing Network Policy](https://vimeo.com/414526109/ae15d726f2) - [Ingress](https://vimeo.com/414518878/6c88904773) - [Users, Identity, and RBAC](https://vimeo.com/425420599/03249d1eac) ## Slide References ### Kubernetes System Components - [API server ports and IPs](https://kubernetes.io/docs/reference/access-authn-authz/controlling-access/#api-server-ports-and-ips) - [RAFT protocol](https://runway.systems/?model=github.com/ongardie/runway-model-raft#) - [Kubernetes High Availability: No Single Point of Failure](https://thenewstack.io/kubernetes-high-availability-no-single-point-of-failure/) - [kube-ops-view](https://codeberg.org/hjacobs/kube-ops-view) - [What happens when ... Kubernetes edition!](https://github.com/jamiehannaford/what-happens-when-k8s) - [Kubernetes Networking: How to Write Your Own CNI Plug-in with Bash](https://www.altoros.com/blog/kubernetes-networking-writing-your-own-simple-cni-plug-in-with-bash/) ### Kubernetes Installation Methods - [Pick right solution](https://unofficial-kubernetes.readthedocs.io/en/latest/setup/pick-right-solution/) - [Awesome Kubernetes](https://github.com/ramitsurana/awesome-kubernetes#installers) - [Kubernetes High Availability: No Single Point of Failure](https://thenewstack.io/kubernetes-high-availability-no-single-point-of-failure/) - [kube-spawn](https://github.com/kinvolk/kube-spawn) - [Implementation details](https://kubernetes.io/docs/reference/setup-tools/kubeadm/implementation-details/) - [Kubernetes The Hard Way](https://github.com/kelseyhightower/kubernetes-the-hard-way) ### Kubernetes Logging and Monitoring - [The RED Method: key metrics for microservices architecture](https://www.weave.works/blog/the-red-method-key-metrics-for-microservices-architecture/) - [Easily deploy, manage, and monitor container-based applications](https://cloud.weave.works ) - [Logging Architecture](https://kubernetes.io/docs/concepts/cluster-administration/logging/) - [Observability of Clusters and Containers](https://github.com/javajon/kubernetes-observability) - [Logging Using Elasticsearch and Kibana](https://kubernetes.io/docs/tasks/debug-application-cluster/logging-elasticsearch-kibana/) - [The RED Method: How To Instrument Your Services](https://youtu.be/TJLpYXbnfQ4) - [Kubernetes Monitoring 101 — Core pipeline & Services Pipeline](https://medium.com/magalix/kubernetes-monitoring-101-core-pipeline-services-pipeline-a34cd4cc9627) ### Kubernetes in the Cloud - [Getting started with Amazon EKS](https://aws.amazon.com/eks/getting-started/) - [Google Kubernetes Engine](https://cloud.google.com/kubernetes-engine) - [Azure AKS](https://docs.microsoft.com/en-us/azure/aks/intro-kubernetes) ### Multitenancy - [Using Admission Controllers](https://kubernetes.io/docs/reference/access-authn-authz/admission-controllers/) - [Namespaces](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) - [Cluster multi-tenancy](https://cloud.google.com/kubernetes-engine/docs/concepts/multitenancy-overview) - [Kubernetes Multi-Tenancy Best Practices](https://platform9.com/blog/kubernetes-multi-tenancy-best-practices/) ### Cluster State - [Encrypting Secret Data at Rest](https://kubernetes.io/docs/tasks/administer-cluster/encrypt-data/) - [Secure Secret management for Kubernetes (with gpg, Google Cloud KMS and AWS KMS backends)](https://github.com/shyiko/kubesec) - [Encryption at rest KMS integration](https://github.com/kubernetes/features/issues/460) - [Using AWS KMS for application secrets in Kubernetes](https://medium.com/@mtreacher/using-aws-kms-for-application-secrets-in-kubernetes-149ffb6b4073) - [Sealed Secrets - a Kubernetes controller and tool for one-way encrypted Secrets](https://github.com/bitnami-labs/sealed-secrets) - [Introducing Container Storage Interface (CSI) Alpha for Kubernetes](https://kubernetes.io/blog/2018/01/introducing-container-storage-interface/) - [Understanding the Container Storage Interface (CSI)](https://medium.com/google-cloud/understanding-the-container-storage-interface-csi-ddbeb966a3b) - [Kubernetes Container Storage Interface (CSI) Documentation](https://kubernetes-csi.github.io/docs/) - [Drivers](https://kubernetes-csi.github.io/docs/drivers.html) - [Container Storage Interface (CSI)](https://github.com/container-storage-interface/spec/blob/master/spec.md) - [Secure GitOps in Production](https://docs.google.com/presentation/d/1B-LtFa2766jbFFPwg5QgcQKwS2q8G_Jc4VK259fLA_o/edit#slide=id.g3ece4d02b1_1_349) ## Questions - **Question**: how do I add a question? - **Answer**: like this! ## Useful Links - [CKA Certification](https://www.cncf.io/certification/cka/) - [CKS Certification](https://www.cncf.io/certification/cks/) - [CNCF Interactive Landscape](https://landscape.cncf.io/) ## Snippets ### ssh config - Update your `.ssh/config` to gain local ssh access to cluster - This is assuming you have run the gcloud command on your local machine ```txt Host kubernetes-master Hostname $IP_ADDRESS_MASTER IdentityFile ~/.ssh/google_compute_engine IdentitiesOnly yes TCPKeepAlive yes User ahmed Host kubernetes-worker-0 Hostname $IP_ADDRESS_WORKER0 IdentityFile ~/.ssh/google_compute_engine IdentitiesOnly yes TCPKeepAlive yes User ahmed Host kubernetes-worker-1 Hostname $IP_ADDRESS_WORKER01 IdentityFile ~/.ssh/google_compute_engine IdentitiesOnly yes TCPKeepAlive yes User ahmed Host kubernetes-worker-2 Hostname $IP_ADDRESS_WORKER02 IdentityFile ~/.ssh/google_compute_engine IdentitiesOnly yes TCPKeepAlive yes User ahmed ``` ## History *Times are based on GMT* ### Day 1 - 09:00 am - Setup - Recap - 09:30 am - [Kubernetes System Components slides](https://vimeo.com/414518402/0dbdc85f5f) - [Installation Methods slides](https://vimeo.com/414526709/1db196994d) - [Logging and Monitoring slides](https://vimeo.com/414519291/cec3ababed) - [Google Cloud Shell walkthrough](https://console.cloud.google.com/getting-started) - 10:30 am - Break - 10:45 am - [**Demo**: Installing, upgrading, and maintaining kubernetes workshop](https://control.training/operations/modules/installing-upgrading-and-maintaining-kubernetes/) - 12:00 pm - Lunch - 13:00 pm - [Multitenancy](https://vimeo.com/414519516/5314e6af02) - 14:15 pm - [Cluster architecture and topologies](https://control.training/operations/modules/cluster-architecture-and-topologies/) - 15:00 pm - Break - 15:15 pm - [**Demo**: Cluster architecture and topologies](https://control.training/operations/modules/cluster-architecture-and-topologies/) - 16:30 pm - Quiz - 17:00 pm - --Fin-- ### Day 2 - 09:00 am - Recap - [Cluster State Slides](https://vimeo.com/414518273/5e623fae1c) - 10:30 am - Break - 10:45 am - [Maintaining etcd workshop](https://control.training/operations/modules/maintaining-etcd/) - 12:00 pm - Lunch - 13:00 pm - [**Demo**: Maintaining etcd review](https://control.training/operations/modules/maintaining-etcd/) - 13:45 pm - [Zero Downtime Deployments slides](https://vimeo.com/414526430/e44986311f) - [Secrets Management](https://vimeo.com/414519796/62dbd25e4d) - 14:00 pm - [**Demo**: Zero Downtime Deployments and Secrets Management](https://control.training/operations/modules/zero-downtime-deployments-and-secrets-management/) - 15:00 pm - [Testing Network Policy slides](https://vimeo.com/414526109/ae15d726f2) - [Ingress slides](https://vimeo.com/414518878/6c88904773) - [**Demo**: Advanced Features Networking Storage and Ingress workshop](https://control.training/operations/modules/advanced-features-networking-storage-and-ingress/) - [Users, Identity, and RBAC slides](https://vimeo.com/425420599/03249d1eac) - [**Demo**: Enterprise RBAC and Authentication](https://control.training/operations/modules/enterprise-rbac-and-authentication/) - 17:00 pm - --Fin--