Kubernetes workshop

Kubernetes is an open source platform for managing container workloads and services that facilitates declarative configuration and automation. It has a large, rapidly growing ecosystem. Kubernetes services, support, and tools are widely available.

Docker and Kubernetes basics.

The course is designed for sysadmins, DevOps, systems engineers, and others who need an introduction to containers and Kubernetes.

Basic Kubernetes concepts 

• API server, 
  • control plane, worker nodes
• Kubernetes API objects, API groups
• Kubernetes YAML manifests  and objects
• Basic object kinds
  • Pods, ConfigMaps, Secrets
  • Services, labels and annotations
  • Deployments, StatefulSets
  • Namespaces
  • Ingresses
  • Custom Resources
• Kubernetes controllers
  • scheduler, ...

TASKS: 

• connect to K8S server
• create objects in the API server
• list node objects
• ensure labels and annotations 

Advanced kubectl
Use kubectl parameters  for custom scripting and object processing

• connection to remote K8s cluster
• --output and --template formats
• --selector
• --dry-run=

TASKS:

• Use multiple `kubeconfig`s
• Use kubectl filtering and outputs
• Compare  `.spec` and `.status` sections of k8s object

Application Deployment with apps/v1
Using `Deployments`, `DaemonSets`, `StatefulSets` for application deployment and rollout. 

• Why do we need selectors?
• `Deployment` and relation to `ReplicaSet`
• What is `revisionHistoryLimit` and what can go wrong?
• multiple `rolloutStategies` and their usage
• What is `ownerReference` used for?

TASKS:

• Place  `Deployment`, modify it and watch the results
• Check `revisionHistoryLimit` quirks.
• Compare `Recreate` and `RollingUpdate`  priorities. Tune RollingUpdate strategy
• Inspect `ownerReference`

Exposing container services to the outer world
Exposing pods to services using pod labels. Explore multiple service types.
Ingresses and CertificateManager expose service with HTTP/HTTPS protocol.
Services:

• Difference on ClusterIP vs headless services
• Using ExternalName service for service discovery

Ingresses:

• How ingresses works 
• How can we use CertificateManager to get certificates using ACME  protocol

TASKS (Services):

• Expose pods using service..
• Inspect the exposed service with  DNS lookups.
• Create headless service and compare it to ClusterIP one
• Inspect Service Endpoints
• Create LoadBalancer service (on cloud only)

TASKS (Ingresses):

• Expose service to the world on HTTP
• Configure CertificateManager 
• Use CertificateManager to get LetsEncrypt certificate

Pod Resource Limits 
Using `resourceLimits`, soft and hard limits, pod `QualityofService` classes.
What can go wrong with resource limits?
TASKS:

• Place resourceLimits on the objects
• Explore what happens when pod exceeds the limits.

Pod statuses and lifecycle
Pods can have multiple states and advanced initialization

• using `containers` and `initContainers`
• pod probes - `startupProbe`, `livenessProbe` and `readinessProbe`
• use `lifecycle` hooks -  `preStop` and `postStart`  
• Use `terminationMessagePath`

TASKS:

• Use initContainers, use `preStop` and `postStart` hooks.
• Explore `livenessProbe` and `readinessProbe` within a service.

Pod scheduling and affinities
Some pods can be started with `podPriority`. How it can be used?
Pods can be scheduled to be located on specific nodes with affinities.
TASKS:

• Create a PriorityClass and apply it to a node.
• Schedule a pod to the specific nodes with  `nodeAffinity`.
• Schedule multiple pods to one node with `podAdffinity` 
• Explore pod with  `podAntiAffinity`

Deployment with Kustomize 
What is `kustomize` used for and what problems can `kustomize` solve for us?
TASKS:

• Use kustomize to deploy multiple instances of one application 
• Inspect kustomize generated manifests.

Demo:

• Using kustomize with ArgoCD.

Helm charts
Using Helm for deploying applications consisting of multiple manifests. Which tasks Helm solves for us?
TASKS:

• Download chart from registry 
• Inspect the chart
• Deploy the chart to a release.
• Customize the chart `values` and redeploy. Inspect the deployed objects.
• Optionally: create a custom chart.

Container storage 
Implementing persistent storage with `PersistentVolume` and `PersistentVolumeClaim` objects.
TASKS:

• Inspect existing StorageClasses
• Create a new PVC 
• Deploy Pod with PVC.
• Explore PV modes.

To be discussed?

• Jobs
• Cronjobs
• ServiceAccounts and their permissions
• Secret management
• Log management
• Event management 

At the end of the course, you will receive a certificate and completion. 

Participants will learn the following concepts and skills:

• Containers and the concept of an orchestra
• Basic concepts of Kubernetes
• Advanced kubectl
• Kubernetes cluster management
• Networking, storage and security for Kubernetes
• Helm charts and tables