Course Outline
Day 1 – Containers and Image Management
Introduction to Container Platforms
- Traditional application deployment compared with container-based deployment
- Containers and virtual machines
- Container runtimes and container engines
- The role of Docker, Kubernetes and OpenShift
- Common container platform architectures
- Development, testing and production workflows
Working with Containers
- Running and managing containers
- Container lifecycle
- Starting, stopping and removing containers
- Executing commands inside containers
- Environment variables
- Port mapping
- Container logs
- Resource usage and process inspection
Building Container Images
- Image structure and layers
- Creating Dockerfiles and Containerfiles
- Selecting base images
- Adding application dependencies
- Configuring entry points and commands
- Image caching
- Reducing image size
- Building reproducible images
Container Registries
- Public and private registries
- Tagging and versioning images
- Pushing and pulling images
- Image authentication
- Image retention and cleanup
- Basic image security considerations
Container Networking and Storage
- Container network concepts
- Bridge networking
- Port exposure
- Container-to-container communication
- Bind mounts and volumes
- Persistent container data
- Backup considerations
Hands-on Exercises
- Run and inspect containers
- Build an application image
- Configure ports and environment variables
- Publish an image to a registry
- Store persistent data outside a container
Day 2 – Kubernetes Architecture and Workloads
Kubernetes Fundamentals
- The purpose of container orchestration
- Kubernetes architecture
- Control plane components
- Worker nodes
- API server
- Scheduler
- Controllers
- Cluster state and desired state
- Communicating with the cluster using kubectl
Kubernetes Resources
- Pods
- ReplicaSets
- Deployments
- Namespaces
- Labels and annotations
- Selectors
- Declarative resource definitions
- YAML manifests
Deploying Applications
- Creating and managing Deployments
- Scaling workloads
- Updating container images
- Rolling updates
- Rollbacks
- Deployment history
- Restarting workloads
- Managing application replicas
Application Configuration
- ConfigMaps
- Secrets
- Environment variables
- Configuration files
- Separating application code from configuration
- Managing environment-specific settings
Resource Management
- CPU and memory requests
- CPU and memory limits
- Resource quotas
- Limit ranges
- Scheduling implications
- Diagnosing resource-related failures
Hands-on Exercises
- Deploy a containerized application
- Create and update Kubernetes manifests
- Scale an application
- Perform a rolling update and rollback
- Configure the application using ConfigMaps and Secrets
- Apply resource requests and limits
Day 3 – Kubernetes Networking, Storage and Security
Kubernetes Networking
- Cluster networking model
- Pod-to-pod communication
- Service discovery
- DNS inside the cluster
- ClusterIP services
- NodePort services
- LoadBalancer services
- Ingress concepts
- Application exposure patterns
Network Policies
- Controlling traffic between workloads
- Ingress and egress rules
- Namespace-based traffic control
- Testing network connectivity
- Troubleshooting service communication
Persistent Storage
- Ephemeral and persistent storage
- Volumes
- PersistentVolumes
- PersistentVolumeClaims
- StorageClasses
- Dynamic provisioning
- Access modes
- Reclaim policies
- Storage for stateful applications
Kubernetes Access Control
- Authentication and authorization concepts
- Role-Based Access Control
- Roles and ClusterRoles
- RoleBindings and ClusterRoleBindings
- Service accounts
- Least-privilege access
- Inspecting effective permissions
Workload Security
- Security contexts
- Running containers as non-root
- Linux capabilities
- Read-only filesystems
- Secret handling
- Image provenance
- Common configuration risks
Hands-on Exercises
- Expose an application using Kubernetes services
- Configure ingress
- Restrict traffic using a network policy
- Provision persistent storage
- Configure RBAC permissions
- Run a workload with an appropriate security context
Day 4 – Working with OpenShift Environments
Introduction to OpenShift
- OpenShift as a Kubernetes-based application platform
- Kubernetes resources in an OpenShift environment
- OpenShift cluster architecture
- Projects and namespaces
- Platform users and service accounts
- Working with the web console
- Working with the OpenShift CLI
Managing Projects and Access
- Creating and managing projects
- Assigning user permissions
- Project-level roles
- Administrative access
- Resource quotas
- Limit ranges
- Service accounts
- Reviewing project resources
Deploying Applications
- Deploying container images
- Creating application workloads
- Managing deployments
- Scaling applications
- Updating application versions
- Rollbacks
- Managing application configuration
- Working with secrets
Application Exposure
- Services in OpenShift
- Routes
- TLS concepts
- Internal and external application access
- Hostnames and certificates
- Diagnosing route and service issues
Storage in OpenShift
- Persistent Volume Claims
- StorageClasses
- Attaching storage to workloads
- Stateful workloads
- Storage access permissions
- Troubleshooting volume mounting
Scheduling and Node Management
- Labels and selectors
- Node selectors
- Taints and tolerations
- Affinity and anti-affinity concepts
- Workload placement
- Cordoning and draining nodes
- Node maintenance considerations
Hands-on Exercises
- Access an OpenShift environment
- Create and configure a project
- Deploy and expose an application
- Configure user and service-account access
- Attach persistent storage
- Scale and update a running workload
Day 5 – Operations, Monitoring and Troubleshooting
Platform Monitoring
- Monitoring cluster and application health
- Resource metrics
- Node health
- Workload status
- Capacity and resource utilization
- Identifying performance constraints
Logging and Events
- Container logs
- Pod logs
- Previous container logs
- Kubernetes events
- Application and platform messages
- Filtering and interpreting operational data
Health Checks
- Startup probes
- Readiness probes
- Liveness probes
- Designing useful health endpoints
- Diagnosing probe failures
- Preventing unnecessary application restarts
Troubleshooting Workloads
- Pending pods
- Image pull failures
- Crash loops
- Misconfigured environment variables
- Failed mounts
- Insufficient resources
- Permission errors
- Service and route connectivity problems
- DNS issues
- Application startup failures
Operational Security
- Reviewing permissions
- Service account usage
- Secure handling of credentials
- Image security practices
- Network isolation
- Platform access auditing
- Applying the principle of least privilege
Maintenance and Lifecycle Management
- Routine platform checks
- Node maintenance
- Application backup considerations
- Configuration backup
- Update planning
- Change management
- Testing updates
- Rollback planning
- Disaster recovery concepts
Final Practical Workshop
Participants complete an end-to-end operational scenario:
- Build and tag a container image.
- Publish the image to a registry.
- Deploy the application to Kubernetes or OpenShift.
- Configure application settings and credentials.
- Expose the application.
- Attach persistent storage.
- Configure access permissions.
- Add health checks.
- Scale and update the application.
- Diagnose and resolve an introduced failure.
Course Format
- Interactive lectures and technical discussions.
- Instructor demonstrations.
- Extensive hands-on exercises.
- Scenario-based administration and troubleshooting workshops.
- Practical work in container, Kubernetes and OpenShift environments.
Course Customization Options
- The course can be adapted to the participant's existing infrastructure, cloud provider and container tooling.
- The balance between Docker, Kubernetes and OpenShift topics can be adjusted according to the team's experience.
- Practical exercises can be tailored to the organization's applications, deployment processes and operational requirements.
Trademark Notice
OpenShift is a trademark of Red Hat, Inc. This independently developed training is not affiliated with, endorsed by or authorized by Red Hat.
Requirements
Participants should have:
- Experience using the Linux command line.
- Basic system administration or DevOps knowledge.
- A general understanding of networking concepts.
- Familiarity with software deployment processes.
Previous experience with Docker, Kubernetes or OpenShift is helpful but not required.
Testimonials (7)
Reda explanations and he simplified alot of the understanding
Eric Van Wyk
Course - Docker, Kubernetes and OpenShift 3 for Administrators
The labs were the best. Very practical and provides hands-on experience. I personally think that it is the most effective means of truly understanding the course and applying the concepts that were covered.
Hishaam Johnstone
Course - Docker, Kubernetes and OpenShift 3 for Administrators
I loved the willingness to help and explain further when uncertain
Letlotlo Miffi
Course - Docker, Kubernetes and OpenShift 3 for Administrators
Adriano studied the subject very deeply which is the style i mostly prefer ie: less about the commands more on the mechanism behind it. Discussed scenarios were well supported by the practical examples which helped a lot to understand the presented stuff.
Mariusz BANASZCZYK - Sopra Steria
Course - Docker, Kubernetes and OpenShift for Administrators
Deep knowledge of Adriano. Explanation of base concepts
Tomasz Szalankiewicz - LPP SA
Course - Docker, Kubernetes and OpenShift for Administrators
I generally liked the presenter.
Josif Kovacevic - ANZ
Course - Docker, Kubernetes and OpenShift for Administrators
Adrian clearly knows and enjoys this technology.