-
Notifications
You must be signed in to change notification settings - Fork 253
/
Copy pathsyllabus
276 lines (233 loc) · 10.5 KB
/
syllabus
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
Topic 1) OS
1.1: Oracle VirtualBox installation and basic Configuration.
1.2: Ubuntu 20.04 LTS server installation and configuration over Oracle VirtualBox.
1.3: GCP account creation and manager the Instance over Compute Engine service in GCP for people who don not enough resource on local system.
Topic 2) Networking
2.1: IPv4
2.2: Classes in IPv4
2.3: subnetmask, gateway, broadcast, router and switch etc.,
2.4: Public and Private IP address in each class A, B and C
2.5: Calculating number of devices that can be connection for a given CIDR
2.6: Networking configuration on Ubuntu 20.04 LTS OS and basic understanding over different network types in VirtualBox
Topic 3) Docker tools
3.1) Docker Engine
3.1.1: Containerization tools
3.1.2: lxc, Docker, containerd etc.,
3.2) Docker Engine Installion
3.2.1: Manual deployment of Docker CE on Ubuntu and CentOS
3.2.2: Automate deployment with help of Vagrant over VirtualBox
3.3) Basic introduction to Docker Engine
3.3.1: Docker datapath
3.3.2: version check
3.3.3: default locations to take backup
3.3.4: commands execution
3.4) Docker architecture
3.4.1: Docker daemon
3.4.2: Docker client
3.4.3: Docker registry
3.4.4: Docker objects
--> images
--> containers
--> netwokring
--> services
--> volumes
--> repository
3.5) Underlying technologies for applications to run on Containerization tools
3.5.1: namespaces like pid,net,ipc,mnt,uts
3.5.2: cgroups
3.5.3: UFS (Union File System)
3.5.4: container format like libcontainer,BSD jails etc.,
3.6) Images and container management
3.6.1: docker image pull/push
3.6.2: Image layers
3.6.3: container creation
3.6.4: Sample application deployment like web server
3.6.5: Basic things that to be considered while working with images and containers
3.7) Docker networking
3.7.1: Types of network in Docker
--> host
--> bridge
--> null
--> overlay
--> macvlan
3.7.2: Docker link
3.8) Docker storage
3.8.1: Basic understanding of emphemeral and persistent storage
3.8.2: Types of volume mounts
--> Bind mount
--> Volume mount
--> tempfs mount
3.9) Backup and restore
3.9.1: Images backup to ensure we can migrate to other docker host machines
3.9.2: containers backup to ensure applications are restored
3.9.3: Docker/Application data
3.10) Building custom images
3.10.1: Develop custom image through Dockerfile
3.10.2: Convert container into Image
3.10.3: CICD automation to build custom images --> Jenkins, GItLab CI, GitLab Actions
3.11) Registry management
3.11.1: Docker Hub
3.11.2: Gitlab registry
3.11.3: Local registry
3.12) Securing Docker
3.12.1: Ensure Docker communication through TLS
3.12.2: Firewall ports
3.12.3: Communication to Docker through unix socket and tcp protocol
3.13) Docker overlay network configuration(hardway) using consul/etcd key-value store without using Docker Swarm
Topic 4) Docker compose
4.1: what is JSON?
4.2: how to write a JSON file and validate for testing?
4.3: what is YAML?
4.4: how to write YAML files and validate for testing?
4.5: writing compose to orchestrate resource creation on Docker Engine using compose tool
Topic 5) Docker machine and Docker swarm
5.1: Building compose file for orchestration of application deployment
5.2: Docker machine management
5.3: Deployment and understanding of Docker Swarm cluster
5.4: Replication, Upgrade and Downgrade services
5.5: Config and Secrets over Swarm cluster
5.6: Difference between docker swarm and kubernetes
Topic 6) Docker Security tools
6.1: Docker CIS benchmarking
6.2: Image Valurabilities scan and report tools like trivy, clair etc.,
6.3: Dockerfile best practices
Topic 7) kubernetes orchestration
7.1) kubernetes components and responsibility
7.1.1: controller nodes:
--> kube-apiserver
--> kube-control-manager/cloud-control-manager
--> kube-schduler
--> calico,flannel(deprecated from 1.18),wavenet etc.,
--> coreDNS
--> etcd key-value pair storage
--> kubelet
--> kube-proxy
--> Docker Engine/containerd/cri-o etc.,
7.1.2) compute nodes
--> kubelet
--> kube-proxy
--> Docker Engine/containerd/cri-o etc.,
7.2) Deploying kubernets cluster using microk8s(ubuntu),minikube,kubeadm for Standalone cluster and HA
7.2.1: Three nodes (1 for controller and 2 for compute nodes) setup over GCP with containerd as CRI(Container Runtime Interface)
7.2.2: Two nodes (1 for controller and 1 for compute) on local VirtualBox using Docker as CRI
7.3) POD object creation using single container and multi-container
7.3.1: Understanding common networking and shared storage concept in POD
7.3.2: Sample application deployment using nginx for single container in POD
7.3.3: Multi-container deployment, one for web application and second for data pull
7.3.4: POD creation with initContainer advantages
7.3.5: static POD deployment which are managed by kubelet
7.3.6: Deploying application from Private repository
7.3.7: resource allocation like CPU and MEMORY
7.3.8: Empheimeral storage for POD
7.4) ReplicationController object (RC)
7.4.1: When to use replication controller?
7.4.2: Disadvanatages of deploying application as standalone POD
7.4.3: Understanding template and selector parameters
7.4.4: Scalein and Scaleout
7.5) ReplicaSet object (RS)
7.5.1: Difference between RreplicationController and ReplicaSet
7.5.2: Advantages of adding matchLabels
7.5.3: when to use replicaSet?
7.6) Deployment object (deploy)
7.6.1: Advantages of Deployment over POD, RC and RS
7.6.2: Sample application deployment like Jenkins, nginx and capture the advantages over other objects
7.6.3: Scaleout and Scalein for Deployment
7.6.4: Deployment Stratagies like RollingUpdate and ReCreate difference
7.6.5: Rollout, Rollback and RolloutHistory of deployment
7.7) Daemonset object (DS)
7.7.1: DaemonSet usecases over deployment object
7.7.2: Advantages of using monitoring tools to deploy through DaemonSet obejct
7.7.3: Deployment Stratagies like RollingUpdate and OnDelete difference
7.7.4: Rollout, Rollback and RolloutHistory of DaemonSet
7.8) StatefulSet object (sts)
7.8.1: Difference between stateful and stateless applications
7.8.2: StatefulSet application deployment advantages
7.8.3: Scaleout and Scalein for Deployment
7.8.4: Deployment Stratagies like RollingUpdate and OnDelete difference
7.8.5: Rollout, Rollback and RolloutHistory of StatefulSet
7.9) volumes
7.9.1: empheimeral and persistant storage differences
7.9.2: Different types of volume plugins like emptyDir, hostPath, NFS etc.,
7.9.3: Do's and Dont's of using volumes for application deployment
7.10) PersistentVolume, PersistantVolumeClaim and StorageClass (PV and PVC)
7.10.1: Advanatages of using PV over volume plugins for data dependent applications
7.10.2: Static and Dynamic PV creation
7.10.3: PVC assignment in POD, Deployment, Daemonset, StatefulSet objects
7.10.4: StargaeClass creation for Dynamic provision
7.10.5: NFS, Ceph RBD storage as examples
7.10.6: Access Modes: ReadWriteOnce, ReadWriteMany, ReadOnlyMany
7.10.7: ReClaim policy: Retain, ReCycle, Delete
7.11) Services (svc)
7.11.1: Exposing application running on different object through service
7.11.2: Understanding differenece between ClusterIP, NodePort, LoadBalancing, ExternalIP and ExternalName
7.11.3: When to use these different types of services?
7.12) secrets and configmap (secret, cm)
7.12.1: How to pass sensitive data through secret like certs, password, token etc.,
7.12.2: How to pass paintext data through configMap like configuration files, scripts etc.,
7.12.3: Using secret in POD object through env and volumes
7.12.4: using configMap in POD object through env and volumes
7.13) Ingress (ing)
7.13.1: Access application deployed with the cluster through IngressController
7.13.2: Deploying Nginx IngressController
7.13.3: Ingress rules creation secured and non-secure communication
7.14) Horizontal POD AutoScalling (HPA)
7.14.1: HPA deployent to test auto scalling
7.14.2: Deployment of metric server to achieve HPA
7.15) Scheduling and probes
7.15.1: Different types of scheduling like nodename, nodeSelector, podAffinity, podAntiAffinity, nodeAffinity
7.15.2: Advantages of using liveness, readiness and startup probes to verify application availability
7.16) Jobs and CronJobs
7.16.1: How to achieve auto backup and restore using CronJobs for application like etcd key-value pair storage
7.16.2: for kubernetes cluster
7.16.3: Jobs responsibility
7.17) calico networking
7.17.1: How to migrate from flannel to calico?
7.17.2: How to use flannel for POD networking and Calico for network security
7.17.3: calicoctl operations
7.17.4: network policy and global network policy
7.18) authetication and authorization
7.18.1) authetication
7.18.1.1: user, group and serviceaccount (token), certs
7.18.1.2: kubeconfig entries and access multiple cluster through kubernetes config file
7.18.2) autherization
7.18.2.1: Role Back Access Control (RBAC)
7.18.2.2: role, rolebinding, clusterrole, clusterrolebinding
7.19) Dashboard
7.19.1: deployment of kubernetes dashboard and creating kubernetes object through dashboard
7.19.2: How to autheticate to dashboard through token and kubeconfig
7.20) Securing k8s
7.20.1: CIS benchmarking test
7.20.2: kube-bench testing
7.20.3: Flaco
7.20.4: Audit Loggining
7.20.5: OPA
7.21) Automate application deployment using CICD on k8s
7.22) Kubernetes Task
a. wordpress and database application deployment
b. Jenkins deployment with data persistent after upgrading/downgrade
c. Backup and restore of etcd service data using cronjob
d. kubernetes upgrade from one version to another (1.20.1 to 1.20.2)
e. maintaince task using taint and toleration
f. Automate application deployment with the help of GitOps and ArgoCD
g. Understanding CRD and CR for operators
Topic 8) Helm charts
8.1) what is chart and maifest?
8.2) helm architecture and components
8.3) helm configuration and repo setup
8.4) helm application deployment
a. Deploy nginx web application with custom values
b. Rollout and Rollback application using helm cli
c. test applications deployed through Helm using #helm test
8.5) helm custom chart development
a. helm default directory structure
b. update _helper.tpl file for custom methods
c. how to call data from Chart.yaml and values.yaml file to templates
8.6) Deploy monitoring tools using custom helm charts
a. EFK deployment
b. Prometheus and Grafana deployment
Topic 9) Terraform
9.1) what is IaC?
9.2) Difference between Terraform and Ansible(Any Configuration Management Tools like Puppet, Chef etc.,)
9.3) What is terraform cloud, terraform hub, terraform provider, resource etc.,
9.4) understanding Input variables, Output value and Local value
9.5) Modules: root module and child modules