[Kurz] Program kurzu (obsah přednášky/semináře/rekvalifikace/studia) ...
Goals After completing this course, students will have a firm understanding on how to use a service mesh to control network traffic for their containerized application infrastructure.
- strong grasp of container basics (recommended training: Docker Basic)
- strong grasp of Kubernetes terminology and Kubernetes cluster operation fundamentals (recommended training: Kubernetes Basic)
Audience
- people familiar with containerized applications and container orchestration technologies, wishing to improve the security of their environment
- DevOps engineers
- Linux system administrators
- Systems design engineers
- Architects
* After completing this course, students will have a firm understanding on how to use a service mesh to control network traffic for their containerized application infrastructure.
- strong grasp of container basics (recommended training: Docker Basic)
- strong grasp of Kubernetes terminology and Kubernetes cluster operation fundamentals (recommended training: Kubernetes Basic)
Audience
- people familiar with containerized applications and container orchestration technologies, wishing to improve the security of their environment
- DevOps engineers
- Linux system administrators
- Systems design engineers
- Architects
Outline Module 01: K8s-Network Policy
- Why use network policies
- What is MetalLB and how it works
- Configuring Layer2 and Layer3 MetalLB
- Additional MetalLB configuration samples
Hands-on Lab : Network Policies Module 02: Istio
- Introduction
- What is a service mash
- What is Istio
- Istio architecture and components
- Setting up Istio
Hands-on Lab : Istio
- Introduction Module 03: Istio – Advanced Routing
- Why route traffic?
- Traffic shifting
- Request routing
- External Resources
Hands-on Lab : Istio – Traffic routing Module 04: Istio – Fault Injection
- Controlling Ingress traffic
- Fault injection
- Circuit breaking
- Traffic mirroring
Hands-on Lab : Istio – Fault injection Module 05: Istio – mTLS
- Securing pod communication with Istio
- mTLS
- Authorization policies
- Policy target
- Authenticated and unauthenticated identity
Hands-on Lab : Istio – mTLS and Authorization Module 06: Istio
- Observability
- Viewing the mesh with Kiali
- Kiali features
- Generating a service graph
- Tracing Calls with Jaeger
- Observability (Metrics, Distributed Tracers, Access Logs)
Hands-on Lab : Istio
- Observability Module 07: Open Policy Agent
- How OPA works
- OPA and Kubernetes
- Integrating OPA with K8s
- Rego Expressions
Hands-on Lab : OPA Gatekeeper Module 08: Cert Manager
- What Cert Manager is
- cert-manager overview
- cert-manager concepts
- Installing cert-manger
- cert-manager walkthrough
Hands-on Lab : Cert Manager
Prerequisites To attend this course, you need to have:
- PC/Laptop with internet access
- Updated web browser
- Working knowledge of the following Kubernetes topics: Role-Based Access Control (RBAC), resource control, logging and monitoring (recommended training: Kubernetes Advanced)