Skip to content

Instantly share code, notes, and snippets.

@vvalorous

vvalorous/Microservices 201 Training.md

Forked from gunjan5/Microservices 201 Training.md
Created October 10, 2019 03:21
Show Gist options
  • Save vvalorous/d9267248b5d4811f0c07b3eac08d0852 to your computer and use it in GitHub Desktop.
Save vvalorous/d9267248b5d4811f0c07b3eac08d0852 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
Microservices 201 Training.md

I'll be doing an Advanced Microservices workshop on Sept 5th & 6th This is the second course in the series. First one is the Kubernetes Intro to Advanced workshop

Here is a rough syllabus for the training (subject to change):

Day 1

Intro

  • What are microservices
  • Quick 101 on containers with a demo
  • Kubernetes core components
    • Pods
    • Nodes
    • Labels & Selectors
    • Deployment
    • Namespace
    • Services
  • Kubernetes YAML (API format)
  • DevOps workflow with containers

Advanced K8s concepts & security

  • Horizontal Pod Autoscaler (HPA)
  • Vertical Pod Autoscaler (VPA)
  • Cluster Autoscaler
  • ConfigMap
  • Job
  • CronJob
  • DaemonSet
  • StatefulSet
  • Ingress
  • 3rd party integration models

Day in a life of a container native app (CI/CD)

  • Typical workflow from developer's laptop (code) to production
  • Dev tools
  • Testing/QA
  • CI tools
  • CD workflow
  • Production cluster management, A/B testing, upgrades, etc.

Day 2

How to write a good micsroservices app

  • 12-factor app principals

K8s architecture:

  • Day in a life of a packet

    • Same pod
    • Different pods, same host
    • Different pods, different host
    • Pod to service IP
    • Pod to service name
    • Pod to outside world
    • Outside world to pod

  • Networking/CNI overview

Architecture:

  • Control Plane
    • API server (components)
    • Networking CP (istio)
    • etcd
  • “Data” Plane
    • kubelet
    • docker/CRI
    • Networking DP (CNI, Envoy)

Istio

  • Brief overview of istio

  • Istio internals:

    • Envoy
    • Istio control plane
    • Pilot
    • Mixer
    • Citadel

  • A day in a life of a request in istio

  • Istio Virtual Service (vs k8s service)

  • Istio ingress

  • Istio Egress

  • 3rd Party plugins:

    • Kiali
    • Jaeger
    • Service Graph
    • Prometheus
    • Grafana

  • Hashicorp Consul (vs istio vs LinkerD)

(maybe) Developer advanced:

  • Maybe try to access etcd to see how the data/objects are stored in it
  • Create some Custom Resource Definition schema, and create CRD objects under it
  • Look at etcd to see how our custom resource is stored

Homework (Optional)

Lab 1: Basics [45 min]

  • Deploy a simple nginx service (deployment, service)
  • Scale it up/down
  • Create a service (expose it to the internet using GCP external Load Balancer)
  • Look at pod logs, audit logs
  • Do a rolling update
  • Configure Horizontal Autoscaler
  • GKE Kubernetes UI
  • Basic kubectl CLI operations

Lab 2: Security [60 min]

  • Deploy a 2 service app
  • Create NetworkPolicies to “secure” the network using Calico
  • (Maybe) demo helmsploit (exploit that lets you bring down k8s network even with NetworkPolicies in place
  • Create RBAC rules
  • Create a PodSecurityPolicy to disallow running a privileged pod
  • "PlayTime" - try to break/bypass these security implementations

Lab 3: Istio [60 min]

Could be a take home lab

  • Deploy istio on kubernetes
  • Deploy the istio guestbook app
  • Create istio policies, monitoring, request routing, tracing, service graph, visualization

Closing

  • Kubernetes deployers
  • Kubernetes learning resources
  • Free clusters
  • Future courses
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment