Visão Geral

Neste Curso Mirantis Cloud Native Platform, intenso, os alunos encontrarão contêineres pela primeira vez, aprenderão a orquestrá-los em aplicativos escalonáveis ​​e altamente disponíveis orquestrados pelo Docker Swarm e, finalmente, descobrirão como aprimorar a segurança de toda a cadeia de suprimentos de software e ambientes de produção usando Mirantis Kubernetes Engine e Registro Seguro Mirantis. Este pacote é ideal para estudantes que estão apenas começando com a conteinerização e desejam aproveitar todo o poder do Swarm e da plataforma de orquestração Mirantis o mais rápido possível.

Publico Alvo

• Operadores e administradores de sistema

Pre-Requisitos

• Familiaridade com o shell bash: navegação e manipulação do sistema de arquivos, editores de texto de linha de comando como vim ou nano, ferramentas comuns como curl, wget e ping

Materiais

Conteúdo Programatico

Containerization motivations and implementation

1. Usecases
2. Comparison to virtual machines

Creating, managing and auditing containers

1. Container implementation from the Linux kernel
2. Container lifecycle details
3. Core container creation, auditing and management CLI

Best practices in container image design

1. Layered filesystem implementation and performance implications
2. Creating images with Dockerfiles
3. Optimising image builds with multi-stage builds and image design best practices

Single-host container networking

1. Docker native networking model
2. Software defined networks for containers
3. Docker-native single-host service discovery and routing

Provisioning external storage

1. Docker volume creation and management
2. Best practices and usecases for container-external storage.

Setting up and configuring a Swarm

1. Operational priorities of container orchestration
2. Containerized application architecture
3. Swarm scheduling workflow & task model
4. Automatic failure mitigation
5. Swarm installation & advanced customization

Deploying workloads on Swarm

1. Defining workloads as services
2. Scaling workloads
3. Container scheduling control
4. Rolling application updates and rollback
5. Application healthchecks
6. Application troubleshooting
7. Deploying applications as Stacks

Networking Swarm workloads

1. Swarm service discovery and routing implementation
2. Routing strategies for stateful and stateless workloads
3. Swarm ingress traffic

Provisioning dynamic configuration

1. Application configuration design
2. Environment variable management
3. Configuration file management
4. Provisioning sensitive information

​​​​​​​Provisioning persistent storage

1. Storage backend architecture patterns
2. NFS backed Swarms

Monitoring Swarm

1. What to monitor in production-grade Swarms
2. Potential Swarm failure modes & mitigations
3. Swarm workload monitoring

Mirantis Kubernetes Engine architecture

1. Production-grade deployment patterns
2. Containerized components of MKE
3. Networking & System requirements for MKE
4. Installing MKE via Launchpad for high availability

Access control in MKE

1. MKE RBAC systems
2. PKI, client bundle and API authentication
3. Swarm and Kubernetes access control comparison

L7 networking features

1. Interlock for Swarm
2. Istio for Kubernetes
3. Sticky sessions, canary or blue/green deployments, and cookie usage for both orchestrators

MKE Support Dumps

1. Generating and understanding MKE support dumps
2. Finding critical information in support dumps for troubleshooting MKE
3. Enabling and exporting API audit logs for disaster post-mortem

MKE Troubleshooting

1. Correlating MKE symptoms with components
2. Probing and reading MKE state databases
3. Recovering failed MKE managers
4. MKE backups & restore
5. Disaster recovery in event of critical MKE failure

Mirantis Secure Registry architecture

1. Production-grade deployment patterns
2. Containerized components of MSR
3. Networking & System requirements for MSR
4. Installing MSR via Launchpad for high availability
5. Integrating external storage into MSR

Access control in MSR

1. MSR RBAC system

Content Trust

1. Defeating man in the middle attacks with The Update Framework & Notary
2. Content Trust usage in MSR

Security Scanning

1. Auditing container images for known vulnerabilities
2. Setting up MSR security scanning
3. Security scan integration in continuous integration

Repository Automation

1. Continuous integration pipeline architecture featuring MSR
2. Promoting and mirroring images through pipelines
3. Integrating MSR with external tooling via webhooks

Image Management

1. Image pruning and garbage collection strategies and automation
2. Registry sizing strategy
3. Content caching for distributed teams

MSR Troubleshooting

1. Correlating MSR symptoms with components
2. Probing and reading MSR state databases
3. Recovering failed MSR replicas
4. MSR backups & restore
5. Disaster recovery in event of critical MSR failure