Course Overview

In this product-focused course, you’ll deep dive into all the features of Mirantis Secure Registry, and discover how it can enhance the security of your container image production, storage and distribution both as a stand-alone registry, or integrated into a continuous integration pipeline. We’ll discuss installing and configuring MSR, managing MSR user permissions, enhancing registry security with content trust and binary security scanning, as well as registry management strategies like garbage collection, content caching, and webhook-driven third-party integrations.

Course Content

Mirantis Secure Registry Architecture

  • Production-grade deployment patterns
  • Containerized components of MSR
  • Networking & System requirements for MSR
  • Installing MSR via Launchpad for high availability
  • Integrating external storage into MSR

Access Control in MSR

  • MSR RBAC system

Content Trust

  • Defeating man in the middle attacks with The Update Framework & Notary
  • Content Trust usage in MSR

Security Scanning

  • Auditing container images for known vulnerabilities
  • Setting up MSR security scanning
  • Security scan integration in continuous integration

Repository Automation

  • Continuous integration pipeline architecture featuring MSR
  • Promoting and mirroring images through pipelines
  • Integrating MSR with external tooling via webhooks

Image Management

  • Image pruning and garbage collection strategies and automation
  • Registry sizing strategy
  • Content caching for distributed teams

MSR Troubleshooting

  • Correlating MSR symptoms with components
  • Probing and reading MSR state databases
  • Recovering failed MSR replicas
  • MSR backups & restore
  • Disaster recovery in event of critical MSR failure

Course Overview

In this product-focused course, you’ll deep dive into all the features of Mirantis Kubernetes Engine, and discover how it simplifies, secures and accelerates Kubernetes and Swarm cluster management at enterprise scale. We’ll discuss installing and configuring MKE, managing MKE user permissions and orchestrator resources, and advanced networking features included in the platform, as well as MKE troubleshooting and support.

Course Content

Mirantis Kubernetes Engine Architecture

  • Production-grade deployment patterns
  • Containerized components of MKE
  • Networking & System requirements for MKE
  • Installing MKE via Launchpad for high availability

Access Control in MKE

  • MKE RBAC systems
  • PKI, client bundle and API authentication
  • Swarm and Kubernetes access control comparison

L7 Networking Features

  • Interlock for Swarm
  • Istio for Kubernetes
  • Sticky sessions, canary or blue/green deployments, and cookie usage for both orchestrators

MKE Support Dumps

  • Generating and understanding MKE support dumps
  • Finding critical information in support dumps for troubleshooting MKE
  • Enabling and exporting API audit logs for disaster post-mortem

MKE Troubleshooting

  • Correlating MKE symptoms with components
  • Probing and reading MKE state databases
  • Recovering failed MKE managers
  • MKE backups & restore
  • Disaster recovery in event of critical MKE failure

Course Overview

In this intense bootcamp, you’ll encounter containers for the first time, learn to orchestrate them into scalable, highly available applications orchestrated by Kubernetes, and finally begin deploying production grade Kubernetes clusters through Mirantis Container Cloud. This bundle is ideal for students who are just starting out with containerization and want to leverage the full power of Kubernetes across multiple clusters and teams. Students will leave the workshop with a proof of concept Mirantis Container Cloud deployment on AWS.

Course Objectives

CN100

  • Containerization motivations and implementation
      – Usecases
      – Comparison to virtual machines
  • Creating, managing and auditing containers
      – Container implementation from the Linux kernel
      – Container lifecycle details
      – Core container creation, auditing and management CLI
  • Best practices in container image design
      – Layered filesystem implementation and performance implications
      – Creating images with Dockerfiles
      – Optimising image builds with multi-stage builds and image design best practices
  • Single-host container networking
      – Docker native networking model
      – Software defined networks for containers
      – Docker-native single-host service discovery and routing
  • Provisioning external storage
      – Docker volume creation and management
      – Best practices and usecases for container-external storage.

CN120

  • Make effective use of pod architecture
  • Deploy workloads as Kubernetes controllers
  • Provision configuration at runtime to Kubernetes workloads
  • Network pods together across a cluster using native services
  • Provision highly available storage to Kubernetes workloads
  • Package an application as a Helm chart

CN211

  • Mirantis Container Cloud Architecture
      – Management, regional, managed and attached cluster usage and architecture
      – Installation and setup of management and managed clusters
  • MCC User Management
      – Using Keycloak to manage user permissions
      – Integrating LDAP with MCC
      – Managing permissions for multitenancy
  • Cluster Logging & Monitoring
      – Stacklight configuration and cluster integration
      – Using Prometheus and Grafana dashboards
      – Customizing Stacklight configurations & third-party integrations
      – Exploring logs with Kibana

Course Overview

In this rapid introduction to Mirantis Container Cloud, students will learn how to deploy Kubernetes clusters to AWS using MCC, as well as how to manage MCC user permissions, Stacklight-based monitoring and logging tools, and third-party monitoring integrations. Students will leave the workshop with a proof-of-concept MCC deployment bootstrapped on their own AWS account for future exploration and study.

Course Objectives

  • Mirantis Container Cloud Architecture
        – Management, regional, managed and attached cluster usage and architecture
        – Installation and setup of management and managed clusters
  • MCC User Management
        – Using Keycloak to manage user permissions
        – Integrating LDAP with MCC
        – Managing permissions for multitenancy
  • Cluster Logging & Monitoring
        – Stacklight configuration and cluster integration
        – Using Prometheus and Grafana dashboards
        – Customizing Stacklight configurations & third-party integrations
        – Exploring logs with Kibana

Course Overview

In this intense bootcamp, you’ll encounter containers for the first time, learn to orchestrate them into scalable, highly available applications orchestrated by Docker Swarm, and finally discover how to enhance the security of your entire software supply chain and production environments using Mirantis Kubernetes Engine and Mirantis Secure Registry. This bundle is ideal for students who are just starting out with containerization and want to leverage the full power of Swarm and the Mirantis orchestration platform as soon as possible.

Course Content

This course combines all topics of CN100, CN110, CN212 and CN213

Containerization motivations and implementation

  • Usecases
  • Comparison to virtual machines

Creating, managing and auditing containers

  • Container implementation from the Linux kernel
  • Container lifecycle details
  • Core container creation, auditing and management CLI

Best practices in container image design

  • Layered filesystem implementation and performance implications
  • Creating images with Dockerfiles
  • Optimising image builds with multi-stage builds and image design best practices

Single-host container networking

  • Docker native networking model
  • Software defined networks for containers
  • Docker-native single-host service discovery and routing

Provisioning external storage

  • Docker volume creation and management
  • Best practices and usecases for container-external storage.

Setting up and configuring a Swarm

  • Operational priorities of container orchestration
  • Containerized application architecture
  • Swarm scheduling workflow & task model
  • Automatic failure mitigation
  • Swarm installation & advanced customization

Deploying workloads on Swarm

  • Defining workloads as services
  • Scaling workloads
  • Container scheduling control
  • Rolling application updates and rollback
  • Application healthchecks
  • Application troubleshooting
  • Deploying applications as Stacks

Networking Swarm workloads

  • Swarm service discovery and routing implementation
  • Routing strategies for stateful and stateless workloads
  • Swarm ingress traffic

Provisioning dynamic configuration

  • Application configuration design
  • Environment variable management
  • Configuration file management
  • Provisioning sensitive information

Provisioning persistent storage

  • Storage backend architecture patterns
  • NFS backed Swarms

Monitoring Swarm

  • What to monitor in production-grade Swarms
  • Potential Swarm failure modes & mitigations
  • Swarm workload monitoring

Mirantis Kubernetes Engine Architecture

  • Production-grade deployment patterns
  • Containerized components of MKE
  • Networking & System requirements for MKE
  • Installing MKE via Launchpad for high availability

Access Control in MKE

  • MKE RBAC systems
  • PKI, client bundle and API authentication
  • Swarm and Kubernetes access control comparison

L7 Networking Features

  • Interlock for Swarm
  • Istio for Kubernetes
  • Sticky sessions, canary or blue/green deployments, and cookie usage for both orchestrators

MKE Support Dumps

  • Generating and understanding MKE support dumps
  • Finding critical information in support dumps for troubleshooting MKE
  • Enabling and exporting API audit logs for disaster post-mortem

MKE Troubleshooting

  • Correlating MKE symptoms with components
  • Probing and reading MKE state databases
  • Recovering failed MKE managers
  • MKE backups & restore
  • Disaster recovery in event of critical MKE failure

Mirantis Secure Registry Architecture

  • Production-grade deployment patterns
  • Containerized components of MSR
  • Networking & System requirements for MSR
  • Installing MSR via Launchpad for high availability
  • Integrating external storage into MSR

Access Control in MSR

  • MSR RBAC system

Content Trust

  • Defeating man in the middle attacks with The Update Framework & Notary
  • Content Trust usage in MSR

Security Scanning

  • Auditing container images for known vulnerabilities
  • Setting up MSR security scanning
  • Security scan integration in continuous integration

Repository Automation

  • Continuous integration pipeline architecture featuring MSR
  • Promoting and mirroring images through pipelines
  • Integrating MSR with external tooling via webhooks

Image Management

  • Image pruning and garbage collection strategies and automation
  • Registry sizing strategy
  • Content caching for distributed teams

MSR Troubleshooting

  • Correlating MSR symptoms with components
  • Probing and reading MSR state databases
  • Recovering failed MSR replicas
  • MSR backups & restore
  • Disaster recovery in event of critical MSR failure

Course Overview

EXCLUSIVE: This hands-on course will teach you all aspects of Microservice architecture.

Microservices thrive on independent services to provide flexibility, autonomous processes, and communication through APIs. In this course, you’ll examine the differences between Microservices and monolithic applications and their architectures, the benefits of using the Microservice Architecture and transitioning to microservices. Learn how to map technical practices to the business strategy behind microservices, and its different tools, and communicate with the stakeholders to explain microservices’ needs. You will conceptualize container technologies such as use Docker, Kubernetes, and Jenkins and learn how DevOps can benefit from microservices adoption.

Course Objectives

  • Adopt, plan, or improve your transition to microservices
  • Map technical practices to the business strategy behind microservices
  • Navigate different tools for enabling microservices and how to use them
  • Communicate with stakeholders, management, and teams regarding needs and expectations around microservices
  • Get hands-on practice with Docker, Kubernetes, Jenkins for core microservices architecture
  • Get hands-on practice with the toolchain in our real-world application labs
  • Build more mature DevOps practices through microservice adoption
  • Understand how to refactor monolithic systems into more modular, component-based systems
  • Apply microservice use cases to continuous integration, delivery, and testing
  • Enable more automated testing and self-service QA capability

Course Content

  1. Containers and Container Orchestration
    • Containers
      • Docker Introduction
        • Docker Architecture and use cases
        • Managing images and containers using Docker(docker cli tool)
        • Working with Dockerfile
        • Building CI\CD pipeline with Docker
      • Lab: Build and push an Docker image from Dockerfile
      • Quiz – Quiz on Docker
    • Container Orchestration
      • Introduction to Kubernetes , kubectl command
      • Lab: Kubernetes – Hello World
      • Core Kubernetes concepts and Architecture
      • Lab: Kubernetes – Stateless web app
      • Kubernetes Features
      • Lab: Kubernetes – Guestbook app
      • Quiz: Quiz on kubernetes
  2. Microservices Design and Implementation
    • Monolithic and Microservice architecture
      • Monolithic Architecture
        • Case study for Monolithic application
      • Monolithic vs Microservices
      • Service-Oriented Architecture
        • SOA – Suggested Case study
      • Microservices Architecture
      • Quiz – Quiz on Microservice and Monolithic architectures
    • Microservice Implementation
      • Uber case study
      • Domain-oriented Microservices Architecture
      • Traditional Development and Deployment Challenges
      • Deploying Microservices as Containers
      • Lab: Containerize Microservices
      • Lab: Deploy Microservices
      • Implementing CI/CD pipeline using Jenkins
      • Lab: Create a simple CI/CD pipeline using Jenkins
      • Quiz – Quiz on Microservice and Monolithic architectures implementation
  3. Microservices in Production
    • Production Grade Microservices
      • Spotify case study
      • Service Discovery
      • Security Concepts
      • Lab: Kubernetes – Store database credentials in cluster
      • Monitoring using Prometheus
      • Managing state in Microservices
      • Improving and Monitoring Microservices Performance
      • Netflix Microservice – case study
      • Kubernetes Advanced Resources
      • Openshift/Rancher/Other PaaS platforms
      • Lab: Customize Microservice App
      • Lab: Scale up/down based on demand (Simulation)
      • Review of Microservice Challenges
      • Quiz: Quiz on Production Grade Microsercies

Course Overview

This class centers on developing the skills and knowledge needed for Day-1 Kubernetes operations for managing applications. Using best practices as guiding principles, students will engage in topics pertaining to the Kubernetes architecture to make informed decisions for production workloads. Topics include configuring resource availability for applications, implementing advanced scheduling for applications, and administering user roles and permissions for the Kubernetes cluster. Kubernetes Operations and System Integration teams will benefit greatly as they plan and deploy their Kubernetes production environments.

Course Content

Kubernetes High Availability

  • Review the basic architecture of a Kubernetes cluster
  • Install a well-validated HA Kubernetes cluster on a collection of hosts
  •  Load balance kubectl commands across an HA Kubernetes cluster

Managing Application Deployment

  • Review how pods are scheduled on worker nodes
  • Examine the node selector
  • Discuss implementing the impact of taints and tolerations for Kubernetes workloads
  • Review both pod and node affinity and anti-affinity

Releasing Application Updates

  • Discuss releasing updates to applications running on the Kubernetes platform 
  • Explore native tooling for updating application
  • Examine how Helm manages updating applications

Application High Availability

  • Review the architecture required to achieve high availability for applications 
  • Discuss best practices for using liveness and readiness probes
  • Explore Kubernetes auto-scaling of applications
  • Discuss how to prioritizing Kubernetes workloads

Routing Network Traffic

  • Discuss network routing options within Kubernetes 
  • Discuss the benefits of the Ingress controller and object 
  • Examine the Ingress object and controller pattern

Provisioning Storage

  • Review available storage options for applications
  • Discuss constraints of persistent storage in a standard Kubernetes cluster deployment
  • Examine the storageClass object

Kube Security: Implementing RBAC

  • Discuss RBAC implementation within Kubernetes
  • Examine Kubernetes RBAC components
  • Review Auditing within Kubernetes
  • Determine how to enable Auditing within a Kubernetes cluster

Kubernetes Network Security

  • Review the the Kubernetes Networking Model
  • Discuss how Network Security is managed within the Kubernetes cluster
  • Examine managing network security with native and non-native Kubernetes tooling
  • Explain the native method of creating Network Policies

Securing an Application Workload

  • Identify security mechanisms available to security between containers, pods, and the Kubernetes cluster
  • Discuss strategies for enabling flexibility within security policy while maintaining security compliance
  • Examine how to enable Pod Security Policies

Multi-Tenancy in Kubernetes

  • Discuss multi-tenancy in a Kubernetes cluster
  • Examine native Kubernetes objects used for enabling multi-tenancy capability 
  • Discuss multi-tenancy methods for Kubernetes

Course Overview

In this Cloud Native course, developers will learn how to build containerized applications targeted for enterprise-grade production environments. You’ll explore patterns in containerized application architecture, techniques for eliminating friction in the development process, how to test and debug containerized applications, and how to instrument applications with healthchecks, monitoring tools, and common container logging patterns. After mastering these techniques, we’ll turn our attention to devops and building container-native continuous integration pipelines powered by Jenkins and Kubernetes.

Course Content

Container Development Environments

  • Rapid development with code mounts and automatic reloading
  • Attaching debuggers to containerized processes
  • Installing Kubernetes development environments

Container Lifecycle

  • Optimizing image design to take advantage of the container lifecycle
  • Runtime operations to avoid or mitigate
  • Implementing logging, resource management and healthchecks for containers
  • Handling container exit
  • Introduction to developer-driven operational control

Containerizing Applications

  • Migrating preexisting applications from VMs to containers
  • Refactoring applications for microservices
  • Hybrid applications (containerized + uncontainerized)

Container Health & Monitoring

  • Implementing container healthchecks with Kubernetes
  • Integrating Prometheus monitoring with Kube applications

Introduction to Containerized Continuous Integration

  • Differences between traditional and containerized continuous integration
  • Tooling choices for CI chain components
  • Recommended CI chain architecture

CI Agent Deployment

  • Designing access control patterns for CI agents
  • Installing and integrating Jenkins with Kubernetes

Building Images in CI

  • Implementing build environments
  • Designing reusable image hierarchies

Testing in CI

  • Unit and integration testing in containers
  • Testing pipeline design
  • Integrating security scanning in a testing pipeline

Releasing Containerized Applications

  • Signing images with content trust
  • Packaging applications with Helm

Course Overview

This four-day course is the first step in learning about Containers and Kubernetes Fundamentals and Cluster Operations. Through a series of lectures and lab exercises, the fundamental concepts of containers and Kubernetes are presented and put to practice by containerizing and deploying a two-tier application into Kubernetes.

Course Objectives

By the end of the course, you should be able to meet the following objectives:

  • Build, test, and publish Docker container images
  • Become familiar with YAML files that define Kubernetes objects
  • Understand Kubernetes core user-facing concepts, including pods, services, and deployments
  • Use kubectl, the Kubernetes CLI, and become familiar with its commands and options
  • Understand the architecture of Kubernetes (Control plane and its components, worker nodes, and kubelet)
  • Learn how to troubleshoot issues with deployments on Kubernetes
  • Apply resource requests, limits, and probes to deployments
  • Manage dynamic application configuration using ConfigMaps and Secrets
  • Deploy other workloads, including DaemonSets, Jobs, and CronJobs
  • Learn about user-facing security using SecurityContext, RBAC, and NetworkPolicies

Course Content

1  Course Introduction

  • Introductions and objectives

2  Containers

  • What and Why containers
  • Building images
  • Running containers
  • Registry and image management

3  Kubernetes Overview

  • Kubernetes project
  • Plugin interfaces
  • Building Kubernetes
  • Kubectl CLI

4  Beyond Kubernetes Basics

  • Kubernetes objects
  • YAML
  • Pods, replicas, and deployments
  • Services
  • Deployment management
  • Rolling updates
  • Controlling deployments
  • Pod and container configurations

5  Kubernetes Networking

  • Networking within a pod
  • Pod-to-Pod Networking
  • Services to Pods
  • ClusterIP, NodePort, and LoadBalancer
  • Ingress controllers
  • Service Discovery via DNS

6  Stateful Applications in Kubernetes

  • Stateless versus Stateful
  • Volumes
  • Persistent volumes claims
  • StorageClasses
  • StatefulSets

7  Additional Kubernetes Considerations

  • Dynamic configuration
  • ConfigMaps
  • Secrets
  • Jobs, CronJobs

8  Security

  • Network policy
  • Applying a NetworkPolicy
  • SecurityContext
  • runAsUser/Group
  • Service accounts
  • Role-based access control

9  Logging and Monitoring

  • Logging for various objects
  • Sidecar logging
  • Node logging
  • Audit logging
  • Monitoring architecture
  • Monitoring solutions
  • Octant
  • VMware vRealize® Operations Manager™

10  Cluster Operations

  • Onboarding new applications
  • Backups
  • Upgrading
  • Drain and cordon commands
  • Impact of an upgrade to running applications
  • Troubleshooting commands
  • VMware Tanzu™ portfolio overview

Course Overview

This course complies with instructional designing principles for all the 3 lessons. This will ensure that you repeat and reinforce your gained knowledge at every step. Each and every minute spent during this 1-day course will incrementally take you to a next level.

Course Objectives

ensure that your container-based applications sail into production without hiccups, you need robust container orchestration. This course teaches you the art of container management with Kubernetes.

The course will provide enough knowledge of the following:

  • Understand and classify software designs patterns as per the cloud-native paradigm
  • Apply best practices in Kubernetes with design patterns
  • Access the Kubernetes API programmatically using client libraries
  • Extend Kubernetes with custom resources and controllers
  • Integrate access control mechanisms and interact with the resource lifecycle in Kubernetes
  • Develop and run custom schedulers in Kubernetes

Course Content

LESSON 1: KUBERNETES DESIGN PATTERNS

  • Software Design Patterns
  • Kubernetes Design Patterns

LESSON 2: KUBERNETES CLIENT LIBRARIES

  • Accessing Kubernetes API
  • Official Client Libraries
  • Community Maintained Client Libraries

LESSON 3: KUBERNETES EXTENSIONS

  • Kubernetes Extension Points
  • Extending Kubernetes Clients
  • Extending Kubernetes API
  • Kubernetes Dynamic Admission Control
  • Extending Kubernetes Scheduler
  • Extending Kubernetes Infrastructure