In this intense bootcamp, students will encounter containers for the first time, learn to orchestrate them into scalable, highly available applications orchestrated by Docker Swarm, and finally discover how to enhance the security of their entire software supply chain and production environments using Mirantis Kubernetes Engine and Mirantis Secure Registry. This bundle is ideal for students who are just starting out with containerization and want to leverage the full power of Swarm and the Mirantis orchestration platform as soon as possible.
Content
- Usecases
- Comparison to virtual machines
- Container implementation from the Linux kernel
- Container lifecycle details
- Core container creation, auditing and management CLI
- Layered filesystem implementation and performance implications
- Creating images with Dockerfiles
- Optimising image builds with multi-stage builds and image design best practices
- Docker native networking model
- Software defined networks for containers
- Docker-native single-host service discovery and routing
- Docker volume creation and management
- Best practices and usecases for container-external storage.
- Operational priorities of container orchestration
- Containerized application architecture
- Swarm scheduling workflow & task model
- Automatic failure mitigation
- Swarm installation & advanced customization
- Defining workloads as services
- Scaling workloads
- Container scheduling control
- Rolling application updates and rollback
- Application healthchecks
- Application troubleshooting
- Deploying applications as Stacks
- Swarm service discovery and routing implementation
- Routing strategies for stateful and stateless workloads
- Swarm ingress traffic
- Application configuration design
- Environment variable management
- Configuration file management
- Provisioning sensitive information
- Storage backend architecture patterns
- NFS backed Swarms
- What to monitor in production-grade Swarms
- Potential Swarm failure modes & mitigations
- Swarm workload monitoring
- Production-grade deployment patterns
- Containerized components of MKE
- Networking & System requirements for MKE
- Installing MKE via Launchpad for high availability
- MKE RBAC systems
- PKI, client bundle and API authentication
- Swarm and Kubernetes access control comparison
- Interlock for Swarm
- Istio for Kubernetes
- Sticky sessions, canary or blue/green deployments, and cookie usage for both orchestrators
- Generating and understanding MKE support dumps
- Finding critical information in support dumps for troubleshooting MKE
- Enabling and exporting API audit logs for disaster post-mortem
- Correlating MKE symptoms with components
- Probing and reading MKE state databases
- Recovering failed MKE managers
- MKE backups & restore
- Disaster recovery in event of critical MKE failure
- Production-grade deployment patterns
- Containerized components of MSR
- Networking & System requirements for MSR
- Installing MSR via Launchpad for high availability
- Integrating external storage into MSR
- MSR RBAC system
- Defeating man in the middle attacks with The Update Framework & Notary
- Content Trust usage in MSR
- Auditing container images for known vulnerabilities
- Setting up MSR security scanning
- Security scan integration in continuous integration
- Continuous integration pipeline architecture featuring MSR
- Promoting and mirroring images through pipelines
- Integrating MSR with external tooling via webhooks
- Image pruning and garbage collection strategies and automation
- Registry sizing strategy
- Content caching for distributed teams
- Correlating MSR symptoms with components
- Probing and reading MSR state databases
- Recovering failed MSR replicas
- MSR backups & restore
- Disaster recovery in event of critical MSR failure