Docker Enterprise Operations (en)
- In this course, you’ll learn how to create and manage individual containers using the Docker Engine. We’ll cover best practices in container image design and container deployment and auditing, as well as an introduction to single-node container networking and storage. This course is best practices focused, and is designed to enable rapid successful adoption of containerization from first principles.
- COD: CN210
- CATEGORIES: Mirantis CNA
Description
Objectives of the Courses
Additional Information
Description
Notice:
- The CN210 course will no longer be available after April, 2021
Who Should Attend
This course is targeted at students with the following:- Motivations: Leverage all the features of Universal Control Plane and Docker Trusted registry to securely manage containerized applications in a cloud or datacenter.
- Roles: System Operators & Administrators
Lab Requirements
- Laptop with WiFi connectivity
- Attendees should have the latest Chrome or Firefox installed, and a free account at strigo.io.
Objectives of the Courses
- Docker Enterprise architecture
- DE usage patterns
- Containerized components of DE
- Networking & System requirements for DE
- Installing UCP & DTR
- UCP & DTR high availability
- Access control in Docker Enterprise
- UCP and DTR RBAC systems
- PKI, client bundle and API authentication
- Swarm and Kubernetes access control comparison
- Deploying Swarm and Kubernetes applications on UCP
- Orchestrator architecture
- Swarm and Kubernetes networking and architecture comparison
- Application deployment on UCP
- Container networking patterns
- Routing and service discovery for stateful and stateless applications on Swarm and Kubernetes
- Ingress vs. cluster internal routing
- L7 routing featuring sticky sessions and path based routing in Swarm and Kubernetes
- Introduction to Istio service mesh
- Canary and Blue-Green deployment patterns in UCP
- Cluster-wide logging patterns
- Engine log management
- UCP audit logging
- Log aggregation and management
- Enhancing platform security
- Options for improving host-level container security
- Kubernetes admission controllers and pod security policies
- Container network encryption
- Kubernetes network policies
- Content Trust in DTR
- Man-in-the-middle mitigation per the Update Framework
- Setting up content trust keys
- Signing images with content trust
- Security Scanning in DTR
- Security scanning setup
- Interpreting and filtering scanner reuslts
- Building image pipelines with webhooks and image promotion
- Continuous integration pipeline tools
- Triggering webhooks
- Automatic and manual image promotion through pipeline stages
- DTR Image Management
- Tag pruning and garbage collection
- DTR sizing for development and production clusters
- DTR content caching
Additional Information
Duration: 3 days
Delivery – Classroom, On Site, Remote
PC and SW Requirement:
- Internet connection
- Web browser – Google Chrome
- Zoom
Language
Instructor: English
Workshops: English
Slides: English