Google Kubernetes Engine: Basic to Advanced on Google Cloud

Welcome to this amazing course on Google Kubernetes Engine: Basic to Advanced on Google Cloud, featuring various real-time lab sessions.

Google Kubernetes Engine (GKE) is the simplest and most common way to set up a Kubernetes cluster on GCP.

Below is the list of assignments covered in this course.

1. Assignment: Create the First Pod Using YAML in Kubernetes GKE

2. Assignment: Kubernetes Pod Restart Policy - GKE

3. Assignment: Working with Labels and Selectors in Kubernetes GKE

4. Assignment: Scaling & Replication in Kubernetes GKE

5. Assignment: Deployment and Rollback in Kubernetes GKE

6. Assignment - Containers within a Pod Communicate via localhost in GKE

7. Assignment - Containers Communicate via localhost using a Specific Port in Kubernetes GKE

8. Assignment - Pod-to-Pod Communication via POD IP in Kubernetes GKE

9. Assignment - Kubernetes Services: ClusterIP in GKE

10. Assignment - Kubernetes Services: NodePort in Kubernetes GKE

11. Assignment - Kubernetes Services: LoadBalancer in Kubernetes GKE

12. Assignment - Create a POD with attached emptyDir volume in Kubernetes GKE

13. Assignment - Create a POD with attached hostpath volume GKE

14. Assignment - Persistent Volumes for Storage in Kubernetes Cluster GKE

Course Outline

Section 1: Kubernetes Introduction

• What is Kubernetes

• Why do we use Kubernetes?

• Kubernetes Implementations - GCP, AWS, Azure, Minikube etc

• Monolithic approach for developing applications.

• Microservices Vs. Monolithic

• Kubernetes Gateway API

• Evolution of Containers, Dockers & VMs

• Microservices running as containers

• Kubernetes - Orchestration or container management tool

• Features of Kubernetes

Section2: Architecture of the Kubernetes Cluster

• The architecture of the Kubernetes Cluster

• Understand architecture with various examples

• Working with Kubernetes

• Roles of Master Node

• Components of Control Plane (Master Node)

• API Server

• Etcd

• Scheduler

• Controller Manager

• Kubelet

• Service Proxy

• POD

• Container Engine - Docker, Containerd, or Rocket

Section 3: Setup of Kubernetes Cluster in GCP

• Set up a Kubernetes Cluster in GCP Environment

• Cluster basics, Node Pools, Networking etc.

• Activate cloud shell to access Kubernetes Cluster

• Configure Kubectl

Section 4: Kubernetes Concepts in GCP

• Create the first POD using manifest file written in YAML Language

• How to deploy ubuntu pod in Kubernetes?

• Check logs for pods and containers in Kubernetes

• Create multiple containers in a POD

• Retrieve information from running containers

• Get a Shell to a Running Container

• Multiple Containers in a Pod (Ubuntu, Nginx Web Sever)

• Download image for containers like Curl, Ubuntu, Nginx etc.

• Image Pull Policy of containers

• Kubernetes Annotations

• Define Environment variables

• Pod-to-pod communication

• Login to Cluster nodes using cloud shell or control plane

Section 5: Kubernetes Pod Restart Policy

• Overview of Pod Restart Policies

• Three restart policies: Always, OnFailure & Never

• Lab - Restart Policy: Always

• Lab - Restart Policy: OnFailure

• Lab - Restart Policy: Never

Section 6: Labels and Selectors in Kubernetes

• Labels & Selectors

• Lab - Labels and Selectors

• Commands for managing labels & selectors

• Declarative vs. Imperative Kubernetes commands

• Lab - Search the pod using labels

• Two types Selectors
  Equality Based

  Set based

• Lab - Search the pod using set-based

• Overview of Node Selector

• Lab - Create a pod on a specific node

Section 7: Scaling & Replication

• What is ReplicationController - RC?

• Features of RC

• Lab - Create Replicas of POD using RC

• Lab - Deleting a pod of ReplicationController

• Lab - Scale-up & scale-down the pod: ReplicationController

• What is ReplicaSet - RS?

• Lab - Create Replicas of POD using ReplicaSet

• Lab - Scale-up & scale-down the pod: ReplicaSet

• Difference between ReplicationController & ReplicaSet

Section 8: Deployment and Rollback

• Overview of Deployment and Rollback

• Lab: Launch two PODs using deployment object

• Lab: upgrade the application v1 to v2 using deployment object

• Lab: Roll back the application to previous version

• Lab: Roll back to any specific version

Section 9: Kubernetes Networking

• Overview of Kubernetes Networking

• Containers within a POD communicate via localhost

• Containers communicate via localhost using a specific port

• Pod-to-pod communication via Pod IP

• Practice Lab - Pod-to-pod communication

Section 10: Kubernetes Services: ClusterIP, Nodeport and LoadBalancer

• Object - Service

• Why service is required?

• Service type - Cluster IP, NodePort & LoadBalancer

• Lab 1 - Access the Web appl using Cluster IP

• Lab 2 - Access the Web appl using Cluster IP

• Lab 1 - Access the Web appl using NodePort

• Lab 2 - Access the Web appl using NodePort

• Lab 3 - Access the Web appl using specific NodePort

• About LoadBalancer

• Lab 1 - Kubernetes Services: LoadBalancer

• Lab 2 - Kubernetes Services: LoadBalancer

Section 11: Volumes in Kubernetes Cluster

• Overview of Volumes in Kubernetes Cluster.

• Volume types – EmptyDir, hostpath

• Lab1: Create a POD with attached emptyDir volume

• Lab2: Create a POD with attached emptyDir volume

• Lab1: Create a POD with attached hostpath volume

• Lab2: Create a POD with attached hostpath volume

Section 12: Persistent Volumes

• Overview of Persistent volumes

• Create a storage class for GKE

• Create a Persistent Volume using PVC

• GKE Pod With Persistent Volume

Section 13: RBAC Policies for Securing Kubernetes Cluster

• Introduction

• Key components of RBAC

• How RBAC works?

• How Role and RoleBinding Work Together

• Kubernetes Roles: Defining Permissions and Access

• Permissions Granted by Kubernetes Roles

• Create a role

• Bind the Role to a User or Service Account

Section 14: Set Up a Minikube Kubernetes Cluster on Google Cloud

• Project Overview

• Launch VM for Minikube Cluster

• Activate Cloud Shell and Connect to VM

• Minikube Kubernetes Cluster Setup – Practical Lab 1

• Minikube Kubernetes Cluster Setup – Practical Lab 2

• Minikube Kubernetes Cluster Setup – Practical Lab 3

• Start Minikube and Deploy Nginx Pod

Section 15: Client Authentication using SSL/TLS Certificate

• Set Up New Namespace & Launch Pod

• Overview of Client Certificate Generation

• Generate a Private Key

• Generate a Certificate Signing Request (CSR)

• Sign a CSR with Minikube's CA to Generate a User Certificate

• Set and Verify Client Credentials in Kubernetes Config

Section 16: RBAC: Role and RoleBinding

• Create a Role

• Create RoleBinding to Assign Role to User

• Test RBAC Permissions

Section 17: Access the K8s Minikube Cluster as a User

• List and Manage Kubernetes Contexts

• Set Up a New Context for a User

• Verify RBAC Permissions with New Context

• Modify and Test RBAC Role Permissions

Section 18: Set Up and Verify Network Policies for Pods

• Introduction to Kubernetes Network Policies

• Why Restrict Pod-To-Pod Communication?

• Understanding K8s Network Policies and CNI Plugins

• Example Use Case Scenarios

Section 19: Lab: Restrict Pod Communication Using Network Policies

• Start Minikube with Cilium CNI

• Create Two Pods with Labels

• Verify Pod Connectivity Using Curl

• Create Ingress Network Policy to Restrict Pod Access

• Check if Pod-to-Pod Access is Blocked

• Restrict Ingress/Egress Traffic with Network Policy

Section 20: Securely Access Minikube Cluster Using MobaXterm or PuTTY

• Deploy a Virtual Machine

• Add User and Setup SSH Authentication

• Create SSH Key Pair

• Convert Private Key to .ppk Format

• VM Access Troubleshooting

• Deploy Minikube on Virtual Machine

• Initialize Minikube Cluster

Section 21: Secure Deployment and Access of Nginx on Kubernetes

• Overview of Securing Nginx with HTTPS

• Deploy and Expose a Nginx Pod to External Traffic

• Access Nginx Web Server Through HTTP

• Set Up Nginx on Host Machine for Accessing Nginx Pod

• Access Nginx Web Server via Web Browser (HTTP Only)

Section 22: Implement HTTPS for Nginx in a K8s Cluster Using TLS Certificates

• Deploy and Expose a Nginx Pod to External Traffic

• Generate a self-signed TLS Certificate

• Store the TLS Certificate as a Secret

• Check Minikube’s Ingress Controller Status

• Create Ingress Resource for HTTPS

• Last Lecture