Learn DevOps: On-Prem or Cloud Agnostic Kubernetes

Demonstrate how to install Kubernetes using kubeadm across cloud and on-prem environments by provisioning two droplets, selecting an Ubuntu LTS image, configuring SSH keys, and securing with a firewall.

Learn to set up a kubernetes cluster with kubeadm on-prem or cloud-agnostic, including docker installation, master and node setup, calico pod network 192.168.0.0/16, and hello-world testing.

Learn how Kubernetes operators package, deploy, and manage apps, extending the API with custom resource definitions. See how they simplify stateful deployments like etcd and enable upgrades and resizes.

Rook is an open source orchestrator for distributed storage systems running in Kubernetes, enabling cloud agnostic or on prem storage and automating configuration, deployment, and maintenance.

Explore Ceph, a fault-tolerant, self-healing storage system offering file, block, and object storage for on-premises or cloud deployments. Discover how monitors, OSDs, and an S3 interface scale with Kubernetes.

Learn how Rook integrates with Ceph to provide block, file, and object storage across multiple nodes, using the Rook operator and Kubernetes storage API for easy provisioning.

Demonstrates Rook with Ceph providing persistent storage for MySQL data, surviving pod crashes and node failures with replication in Kubernetes, and using block storage for on prem or cloud-agnostic deployments.

Demonstrates enabling object storage with rook in a Kubernetes cluster, creating an S3-compatible gateway, configuring credentials, and using the S3 cmd to create a bucket and upload a file.

Explore cert-manager on Kubernetes, automating TLS certificate issuance with Let's Encrypt and renewing via Kubernetes secrets for secure https endpoints.

Learn to issue certificates from Letsencrypt with cert-manager in kubernetes. Cover helm installation, rbac and tiller setup, and deploy a nginx ingress controller for on-prem and cloud-agnostic clusters.

Demonstrates configuring cert-manager in a kubernetes cluster with nginx ingress and Let's Encrypt certificates (staging to production), including firewall rules, DNS records, and ingress routing.

Explore how Dex acts as an identity service for Kubernetes, using OpenID Connect to authenticate users via connectors like LDAP, SAML, GitHub, or Microsoft.

Explain how OpenID Connect works in Kubernetes with Dex, issuing access, ID, and refresh tokens, and how kubectl uses the token while the API server verifies it and enforces RBAC.

Explore Dex with GitHub authentication to access a Kubernetes cluster via an OIDC gateway, using an example app and token-based kubectl configuration.

Demonstrate Dex integration with LDAP in Kubernetes by configuring SSL, certificates, and a config map, then test login and token retrieval via Dex.

Explore envoy as a high-performance proxy powering service mesh communications in microservices, compare it with Linkerd, and highlight http2, gRPC, dynamic config, retries, circuit breaking, and distributed tracing.

See how Istio with sidecar envoy proxies secures and optimizes pod-to-pod communication in a Kubernetes cluster, enabling retries, access policies, and http2 or gRPC encryption.

Calico provides secure connectivity for container workloads, enabling pod communication across nodes via a container network interface and a flat layer-three network using BGP. Supports Kubernetes network policy via YAML.

Explore calico architecture, including etcd storage, felix on each node, kernel routing and acls management, and bgp state distribution for scalable network policies.

Block outbound traffic with egress network policies and learn to create allow rules for specific destinations like 8.8.8.8 and dns, using a pod label app=egress.

Explore Vault’s secure secret storage, dynamic on-demand secrets, leasing and revocation, and data encryption for credentials in distributed environments, with Kubernetes operator support via YAML and kubectl.

Demonstrate deploying vault on kubernetes with vault and etcd operators, initialize and unseal the cluster, and manage secrets, tokens, and access policies for apps.