
Explore the Kubernetes master node (control plane) components—api server, etcd, scheduler, and controllers—and how the api server authenticates requests, stores state, and schedules pods to nodes to run in containers.
Examine the Kubernetes worker node data plane, detailing the container runtime and per-node agents that spin up containers and respond to commands via a command-line interface.
Create an AWS account and an IAM user with programmatic and console access, generate access keys, and attach an administrator policy, while noting secure handling and IaC use for EKS.
Create an AWS EKS cluster with eksctl by configuring region, instance type, and node count, then enable eks managed nodes and review cluster details in the console.
Deploy the Kubernetes dashboard to visualize namespaces, pods, deployments, and services, making it easier to understand and monitor a cluster before deploying your application.
Install the Engine X ingress controller using a Helm chart, create the Ingenix English controller namespace, and verify deployments and a LoadBalancer service to enable host-based load balancing.
Demonstrates enabling ssl termination at an AWS ELB by provisioning a self-signed certificate, configuring ingress controller annotations, and upgrading the Helm deployment to terminate at the load balancer.
Enable AWS ELB access logs for Kubernetes workloads by creating an s3 bucket with a bucket policy and updating service annotations via Helm overrides to monitor traffic and errors.
Explore security for deploying apps by authenticating users to a Kubernetes cluster, using an IAM authenticator and the aws-auth ConfigMap to map external users to cluster roles.
Explore kubeconfig and the aws-auth ConfigMap to configure authorization in kubernetes, mapping users and roles, using authenticator tokens, and managing production and demo environments.
Create a new AWS IAM user with programmatic access, generate an access key and secret key, and add a new credentials profile to verify identity against the EKS cluster.
Install Grafana with Helm on Kubernetes, create a dedicated namespace, expose it via port-forward, retrieve the admin password from a secret, configure Prometheus as a data source, and import dashboards.
*Updated the course material on Jan 2024
If I summarize this course in one sentence?
Learn production-proof AWS EKS Best Practices using Handson concepts and labs (e.g. Helm, Dashboard, Ingress, SSL Termination, AWS ELB Logging, RBAC, IRSA, CA, HPA, Monitoring).
☆Please check preview videos to see if this course is really for you☆
Are you one of the below?
You want to learn how to use managed Kubernetes cluster on AWS EKS
You feel overwhelmed and don't know where to start with AWS EKS
You learned Kubernetes with minikube but don't know how to deploy K8s cluster on AWS
You want to know production-ready AWS EKS best Practices such as SSL Termination at AWS ELB, RBAC (Role Based Access Control), IRSA (IAM Role for Service Account), CA (Cluster Autoscaler using IRSA)
You want to be able to configure SSL for AWS ELB using K8s ingress controller
You want to be able to give right permissions to AWS IAM users in K8s cluster using ClusterRoleBinding (RBAC: Role Based Access Control)
You don't know how pod-level AWS IAM authentication (IRSA: IAM Role for Service Account) works
You want to learn how to monitor K8s apps using Prometheus and Grafana
Who should take this course
you have decent knowledge of AWS (EC2, VPC, subnet, load balancer, IAM, etc)
you have learned Kubernetes fundamentals (pod, service, deployment, ingress, configmap, role, etc)
you don't know how to go about learning Kubernetes on AWS
you have development experience in Kubernetes YAML resources
you want to learn about production-ready best practices for AWS EKS regarding security, monitoring, scaling, and performance
you want to learn ins and outs of AWS EKS from a cloud DevOps working at an US company in SF
you want to improve your AWS EKS knowledge and skills
who should NOT need to take this course
you already know a lot of AWS EKS
you are not planning on using Kuberenetes on AWS
you have never used AWS (EC2, VPC, subnet, load balancer, IAM, etc) before
you have never deployed pods in Kubernetes cluster
In this course, you will learn various aspects of AWS EKS best practices such as:
how to setup K8s dashboard with RBAC
how to monitor K8s cluster and apps using Prometheus and Grafana
how to configure SSL Termination at AWS ELB created by ingress controller using k8s service YAML
how to authenticate and authorize AWS IAM users to AWS EKS cluster using aws-iam-authenticator, aws-auth ConfigMap, and RBAC (Role Based Access Control) aka ClusterRoleBinding
how to authorize Pods to AWS resources by creating pod-level IAM permission using IRSA (IAM Role for Service Account)
how to scale EKS worker nodes automatically using CA (Cluster Autoscaler using IRSA) and how to stress test it
how to scale pods automatically using HPA (horizontal pod autoscaler) and how to stress test it
why you shouldn't use eksctl managed worker nodes in production
why you should be careful when using EKS's default AWS-VPC-CNI plugin, because Pod IP pool gets exhausted based on EC2 instance type
6 Reasons why you should take this course:
1. Instructed by a cloud DevOps engineer (with CKA and certified AWS DevOps pro) working at US company in SF
I have been pretty handson with Kubernetes, AWS, and AWS EKS. With 6.5+ industry experience in both North America and Europe, I breakdown and explain hard concepts using diagrams
2. Abstract Concepts Explained with Diagrams
You usually don't find a solution in multiple languages. Catered for Java backend developers and Python developers. Also beneficial if you know one of them but also want to learn the other.
3. Updated Knowledge about AWS EKS in 2020
Some of the tools (such as kube2iam for pod-level IAM permissions) are outdated. I will demonstrate 2020-updated version of tools and concepts.
4. A Little Detail Matters in Production
When setting up AWS EKS cluster for production, you need to pay lots of attentions to security, reliability, and resilience. I have included how to secure HTTP connection to AWS ELB, how to enable AWS ELB access logs, how to configure pod-level IAM permission using IRSA, how to authorize AWS IAM users to K8s cluster using RBAC, how to setup CA with IRSAetc
5. Tons of handson!
I won't bore you with dry lectures. Instead every concepts are paired with handson demo.
6. Entire course under SIX HOURS
I tried to make this course compact and concise so students can learn the concepts and handson skills in shorted amount of time, because I know a life of software engineer is already pretty busy :)
My background & Education & Career experience
Cloud DevOps Software Engineer with 6.5+ years experience
Bachelor of Science in Computing Science from a Canadian university
Knows Java, C#, C++, Bash, Python, JavaScript, Terraform, IaC
Expert in AWS (holds AWS DevOps Professional certification) and Kubernetes (holds Certified Kubernetes Administrator, CKA)
I will see you inside!