Duration 5 days – 35 hrs
Overview
This hands-on, lab-intensive program is designed for engineers who already use containers and want to level up to production-grade Docker and Kubernetes. Participants will build optimized container images, design secure container networks and storage, and deploy real workloads on Kubernetes using enterprise patterns: deployments, autoscaling, services/ingress, configuration/secrets, RBAC, network policies, observability (monitoring/logging), and operational best practices.
The course is aligned to CKA/CKAD-style competencies and enterprise Kubernetes standards (secure-by-default, repeatable delivery, and troubleshoot-ready).
Objectives
- Build optimized, secure Docker images (multi-stage builds, caching, minimal base, SBOM/scanning concepts).
- Implement container networking and storage patterns (bridge/host/overlay concepts, volumes, bind mounts).
- Explain Kubernetes architecture (control plane, etcd, scheduler, kubelet, CNI/CSI) and how components interact.
- Deploy and manage workloads using Deployments, StatefulSets, DaemonSets, Jobs/CronJobs.
- Configure Services, Ingress, and troubleshoot common networking issues.
- Use ConfigMaps, Secrets, resource requests/limits, and scheduling controls for reliability.
- Apply Kubernetes security practices: RBAC, service accounts, admission/pod security standards, image policies (enterprise approach).
- Implement observability: health probes, metrics, logging patterns, and production monitoring fundamentals.
- Troubleshoot pods, nodes, DNS, networking, storage, and deployment rollouts using a structured approach.
- Follow operational best practices aligned with CKA/CKAD or enterprise cluster standards.
Audience
- DevOps Engineers / SREs
- Platform / Cloud Engineers
- Backend Engineers deploying microservices
- System Administrators transitioning to Kubernetes operations
- Tech Leads responsible for container platform reliability and delivery standards
Pre-requisites
- Basic Linux CLI skills (files, processes, networking basics)
- Working knowledge of containers (build/run images, basic Docker usage)
- Basic understanding of YAML
- Familiarity with CI/CD concepts (helpful, not required)
- Optional but helpful: basic Kubernetes exposure (kubectl basics)
Course Content
Day 1 — Advanced Docker: Image Optimization, Networking, Storage
- Deep dive into Docker architecture (layers, build cache, runtime concepts)
- Image optimization patterns
- Multi-stage builds, build caching, minimal images, tagging strategies
- Intro to supply-chain hygiene: signing/scanning concepts, SBOM overview (high level)
- Advanced Docker networking
- Bridge vs host, port mapping, DNS basics, network drivers overview
- Storage & persistence
- Volumes vs bind mounts, permissions, backup/restore patterns
Labs
- Create multi-stage builds and reduce image size significantly
- Implement best-practice Dockerfiles (non-root user, minimal base, env handling)
- Build and run multi-container app with custom Docker networks
- Persist data using volumes and validate recovery
Day 2 — Kubernetes Foundations: Architecture, kubectl Mastery, Core Workloads
- Kubernetes architecture
- Control plane components, worker node components, etcd role
- CNI/CSI overview and how networking/storage integrate
- kubectl power skills: contexts, namespaces, dry-run, diff, jsonpath, debugging patterns
- Core objects and workflow
- Pods, ReplicaSets, Deployments: rollout/rollback strategies
- Labels/selectors and how they drive operations
Labs
- Spin up a training cluster (local or provided) and validate access
- Deploy a microservice using Deployments; perform rollout + rollback
- Use labels/selectors to route and manage workloads
- Debug CrashLoopBackOff and image pull errors
Day 3 — Services, Ingress, Scaling, Scheduling, Config Management
- Service discovery and traffic routing
- ClusterIP, NodePort, LoadBalancer, headless services
- Ingress fundamentals and routing patterns (path/host-based)
- Scaling & resiliency
- HPA basics, resource requests/limits, disruption awareness
- Configuration management
- ConfigMaps, Secrets, env vars, mounted configs
- Scheduling & placement
- Node selectors, taints/tolerations, affinities (intro-to-practical)
Labs
- Expose apps via Services; validate DNS + connectivity
- Configure an Ingress and test routes
- Apply requests/limits and configure HPA for a deployment
- Externalize configs with ConfigMaps/Secrets and rotate safely
- Use taints/tolerations to control placement
Day 4 — Security & Cluster Operations (Enterprise Patterns)
- Kubernetes security essentials
- RBAC, Roles/ClusterRoles, RoleBindings
- Service accounts and workload identity patterns
- Pod security and policy direction
- Pod Security Standards / admission concepts (enterprise-ready approach)
- Network security
- NetworkPolicies and zero-trust basics inside the cluster
- Operational readiness
- Namespaces as tenancy boundaries, quotas/limits, multi-team patterns
- Backup/restore concepts for cluster components (high-level best practices)
Labs
- Build RBAC roles for dev vs ops personas; validate permissions
- Apply Pod security hardening (non-root, read-only FS where applicable, capability drops)
- Implement NetworkPolicies to restrict east-west traffic
- Apply resource quotas/limit ranges to enforce standards
Day 5 — Observability, Logging, Troubleshooting & Production Best Practices
- Health and reliability
- Liveness/readiness/startup probes, graceful shutdown, rollout strategies
- Monitoring fundamentals
- Metrics concepts, what to monitor (nodes, pods, app SLO signals)
- Logging patterns
- Structured logs, sidecar patterns (conceptual), centralized logging approach
- Troubleshooting playbook (CKA-style)
- Pods, deployments, services/ingress, DNS, nodes, storage, RBAC issues
- Production best practices
- Release strategies, config/secret handling, least privilege, cost controls, governance
Labs
- Add probes and validate zero-downtime rollout behavior
- Diagnose networking issue (service selector/port mismatch, DNS misconfig, ingress routing)
- Diagnose storage issue (PVC binding, access modes, permissions)
- Fix RBAC denial and validate least-privilege access
- “Troubleshooting gauntlet”: timed multi-scenario lab (CKA/enterprise aligned)
