Duration 5 days – 35 hrs
Overview
This 5-day, hands-on course focuses on operating and securing a production-grade Red Hat OpenShift (OCP v4.14) cluster. Participants learn to manage Kubernetes resources declaratively, deploy packaged applications (Templates/Helm), implement authentication and RBAC, secure cluster networking with TLS and Network Policies, expose non-HTTP workloads, enable developer self-service through quotas and templates, manage Operators with OLM, harden workloads with SCCs and API access controls, and perform cluster updates while detecting deprecated Kubernetes APIs.
Objectives
- Manage Kubernetes/OpenShift resources using declarative manifests and Kustomize overlays
- Deploy packaged workloads using OpenShift Templates and Helm charts
- Configure identity providers (IdP) and enforce access control using RBAC
- Secure ingress/egress and service-to-service traffic using TLS and NetworkPolicies
- Expose non-HTTP / non-SNI applications using LoadBalancer Services and Multus secondary networks
- Enable developer self-service with quotas, limit ranges, project templates, and self-provisioning controls
- Install and manage cluster add-ons using Operators and the Operator Lifecycle Manager (OLM) via console and CLI
- Strengthen workload security using Security Context Constraints (SCCs) and controlled access to Kubernetes APIs
- Perform cluster and operator updates safely; identify and remediate deprecated API usage
- Apply best practices through scenario-based labs (self-service setup, secure apps, packaged app deployments)
Audience
- OpenShift/Kubernetes administrators and platform operations teams
- DevOps / SRE / Platform engineering teams managing production clusters
- Infrastructure and cloud engineers responsible for container platforms
- Security engineers supporting cluster hardening and policy enforcement
- Technical leads responsible for operating OpenShift at scale
Pre-requisites
- Basic Kubernetes/OpenShift familiarity (pods, services, deployments, namespaces/projects)
- Command-line proficiency (Linux shell) and comfort using YAML
- Basic networking fundamentals (DNS, ports, TLS concepts)
- Recommended: completion of OpenShift Administration I (or equivalent experience)
Course Content
Day 1 — Declarative Operations + Kustomize
Chapter 1: Declarative Resource Management
- Resource manifests (YAML) and declarative workflows
- Kustomize overlays for environment-specific configurations
- Lab: Declarative Resource Management
Day 2 — Deploy Packaged Applications (Templates + Helm)
Chapter 2: Deploy Packaged Applications
- OpenShift Templates: parameters and reuse patterns
- Helm charts: install/upgrade basics and release management concepts
- Lab: Deploy Packaged Applications
Day 3 — Identity, RBAC, and Network Security
Chapter 3: Authentication and Authorization
- Configure identity providers (IdP)
- Define/apply permissions with RBAC (roles, rolebindings, clusterroles)
- Lab: Authentication and Authorization
Chapter 4 (Part 1): Network Security
- Protect external traffic with TLS
- Configure NetworkPolicies
- Guided exercises
Day 4 — Advanced Networking + Developer Self-Service
Chapter 4 (Part 2): Network Security
- Protect internal traffic with TLS (service-to-service)
- Lab: Network Security
Chapter 5: Expose non-HTTP/SNI Applications
- LoadBalancer services for L4 workloads
- Multus secondary networks (multi-homed pods use cases)
- Lab: Expose non-HTTP/SNI Applications
Chapter 6 (Part 1): Enable Developer Self-Service
- Project and cluster quotas
- Limit ranges
- Guided exercises
Day 5 — Operators, App Security, and Production Updates + Capstone
Chapter 6 (Part 2): Enable Developer Self-Service
- Project templates and self-provisioner role
- Lab: Enable Developer Self-Service
Chapter 7: Manage Kubernetes Operators
- Operators + OLM overview
- Install Operators via Web Console and CLI
- Lab: Manage Kubernetes Operators
Chapter 8: Application Security
- SCCs to control app permissions
- Allow application access to Kubernetes APIs
- Cluster/node maintenance with Kubernetes CronJobs
- Lab: Application Security
Chapter 9: OpenShift Updates
- Cluster update process
- Detect deprecated Kubernetes API usage
- Update Operators with OLM
- Quizzes + summary
Chapter 10: Comprehensive Review
- Lab: Cluster Self-service Setup
- Lab: Secure Applications
- Lab: Deploy Packaged Applications
