GitOps: Building the next generation infrastructure

Descripción general

Cloud computing and security merged together in order to create a new paradigma in environments orchestration. It's not only about the code, it's mainly about methodologies to lean any organization to embrace good practices and deploy environments in a resilient way. How security can be enforced across all organization? What's the DevSecOps role in any modern organization?.  How observability and traceability can help to reduce the impact?


Day 1:

  • Introduction to GitOps concepts

    • Application Lifecycle with Git

    • a quick YaML introduction

    • Linting 

  • Containers deep inspection (Building a Golden image). 

  • Container engines (not everything is Docker)

    • docker

    • containerd

    • cri-o

    • systemd

  • Cross Platform building (x86_64. ARMv7/ARMv8).

  • Automating setups on-premise 

    • Ansible

    • Hashicorp Packer

    • Qemu

  • Review CI/CD technologies

    • Jenkins

    • Gitlab CI

    • GitHub actions

    • CircleCI

  • Pre-commit Hooks 

  • Review of Kubernetes concepts

  • Automating the Kubernetes cluster building.

    • VPC concepts / Subnets concepts

    • Playing with Terraform modules

    • Playing with the Terraform state

    • Allowing Kubernetes to access AWS services

  • Hashicorp Cloud

  • Understanding ETCD

  • Creating Kubernetes objects 

  • Launching cluster in others Cloud Providers with Terraform


Day 2:

  • Building our first Kubernetes cluster (EKS).

  • Review CI/CD technologies

    • Jenkins

    • Gitlab CI

    • GitHub actions

    • CircleCI

  • Creating our first Helm Chart (v3).

  • Playing with Helmfile

  • GitOps approach 

    • Flux-CD approach

    • ArgoCD approach 

  • Kubernetes Operators

    • Review of ArgoCD operator.

    • Deploying applications automatically with ArgoCD Operator. 

  • Storing secrets safely

    • sops

    • Hashicorp Vault

    • Vault operators 

  • Automatic SSL/TLS certificates creation

  • Keeping DNS in sync

  • The importance of the Ingress Controller

  • CNI: Playing with networking plugins

    • Flannel

    • Calico

      • Working with Network Policies.

    • Cilium



Day 3:

  • Designing our first complex pipeline in GitLab.

  • Building images in Kubernetes

    • Kaniko

    • Docker-In-Docker 

  • Encryption in transit: Working with Service Mesh (Linkerd) 

  • Observability introduction.

  • How can we avoid DDoS/DoS for Kubernetes Clusters? (CloudFlare).

  • Scaling clusters on-demand (cluster-autoscaler)

  • Creating our first CRD 

  • Introduction to webhooks

    • Admission webhooks

    • Mutating webhooks

  • Storing logs in S3 

  • Scanning images for well-known vulnerabilities 

  • Distributed file systems (Longhorn / OpenEBS) 

  • Chaos testing 

 

¿A quién está dirigido?

DevSecOps, Site Reliability Engineers, DevOps and Software Developers.


¿Qué van a aprender los estudiantes?

Cloud Orchestration, GitOps paradigma, Resilient infrastructure, Traceability, Cloud Computing good practices and agile deployments.


Conocimientos previos requeridos

Git, Amazon Web Service or any Cloud Computing Environment, Linux, Scripting.



Requerimientos técnicos

AWS Account.





Español 

3 días

27, 28 y 29 de septiembre

ONLINE

Cost


USD 1500

CONSULTAS

Para realizar consultas sobre el training o alguno de sus beneficios, contacta a capacitacion@ekoparty.org


Instructor

Facundo de la Cruz



I'm a Site Reliability Engineer with more than 10 years of experience in Linux and Unix environments. TCP/IP networking and kernel hacking. Actually working in Cloud Computing Environments and Kubernetes.