Skip to content

Latest commit

 

History

History
129 lines (109 loc) · 3.62 KB

00. Kubernetes Checklist.md

File metadata and controls

129 lines (109 loc) · 3.62 KB

Complete Kubernetes Checklist

This Checklist is built from "Cloud With RaJ's" Kubernetes Roadmap Video Link to the YouTube Video: https://www.youtube.com/watch?v=zGGsQ4H1e6E&t=3s

This list is curated by "Cloud With Raj". I just made a checklist out of it. It takes a lot of effort and time to build these kind of comprehensive lists. So, if this checklist is useful for you, Go checkout "Cloud With Raj's" Youtube Channel. Link to his Channel: https://www.youtube.com/c/AgentofChange-RajdeepSaha

Kubernetes Fundamentals

  • What is container ?
  • What is Container Orchestrator ?

Docker

  • DockerFile
  • Multi-stage Build
  • Docker Container Runtime

Kubernetes

  • What is Kubernetes ?
  • Pods
  • Deployments
  • ReplicaSets
  • Services
  • DaemonSet
  • PodSpec File
  • Namespaces
  • Popular Kubectl Commands

Advanced Kubernetes Fundamentals

  • Ingress
  • Service vs. Ingress
  • StatefulSets

Scaling

  • Metrics Server
  • HPA
  • VPA
  • OverProvisioner
  • Custom Metrics (KEDA)

Availability

  • Taints & Tolerations
  • Liveliness, Readiness & Startup Probes

Cost Optimization

  • KubeCost

Kubernetes Observability

Logs

  • Control Plane Logs
  • Container Logs
  • fluentd, fluentbit
  • Container Insights (AWS)

Metrics

  • Control Plane Metrics
  • Data Plane Metrics
  • Prometheus
  • Grafana

Kubernetes Security

  • RBAC
  • Service Account
  • Role & ClusterRole
  • RoleBinding & ClusterRoleBinding
  • kubeconfig, configmap & Secrets
  • How different applications & users can have different access?
  • Auth N/Z with API Gateway & Ingress
  • Security Best Practices
  • IRSA, Pod Security Group & aws-iam-authenticator for EKS in AWS

Kubernetes Networking

  • How IP addresses are allocated
  • CNI Plugins
  • AWS VPC CNI (If EKS)
  • Network policy
  • Calico
  • IPv6 vs IPv4
  • How is it different than adding secondary subnet in IPv4
  • Core DNS
  • Ingress
  • Private cluster (Public + Private, Private)

Managed K8s service from CSPS

  • Pick one of EKS (AWS), AKS (Azure), GKE (GCP)
  • Advantages of managed K8s service
  • Managed control plane
  • Integration with other cloud services
  • Storage, workflow, security For EKS (AWS)
  • Managed node group, Spot, VPC-CNI, managed addons, IPv6support, prefix support, AWS controller, container insights, managed Prometheus & Grafana, secure AMI, free ECR scanning, eksctl etc.
  • EBS/EFS/FSx integration, Step Function, IAM, Inspector & Security Hub
  • Gaps of managed K8s service

Kubernetes DevOps

  • DevOps flow to deploy into K8s
  • Container repo
  • DockerHub, ECR if AWS
  • GitOps
  • ArgoCD, Flux (Pick one)
  • Implementing into a cluster using one DevOps tool
  • Jenkins
  • Jenkins + GitOps
  • Blue green, canary deployment (Service mesh)
  • Operator and controllers (Only theory for rare interview)

Service Mesh & API Gateways

  • Service mesh architecture
  • Service mesh benefits
    • Encryption
  • How to throttle, circuit break, retry
  • Service mesh auth with third party
  • Scale using service mesh metrics (Keda) Blue green, canary deployment (Service mesh)
  • Service mesh products – Istio, Appmesh (pick one)
  • API Gateway
    • Separate service to K8s
    • API Gateway running on K8s
    • Gloo, Kong, Mulesoft (pick one)

Kubernetes Day2 Ops

  • Patching
  • Hardening AMI
  • Upgrading K8s without downtime
  • Deploying application without downtime
  • Backup K8s cluster
  • Common Day2 challenges