Get in Touch

Course Outline

Day 1 – Container Fundamentals and Image Lifecycle Management

Overview of Container Technologies

  • Comparative analysis of traditional deployment models versus containerized architectures for government applications
  • Differentiating containers from virtual machines in terms of resource efficiency and isolation
  • Distinction between container runtimes and engine interfaces
  • Strategic roles of Docker, Kubernetes, and OpenShift in federal IT infrastructure
  • Architectural patterns for standardized container platforms
  • Workflow integration across development, testing, and production environments

Container Operations Management

  • Procedures for initiating and managing container instances
  • Lifecycle management of container entities
  • Operations: initiation, termination, and deletion of containers
  • Execution of administrative commands within isolated environments
  • Configuration of environment variables for parameterization
  • Network port mapping and external accessibility
  • Analysis and retrieval of container log outputs
  • Monitoring resource consumption and process states

Container Image Construction

  • Understanding the layered architecture of container images
  • Creation and syntax of Dockerfiles and Containerfiles
  • Criteria for selecting appropriate base images for federal workloads
  • Incorporation of application dependencies
  • Definition of entry points and execution commands
  • Optimization techniques for build caching
  • Methods for minimizing image footprint to enhance security and performance
  • Strategies for ensuring reproducible build outcomes

Container Registry Governance

  • Management of public versus private image repositories
  • Version control and tagging conventions for image identification
  • Procedures for pushing and pulling images across networks
  • Authentication protocols for secure image access
  • Data retention policies and automated cleanup mechanisms
  • Foundational security standards for container imagery

Networking and Data Persistence in Containers

  • Principles of container network topology
  • Configuration of bridge networking interfaces
  • Exposure of container ports to host networks
  • Mechanisms for inter-container communication
  • Utilization of bind mounts and volume drivers
  • Strategies for maintaining persistent data across container lifecycles
  • Backup protocols for containerized data stores

Practical Laboratory Exercises

  • Execution and inspection of container instances
  • Construction of application-specific images
  • Configuration of port mappings and environment parameters
  • Publishing images to designated registries for government use
  • Implementation of persistent storage outside the container boundary

Day 2 – Kubernetes Architecture and Workload Management

Kubernetes Core Concepts

  • Objectives and benefits of container orchestration in enterprise environments
  • Structural overview of the Kubernetes architecture
  • Components of the control plane
  • Function and configuration of worker nodes
  • Role of the API server in cluster management
  • Mechanisms of the scheduling algorithm
  • Operational logic of controllers
  • Difference between cluster state and desired state configurations
  • Interaction with the cluster via the kubectl command-line interface

Kubernetes Resource Objects

  • Pod definition and management
  • ReplicaSets for workload redundancy
  • Deployments for declarative application updates
  • Namespaces for resource isolation
  • Application of labels and annotations for metadata management
  • Utilization of selectors for object targeting
  • Implementation of declarative resource definitions
  • Syntax and structure of YAML manifests

Application Deployment Strategies

  • Creation and management of deployment objects
  • Scaling workloads to meet demand
  • Updating container image versions
  • Execution of rolling updates for zero-downtime deployments
  • Initiation of rollbacks in response to failure
  • Review of deployment history and change logs
  • Procedures for workload restarts
  • Management of replica counts for high availability

Application Configuration Management

  • Use of ConfigMaps for non-sensitive configuration data
  • Use of Secrets for sensitive credentials and tokens
  • Passthrough of environment variables to containers
  • Inclusion of external configuration files
  • Decoupling application code from configuration settings
  • Management of environment-specific parameters across clusters

Resource Allocation and Quotas

  • Specification of CPU and memory requests
  • Definition of CPU and memory limits
  • Implementation of namespace-level resource quotas
  • Application of default limit ranges
  • Impact of resource constraints on scheduling decisions
  • Troubleshooting failures related to resource exhaustion

Practical Laboratory Exercises

  • Deployment of containerized applications into a cluster
  • Creation and modification of Kubernetes manifests
  • Execution of application scaling operations
  • Performance of rolling updates and subsequent rollbacks
  • Configuration of application parameters using ConfigMaps and Secrets
  • Application of resource requests and limits to workloads

Day 3 – Kubernetes Networking, Storage, and Security Posture

Kubernetes Network Architecture

  • Design principles of the cluster network model
  • Mechanisms for pod-to-pod communication
  • Implementation of service discovery protocols
  • DNS resolution within the cluster environment
  • Configuration of ClusterIP services for internal access
  • Configuration of NodePort services for node-level access
  • Configuration of LoadBalancer services for external traffic distribution
  • Ingress controller concepts and configuration
  • Patterns for exposing applications to external users

Network Policy Enforcement

  • Control mechanisms for traffic flow between workloads
  • Configuration of ingress and egress rules
  • Traffic isolation based on namespace boundaries
  • Validation techniques for network connectivity
  • Troubleshooting service communication failures

Persistent Storage Implementation

  • Differentiation between ephemeral and persistent storage types
  • Volumes as temporary data storage units
  • PersistentVolumes as cluster-wide storage resources
  • PersistentVolumeClaims for dynamic storage allocation
  • StorageClasses for provisioner abstraction
  • Mechanisms of dynamic provisioning
  • Understanding access modes for data sharing
  • Reclaim policies for volume lifecycle management
  • Storage requirements for stateful applications

Kubernetes Access Control and Identity Management

  • Concepts of authentication and authorization in Kubernetes
  • Implementation of Role-Based Access Control (RBAC)
  • Definition of Roles and ClusterRoles
  • Binding roles via RoleBindings and ClusterRoleBindings
  • Utilization of Service Accounts for application identity
  • Adherence to the principle of least privilege
  • Auditing effective permissions for users and groups

Workload Security Hardening

  • Configuration of security contexts for pods and containers
  • Execution of containers with non-root user privileges
  • Management of Linux capabilities
  • Implementation of read-only filesystems
  • Secure handling and injection of secrets
  • Verification of image provenance and integrity
  • Identification and mitigation of common configuration vulnerabilities

Practical Laboratory Exercises

  • Exposure of applications via Kubernetes services
  • Configuration of Ingress resources for external access
  • Implementation of network policies to restrict traffic flow
  • Provisioning and attachment of persistent storage
  • Configuration of RBAC permissions for user groups
  • Execution of workloads with hardened security contexts

Day 4 – OpenShift Platform Operations and Management

OpenShift Platform Overview

  • OpenShift as an enterprise-grade, Kubernetes-derived application platform for federal systems
  • Alignment of Kubernetes resources within the OpenShift framework
  • Architecture of the OpenShift cluster
  • Differentiation between Projects and standard namespaces
  • Management of platform users and service accounts
  • Navigation and administration via the web console
  • Administration using the OpenShift Command Line Interface (oc)

Project and Access Management

  • Creation and administrative oversight of projects
  • Assignment of user permissions at the project level
  • Application of project-specific roles
  • Procedures for administrative access escalation
  • Enforcement of resource quotas within projects
  • Application of limit ranges for default constraints
  • Management of service accounts for automation
  • Auditing and review of project resources

Application Deployment on OpenShift

  • Deployment of container images via BuildConfigs or ImageStreams
  • Creation of application workloads using Deployments
  • Management of deployment lifecycle events
  • Scaling applications horizontally and vertically
  • Update strategies for application versions
  • Execution of rollback procedures for failed updates
  • Configuration management within the OpenShift environment
  • Secure handling of secrets within project contexts

Application Exposure and Networking

  • Role of Services in internal service discovery
  • Configuration of Routes for external application access
  • TLS termination and certificate management concepts
  • Differentiation between internal and external access pathways
  • Management of hostnames and security certificates
  • Troubleshooting connectivity issues with routes and services

Storage Management in OpenShift

  • Creation and management of PersistentVolumeClaims
  • Configuration of StorageClasses
  • Attachment of storage resources to running workloads
  • Implementation strategies for stateful applications
  • Management of storage access permissions
  • Troubleshooting common volume mounting errors

Scheduling and Node Administration

  • Use of Labels and Selectors for object targeting
  • Configuration of NodeSelectors for workload placement
  • Application of Taints and Tolerations to control scheduling
  • Implementation of Affinity and Anti-Affinity rules
  • Strategies for optimal workload distribution
  • Procedures for cordoning and draining nodes during maintenance
  • Best practices for node-level maintenance operations

Practical Laboratory Exercises

  • Accessing and navigating the OpenShift environment
  • Creation and configuration of application projects
  • Deployment and external exposure of applications
  • Configuration of user and service-account access controls
  • Attachment of persistent storage volumes to workloads
  • Scaling operations and version updates for active workloads

Day 5 – Operational Monitoring, Troubleshooting, and Maintenance

Platform Monitoring and Telemetry

  • Monitoring frameworks for cluster and application health assessment
  • Analysis of resource metrics for capacity planning
  • Health checks for node infrastructure
  • Status monitoring for active workloads
  • Evaluation of capacity utilization trends
  • Identification of performance bottlenecks and constraints

Logging and Event Auditing

  • Accessing container-level log streams
  • Retrieving pod-level application logs
  • Review of previous container logs for historical data
  • Analysis of Kubernetes events for system alerts
  • Interpretation of application and platform operational messages
  • Filtering and synthesis of operational data for incident response

Health Check Configuration

  • Configuration of Startup Probes for initialization verification
  • Configuration of Readiness Probes for traffic routing control
  • Configuration of Liveness Probes for fault detection
  • Design principles for effective health endpoint APIs
  • Troubleshooting causes of probe failures
  • Prevention of unnecessary application restarts due to misconfigured probes

Workload Troubleshooting Methodologies

  • Diagnosis of pods in Pending states
  • Resolution of image pull failures
  • Identification and remediation of CrashLoopBackOff errors
  • Correction of misconfigured environment variables
  • Troubleshooting failed volume mounts
  • Resolution of insufficient resource allocation errors
  • Auditing and fixing permission-related access errors
  • Diagnosis of service and route connectivity disruptions
  • Resolution of DNS resolution issues
  • Troubleshooting application startup failures

Operational Security Compliance

  • Auditing of user and group permissions
  • Evaluation of Service Account usage patterns
  • Secure handling and rotation of credentials
  • Adherence to image security best practices
  • Maintenance of network isolation boundaries
  • Audit trails for platform access and administrative actions
  • Enforcement of the least privilege principle across all tiers

Maintenance and Lifecycle Governance

  • Execution of routine platform health checks
  • Scheduled node maintenance procedures
  • Data backup strategies for application persistence
  • Backup and recovery of configuration management
  • Planning and approval processes for system updates
  • Change management protocols for federal IT compliance
  • Testing environments for update validation
  • Contingency planning for rollback scenarios
  • Disaster recovery architecture and procedures

Final Capstone Workshop

Participants execute a comprehensive end-to-end operational scenario simulating federal IT requirements:

  • Construction and tagging of a container image compliant with security standards.
  • Publishing the image to an authorized registry for government infrastructure.
  • Deployment of the application into a Kubernetes or OpenShift cluster.
  • Configuration of application settings and secure credential storage.
  • External exposure of the application via secure routing.
  • Attachment and configuration of persistent storage volumes.
  • Implementation of access control permissions using RBAC principles.
  • Integration of health checks for operational reliability.
  • Execution of scaling operations and version updates.
  • Diagnosis and remediation of a simulated system failure.

Instructional Methodology

  • Interactive technical lectures aligned with federal training standards.
  • Instructor-led demonstrations of administrative procedures.
  • Extensive hands-on exercises in controlled sandbox environments.
  • Scenario-based administration and troubleshooting workshops reflective of real-world incidents.
  • Practical application within container, Kubernetes, and OpenShift infrastructure.

Course Adaptability Options

  • Curriculum adjustments to align with participant’s existing infrastructure, cloud provider selections, and container tooling stacks.
  • Adjustment of topic emphasis between Docker, Kubernetes, and OpenShift based on organizational experience and operational needs.
  • Tailoring of practical exercises to reflect the organization’s specific applications, deployment workflows, and operational constraints.

Trademark Notice

OpenShift is a trademark of Red Hat, Inc. This independently developed training program is not affiliated with, endorsed by, or authorized by Red Hat.

Requirements

Prerequisites for participation include proficiency in Linux command-line operations, foundational knowledge of system administration or DevOps practices, a working understanding of networking principles, and familiarity with software deployment methodologies. While prior exposure to containerization platforms such as Docker, Kubernetes, or OpenShift is advantageous, it is not mandatory for individuals seeking to engage in these government-focused training opportunities.
 35 Hours

Number of participants


Price per participant

Testimonials (7)

Upcoming Courses

Related Categories