Skip to content

Instantly share code, notes, and snippets.

@sensei-wu
Last active December 17, 2020 21:59
Show Gist options
  • Save sensei-wu/b516ffa111b99e133c4c5df06b604cbc to your computer and use it in GitHub Desktop.
Save sensei-wu/b516ffa111b99e133c4c5df06b604cbc to your computer and use it in GitHub Desktop.
Level 1 (CKAD) Level 2 (Baseline for production) Level 3 (Expert)
Create and configure basic Pods
  • Define Pod and node affinities
  • Understand Taints and Tolerations
Understand SecurityContexts
  • Understand full range of security context options including Linux capabilities
Define an applications resource requirements Define pod disruption budgets
Create and consume secrets -- Use an external vault with key management
Understand ServiceAccounts Manage role based access control (RBAC) Know how to integrate with external authentication and authorization systems
Understand multi-container Pod design patterns -- Understand network level details of sidecar injection
Understand LivenessProbes and ReadinessProbes Know how to configure metrics server incl. external systems --
Understand container logging Configure log harvesting to external systems Install and configure complete logging stack (e.g. ELK)
Understand how to monitor applications Understand object lifecycle inside the cluster Know the value of integrating with external SIEM systems
Understand Deployments and how to perform rolling updates Know how to design applications for business continuity and recoverability --
Understand Deployments and how to perform rollbacks Know how to design applications for business continuity and recoverability --
Understand Jobs and CronJobs Design self managing microservice architecture by leveraging scheduled batch operations --
Understand how to use Labels, Selectors, and Annotations Use Labels and Selectors to isolate and categorize objects Use Labels and Selectors to provide visibility to resource utilization, use annotations to create custom toolings
Understand Services Understand Ingresses and Loadbalancers Understand how to setup a secure, multi-layered front-end architecture with SSL configuration, host setup and integrate with external IDAM solutions
Demonstrate basic understanding of NetworkPolicies Can configure network policies inclusing IP and host filtering Understand and design Pod security policies at teh cluster level, use and integrate with container firewalls, understand CNI specification
Understand PersistentVolumeClaims for storage Use StatefulSets for databases and stateful loads Define and manage cluster level storage options, understand CSI specification
-- Admission Controllers
-- -- CIS Benchmarks
-- -- Implement Continuous Security Vulnerability Scanning
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment