upadate

content/docs/kubernetes/HA-cluster.md

@@ -0,0 +1,29 @@
+---
+title: "HA Cluster"
+description: " Manage a Highly-Available Kubernetes Cluster "
+slug: "HA Cluster"
+weight: 810
+---
+
+
+Kubernetes utilizes a microservices architecture, with all requests initially directed to a central API server microservice, supported by various other components. For high availability in a Kubernetes cluster, it's common to add more control plane nodes, each hosting additional instances of the API Server, Scheduler, and Controller Manager. If etcd is part of the control plane nodes, additional members will also be added to the etcd cluster.
+
+In a setup with multiple control plane nodes, several API Servers operate concurrently in a highly available configuration, all interfacing with the same etcd cluster. This setup ensures that client requests are processed consistently using the shared data. Communication with the API Servers is managed through a single endpoint, such as an external load balancer, which directs traffic to all API Server instances.
+
+Other control plane components like the Scheduler and Controller Manager function on a failover basis. Among the instances of these microservices, one is elected as the active leader to handle all critical tasks. The other instances remain passive and only become active if the current leader fails.
+
+High availability in the control plane is crucial but only part of achieving overall high availability in Kubernetes. For high availability of workloads, additional worker nodes might be necessary, and workloads should be configured to deploy multiple replicas that coordinate with each other.
+
+Kubeadm simplifies the process of expanding your Kubernetes cluster by adding more nodes. To join a new node to the cluster, you first need to generate a join command that includes the API server's address, a unique join token, and the SHA hash of the cluster’s certificate authority (CA) certificate. This command can be generated using the following command on an existing control plane node:
+
+```bash
+
+
+kubeadm token create --print-join-command
+
+kubeadm join 192.168.100.100:6443 --token 3ua85a.rl5riytxhvc7fs1e --discovery-token-ca-cert-hash sha256:3d239f1c87cac3549334a91ed24580bea67e96cf78a4a83b20371af1c973922f 
+
+```
+
+Run this command on any additional nodes that meet the prerequisites mentioned earlier in this module:
+

content/docs/kubernetes/RBAC.md

@@ -1,5 +1,6 @@
 ---
 title: "RBAC"
+description: "Manage role based access control (RBAC)"
 slug: "RBAC"
 weight : 11
 ---

content/docs/kubernetes/kubeadm.md

@@ -0,0 +1,43 @@
+---
+title: "kubeadm"
+description: " Use Kubeadm to install a basic cluster "
+slug: "kubeadm"
+weight: 800
+---
+
+kubeadm is the reference installer for Kubernetes that sets up a minimally viable Kubernetes cluster using some best practices. It simplifies the initialization of control plane nodes, the addition (or removal) of nodes to a Kubernetes cluster, and also handles control plane and Kubelet configuration updates.
+
+Kubeadm has a variety of commands and subcommands that will allow you to:
+- Create a control plane kubeadm init
+- Add a node kubeadm join
+- Regenerate certificates kubeadm certificates renew
+- Upgrade clusters kubeadm upgrade
+
+A typical kubeadm setup consists of the following characteristics (which you are present in many Kubernetes distributions):
+ - Control plane components (like the API Server or scheduler) running as pods
+ - Certificate-based communication between the API server and its clients
+ - kube-proxy to set up services
+ - CoreDNS to provide in-cluster DNS
+In order to successfully use Kubeadm, the node must have a kubelet and container runtime installed on the machine:
+
+```
+
+$ sudo apt-get update && sudo apt-get install -y kubelet kubeadm kubectl
+
+```
+
+Once installed, kubeadm init will initialize a control plane for your cluster.
+
+```
+$ sudo kubeadm init --cri-socket=unix:///var/run/containerd/containerd.sock
+
+[init] Using Kubernetes version: v1.26.0
+[preflight] Running pre-flight checks
+[preflight] Pulling images required for setting up a Kubernetes cluster
+
+...
+
+Your Kubernetes control-plane has initialized successfully!
+
+
+```

readme.md

@@ -133,10 +133,10 @@ git clone https://github.com/kubernetesdaily/k8sworkshop.git
 
 #### Cluster Architecture, Installation, and Configuration
 
-| No. | Title |
-|--- | --------- |
-|1 |Manage role based access control (RBAC)|
-|2 |Use Kubeadm to install a basic cluster|
+| No. | Title | Link |
+|--- | --------- | --------- |
+|1 |Manage role based access control (RBAC)|[RBAC](content/docs/kubernetes/RBAC.md)|
+|2 |Use Kubeadm to install a basic cluster| 
 |3 |Manage a highly-available Kubernetes cluster|
 |4 |Provision underlying infrastructure to deploy a Kubernetes cluster|
 |5 |Perform a version upgrade on a Kubernetes cluster using Kubeadm|
@@ -185,6 +185,106 @@ git clone https://github.com/kubernetesdaily/k8sworkshop.git
 |6 |Troubleshoot networking|
 
 
+#### Application Design and Build
+| No. | Title |
+|--- | --------- |
+|1 |Define, Build, and Modify Container Images |
+|2 |Understand Jobs and CronJobs |
+|3 |Understand Multi-Container Pod Design Patterns |
+|4 |Utilize Persistent and Ephemeral Volumes | 
+
+#### Application Deployment
+| No. | Title |
+|--- | --------- |
+|1 |Deployments and Rolling Updates |
+|2 |Deployments and Rollbacks |
+|3 |Scale Applications |
+|4 |Deployment Patterns |
+|5 |Use the Helm Package Manager to Deploy Existing Packages|
+
+#### Application Environment, Configuration, and Security
+| No. | Title |
+|--- | --------- |
+|1 | Discover and Use Resources that Extend Kubernetes |
+|2 | Understanding Authentication, Authorization and Admission Control |
+|3 | Resource Requests and Limits |
+|4 | LimitRanges |
+|5 | Namespace Quotas |
+|6 | ConfigMaps |
+|7 | Secrets |
+|8 | Mounting ConfigMaps/Secrets as Volumes or Environment Variables |
+|9 | Service Accounts | 
+|10 | SecurityContext | 
+
+
+#### Services and networking
+| No. | Title |
+|--- | --------- |
+|1 |Services and Other Network Primitives |
+|2 |Ingress Controllers and Ingress Resources |
+|3 |Using Network Policies| 
+
+####  Application Observability and Maintenance
+| No. | Title |
+|--- | --------- |
+|1 |Understand API Deprecations|
+|2 |Liveness Probes and Readiness Probes|
+|3 |Container Logging|
+|4 |Monitoring Applications|
+|5 |Debugging|
+
+#### Cluster Setup
+| No. | Title |
+|--- | --------- |
+|1| Using Network Security Policies to restrict cluster level access |
+|2|Use CIS benchmark to review the security configuration of Kubernetes components |
+|3|Properly set up Ingress objects with security control |
+|4|Protect Node Metadata and endpoint |
+|5|Minimize the use of, and access to GUI elements |
+|6|Verifying platform binaries before deploying |
+
+#### Cluster Hardening
+| No. | Title |
+|--- | --------- |
+|1|Restrict access to Kubernetes API |
+|2|Use Role Based Access Controls to minimize exposure |
+|3|Exercise caution in using service accounts |
+|4|Update Kubernetes frequently | 
+
+#### System Hardening
+| No. | Title |
+|--- | --------- |
+|1| Minimize Host OS Footprint |
+|2|Minimize IAM roles |
+|3|Minimize external access to the network |
+|4|Appropriately use kernel hardening tools such as AppArmor, seccomp |
+
+#### Minimize Microservice Vulnerabilities
+| No. | Title |
+|--- | --------- |
+|1|Setup appropriate OS-level security domains|
+|2|Managing Kubernetes Secrets|
+|3|Use Container Runtime Sandboxes in Multi-tenant environments|
+|4|Implement pod-to-pod encryption by use of mTLS|
+
+#### Supply Chain Security
+| No. | Title |
+|--- | --------- |
+|1|Minimize Base Image Footprint|
+|2|Secure Supply Chain: Allowing image registries, sign and validate images|
+|3|Use Static Analysis of User Workloads|
+|4|Scan Images for Known Vulnerabilities|
+
+#### Monitoring, Logging, and Runtime Security
+| No. | Title |
+|--- | --------- |
+|1|Perform behavior analytics of syscall process and file activities at the host and container level to detect malicious activities|
+|2|Detect threats within the physical infrastructure, apps, networks, data, users, and workloads|
+|3|Detect all phases of attack regardless of where it occurs and how it spreads|
+|4|Perform deep analytical investigation and identification of bad actors within an environment|
+|5|Ensure immutability of containers at runtime|
+|6|Use Audit Logs to monitor access|
+
 
 ### The Ultimate Helm Workshop