Google Kubernetes Engine: Basic to Advanced on Google Cloud

Learn to deploy, manage, and secure applications on GKE, from basic concepts to advanced Kubernetes techniques on GCP.

Welcome to this amazing course on Google Kubernetes Engine: Basic to Advanced on Google Cloud, featuring various real-time lab sessions.

Google Kubernetes Engine (GKE) is the simplest and most common way to set up a Kubernetes cluster on GCP.

Below is the list of assignments covered in this course.

1. Assignment: Create the First Pod Using YAML in Kubernetes GKE

2. Assignment: Kubernetes Pod Restart Policy - GKE

3. Assignment: Working with Labels and Selectors in Kubernetes GKE

4. Assignment: Scaling & Replication in Kubernetes GKE

5. Assignment: Deployment and Rollback in Kubernetes GKE

6. Assignment - Containers within a Pod Communicate via localhost in GKE

7. Assignment - Containers Communicate via localhost using a Specific Port in Kubernetes GKE

8. Assignment - Pod-to-Pod Communication via POD IP in Kubernetes GKE

9. Assignment - Kubernetes Services: ClusterIP in GKE

10. Assignment - Kubernetes Services: NodePort in Kubernetes GKE

11. Assignment - Kubernetes Services: LoadBalancer in Kubernetes GKE

12. Assignment - Create a POD with attached emptyDir volume in Kubernetes GKE

13. Assignment - Create a POD with attached hostpath volume GKE

14. Assignment - Persistent Volumes for Storage in Kubernetes Cluster GKE

Course Outline

Section 1: Kubernetes Introduction

• What is Kubernetes

• Why do we use Kubernetes?

• Kubernetes Implementations - GCP, AWS, Azure, Minikube etc

• Monolithic approach for developing applications.

• Microservices Vs. Monolithic

• Kubernetes Gateway API

• Evolution of Containers, Dockers & VMs

• Microservices running as containers

• Kubernetes - Orchestration or container management tool

• Features of Kubernetes

Section2: Architecture of the Kubernetes Cluster

• The architecture of the Kubernetes Cluster

• Understand architecture with various examples

• Working with Kubernetes

• Roles of Master Node

• Components of Control Plane (Master Node)

• API Server

• Etcd

• Scheduler

• Controller Manager

• Kubelet

• Service Proxy

• POD

• Container Engine - Docker, Containerd, or Rocket

Section 3: Setup of Kubernetes Cluster in GCP

• Set up a Kubernetes Cluster in GCP Environment

• Cluster basics, Node Pools, Networking etc.

• Activate cloud shell to access Kubernetes Cluster

• Configure Kubectl

Section 4: Kubernetes Concepts in GCP

• Create the first POD using manifest file written in YAML Language

• How to deploy ubuntu pod in Kubernetes?

• Check logs for pods and containers in Kubernetes

• Create multiple containers in a POD

• Retrieve information from running containers

• Get a Shell to a Running Container

• Multiple Containers in a Pod (Ubuntu, Nginx Web Sever)

• Download image for containers like Curl, Ubuntu, Nginx etc.

• Image Pull Policy of containers

• Kubernetes Annotations

• Define Environment variables

• Pod-to-pod communication

• Login to Cluster nodes using cloud shell or control plane

Section 5: Kubernetes Pod Restart Policy

• Overview of Pod Restart Policies

• Three restart policies: Always, OnFailure & Never

• Lab - Restart Policy: Always

• Lab - Restart Policy: OnFailure

• Lab - Restart Policy: Never

Section 6: Labels and Selectors in Kubernetes

• Labels & Selectors

• Lab - Labels and Selectors

• Commands for managing labels & selectors

• Declarative vs. Imperative Kubernetes commands

• Lab - Search the pod using labels

• Two types Selectors
  Equality Based

  Set based

• Lab - Search the pod using set-based

• Overview of Node Selector

• Lab - Create a pod on a specific node

Section 7: Scaling & Replication

• What is ReplicationController - RC?

• Features of RC

• Lab - Create Replicas of POD using RC

• Lab - Deleting a pod of ReplicationController

• Lab - Scale-up & scale-down the pod: ReplicationController

• What is ReplicaSet - RS?

• Lab - Create Replicas of POD using ReplicaSet

• Lab - Scale-up & scale-down the pod: ReplicaSet

• Difference between ReplicationController & ReplicaSet

Section 8: Deployment and Rollback

• Overview of Deployment and Rollback

• Lab: Launch two PODs using deployment object

• Lab: upgrade the application v1 to v2 using deployment object

• Lab: Roll back the application to previous version

• Lab: Roll back to any specific version

Section 9: Kubernetes Networking

• Overview of Kubernetes Networking

• Containers within a POD communicate via localhost

• Containers communicate via localhost using a specific port

• Pod-to-pod communication via Pod IP

• Practice Lab - Pod-to-pod communication

Section 10: Kubernetes Services: ClusterIP, Nodeport and LoadBalancer

• Object - Service

• Why service is required?

• Service type - Cluster IP, NodePort & LoadBalancer

• Lab 1 - Access the Web appl using Cluster IP

• Lab 2 - Access the Web appl using Cluster IP

• Lab 1 - Access the Web appl using NodePort

• Lab 2 - Access the Web appl using NodePort

• Lab 3 - Access the Web appl using specific NodePort

• About LoadBalancer

• Lab 1 - Kubernetes Services: LoadBalancer

• Lab 2 - Kubernetes Services: LoadBalancer

Section 11: Volumes in Kubernetes Cluster

• Overview of Volumes in Kubernetes Cluster.

• Volume types – EmptyDir, hostpath

• Lab1: Create a POD with attached emptyDir volume

• Lab2: Create a POD with attached emptyDir volume

• Lab1: Create a POD with attached hostpath volume

• Lab2: Create a POD with attached hostpath volume

Section 12: Persistent Volumes

• Overview of Persistent volumes

• Create a storage class for GKE

• Create a Persistent Volume using PVC

• GKE Pod With Persistent Volume

Section 13: RBAC Policies for Securing Kubernetes Cluster

• Introduction

• Key components of RBAC

• How RBAC works?

• How Role and RoleBinding Work Together

• Kubernetes Roles: Defining Permissions and Access

• Permissions Granted by Kubernetes Roles

• Create a role

• Bind the Role to a User or Service Account

Section 14: Set Up a Minikube Kubernetes Cluster on Google Cloud

• Project Overview

• Launch VM for Minikube Cluster

• Activate Cloud Shell and Connect to VM

• Minikube Kubernetes Cluster Setup – Practical Lab 1

• Minikube Kubernetes Cluster Setup – Practical Lab 2

• Minikube Kubernetes Cluster Setup – Practical Lab 3

• Start Minikube and Deploy Nginx Pod

Section 15: Client Authentication using SSL/TLS Certificate

• Set Up New Namespace & Launch Pod

• Overview of Client Certificate Generation

• Generate a Private Key

• Generate a Certificate Signing Request (CSR)

• Sign a CSR with Minikube's CA to Generate a User Certificate

• Set and Verify Client Credentials in Kubernetes Config

Section 16: RBAC: Role and RoleBinding

• Create a Role

• Create RoleBinding to Assign Role to User

• Test RBAC Permissions

Section 17: Access the K8s Minikube Cluster as a User

• List and Manage Kubernetes Contexts

• Set Up a New Context for a User

• Verify RBAC Permissions with New Context

• Modify and Test RBAC Role Permissions

Section 18: Set Up and Verify Network Policies for Pods

• Introduction to Kubernetes Network Policies

• Why Restrict Pod-To-Pod Communication?

• Understanding K8s Network Policies and CNI Plugins

• Example Use Case Scenarios

Section 19: Lab: Restrict Pod Communication Using Network Policies

• Start Minikube with Cilium CNI

• Create Two Pods with Labels

• Verify Pod Connectivity Using Curl

• Create Ingress Network Policy to Restrict Pod Access

• Check if Pod-to-Pod Access is Blocked

• Restrict Ingress/Egress Traffic with Network Policy

Section 20: Securely Access Minikube Cluster Using MobaXterm or PuTTY

• Deploy a Virtual Machine

• Add User and Setup SSH Authentication

• Create SSH Key Pair

• Convert Private Key to .ppk Format

• VM Access Troubleshooting

• Deploy Minikube on Virtual Machine

• Initialize Minikube Cluster

Section 21: Secure Deployment and Access of Nginx on Kubernetes

• Overview of Securing Nginx with HTTPS

• Deploy and Expose a Nginx Pod to External Traffic

• Access Nginx Web Server Through HTTP

• Set Up Nginx on Host Machine for Accessing Nginx Pod

• Access Nginx Web Server via Web Browser (HTTP Only)

Section 22: Implement HTTPS for Nginx in a K8s Cluster Using TLS Certificates

• Deploy and Expose a Nginx Pod to External Traffic

• Generate a self-signed TLS Certificate

• Store the TLS Certificate as a Secret

• Check Minikube’s Ingress Controller Status

• Create Ingress Resource for HTTPS

• Last Lecture