CN100
Containerization motivations and implementation
- Usecases
- Comparison to virtual machines
Creating, managing and auditing containers
- Container implementation from the Linux kernel
- Container lifecycle details
- Core container creation, auditing and management CLI
Best practices in container image design
- Layered filesystem implementation and performance implications
- Creating images with Dockerfiles
- Optimising image builds with multi-stage builds and image design best practices
Single-host container networking
- Docker native networking model
- Software defined networks for containers
- Docker-native single-host service discovery and routing
Provisioning external storage
- Docker volume creation and management
- Best practices and usecases for container-external storage.
CN110
Setting up and configuring a Swarm
- Operational priorities of container orchestration
- Containerized application architecture
- Swarm scheduling workflow & task model
- Automatic failure mitigation
- Swarm installation & advanced customization
Deploying workloads on Swarm
- Defining workloads as services
- Scaling workloads
- Container scheduling control
- Rolling application updates and rollback
- Application healthchecks
- Application troubleshooting
- Deploying applications as Stacks
Networking Swarm workloads
- Swarm service discovery and routing implementation
- Routing strategies for stateful and stateless workloads
- Swarm ingress traffic
Provisioning dynamic configuration
- Application configuration design
- Environment variable management
- Configuration file management
- Provisioning sensitive information
Provisioning persistent storage
- Storage backend architecture patterns
- NFS backed Swarms
Monitoring Swarm
- What to monitor in production-grade Swarms
- Potential Swarm failure modes & mitigations
- Swarm workload monitoring
CN210
Docker Enterprise architecture
- DE usage patterns
- Containerized components of DE
- Networking & System requirements for DE
- Installing UCP & DTR
- UCP & DTR high availability
Access control in Docker Enterprise
- UCP and DTR RBAC systems
- PKI, client bundle and API authentication
- Swarm and Kubernetes access control comparison
Deploying Swarm and Kubernetes applications on UCP
- Orchestrator architecture
- Swarm and Kubernetes networking and architecture comparison
- Application deployment on UCP
Container networking patterns
- Routing and service discovery for stateful and stateless applications on Swarm and Kubernetes
- Ingress vs. cluster internal routing
- L7 routing featuring sticky sessions and path based routing in Swarm and Kubernetes
- Introduction to Istio service mesh
- Canary and Blue-Green deployment patterns in UCP
Cluster-wide logging patterns
- Engine log management
- UCP audit logging
- Log aggregation and management
Enhancing platform security
- Options for improving host-level container security
- Kubernetes admission controllers and pod security policies
- Container network encryption
- Kubernetes network policies
Content Trust in DTR
- Man-in-setup
- Interpretingthe-middle mitigation per the Update Framework
- Setting up content trust keys
Signing images with content trust
- Security Scanning in DTR
- Security scanning and filtering scanner reuslts
Building image pipelines with webhooks and image promotion
- Continuous integration pipeline tools
- Triggering webhooks
- Automatic and manual image promotion through pipeline stages
DTR Image Management
- Tag pruning and garbage collection
- DTR sizing for development and production clusters
- DTR content caching