logo

Docker Course

course overview

download outline

Select Country and City to View dates & book now

Overview

In this intense cloud native bootcamp, you'll encounter containers for the first time, learn to orchestrate them into scalable, highly available applications orchestrated by Docker Swarm, and finally discover how to enhance the security of your entire software supply chain and production environments using Docker Enterprise. This bundle is ideal for students who are just starting out with containerization and want to leverage the full power of the Docker Enterprise platform as soon as possible.

This course combines all topics of CN100, CN110, and CN210.

Audience

This course is targeted at students with the following:

- Motivations: Quickly learn the foundations of containerization and orchestration with Docker Swarm, and become familiar with all the features of Docker Enterprise.

- Roles: System Operators & Administrators

Skills Gained

Not available. Please contact.

Prerequisites

Familiarity with the bash shell

  • Filesystem navigation and manipulation
  • Command line text editors like vim or nano
  • Common tooling like curl, wget and ping

Outline

CN100

Containerization motivations and implementation

  • Usecases
  • Comparison to virtual machines

Creating, managing and auditing containers

  • Container implementation from the Linux kernel
  • Container lifecycle details
  • Core container creation, auditing and management CLI

Best practices in container image design

  • Layered filesystem implementation and performance implications
  • Creating images with Dockerfiles
  • Optimising image builds with multi-stage builds and image design best practices

Single-host container networking

  • Docker native networking model
  • Software defined networks for containers
  • Docker-native single-host service discovery and routing

Provisioning external storage

  • Docker volume creation and management
  • Best practices and usecases for container-external storage.

 

CN110

Setting up and configuring a Swarm

  • Operational priorities of container orchestration
  • Containerized application architecture
  • Swarm scheduling workflow & task model
  • Automatic failure mitigation
  • Swarm installation & advanced customization

Deploying workloads on Swarm

  • Defining workloads as services
  • Scaling workloads
  • Container scheduling control
  • Rolling application updates and rollback
  • Application healthchecks
  • Application troubleshooting
  • Deploying applications as Stacks

Networking Swarm workloads

  • Swarm service discovery and routing implementation
  • Routing strategies for stateful and stateless workloads
  • Swarm ingress traffic

Provisioning dynamic configuration

  • Application configuration design
  • Environment variable management
  • Configuration file management
  • Provisioning sensitive information

Provisioning persistent storage

  • Storage backend architecture patterns
  • NFS backed Swarms

Monitoring Swarm

  • What to monitor in production-grade Swarms
  • Potential Swarm failure modes & mitigations
  • Swarm workload monitoring

CN210

Docker Enterprise architecture

  • DE usage patterns
  • Containerized components of DE
  • Networking & System requirements for DE
  • Installing UCP & DTR
  • UCP & DTR high availability

Access control in Docker Enterprise

  • UCP and DTR RBAC systems
  • PKI, client bundle and API authentication
  • Swarm and Kubernetes access control comparison

Deploying Swarm and Kubernetes applications on UCP

  • Orchestrator architecture
  • Swarm and Kubernetes networking and architecture comparison
  • Application deployment on UCP

Container networking patterns

  • Routing and service discovery for stateful and stateless applications on Swarm and Kubernetes
  • Ingress vs. cluster internal routing
  • L7 routing featuring sticky sessions and path based routing in Swarm and Kubernetes
  • Introduction to Istio service mesh
  • Canary and Blue-Green deployment patterns in UCP

Cluster-wide logging patterns

  • Engine log management
  • UCP audit logging
  • Log aggregation and management

Enhancing platform security

  • Options for improving host-level container security
  • Kubernetes admission controllers and pod security policies
  • Container network encryption
  • Kubernetes network policies

Content Trust in DTR

  • Man-in-setup
  • Interpretingthe-middle mitigation per the Update Framework
  • Setting up content trust keys

Signing images with content trust

  • Security Scanning in DTR
  • Security scanning  and filtering scanner reuslts

Building image pipelines with webhooks and image promotion

  • Continuous integration pipeline tools
  • Triggering webhooks
  • Automatic and manual image promotion through pipeline stages

DTR Image Management

  • Tag pruning and garbage collection
  • DTR sizing for development and production clusters
  • DTR content caching

Talk to an expert

Thinking about Onsite?

If you need training for 3 or more people, you should ask us about onsite training. Putting aside the obvious location benefit, content can be customised to better meet your business objectives and more can be covered than in a public classroom. Its a cost effective option. One on one training can be delivered too, at reasonable rates.

Submit an enquiry from any page on this site and let us know you are interested in the requirements box, or simply mention it when we contact you.

All $ prices are in USD unless it’s a NZ or AU date

SPVC = Self Paced Virtual Class

LVC = Live Virtual Class

Please Note: All courses are availaible as Live Virtual Classes

Trusted by over 1/2 million students in 15 countries

Our clients have included prestigious national organisations such as Oxford University Press, multi-national private corporations such as JP Morgan and HSBC, as well as public sector institutions such as the Department of Defence and the Department of Health.