LFS258&LFD259是CKA & CKAD两门K8s认证考试的首选准备课程。
2020-11-27 12:26:55 1641
K8s CKA CKAD
<h3 style="text-align: center;"></h3><h2><strong><span style="font-size: 17px; font-family: 微软雅黑;"></span></strong></h2><h3 style="white-space: normal;"><strong><span style="font-size: 21px; font-family: 微软雅黑;">讲师介绍</span></strong></h3><p><br/></p><p style="margin-top: 10px; text-indent: 28px; text-align: center;"><img src="https://training.linuxfoundation.cn/files/editor/images/1616580581847586.png" title="1616580581847586.png" alt="图片1.png"/><span style="font-family: 微软雅黑;font-size: 14px"> </span></p><p style="text-indent: 27px; line-height: 150%; text-align: left;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 150%; font-size: 16px;">段超飞,云计算资深培训讲师,2002年接触并学习Linux,从事Linux相关工作11年,最早一批通过COA(openstack认证管理员)考试,<a href="https://training.linuxfoundation.cn/certificates/1" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 150%; font-size: 16px; color: rgb(84, 141, 212);">CKA(kubernetes管理员)</span></a>考试,</span><a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="color: rgb(84, 141, 212);"><span style="color: rgb(84, 141, 212); font-family: 微软雅黑, "Microsoft YaHei"; line-height: 150%; font-size: 16px;">CKAD(</span><span style="color: rgb(84, 141, 212); line-height: 150%; font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;">Certified Kubernetes Application Developer)</span></span></a><span style="line-height: 150%; font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px; text-decoration: none;">考试,Linux基金会官方认证讲师(LFAI),最早通过<a href="https://training.linuxfoundation.cn/certificates/16" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="line-height: 150%; font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px; text-decoration: none; color: rgb(84, 141, 212);">kubernetes安全专家认证(Certified Kubernetes Security Specialist)</span></a><span style="line-height: 150%; font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px; text-decoration: none; color: rgb(84, 141, 212);">。</span></span></p><p style="line-height: 150%; text-align: left;"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="line-height: 150%; font-size: 13px;"> 10<span style="font-size: 16px;">年教学培训经历,积累了丰富的教学经验,总是能把难懂的知识点生活化,以生活中的例子做比喻,使学员极易掌握知识点。至今已经为电信、移动、联通、电网等一些知名大公司多次培训Linux、虚拟化及云计算, 获得学员一致好评</span></span><span style="line-height: 150%; font-size: 11px;">。</span></span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;"></span></strong></h3><p style="margin-top:21px"><span style="color: rgb(0, 0, 0); font-size: 20px;"><strong><span style="color: rgb(0, 0, 0); font-family: 微软雅黑;">所获证书</span></strong></span></p><p style="margin-left:28px"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="color: rgb(192, 0, 0); font-size: 14px;">l</span><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="color: rgb(192, 0, 0);"> </span>2004</span><span style="font-size: 16px;">年 CCNA/CCNP</span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2008年RHCE</span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0); font-size: 14px;">l </span>2009年RHCA</span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2017年COA (Certified OpenStack Administrator</span>)</span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2018年 </span><a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px; color: rgb(84, 141, 212);"><span style="color: rgb(84, 141, 212); font-family: 微软雅黑, "Microsoft YaHei";">CKA (Certified Kubernetes Administrator</span>)</span></a></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2020年 <a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(84, 141, 212);">CKAD (Certified Kubernetes Application Developer)</span></a></span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">Linux基金会认证讲师(LFAI)</span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2021年<a href="https://training.linuxfoundation.cn/certificates/16" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(84, 141, 212);">CKS(Certified Kubernetes Security Specialist)</span></a></span></span></p><p><br/></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">课程介绍</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px"> 学习之后最好能有一个检测自己学习成果的指标,所以通过认证考试才是最好的方法。一来可以系统的学习,二来可以通过证书向企业证明自己的实力。当前kubernetes最权威的认证就是CKA(Certified Kubernetes Administrator)了。本课程的内容包括了CKA/CKAD的所有内容,通过本课程的学习既可以参加CKA考试,也可以参加CKAD的考试。</span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">授课对象</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px"> 数据中心相关运维人员、想系统学习kubernetes的人员及想获取CKA证书的人群。</span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">课程目标</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px"> 通过本课程的学习,可以使学员能熟练部署及配置kubernetes、了解kubernetes里的调度策略、网络模型,并能顺利通过CKA考试。</span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">上课环境</span></strong></h3><table><tbody><tr style="height:16px" class="firstRow"><td width="240" valign="center" style="padding: 1px; border-width: 1px; border-style: outset; border-color: windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">系统版本</span></p></td><td width="160" valign="center" style="padding: 1px; border-left: none; border-right: 1px outset windowtext; border-top: 1px outset windowtext; border-bottom: 1px outset windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">kubernetes版本</span></p></td></tr><tr><td width="240" valign="center" style="padding: 1px; border-left: 1px outset windowtext; border-right: 1px outset windowtext; border-top: none; border-bottom: 1px outset windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">centos7.4</span></p></td><td width="160" valign="center" style="padding: 1px; border-left: none; border-right: 1px outset windowtext; border-top: none; border-bottom: 1px outset windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">1.20.1</span></p></td></tr></tbody></table><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">上课时间</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">4<span style="font-family:微软雅黑">月</span>18<span style="font-family:微软雅黑">日开始,每周日上午</span>09:00~12:00 下午14:00~18:00 大约35<span style="font-family:微软雅黑">课时</span></span></p><p><span style=";font-family:微软雅黑;font-size:14px"> </span></p><h1><strong><span style="font-family: 微软雅黑;font-size: 32px"><span style="font-family:微软雅黑">第一部分</span> docker</span></strong></h1><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">1.白话介绍容器</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">1.1容器的介绍</span></p><p><span style=";font-family:微软雅黑;font-size:16px">1.2了解镜像 下载镜像</span></p><p><span style=";font-family:微软雅黑;font-size:16px">1.3配置docker加速器</span></p><p><span style=";font-family:微软雅黑;font-size:16px">1.4快速运行一个简单的容器</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">2.docker镜像管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">2.1了解镜像的命名方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.2镜像管理pull,tag,rmi</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.2导入及导出镜像</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">3.容器管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">3.2管理容器常见的命令</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.2数据卷的使用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.3容器中变量的使用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.4容器的端口映射</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">4.docker网络管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">4.1容器互联</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">练习:用</span>wordpress+MySQL搭建个人博客</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">5.自定义镜像</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">5.1Dockerfile内容详解</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">5.2定制自己的nginx镜像</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">5.3定制可以ssh的镜像</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">6.本地仓库管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">6.1配置docker本地仓库</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.2往本地docker仓库推送镜像</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.3删除本地仓库里的镜像</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.4harbor搭建私有仓库</span></p><p><span style=";font-family:微软雅黑;font-size:16px"> </span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">7.限制容器资源</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">7.1了解cgroup</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.2限制内存资源</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.3限制容器CPU资源</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">8.用监控容器</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">8.1.使用cadvisor监控容器</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">8.2.使用weave scope监控容器</span></p><h1><strong><span style="font-family: 微软雅黑;font-size: 32px"><span style="font-family:微软雅黑">第二部分</span> kubernetes</span></strong></h1><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">1.kubernetes框架</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">1.1了解kubernetes的框架</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">1.2了解kubernetes各个组件的含义</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">2.kubernetes安装</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">2.1kubeadm安装方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.2了解什么是命名空间</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.3命名空间管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.4安装metric-server监控系统</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.5etcd管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">etcd快照与恢复</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.6多集群之间切换</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">3.pod及节点管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">3.1创建查询及删除pod</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.2了解pod重启策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.3在pod中运行指定命令</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.4优雅地关闭pod</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.5pod hook</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.6pod中变量的设置</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.7端口映射</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.8在pod中执行命令</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.9pod的调度策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.10通过label手动指定pod运行的节点</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.11主机亲和性</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.12初始化容器 (init container)</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.13静态pod (static pod)</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.14.节点cordon及uncordon管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.15节点污点及pod的容忍</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">4.存储管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">4.1本地卷</span></p><p><span style=";font-family:微软雅黑;font-size:16px">emptyDir</span></p><p><span style=";font-family:微软雅黑;font-size:16px">hostPath</span></p><p><span style=";font-family:微软雅黑;font-size:16px">4.2网络数据卷</span></p><p><span style=";font-family:微软雅黑;font-size:16px">NFS</span></p><p><span style=";font-family:微软雅黑;font-size:16px">4.3.持久性存储</span></p><p><span style=";font-family:微软雅黑;font-size:16px">persistent volume</span></p><p><span style=";font-family:微软雅黑;font-size:16px">persistent volume claim</span></p><p><span style="font-size: 16px; font-family: 微软雅黑;">回收策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px"> 4.4.动态卷供应</span></p><p><span style="font-family: 微软雅黑;">nfs</span></p><p><span style=";font-family:微软雅黑;font-size:16px">hostPath</span></p><p><span style=";font-family:微软雅黑;font-size:16px">lvm</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">5.密码管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">5.1使用secret管理密码</span></p><p><span style=";font-family:微软雅黑;font-size:16px">5.2以卷的方式引用密码,传递配置文件</span></p><p><span style=";font-family:微软雅黑;font-size:16px">5.3以变量的方式引用密码</span></p><p><span style=";font-family:微软雅黑;font-size:16px">5.4使用configmap管理密码</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">6.deployment</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">6.1理解deployment的作用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.2通过命令行的方式快速deployment</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.3通过YAML方式创建deployment</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.4使用deployment管理pod副本数</span></p><p><span style="font-family: 微软雅黑;">6.5水平自动伸缩HPA</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.6使用deployment对镜像版本进行升级及回滚</span></p><p><span style="font-family: 微软雅黑;">6.7滚动升级</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">7.健康性检查</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">7.1pod的默认检查策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.2通过liveness对pod健康性检查</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.3使用readiness对pod健康性检查</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.4健康性检查在各种环境中的应用</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">8.daemonset</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">8.1.daemonset的创建</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">9.服务发现</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">9.1理解service的工作原理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.2服务的发现</span></p><p><span style=";font-family:微软雅黑;font-size:16px">clusterIP</span></p><p><span style="font-size: 16px; font-family: 微软雅黑;">环境变量</span></p><p><span style=";font-family:微软雅黑;font-size:16px">DNS</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.3服务的发布</span></p><p><span style=";font-family:微软雅黑;font-size:16px">NodePort</span></p><p><span style=";font-family:微软雅黑;font-size:16px">LoadBalancer</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">配置</span>ingress</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">9.job</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">9.1创建job</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.2了解job中pod的重启策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.3计划任务cronjob</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">10.网络策略及资源限制</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">10.1配置calico网络实现跨节点docker容器通信</span></p><p><span style=";font-family:微软雅黑;font-size:16px">10.2网络策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">限制同一命名空间里的</span>pod的访问</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">允许指定命名空间里的</span>pod访问</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">允许指定命名空间里特定的</span>pod访问</span></p><p><span style=";font-family:微软雅黑;font-size:16px">egress策略的使用</span></p><p><span style="font-size: 16px; font-family: 微软雅黑;">默认策略</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">11.安全及配额管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">11.1验证管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">token的认证方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">kubeconfig的认证方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">11.2RBAC鉴权</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">了解</span>kubernetes的鉴权方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">配置</span>RBAC鉴权</span></p><p><span style=";font-family:微软雅黑;font-size:16px">11.3资源限制</span></p><p><span style=";font-family:微软雅黑;font-size:16px">LimitRange</span></p><p><span style=";font-family:微软雅黑;font-size:16px">ResourceQuota</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">12.Kubernetes应用部署Helm3</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">12.1Helm工具的架构和安装使用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">12.2helm源管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">12.3搭建helm私有仓库</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">实战:用</span>helm3部署EFK日志</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">实战:用</span>helm3部署prometheus监控</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">14.DevOps</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">14.1了解devops</span></p><p><span style=";font-family:微软雅黑;font-size:16px">14.2gitlab配置</span></p><p><span style=";font-family:微软雅黑;font-size:16px">14.3安装及配置Jenkins</span></p><p><span style=";font-family:微软雅黑;font-size:16px">14.4使用gitlab+Jenkins+kubernetes建立CI/CD解决方案</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">15.</span></strong><strong><span style="font-family: 微软雅黑;font-size: 21px">k8s</span></strong><strong><span style="font-size: 21px; font-family: 微软雅黑;">高可用</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">15.1.了解高可用架构</span></p><p><span style=";font-family:微软雅黑;font-size:16px">15.2.配置k8smaster的高可用</span></p><p><span style=";font-family:微软雅黑;font-size:16px"> </span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">16.升级kubernetes</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">16.1了解升级kubernetes的步骤</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">16.2升级kubernetes的具体实施</span></p><p style="white-space: normal; text-align: center;"><span style="font-size: 20px; font-family: 微软雅黑;"> 报名成功后添加客服人员微信号进行上课</span></p><p style="white-space: normal; text-align: center;"><img src="https://training.linuxfoundation.cn/files/editor/images/1614598785419593.jpg" title="1614598785419593.jpg" alt="1614598785419593.jpg" width="200" height="200"/></p>
2021-03-24 17:34:21 484
CKA 培训 K8s kubernates 大学
<h3 style="text-align: center;"></h3><h2><strong><span style="font-size: 17px; font-family: 微软雅黑;"></span></strong></h2><h3 style="white-space: normal;"><strong><span style="font-size: 21px; font-family: 微软雅黑;">讲师介绍</span></strong></h3><p><br/></p><p style="margin-top: 10px; text-indent: 28px; text-align: center;"><img src="https://training.linuxfoundation.cn/files/editor/images/1616580581847586.png" title="1616580581847586.png" alt="图片1.png"/><span style="font-family: 微软雅黑;font-size: 14px"> </span></p><p style="text-indent: 27px; line-height: 150%; text-align: left;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 150%; font-size: 16px;">段超飞,云计算资深培训讲师,2002年接触并学习Linux,从事Linux相关工作11年,最早一批通过COA(openstack认证管理员)考试,<a href="https://training.linuxfoundation.cn/certificates/1" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 150%; font-size: 16px; color: rgb(84, 141, 212);">CKA(kubernetes管理员)</span></a>考试,</span><a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="color: rgb(84, 141, 212);"><span style="color: rgb(84, 141, 212); font-family: 微软雅黑, "Microsoft YaHei"; line-height: 150%; font-size: 16px;">CKAD(</span><span style="color: rgb(84, 141, 212); line-height: 150%; font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;">Certified Kubernetes Application Developer)</span></span></a><span style="line-height: 150%; font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px; text-decoration: none;">考试,Linux基金会官方认证讲师(LFAI),最早通过<a href="https://training.linuxfoundation.cn/certificates/16" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="line-height: 150%; font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px; text-decoration: none; color: rgb(84, 141, 212);">kubernetes安全专家认证(Certified Kubernetes Security Specialist)</span></a>。</span></p><p style="line-height: 150%; text-align: left;"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="line-height: 150%; font-size: 13px;"> 10<span style="font-size: 16px;">年教学培训经历,积累了丰富的教学经验,总是能把难懂的知识点生活化,以生活中的例子做比喻,使学员极易掌握知识点。至今已经为电信、移动、联通、电网等一些知名大公司多次培训Linux、虚拟化及云计算, 获得学员一致好评</span></span><span style="line-height: 150%; font-size: 11px;">。</span></span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;"></span></strong></h3><p style="margin-top:21px"><span style="color: rgb(0, 0, 0); font-size: 20px;"><strong><span style="color: rgb(0, 0, 0); font-family: 微软雅黑;">所获证书</span></strong></span></p><p style="margin-left:28px"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="color: rgb(192, 0, 0); font-size: 14px;">l</span><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="color: rgb(192, 0, 0);"> </span>2004</span><span style="font-size: 16px;">年 CCNA/CCNP</span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2008年RHCE</span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0); font-size: 14px;">l </span>2009年RHCA</span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2017年COA (Certified OpenStack Administrator</span>)</span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2018年 </span><a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px; color: rgb(84, 141, 212);"><span style="color: rgb(84, 141, 212); font-family: 微软雅黑, "Microsoft YaHei";">CKA (Certified Kubernetes Administrator</span>)</span></a></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2020年 <a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(84, 141, 212);">CKAD (Certified Kubernetes Application Developer)</span></a></span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">Linux基金会认证讲师(LFAI)</span></span></p><p style="margin-left:28px"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span><span style="font-family: 微软雅黑, "Microsoft YaHei";">2021年<a href="https://training.linuxfoundation.cn/certificates/16" target="_blank" style="color: rgb(84, 141, 212); text-decoration: underline;"><span style="font-size: 16px; font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(84, 141, 212);">CKS(Certified Kubernetes Security Specialist)</span></a></span></span></p><p><br/></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;"><br/></span></strong><br/></h3><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">课程介绍</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px"> 学习之后最好能有一个检测自己学习成果的指标,所以通过认证考试才是最好的方法。一来可以系统的学习,二来可以通过证书向企业证明自己的实力。当前kubernetes最权威的认证就是CKA(Certified Kubernetes Administrator)了。本课程的内容包括了CKA/CKAD的所有内容,通过本课程的学习既可以参加CKA考试,也可以参加CKAD的考试。</span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">授课对象</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px"> 数据中心相关运维人员、想系统学习kubernetes的人员及想获取CKA证书的人群。</span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">课程目标</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px"> 通过本课程的学习,可以使学员能熟练部署及配置kubernetes、了解kubernetes里的调度策略、网络模型,并能顺利通过CKA考试。</span></p><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">上课环境</span></strong></h3><table><tbody><tr style="height:16px" class="firstRow"><td width="240" valign="center" style="padding: 1px; border-width: 1px; border-style: outset; border-color: windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">系统版本</span></p></td><td width="160" valign="center" style="padding: 1px; border-left: none; border-right: 1px outset windowtext; border-top: 1px outset windowtext; border-bottom: 1px outset windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">kubernetes版本</span></p></td></tr><tr><td width="240" valign="center" style="padding: 1px; border-left: 1px outset windowtext; border-right: 1px outset windowtext; border-top: none; border-bottom: 1px outset windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">centos7.4</span></p></td><td width="160" valign="center" style="padding: 1px; border-left: none; border-right: 1px outset windowtext; border-top: none; border-bottom: 1px outset windowtext;"><p><span style=";font-family:微软雅黑;font-size:16px">1.20.1</span></p></td></tr></tbody></table><h3><strong><span style="font-size: 21px; font-family: 微软雅黑;">上课时间</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">4<span style="font-family:微软雅黑">月</span>18<span style="font-family:微软雅黑">日开始,每周日上午</span>09:00~12:00 下午14:00~18:00 大约35<span style="font-family:微软雅黑">课时</span></span></p><p><span style=";font-family:微软雅黑;font-size:14px"> </span></p><h1><strong><span style="font-family: 微软雅黑;font-size: 32px"><span style="font-family:微软雅黑">第一部分</span> docker</span></strong></h1><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">1.白话介绍容器</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">1.1容器的介绍</span></p><p><span style=";font-family:微软雅黑;font-size:16px">1.2了解镜像 下载镜像</span></p><p><span style=";font-family:微软雅黑;font-size:16px">1.3配置docker加速器</span></p><p><span style=";font-family:微软雅黑;font-size:16px">1.4快速运行一个简单的容器</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">2.docker镜像管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">2.1了解镜像的命名方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.2镜像管理pull,tag,rmi</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.2导入及导出镜像</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">3.容器管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">3.2管理容器常见的命令</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.2数据卷的使用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.3容器中变量的使用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.4容器的端口映射</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">4.docker网络管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">4.1容器互联</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">练习:用</span>wordpress+MySQL搭建个人博客</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">5.自定义镜像</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">5.1Dockerfile内容详解</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">5.2定制自己的nginx镜像</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">5.3定制可以ssh的镜像</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">6.本地仓库管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">6.1配置docker本地仓库</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.2往本地docker仓库推送镜像</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.3删除本地仓库里的镜像</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.4harbor搭建私有仓库</span></p><p><span style=";font-family:微软雅黑;font-size:16px"> </span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">7.限制容器资源</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">7.1了解cgroup</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.2限制内存资源</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.3限制容器CPU资源</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">8.用监控容器</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">8.1.使用cadvisor监控容器</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">8.2.使用weave scope监控容器</span></p><h1><strong><span style="font-family: 微软雅黑;font-size: 32px"><span style="font-family:微软雅黑">第二部分</span> kubernetes</span></strong></h1><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">1.kubernetes框架</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">1.1了解kubernetes的框架</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">1.2了解kubernetes各个组件的含义</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">2.kubernetes安装</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">2.1kubeadm安装方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.2了解什么是命名空间</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.3命名空间管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.4安装metric-server监控系统</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.5etcd管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">etcd快照与恢复</span></p><p><span style=";font-family:微软雅黑;font-size:16px">2.6多集群之间切换</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">3.pod及节点管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">3.1创建查询及删除pod</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.2了解pod重启策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.3在pod中运行指定命令</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.4优雅地关闭pod</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.5pod hook</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.6pod中变量的设置</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.7端口映射</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.8在pod中执行命令</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.9pod的调度策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.10通过label手动指定pod运行的节点</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.11主机亲和性</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.12初始化容器 (init container)</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.13静态pod (static pod)</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.14.节点cordon及uncordon管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">3.15节点污点及pod的容忍</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">4.存储管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">4.1本地卷</span></p><p><span style=";font-family:微软雅黑;font-size:16px">emptyDir</span></p><p><span style=";font-family:微软雅黑;font-size:16px">hostPath</span></p><p><span style=";font-family:微软雅黑;font-size:16px">4.2网络数据卷</span></p><p><span style=";font-family:微软雅黑;font-size:16px">NFS</span></p><p><span style=";font-family:微软雅黑;font-size:16px">4.3.持久性存储</span></p><p><span style=";font-family:微软雅黑;font-size:16px">persistent volume</span></p><p><span style=";font-family:微软雅黑;font-size:16px">persistent volume claim</span></p><p><span style="font-size: 16px; font-family: 微软雅黑;">回收策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px"> 4.4.动态卷供应</span></p><p><span style="font-family: 微软雅黑;">nfs</span></p><p><span style=";font-family:微软雅黑;font-size:16px">hostPath</span></p><p><span style=";font-family:微软雅黑;font-size:16px">lvm</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">5.密码管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">5.1使用secret管理密码</span></p><p><span style=";font-family:微软雅黑;font-size:16px">5.2以卷的方式引用密码,传递配置文件</span></p><p><span style=";font-family:微软雅黑;font-size:16px">5.3以变量的方式引用密码</span></p><p><span style=";font-family:微软雅黑;font-size:16px">5.4使用configmap管理密码</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">6.deployment</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">6.1理解deployment的作用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.2通过命令行的方式快速deployment</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.3通过YAML方式创建deployment</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.4使用deployment管理pod副本数</span></p><p><span style="font-family: 微软雅黑;">6.5水平自动伸缩HPA</span></p><p><span style=";font-family:微软雅黑;font-size:16px">6.6使用deployment对镜像版本进行升级及回滚</span></p><p><span style="font-family: 微软雅黑;">6.7滚动升级</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">7.健康性检查</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">7.1pod的默认检查策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.2通过liveness对pod健康性检查</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.3使用readiness对pod健康性检查</span></p><p><span style=";font-family:微软雅黑;font-size:16px">7.4健康性检查在各种环境中的应用</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">8.daemonset</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">8.1.daemonset的创建</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">9.服务发现</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">9.1理解service的工作原理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.2服务的发现</span></p><p><span style=";font-family:微软雅黑;font-size:16px">clusterIP</span></p><p><span style="font-size: 16px; font-family: 微软雅黑;">环境变量</span></p><p><span style=";font-family:微软雅黑;font-size:16px">DNS</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.3服务的发布</span></p><p><span style=";font-family:微软雅黑;font-size:16px">NodePort</span></p><p><span style=";font-family:微软雅黑;font-size:16px">LoadBalancer</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">配置</span>ingress</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">9.job</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">9.1创建job</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.2了解job中pod的重启策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px">9.3计划任务cronjob</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">10.网络策略及资源限制</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">10.1配置calico网络实现跨节点docker容器通信</span></p><p><span style=";font-family:微软雅黑;font-size:16px">10.2网络策略</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">限制同一命名空间里的</span>pod的访问</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">允许指定命名空间里的</span>pod访问</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">允许指定命名空间里特定的</span>pod访问</span></p><p><span style=";font-family:微软雅黑;font-size:16px">egress策略的使用</span></p><p><span style="font-size: 16px; font-family: 微软雅黑;">默认策略</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">11.安全及配额管理</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">11.1验证管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">token的认证方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">kubeconfig的认证方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px">11.2RBAC鉴权</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">了解</span>kubernetes的鉴权方式</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">配置</span>RBAC鉴权</span></p><p><span style=";font-family:微软雅黑;font-size:16px">11.3资源限制</span></p><p><span style=";font-family:微软雅黑;font-size:16px">LimitRange</span></p><p><span style=";font-family:微软雅黑;font-size:16px">ResourceQuota</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">12.Kubernetes应用部署Helm3</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">12.1Helm工具的架构和安装使用</span></p><p><span style=";font-family:微软雅黑;font-size:16px">12.2helm源管理</span></p><p><span style=";font-family:微软雅黑;font-size:16px">12.3搭建helm私有仓库</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">实战:用</span>helm3部署EFK日志</span></p><p><span style=";font-family:微软雅黑;font-size:16px"><span style="font-family:微软雅黑">实战:用</span>helm3部署prometheus监控</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">14.DevOps</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">14.1了解devops</span></p><p><span style=";font-family:微软雅黑;font-size:16px">14.2gitlab配置</span></p><p><span style=";font-family:微软雅黑;font-size:16px">14.3安装及配置Jenkins</span></p><p><span style=";font-family:微软雅黑;font-size:16px">14.4使用gitlab+Jenkins+kubernetes建立CI/CD解决方案</span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">15.</span></strong><strong><span style="font-family: 微软雅黑;font-size: 21px">k8s</span></strong><strong><span style="font-size: 21px; font-family: 微软雅黑;">高可用</span></strong></h3><p><span style=";font-family:微软雅黑;font-size:16px">15.1.了解高可用架构</span></p><p><span style=";font-family:微软雅黑;font-size:16px">15.2.配置k8smaster的高可用</span></p><p><span style=";font-family:微软雅黑;font-size:16px"> </span></p><h3><strong><span style="font-family: 微软雅黑;font-size: 21px">16.升级kubernetes</span></strong></h3><p><span style="font-family: 微软雅黑; font-size: 16px;">16.1了解升级kubernetes的步骤</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;">16.2升级kubernetes的具体实施</span></p><p><span style="font-family: 微软雅黑; font-size: 16px;"></span></p><p style="white-space: normal; text-align: center;"><span style="font-size: 20px;"><span style="font-family: 微软雅黑;"> </span><span style="font-family: 微软雅黑;"> 报名成功后添加客服人员微信号进行上课</span></span></p><p style="white-space: normal; text-align: center;"><img src="https://training.linuxfoundation.cn/files/editor/images/1614598785419593.jpg" title="1614598785419593.jpg" alt="1614598785419593.jpg" width="200" height="200"/></p><p><br/></p><p><br/></p>
2021-03-24 17:36:22 119
CKAD 培训 K8s kubernates 大学
<h3 style="white-space: normal;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px;">讲师介绍</span></strong></span></h3><p><br/></p><p style="margin-top: 10px; text-indent: 28px; text-align: center;"><img src="https://training.linuxfoundation.cn/files/editor/images/1616580581847586.png" title="1616580581847586.png" alt="图片1.png"/><span style="font-size: 14px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><p style="text-indent: 27px; line-height: 24px;"><span style="line-height: 24px; font-family: 微软雅黑, "Microsoft YaHei";">段超飞,云计算资深培训讲师,2002年接触并学习Linux,从事Linux相关工作11年,最早一批通过COA(openstack认证管理员)考试,<a href="https://training.linuxfoundation.cn/certificates/1" target="_blank">CKA(kubernetes管理员)</a>考试,</span><a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212); font-family: 微软雅黑, "Microsoft YaHei"; text-decoration: underline;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 24px;">CKAD(</span><span style="line-height: 24px; font-family: 微软雅黑, "Microsoft YaHei";">Certified Kubernetes Application Developer)</span></span></a><span style="line-height: 24px; font-family: 微软雅黑, "Microsoft YaHei";">考试,Linux基金会官方认证讲师(LFAI),最早通过<a href="https://training.linuxfoundation.cn/certificates/16" target="_blank" style="color: rgb(84, 141, 212);"><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 24px; text-decoration-line: none;">kubernetes安全专家认证(Certified Kubernetes Security Specialist)</span></a>。</span></p><p style="line-height: 24px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 19.5px; font-size: 13px;"> 10<span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 16px;">年教学培训经历,积累了丰富的教学经验,总是能把难懂的知识点生活化,以生活中的例子做比喻,使学员极易掌握知识点。至今已经为电信、移动、联通、电网等一些知名大公司多次培训Linux、虚拟化及云计算, 获得学员一致好评</span></span><span style="font-family: 微软雅黑, "Microsoft YaHei"; line-height: 18px; font-size: 11px;">。</span></span></p><h3><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px; font-family: 微软雅黑;"></span></strong></span></h3><p style="margin-top: 21px;"><span style="font-size: 20px; font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 20px; font-family: 微软雅黑;">所获证书</span></strong></span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0); font-size: 14px;">l</span><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);"> </span>2004年 CCNA/CCNP</span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span>2008年RHCE</span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0); font-size: 14px;">l </span>2009年RHCA</span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span>2017年COA (Certified OpenStack Administrator)</span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span>2018年 <a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212);">CKA (Certified Kubernetes Administrator)</a></span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span>2020年 <a href="https://training.linuxfoundation.cn/certificates/4" target="_blank" style="color: rgb(84, 141, 212);">CKAD (Certified Kubernetes Application Developer)</a></span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span>Linux基金会认证讲师(LFAI)</span></p><p style="margin-left: 28px;"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: 微软雅黑, "Microsoft YaHei"; color: rgb(192, 0, 0);">l </span>2021年<a href="https://training.linuxfoundation.cn/certificates/16" target="_blank" style="color: rgb(84, 141, 212);">CKS(Certified Kubernetes Security Specialist)</a></span></p><p><br/></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 32px;"></span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 32px;"></span></strong></span></p><p style=";text-indent: 0;padding: 0;line-height: 114%"><span style="font-size: 14px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 32px;">CKS 课程大纲</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 15px;">CKS 认证是云原生基金会(CNCF)最新推出的kubernetes 安全专家认证(Certified Kubernetes Security Specialist)。 报考CKS的考生必须持有有效的CKA认证。</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 15px;">上课时间:每周六 上午 9 点~12 点,下午 14 点~17 点。大概24课时。</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei"; font-size: 15px;">上课所使用系统:Ubuntu 18.4</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-family: Arial; font-size: 15px;">kubernetes </span><span style="font-size: 15px; font-family: 微软雅黑, "Microsoft YaHei";">版本</span><span style="font-size: 15px; font-family: 宋体;">:</span><span style="font-family: Arial; font-size: 15px;">v1.20.1</span></span></p><p style="background: rgb(255, 255, 255)"><span style="background-color: rgb(255, 255, 255);">相关课件</span><a href="https://training.linuxfoundation.cn/download/c0aadca105a00c96451f646fd7d18474" target="_blank" style="white-space: normal; color: rgb(79, 129, 189);">下载</a></p><h2><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px; font-family: "Arial Unicode MS";">一、群集设置</span></strong></span></h2><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">1.使用网络安全策略限制群集级别别的访问</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">使用网络策略控制流量</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">保护</span> Kubernetes 集群安全</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">声明网络策略以控制</span> Pod 的通信方式</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 11px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">2.使用 CIS 基准来检查 Kubernetes 组件(etcd,kubelet,kubedns,kubeapi)的安全配置</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解什么是</span> Center for Internet Security(CIS)基准</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">Kubernetes CIS Benchmark 测试的工具:kube-bench 的安装</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">用</span> kube-bench 检测 master 及 worker 上隐患配置</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">3.配置 ingress 的安全设置</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解什么是</span> Ingress</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">创建自签名证</span> <span style="font-size: 13px; font-family: 微软雅黑;">书替换</span> ingress 自带的证 书</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">4.保护节点元数据</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">限制通过</span> API 访问元数据</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">通过配置文件设置</span> Kubelet 参数</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">5.最大限度地减少对 dashboard 的使用和访问</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">设置</span> Kubernetes dashboard 的安全</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">6.部署前验证 kubernetes 二进制文件</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">通过</span> sha512sum 验证 kubernetes 二进制文件</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 11px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><h2><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px; font-family: "Arial Unicode MS";">二、群集强化</span></strong></span></h2><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">1.限制对 Kubernetes API 的访问</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解访问</span> kubernetes api 的流程</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">控制对</span> Kubernetes API 的访问</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">2.使用 RBAC 最大程度的减少资源暴露</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解</span> kubernetes api server 的授权模块</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">使用</span> RBAC 授权</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">3.SA 的安全设置,例如禁用默认值,最小化对新创建</span></strong><strong><span style="font-family: 微软雅黑; font-size: 19px;">SA</span></strong><strong><span style="font-family: 微软雅黑; font-size: 19px;"> </span></strong><strong><span style="font-size: 19px; font-family: 微软雅黑;">的权限</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解</span> SA 的作用</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解默认情况下</span> SA 带来的安全隐患及演示</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑; font-size: 13px;"><span style="font-family: 微软雅黑;">如何有效解决</span>SA <span style="font-family: 微软雅黑;">的权限问题</span></span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">4.更新 Kubernetes</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">用</span> kubeadm 升级集群</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 11px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><h2><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px; font-family: "Arial Unicode MS";">三、系统强化</span></strong></span></h2><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">1.服务器的安全设置</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">去除系统不需要的内核模块</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">2.最小化 IAM 角色</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解什么是最低特权原则(</span>POLP)</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">3.适当使用内核强化工具,例如 AppArmor,seccom</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">使用</span> AppArmor 限制容器对资源的访问</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">使用</span> Seccomp 限制容器的 syscall</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 11px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><h2><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px; font-family: "Arial Unicode MS";">四、最小化微服务漏洞</span></strong></span></h2><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">1.使用 PSP,OPA,安全上下文提高安全性</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解并配置</span> Pod 安全策略(PSP)</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解什么是</span> Open Policy Agent(OPA)</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">OPA Gatekeeper 的配置</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑; font-size: 13px;"><span style="font-family: 微软雅黑;">为</span> Pod 或容器配置安全上下文(SecurityContext)</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">2.管理 Kubernetes secret</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">使用</span> secret 存储敏感信息及传递文件</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">配置</span>secret拉取私有仓库镜像</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">3.在多租户环境中使用沙箱运行容器(例如 gvisor,kata 容器)</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">containerd的配置及使用</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">了解为什么要部署沙箱</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">什么是</span> gVisor?安装 gvisor</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">使用</span> gVisor 运行容器</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">安装</span> kata,部署 kata 容器</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">4.配置 runtimeClass</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑; font-size: 13px;"><span style="font-family: 微软雅黑;">在</span>Kubernetes使用gvisor运行pod</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑; font-size: 13px;"><span style="font-family: 微软雅黑;">在</span>Kubernetes使用kata-containerd运行容器</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 11px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><h2><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px;">五、供应链安全</span></strong><strong><span style="font-size: 21px;"></span></strong></span></h2><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">1.保护供应链:将允许的镜像仓库列入白名单,对镜像进行签名和验</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 19px; font-family: 微软雅黑;">证</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解准入控制器</span> Admission Controllers</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">了解并配置</span> ImagePolicyWebhook</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">配置</span> kubernetes 所使用镜像仓库的白名单及黑名单</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">对镜像进行签名和验证</span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">2.分析文件及镜像安全隐患(例如 Kubernetes 的 yaml 文件,</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">Dockerfile)</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";">如何创建比较小的镜像</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">分析</span> dockefile 文件的安全隐患</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">分析</span> pod、deployment 的 yaml 文件里的安全隐患</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">用</span> trivy 扫描镜像的漏洞</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 11px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><h2><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-size: 21px; font-family: "Arial Unicode MS";">六、监控、审计</span></strong></span></h2><p style="background: rgb(255, 255, 255)"><span style="font-family: 微软雅黑, "Microsoft YaHei";"><strong><span style="font-family: 微软雅黑; font-size: 19px;">1.Kubernetes 审计</span></strong></span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">开启</span> Kubernetes 审计日志</span></p><p style="background: rgb(255, 255, 255)"><span style="font-size: 13px; font-family: 微软雅黑, "Microsoft YaHei";"><span style="font-size: 13px; font-family: 微软雅黑;">编写</span> Kubernetes 审计策略</span></p><p><span style="font-size: 14px; font-family: 微软雅黑, "Microsoft YaHei";"> </span></p><p style="white-space: normal; text-align: center;"><span style="font-size: 20px; font-family: 微软雅黑;"> 报名成功后添加客服人员微信号进行上课</span></p><p style="white-space: normal; text-align: center;"><img src="https://training.linuxfoundation.cn/files/editor/images/1614598785419593.jpg" title="1614598785419593.jpg" alt="1614598785419593.jpg" width="200" height="200"/></p><p><span style="font-size: 14px; font-family: 微软雅黑, "Microsoft YaHei";"></span><br/></p><p><br/></p>
2021-04-12 15:46:44 57
CKA CKAD 培训 K8s kubernates 大学 CKS
Linux基金会开源软件大学 Copyright © 2019 linuxfoundation.cn, ICP license, no. 京ICP备17074266号-2