1

Fundamentals

• Application in 12 factors, integration, continuous deployment (CI/CD), Cloud-native applications.
• SaaS, PaaS, IaaS, object and block storage. Private, public, hybrid cloud: Problem of lock-in.
• Elastic architecture, Cattle versus Pet, Infrastructure as Code.
• Existing tools (Terraform, Ansible). Bebefit of containers versus Virtual Machines.
• CaaS in an enterprise: interoperability, Devops organization, digital transformation.
• Bimodal IT and DevOps.

2

Docker

• Basic concepts: Immutability, image, layers, registry, network and storage issues.
• Automation with Dockerfile/docker-compose, integration with Github, Jenkins, DockerHub.
• Expected benefits: Reproducibility, manageability.
• Benefits in terms of elasticity, agility, upgradability.
• Impacts on development and infrastructure teams.

3

Kubernetes, container orchestrator.

• Master/Workers nodes, concepts of Pods, service, different types of Ingress Controller.
• Storage: stateful, stateless, shared (NFS, GlusterFS, CEPH, rook).
• Configuration management. Using Jobs and DaemonSets.
• Internal component (etcd, kubelet, kube-dns, kube-proxy, apiserver), complementary (Helm/Tiller, envoy, side-car proxy).
• Service Discovery/Mesh (Istio), calico, cilium.

4

Container as a Service (CaaS)

• Standardization: OCI, CNCF, CNI, CSI, CRI.
• Cloud/Managed solutions: Amazon AWS ECS and EKS and Fargate, Google GCP, Microsoft Azure, DigitalOcean.
• Most common On-Premises solutions: Docker DataCenter, Rancher, RedHat OpenShift.
• Evolution to Serverless.

5

Security of CaaS/Kubernetes/Docker

• Infrastructure security: partitioning, RBAC, vault/secret, logs.
• Securing containers (runtime): Seccomp, SElinux, Apparmor, Linux Capabilities, PodSecurityPolicies.
• Securing the Supply Chain: registry, notary, compliance check