The Austrian DataLAB and Services project organised a workshop with training in the context of an Austrian-wide science cloud. Training courses were offered for Kubernetes (beginners and advanced users), Docker (building images and working with Docker), as well as lectures on "Security in the cloud and compliance", "virtual HPC" and "Openstack vs. public cloud providers". The meeting took place on 24 May 2022 in Vienna. Below you will find the programme in English.

 The Cluster Research Data 2022 symposium took place the day before, and the ADLS slides can be seen in this post.

Prerequisites for Training:

• Please bring a recent laptop and a Smartphone with the Microsoft Authenticator App installed, you will receive an invite from Azure Active Directory in your email-inbox, please follow the instructions therein to configure MFA.
• Install the following software on your laptop:
  1.  az-cli https://docs.microsoft.com/en-us/cli/azure/install-azure-cli 
  2. git
  3. vscode https://code.visualstudio.com/download
  4. rancher-desktop https://rancherdesktop.io
• Additionally for Kubernetes: recent browser (chrome preferred) and https://k8slens.dev
• Additionally for Docker:  free disk space and at least 6 Gb RAM, root/sudo level access (local admin for windows)

Program:

TRACK A

9:00 – 12:00 Training Kubernetes for Beginners – Constanze Roedig

• Learn about the architecture and the core components of Kubernetes
• What are container-runtimes?
• How to work with the command line interface (kubectl) and using a client-UI (lens)
• How to expose a service
• How Kubernetes manages packages:  explore a simple helm chart and modify it
• Introduction to Role Based Access Control
• Comparison of Kubernetes Distros: RKE2/Rancher, OKD/Openshift, AKS
• Hands-on working with our Kubernetes cluster from your laptop and in Rancher-UI: deploy your first app and work with it (this will be most of the workshop): we will deploy a pacman game and add to it more and more components

14:00 – 17:00 Training Kubernetes for Intermediate – Thomas Weber

• Write your first helm chart
• Work with a Kubernetes operator
• Working with secrets
• Deep dive into cert manager
• Deep dive into ingress
• Container Storage Interface CSI, Container Networking Interface CNI : what is that and in how far is it relevant for a user?

TRACK B

9:00 – 10:30 Training Building and Working with Docker Images – Thomas Weber

• What are different Image Types?
• How are containers different from a VM?
• Choice of baseimages
• Best practices for building an image
• Multi-stage builds
• Avoiding secrets
• build-test-scan-push pipelines
• Container registries

10:45 – 12:00 virtual HPC, Demonstration – Peter Kandolf

• What is the purpose of a vHPC (a virtual High Performance Cluster)
• Insight in the basic setup and the employed technologies
• See how automation, gitOps and CI/CD can be employed
• Slurm Rest API and Authentication

TRACK C

14:00 – 16:00 Security in the Cloud and Compliance – Constanze Roedig

• 14:00 – 15:00 Talk:
  • The new perimeter: Cloud
  • Zero Trust architecture and how DevOps changes many paradigms
  • Threat Modeling for ADLS
  • New frameworks for old concepts: Confidentiality, Integrity and Availability -> Security by Design
  • Compliance: How ADLS (will) leverage Cloud capabilities and gitOps for most critical aspects
• 15:00 – 16:00 Technical Demos:
  • Container Security 101 -> Demo of a container escape
  • Supply Chain Security with gitOps -> How ADLS protects its assets
  • IAM: the importance of integrated identity and access management -> Demo of a federated machine identity
  • Demo of smuggling a nasty package into Kubernetes and what you can do with that

16:15 – 17:15 What is Openstack and how is it different from a public cloud provider like AWS? – Elias Wimmer