IBM Cloud Docs
Learning path for administrators

Learning path for administrators

Following a curated learning path through IBM Cloud® Kubernetes Service to create a cluster, manage the cluster's resources and lifecycle, and use the powerful tools of IBM Cloud Kubernetes Service to secure, manage, and monitor your cluster workloads.

Plan your environment

Start by designing a cluster for maximum availability and capacity for your workloads.

  1. Environment strategy:

    1. Define your Kubernetes strategy for the cluster, such as deciding how many clusters to create for your environments.
    2. Plan your security strategy, such as ensuring network segmentation and workload isolation.
  2. Cluster setup: After you plan your environment, plan the setup for a specific cluster.

    1. Choose a supported infrastructure provider.
    2. Plan your cluster network setup.
    3. Plan your cluster for high availability.
    4. Plan your worker node setup.

Looking for serverless? Try Code Engine.

Create a cluster

Create a cluster with infrastructure, network, and availability setups that are customized to your use case and cloud environment.

  1. Firewall: If you have corporate firewalls, make sure that you open the required ports and IP addresses to work with IBM Cloud Kubernetes Service.
  2. CLI and API:
    1. Set up the CLIs that are necessary to create and work with clusters. As you work with your cluster, refer to the command reference and keep track of CLI version updates with the CLI change log.
    2. Optionally set up automated deployments with the API. As you work with your cluster, refer to the IBM Cloud Kubernetes Service API reference and Community Kubernetes API reference.
  3. Cluster deployment:
    1. Create the cluster.
    2. After the cluster is ready, access your cluster.
    3. Spread your cluster across availability zones adding worker nodes to Classic clusters or adding worker nodes to VPC clusters.
  4. User access:

Need help? Check out Troubleshooting clusters and masters and Troubleshooting worker nodes.

Manage the network

Review the following optional topics to manage the network connectivity of your cluster components and connections to other networks. For example, you might need to connect the workloads in your cluster to workloads in another private network. Or, you might return to this section later if you need to make more portable IP addresses available for load balancer services that expose apps in your cluster.

Secure your cluster

Use built-in security features to protect your cluster infrastructure and network communication, isolate your compute resources, and ensure security compliance across your infrastructure components and container deployments.

  1. Security strategy: Start by reviewing all security options that are available for your cluster.
  2. Network security:
  3. Workload security:
    1. Encrypt sensitive information in the cluster, such as the master's local disk and secrets.
    2. Set up a private image registry for your developers, such as the one provided by Container Registry, to control access to the registry and the image content that can be pushed.
    3. Set pod priority to indicate the relative priority of the pods that make up your cluster's workload.
    4. Authorize who can create and update pods by configuring pod security policies (PSPs).

Logging and monitoring

Set up logging and monitoring to help you troubleshoot issues and improve the health and performance of your Kubernetes clusters and apps.

  1. Cluster and app logging: Choose a logging solution, such as IBM® Log Analysis, to monitor container logs as well as user-initiated administrative activities.
  2. Audit logging: Forwarding Kubernetes API audit logs to IBM Log Analysis
  3. Monitoring: Choose a monitoring solution, such as IBM Cloud® Monitoring, to gain operational visibility into the performance and health of your apps.

Need help? Check out Troubleshooting logging and monitoring.

Add a registry and CI/CD

Set up an image registry and a continuous integration and delivery (CI/CD) pipeline for your cluster.

  1. Registry: Choose and set up an image registry so that developers can pull images from the registry in their app deployment YAML files.
  2. CI/CD:

Add storage

Plan and add highly available persistent storage based on your app requirements, the type of data that you want to store, and how often you want to access this data.

  1. Requirements: Determine your requirements for a storage solution.
  2. Choose a solution: Using your storage requirements, choose a storage solution by comparing non-persistent, single-zone persistent, or multizone persistent storage.

Need help? Check out the troubleshooting page for your persistent storage solution.

Add integrations

Enhance cluster capabilities by integrating various external services and catalog services with your Kubernetes cluster.

  1. Review supported integrations:
  2. Add services to your cluster:

Need help? Check out Troubleshooting apps and integrations.

Manage the lifecycle

Manage your cluster and worker nodes through each phase of the cluster lifecycle.

Need help? Check out troubleshooting clusters and masters, worker nodes, or the cluster autoscaler.