Introduction to Docker, Kubernetes and Serverless for Hackers

Containers are becoming more and more prevalent and easy to deploy. Containers offer numerous security features as well, such as private networking and namespaces which limit the attack sutface of the enviornment within the container. In many cases containers can be executed on the infrastructure of cloud providers, replacing running bare metal servers. Another major feature is that they offer predictable deployments with specific versions of applications and services. This makes it possible to do extensive testing of containers before deployment. Containers are also becoming an obvious way to deploy applicatiosn to embedded devices, greatly simpifying cross compilation and testing between different desktop and embedded arhcitectures.

This is a hands-on course and partcipants will be tasked with creating a small password cracking cluster over the course of two days. Participants should have some familiarty with Linux-like systems and running shell commands, if you've set up a Raspberry Pi - you're good to go.

Keywords:

• Microservices
• Functions as a Service (FaaS)
• Containters and Containerization
• Pods
• Services
• Clusters
• Load balancing
• Cloud applications
• Docker on smaller embedded systems

Day 1

Day 1 will focus on constructing Docker containers. Several complex docker containers including cross-compilation flows will be demostrated. Participants will understand installing and running docker, creating and running containers and deploying them to other machines and services. Participants will also learn how to build and deploy Function as a Service based microservices.

Day 1 Theory

• Running Docker on Mac, Windows, Linux and Embedded devices like the Raspberry Pi
• How to create, deploy and manage docker containers
• Cross-compiliation for different architectures
• Docker images and the latest tag
• Docker image hosting and local docker registries
• Persistancy in Docker
• Docker compose and other tools (and when you shouldn't use them)
• Dockerfiles and base images
• Docker networking
• Microservices and serverless Functions

Assignment 1: Execute some basic docker comamnds

• Create a Docker container
• Execute the Docker container
• Check the Docker container state
• Remove the Docker container

Assignment 2: Execute a Python3 script in a Docker container

• Execute a python3 script within Docker
• Modify the script to perform additional operations

Assignment 3: Dockerize a Common Command Line Application

• Build a docker container to build John the Ripper from source
• Ensure the container is retained
• Test the container using some sample passwords

Assignment 4: Build and deploy a Python 3 Serverless Function

• Use the example code to run a FaaS written in Python3
• Modify the FaaS to perform an additional functionality

Assignment 5: Build a database to log results

• Create a docker container to store and host results in a database

Assignment 5: Integrate the Code into a web frontend

• Modify the provided web frontend to call the serverless funciton
• Verify the result in the web browser

Day 2

On Day 2 participants will learn how to distribute the application among multiple nodes. Participants will deploy a Kubernetes cluster consisting of multiple worker nodes. Each worker node will be provisioned with working pods from the previous day. A load balancer will be instantiated to distribute the load between multiple nodes.

Day 2 Theory

• Kubernetes
• kubectl
• Kubernetes control plane
• Containers
• Pods
• Nodes
• Clusters
• Load-Balancers and Ingress
• Monitoring the cluster
• Removing nodes and clusters

Assignment 1: Provision a Kuberentes Cluster

• Provision a control plane
• Provision 3 nodes
• Delete the container and nodes

Assignment 2: Modify Docker Containers for Kubernetes

• Migrate the relevant containers into relevant pods
• Test a single instance of the app on the cluster

Assignment 3: Deploy Multiple Workers

• Deploy multiple workers to multiple nodes
• Test the functionality of the resulting pods

Assignment 4: Deploy a Load-Balancer

• Balance the load between multiple pods
• Test the full functionality in the web browser
• Deploy a password cracking service