Course Outline
Achieving DevSecOps Sovereignty with GitLab
- Comparing GitLab CE, EE, and GitLab.com regarding features and control.
- Omnibus architecture and Kubernetes Helm deployment strategies.
- Understanding SaaS lock-in risks and data residency compliance.
Installation and Architecture Setup
- Installing Omnibus on Ubuntu alongside PostgreSQL and Redis.
- Deploying GitLab Helm charts on Kubernetes with persistent storage.
- Configuring external services such as object storage, SMTP, and LDAP.
- Implementing Geo replication for multi-region disaster recovery.
Repository and Project Management
- Managing groups, subgroups, and project hierarchies.
- Establishing merge request workflows, code review processes, and approval rules.
- Utilizing issue boards, epics, and milestones for Agile planning.
- Managing wikis, snippets, and release processes.
CI/CD Pipeline Engineering
- Mastering .gitlab-ci.yml syntax, stages, and job dependencies.
- Differentiating between shared, group, and specific runners.
- Utilizing Docker executors, Kubernetes executors, and autoscaling capabilities.
- Implementing artifact caching, registry publishing, and deployment stages.
Security Scanning Implementation
- Deploying SAST, DAST, dependency scanning, and container scanning.
- Conducting secret detection and license compliance checks.
- Using vulnerability dashboards and tracking remediation efforts.
Authentication and Authorization
- Setting up LDAP, SAML, and OpenID Connect for SSO.
- Enabling two-factor authentication and managing personal access tokens.
- Implementing IP allowlisting and audit event logging.
Registry and Package Management
- Configuring the container registry with authentication, cleanup policies, and replication.
- Managing the package registry for Maven, npm, PyPI, and Conan.
- Handling generic package uploads for internal artifacts.
Monitoring and Scaling Strategies
- Utilizing GitLab Exporter metrics and Grafana dashboards for monitoring.
- Tuning databases and configuring PgBouncer for connection pooling.
- Horizontally scaling web, API, and Sidekiq nodes.
- Developing backup strategies using rake tasks, object storage, and verifying restoration processes.
Requirements
- Advanced proficiency in Linux system administration and foundational knowledge of Ruby/Go.
- Solid understanding of CI/CD concepts, container orchestration, and Git workflows.
- Practical experience with PostgreSQL and Redis in large-scale environments.
Target Audience
- Enterprise DevOps teams looking to migrate from GitLab.com or GitHub Enterprise.
- Organizations that demand full sovereignty over their DevSecOps toolchain.
- Highly regulated industries requiring on-premise CI/CD pipelines and registry solutions.
Testimonials (2)
I like that I've got immediately answer to my questions.
Szabolcs Kriston - Ericsson
Course - Advanced GitLab
I liked the easy communication between trainer and us, care given to our problems, insights and additional knowledge provided in anwers to our questions. I liked the pace, it didn't feel rushed at any point, even with technical problems. Each subject was taken care of properly.
