Online resources that will help you prepare for taking the Kubernetes Certified Administrator Certification exam.
Disclaimer: This is not likely a comprehensive list as the exam will be a moving target with the fast pace of k8s development - please make a pull request if there something wrong, should be added, or updated.
I tried to restrict the cross references of resources to kubernetes.io. Youtube videos and other blog resources are optional; however, I still found them useful in my k8s learning journey.
Ensure you have the right version of Kubernetes documentation selected (e.g. v1.19 as of 1st Sept 2020 exam) especially for API objects and annotations.
LDR: practice practice practice
These are the exam objectives you review and understand in order to pass the test.
- Manage role based access control
- Use kubeadm to install a basic cluster
- Manage a highly available Kubernetes cluster Weaveworks Kubeadm HA cluster
- Provision underlying infrastructure to deploy Kubernetes cluster
- Peform a version upgrade on Kubernetes cluster using kubeadm
- implment etcd backup and restore
Kubecon Europe 2020: Kubeadm deep dive
sample commands used during backup/restore/update of nodes
#etcd backup and restore brief
export ETCDCTL_API=3 # needed to specify etcd api versions, not sure if it is needed anylonger with k8s 1.19+
etcdctl snapshot save -h #find save options
etcdctl snapshot restore -h #find restore options
## possible example of save, options will change depending on cluster context, as TLS is used need to give ca,crt, and key paths
etcdctl snapshot save /backup/snapshot.db --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key --cacert=/etc/kubernetes/pki/etcd/ca.crt
# evicting pods/nodes and bringing back node back to cluster
kubectl drain <node># to drain a node
kubectl uncordon <node> # to return a node after updates back to the cluster from unscheduled state to Ready
kubectl cordon <node> # to not schedule new pods on a node
#backup/restore the cluster (e.g. the state of the cluster in etcd)
# upgrade kubernetes worker node
kubectl drain <node>
apt-get upgrade -y kubeadm=<k8s-version-to-upgrade>
apt-get upgrade -y kubelet=<k8s-version-to-upgrade>
kubeadm upgrade node config --kubelte-version <k8s-version-to-upgrade>
systemctl restart kubelet
kubectl uncordon <node>
#kubeadm upgrade steps
kubeadm upgrade plan
kubeadm upgrade apply
- Understand deployments and how to perform rolling update and rollbacks
- Use ConfigMaps and Secrets to configure applications
- Know how to scale applications
- Understand the primitives used to create robust, self-healing, application deployments
- Understand how resource limits can affect Pod scheduling
- Awareness of manifest management and common templating tools
- Kustomize
- manage kubernetes objects
- Install service catalog using helm
- Non-k8s.io resource: CNCF Kubecon video: An introduction to Helm - Bridget Kromhout, Microsoft & Marc Khouzam, City of Montreal
- Non-k8s.io resource: External resource: templating-yaml-with-code
- Understand host networking configuration on the cluster nodes
- Understand connectivity between Pods
- Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
- Know how to use Ingress controllers and Ingress resources
- Ingress concepts
- Kubernetes and Networks: why is this so dang hard?
- Kubecon Eu 2020 Tutorial: Communication Is Key - Understanding Kubernetes Networking - Jeff Poole, Vivint Smart Home
- Understand storage classes, persistent volumes
- Understand volume mode, access modes and reclaim policies for volumes
- Understand persistent volume claims primitive
- Know how to configure applications with persistent storage
StorageClass, PersistentVolume, and PersitentVolumeClaim examples
#### Storage Class example
#
#### Persistent Volume Claim example
#
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: local-pvc
spec:
accessModes:
- ReadWriteOnce
storageClassName: local-storage-sc
resources:
requests:
storage: 100Mi
## Persistent Volume example
#
apiVersion: v1
kind: PersistentVolume
metadata:
name: local-pv
spec:
accessModes:
- ReadWriteOnce
capacity:
storage: 200Mi
local:
path: /data/pv/disk021
persistentVolumeReclaimPolicy: Retain
storageClassName: local-storage-sc
volumeMode: Filesystem
### Pod using the pvc
#
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
name: nginx
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: local-persistent-storage
mountPath: /var/www/html
volumes:
- name: local-persistent-storage
persistentVolumeClaim:
claimName: local-pvc
- Evaluate cluster and node logging
- Understand how to monitor applications
- Manage container stdout & stderr logs
- Troubleshoot application failure
- Troubleshoot cluster component failure
- Troubleshoot networking
practice pratice pratice
Get familiar with:
-
Familiarize yourself with the documentation, initially concepts and mostly tasks, kubectl explain command, kubectl cheatsheet, and kubectl commands reference
-
kubectl api-versionsandkubectl api-resourceswihgrepfor a specific resoruce e.g. pv, pvc, deployment, storageclass, ..etc can help figure out the apiVersion, and kind combined with explain below will help in constructing the yaml manifest -
kubectl explain --recurisve to construct out any yaml manifest you need and find its specd and details
-
When using kubectl for investigations and troubleshooting utilize the wide output it gives your more details
$kubectl get pods -o wide --show-labels --all-namespaces
or
$kubectl get pods -o wide --show-labels -A # -A is quicker than --all-namespaces
-
In
kubectlutilizie--all-namespaces or better -Ato ensure deployments, pods, objects are on the right name space, and right desired state -
for events and troubleshooting utilize kubectl describe if its pod/resource related and logs if it is application issue related
$kubectl describe pods <PODID> # for pod, deployment, other k8s resource issues/events
$kubectl logs <PODID> # for container/application issues like crash loops
- the '-o yaml' in conjuction with
--dry-runallows you to create a manifest template from an imperative spec, combined with--editit allows you to modify the object before creation
kubectl create service clusterip my-svc -o yaml --dry-run > /tmp/srv.yaml
kubectl create --edit -f /tmp/srv.yaml
- use kubectl aliases to speed up and reduce typo errors, practice these alaises early at your work and study for the exam. some example aliases:
alias k='kubectl'
alias kg='kubectl get'
alias kgpo='kubectl get pod'
alias ksysgpo='kubectl --namespace=kube-system get pod'
alias krm='kubectl delete'
alias krmf='kubectl delete -f'
## for quick deletes you can add --force --grace-period=0
alias krmgf='kubectl delete --grace-period 0 --force'
alias kgsvcoyaml='kubectl get service -o=yaml'
alias kgsvcwn='watch kubectl get service --namespace'
alias kgsvcslwn='watch kubectl get service --show-labels --namespace'
#example usage of aliases
krmgf nginx-8jk71 # kill pod nginx-8jk71 using grace period 0 and force
Most of these course as of this commit are not 100% updated with the CKA 2020.
- Mumshad CKA with practice tests and mock exams #going through 1.19 updates
- LinuxAcademy/ACloudGuru CKA course # updated to 1.18 not 1.19 yet
- rx-m online CKA course
- Pluralsight CKA course
- Learn more about Kubernetes core components from Duffie CoolyTGIK Grokking playlist
- CKAD
- CKS
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent