Kubernetes Certified Administration
Online resources that will help you prepare for taking the Kubernetes Certified Administrator Certification exam.
Disclaimer: This is not likely a comprehensive list as the exam will be a moving target with the fast pace of k8s development - please make a pull request if there something wrong or that should be added, or updated in here.
I tried to restrict the cross references of resources to kubernetes.io. Youtube videos and other blog resources are optional; however, I still found them useful in my k8s learning journey.
Ensure you have the right version of Kubernetes documentation selected (e.g. v1.9 for the current exam) especially for API objects and annotations.
Exam Objectives
These are the exam objectives you review and understand in order to pass the test. The objectives are current as of December 12, 2017.
Core Concepts 19%
-
Example Nginx deployment:
apiVersion: apps/v1beta2 # for versions before 1.8.0 use apps/v1beta1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.7.9
ports:
- containerPort: 80
Installation, Configuration and Validation 12%
- Design a Kubernetes cluster
- Install Kubernetes masters and nodes, including the use of TLS bootstrapping
- Configure secure cluster communications
- Configure a Highly-Available Kubernetes cluster
- Know where to get the Kubernetes release binaries
- Provision underlying infrastructure to deploy a Kubernetes cluster
- Choose a network solution
- Choose your Kubernetes infrastructure configuration
- Choose your Kubernetes infrastructure configuration
- Run end-to-end tests on your cluster
- Some simple commands will cover most cases:
$ kubectl cluster-info
$ kubectl get nodes
$ kubectl get componentstatuses
$ kubectl get pods -o wide --show-labels --all-namespaces
$ kubectl get svc -o wide --show-labels --all-namespaces
- For more advanced end to end testing, which may not be covered on the exam, also see:
Security 12%
- Securing a kubernetes cluster
- Know how to configure authentication and authorization
- [Understand Kubernetes security primitives]
- Know to configure network policies
- Create and manage TLS certificates for cluster components
- Work with images securely
- Define security contexts
- Secure persistent key value store
- Work with role-based access control
Networking 11%
- Understand the networking configuration on the cluster nodes
- Understand Pod networking concepts
- Understand service networking
- Deploy and configure network load balancer
- Know how to use Ingress rules
- Know how to configure and use the cluster DNS
- Understand CNI
Cluster Maintenance 11%
- Understand Kubernetes cluster upgrade process
- Best resource upgrade is to watch TGI Kubernetes 011: Upgrading to 1.8 with kubeadm
- Facilitate operating system upgrades #need review to make it more platform agnostic
- Implement backup and restore methodologies
- Etcd management/backups/restore
Troubleshooting 10%
- Troubleshoot application failure
- Troubleshoot control plane failure
- Troubleshoot worker node failure
- Troubleshoot networking
Storage 7%
- Understand persistent volumes and know how to create them
- Understand access modes for volumes
- Understand persistent volume claims primitive
- Understand Kubernetes storage objects
- Know how to configure applications with persistent storage
Application Lifecycle Management 8%
- Understand Deployments and how to perform rolling updates and rollbacks
- Know various ways to configure applications
- Know how to scale applications
- Understand the primitives necessary to create a self-healing application
Scheduling 5%
- Use label selectors to schedule Pods
- Understand the role of DaemonSets
- Understand how resource limits can affect Pod scheduling
- Understand how to run multiple schedulers and how to configure Pods to use them
- Manually schedule a pod without a scheduler If you require a pod to start on a specific node, you can specify this in POD spec.nodeName, that is what DaemonSets do.
- Display scheduler events
/var/log/kube-scheduler.log on the control/master node
or use
kubectl describe
as in
$kubectl describe pods <POD NAME UNDER Investigation> | grep -A7 ^Events
Logging/Monitoring 5%
- Monitoring Kubernetes
- Understand how to monitor all cluster components
- Understand how to monitor applications
- Manage cluster component logs
- Master
- /var/log/kube-apiserver.log - API Server, responsible for serving the API
- /var/log/kube-scheduler.log - Scheduler, responsible for making scheduling decisions
- /var/log/kube-controller-manager.log - Controller that manages replication controllers
- Worker Nodes
- /var/log/kubelet.log - Kubelet, responsible for running containers on the node
- /var/log/kube-proxy.log - Kube Proxy, responsible for service load balancing
- Master
- Manage application logs
Tips:
get familiar with:
- kubectl explain
- kubectl cheatsheet
- When using kubecctl for investigations and troubleshooting utilize the wide output it gives your more details
$kubectl get pods -o wide --show-labels --all-namespaces
-
In
kubectl
utilizie--all-namespaces
to ensure deployments, pods, objects are on the right name space, and right desired state -
for events and troubleshooting utilize kubectl describe
$kubectl describe pods <PODID>
- the '-o yaml' in conjuction with
--dry-run
allows you to create a manifest template from an imperative spec, combined with--edit
it allows you to modify the object before creation
kubectl create service clusterip my-svc -o yaml --dry-run > /tmp/srv.yaml
kubectl create --edit -f /tmp/srv.yaml