enekofb/Kubernetes-Certified-Administrator

Online resources that will help you prepare for taking the CNCF CKA "Kubernetes Certified Administrator" Certification exam. with time, This is not likely the comprehensive up to date list - please make a pull request if there something that should be added here.

Kubernetes Certified Administration

Online resources that will help you prepare for taking the Kubernetes Certified Administrator Certification exam. Disclaimer: This is not likely the comprehensive timely updated complete list as the exam will be a moving target withthe fast pace of k8s development - please make a pull request if there something wrong or that should be added, or updated in here.

I tried to restrict the cross references of resources to Kuberntes.io. youtube videos and other blog resources are optional, however, I still them useful in my k8s learning journey.

Ensure you have the right version of kubernetes documentation selected (e.g. v1.6.2 for the current exam) espically for API objects and annottations.

Exam Objectives

These are the exam objectives you review and understand in order to pass the test. The objectives are current as of September 15, 2017.

• CNCF Exam Curriculum repository

Core Concepts 19%

• Understand the Kubernetes API primitives

  • concepts: Kubernetes Objects
  • youtube: Kubernetes Webinar Series - Kubernetes Architecture 101

• Understand the Kubernetes cluster architecture

  youtube: A Technical Overview of Kubernetes (CoreOS Fest 2015) by Brendan Burns

• Understand Services and other network primitives

  • youtube: Life of a Packet [I] - Michael Rubin, Google
  • youtube: The ins and outs of networking in Google Container Engine and Kubernetes (Google Cloud Next '17)

Installation, Configuration and Validation 12%

• [Design a Kubernetes cluster]
• Install Kubernetes masters and nodes
• Configure secure cluster communications
• Configure a Highly-Available Kubernetes cluster
• Know where to get the Kubernetes release binaries
• Provision underlying infrastructure to deploy a Kubernetes cluster
• Choose a network solution
• [Choose your Kubernetes infrastructure configuration]
• [Run end-to-end tests on your cluster]

  	$kubectl cluster-info
  	$kubectl get nodes
  	$kubectl get pods -o wide --show-labels --all-namespaces
        $kubectl get svc  -o wide --show-labels --all-namespaces

run a simple deployment, check out https://kubernetes.io/docs/tutorials/

• [Analyse end-to-end tests results]
• [Run Node end-to-end tests]

Security 12%

• Know how to configure authentication and authorization
• [Understand Kubernetes security primitives]
• Know to configure network policies
  • Blog: Kubernetes network policy
• Create and manage TLS certificates for cluster components
• [Work with images securely]
• Define security contexts
• Secure persistent key value store

Networking 11%

• Understand the networking configuration on the cluster nodes

• [Understand Pod networking concepts]

  • youtube: The ins and outs of networking in Google Container Engine and Kubernetes (Google Cloud Next '17)

• [Understand service networking]

  • youtube: Life of a Packet [I] - Michael Rubin, Google

• Deploy and configure network load balancer

• Know how to use Ingress rules

• Know how to configure and use the cluster DNS

• Understand CNI

Cluster Maintenance 11%

• Understand Kubernetes cluster upgrade process

Best resource upgrade is to watch TGI Kubernetes 011: Upgrading to 1.8 with kubeadm

• Facilitate operating system upgrades #need review to make it more platform agnostic
• Implement backup and restore methodologies

Troubleshooting 10%

• Troubleshoot application failure
  • Application Introspection and Debugging
• [Troubleshoot control plane failure]
  • youtube Kubernetes Day 2: Cluster Operations [I] - Brandon Philips, CoreOS
  • Safaribooksonline: https://www.safaribooksonline.com/library/view/oscon-2016-video/9781491965153/video246982.html
• [Troubleshoot worker node failure]
• [Troubleshoot networking]

Storage 7%

• Understand persistent volumes and know how to create them
• Understand access modes for volumes
• Understand persistent volume claims primitive
• Understand Kubernetes storage objects
• Know how to configure applications with persistent storage

Application Lifecycle Management 8%

• Understand Deployments and how to perform rolling updates and rollbacks.
• Know various ways to configure applications.
• Know how to scale applications.
• Understand the primitives necessary to create a self-healing application.

Scheduling 5%

• Use label selectors to schedule Pods
• Understand the role of DaemonSets
• Understand how resource limits can affect Pod scheduling
• Understand how to run multiple schedulers and how to configure Pods to use them
• Manually schedule a pod without a scheduler If you require a pod to start on a specific node, you can specify this in POD spec.nodeName, that is what DaemonSets do.
• Display scheduler events /var/log/kube-scheduler.log on the control/master node or use kubectl describe as in

  $kubectl describe pods <POD NAME UNDER Investigation>  | grep -A7 ^Events

• [Know how to configure the Kubernetes scheduler]

Logging/Monitoring 5%

• Understand how to monitor all cluster components

• [Understand how to monitor applications]

• Manage cluster component logs

  • Master
    • /var/log/kube-apiserver.log - API Server, responsible for serving the API
    • /var/log/kube-scheduler.log - Scheduler, responsible for making scheduling decisions
    • /var/log/kube-controller-manager.log - Controller that manages replication controllers
  • Worker Nodes
    • /var/log/kubelet.log - Kubelet, responsible for running containers on the node
    • /var/log/kube-proxy.log - Kube Proxy, responsible for service load balancing

• Manage application logs

Tips:

get familiar with:

• kubectl explain
• kubectl cheatsheet
• When using kubecctl for investigations and troubleshooting utilize the wide output it gives your more details

     $kubectl get pods -o wide --show-labels --all-namespaces

• In kubectl utilizie --all-namespaces to ensure deployments, pods, objects are on the right name space, and right desired state

• for events and troubleshooting utilize kubectl describe

     $kubectl describe pods <PODID>

• the '-o yaml' in conjuction with --dry-run allows you to create a manifest template from an imperative spec, combined with --edit it allows you to modify the object before creation

kubectl create service clusterip my-svc -o yaml --dry-run > /tmp/srv.yaml
kubectl create --edit -f /tmp/srv.yaml