Addendum: After the Videos section below, I summarized some test preparation steps that I found useful.
Core Concepts: Understand the Kubernetes Cluster Architecture
Keywords: Cluster, Node, Control Plane, etcd, Cluster Topology
Core Concepts: Understand the Kubernetes API Primitives
Keywords: API Group, API Resource, Namespace, Addons, Metrics Server
Installation, Configuration & Validation: Install Kubernetes Masters and Node
Keywords: kubeadm, kube-api-server, kube-controller-manager, kube-scheduler, cloud-controller-manager, kublet, kube-proxy, etcd
Security: Know How to Configure Authentication and Authorization
Keywords: Authentication, Authorization, Adminission Control, Transport Security, User, Client Certificate Authentication
Security: Know How to Configure Authentication and Authorization
Keywords: AWS Authentication, Role-Based Access Control, Authorization Rules, ClusterRole, RoleBinding, ClusterRoleBinding
Security: Know How to Configure Authentication and Authorization
Keywords: ConfigMap, Role
Core Concepts: Understand the Kubernetes API Primitives
Keywords: Metadata, Labels, Annotations, spec, status, Imperative Commands, Imperative Object Configuration, Declarative Object Configuration
Core Concepts: Understand the Kubernetes API Primitives
Keywords: Helm
Core Concepts: Understand the Kubernetes API Primitives
Keywords: Kustomize
Application Lifecycle Management: Know Various Ways to Configure Applications
Keywords: Pod, Container, Pod Event, Pod Status (Phase), Pod Condition, Container State, Container Environment
Application Lifecycle Management: Know Various Ways to Configure Applications
Keywords: Container Lifecycle Hook, Probe, readinessGates
Networking: Understand Pod Networking Concepts
Keywords: Container Logs, Intra-Pod Networking, Inter-Pod (Cluster) Networking, Intra-Pod IPC
Application Lifecycle Management: Understand the primitives necessary to create a self-healing application
Keywords: ReplicaSet, Horizontal Pod Autoscaler
Application Lifecycle Management: Understand the primitives necessary to create a self-healing application
Keywords: Deployment, DaemonSet, StatefulSet
Application Lifecycle Management: Understand Deployments and How to Perform Rolling Update and Rollbacks
Keywords: Deployment Revision, Job, CronJob
Core Concepts: Understand Services and other Network Primitives
Keywords: Service, ClusterIP, Endpoints, Service Mode, Container Network Interface (CNI)
Deploy and Configure Network Load Balancer
Keywords: LoadBalancer, NodePort, ExternalName, Headless Service
Networking: Know How to Configure and Use the Cluster DNS
Keywords: CoreDNS, kube-dns, Pod DNS Policy, Pod DNS Config
Security: Create and Manage TLS Certificates for Cluster Components
Keywords: Certificate Authority, CertificateSigningRequest
Networking: Know How to Use Ingress Rules
Keywords: Ingress Controller, Ingress
Security: Know How to Configure Network Policies
Keywords: Network Policy
Storage: Understand Kubernetes Storage Objects
Keywords: PersistentVolume, PersistentVolumeClaim, StorageClass
Scheduling: Use Label Selectors to Schedule Pods
Keywords: nodeName, nodeSelector, nodeAffinity, podAffinity, podAntiAffinity
Scheduling: Use Label Selectors to Schedule Pods
Keywords: Taint, Toleration
Logging/Monitoring: Manage Application Logs
Keywords: Sidecar Container, fluentd, Node Agent
Logging/Monitoring: Manage Cluster Component Logs
Keywords:
Logging/Monitoring: Understand How to Monitor All Cluster Components
Keywords: Metrics Server, Dashboard, Prometheus
Security: Secure Persistent Key Value Store
Keywords: ConfigMap, Secret
Security: Know How to Configure Authentication and Authorization
Keywords: ServiceAccount
Scheduling: Understand How Resource Limits Can Affect Pod Scheduling
Keywords: Resource Request, Resource Limits
Scheduling: Understand How Resource Limits Can Affect Pod Scheduling
Keywords: QoS Class, PriorityClass
Scheduling: Understand How Resource Limits Can Affect Pod Scheduling
Keywords: LimitRange, ResourceQuota
Security: Define Security Context
Keywords: securityContext, PodSecurityPolicy
Cluster Maintenance: Understand Kubernetes Cluster Upgrade Process
Keywords: kubeadm, etcdctl
Security: Work with Images Securely
Keywords: imagePullSecrets
Installation, Configuration & Validation: Configure a Highly-Available Kubernetes Cluster
Keywords: kubeadm
While it has an unusual URL, I found the Kubernetes Exam Simulator well worth the money.
Also, as you can use the official Kubernetes documentation during the exam, it is important to be able to navigate it quickly. The assumption is that you already know the theory, but need to use the documentation to remember the specific configuration syntax.
As a exercise, I went back to each section and added my thoughts on how to find the relevant configuration syntax.
In the interest of time, there are a number of things to know off the top of your head:
-
Create time saving CLI shortcuts: alias k=kubctl and do="--dry-run=client -o yaml"
-
Get status and logs from Node service: kublet and docker: systemctl --type service, systemctl status XXXXX, and journalctl -u XXXXX
-
Extract text out of certificates: openssl x509 -text -in XXXX
-
Retrieve iptables on a Node: iptables-save
note: Can use ranges in CLI, i.e., {1..3}
-
Copy files to a container: k cp --help
-
Delete resources: k delete XXXXX XXXXX; to return quickly from Pod deletion use --wait=false
-
Label resources: k label XXXXX XXXX
-
Annotate resouces: k annotate XXXXX XXXXX
-
Validate authorization: k auth can-i XXXXX XXXXX [-as XXXXXX] [-as-group XXXXX]
-
General options, e.g., -as XXXXX: k options
-
Manipulate the kubectl configuration file: k config view, k config use-context XXXXX
-
Get API groups / resource: k api-versions and k api-resources -o wide
-
Get application-centric resources from a namespace: k get all -n XXXXX -o wide
-
Run temporary Pod to hit a URL: k run tmp --restart=Never --rm --image=busybox -it -- wget -O- -T 3 XXXXX
-
Create configuration file from live resource: *k get XXXXX XXXXX -o yaml
-
Login to a Pod: k exec XXXXX -it -- sh
-
Learn to use basic JSONPath, JSONPath Support; often helpful in getting specific summary information from an array of objects
-
Learn to sort results, principally by time, e.g., --sort-by=.metadata.creationTimestamp
note: Need to pay attention to namespaces, i.e., supply the -n XXXXX option to add namespace to configuration file after generating it with $do option.
note: Also the --help option is super helpful here.
-
Create a Pod: k run XXXXX --image=XXXXX
-
Create a Namespace: k create namespace XXXX
-
Create a Deployment: k create deployment XXXXX --image =XXXXX
-
Create a Service: k expose deployment XXXXX --port=XX --target-port=XX
-
Create an Job, CronJob...: k create --help
-
History: k rollout history deployment XXXXX
-
Status: k rollout status deployment XXXXX [--revision=X]
-
Undo: k rollout undo deployment XXXXX [--to-revision=X]
-
Pause: k rollout pause deployment XXXXX
-
Set Image: k set image --help
-
Autoscale: k autoscale --help
First a disclaimer... These videos were made as part of my preparation for the CKA certification exam.
The material is organizied around the official curriculum:
Open Source Curriculum for CNCF Certification Courses
This tutorial is very different than your typical K8s tutorial, e.g.:
Those tutorial get to the "fun stuff", e.g., Pods, containers, etc, at the start. This is more appropriate for a first taste of K8s.
This tutorial, however, starts with more of the fundamentals, e.g., cluster topology, authentication, etc. The thinking here is that you already know you want to learn K8s.
While the official curriculum provided the organization, the bulk of the content comes from the K8s concepts section.
Finally, there are also a number of K8s preparation course available (most were around $300 or so) that you might find valuable. Without naming names, I was fairly unsatisfied with the one that I took and thus was born this tutorial (I needed more hands on practice).