Kubernetes Certified Administration

Online resources that will help you prepare for taking the Kubernetes Certified Administrator Certification exam.

Disclaimer: This is not likely a comprehensive list as the exam will be a moving target with the fast pace of k8s development - please make a pull request if there something wrong, should be added, or updated.

I tried to restrict the cross references of resources to kubernetes.io. Youtube videos and other blog resources are optional; however, I still found them useful in my k8s learning journey.

Ensure you have the right version of Kubernetes documentation selected (e.g. v1.21 as of June 2021 exam) especially for API objects and annotations.

LDR: practice practice practice

Other CK exams:

• Certified Kubernetes Security Specialist CKS
• Certified Kubernetes Application Developer CKAD

CKA 2021 Exam Objectives

These are the exam objectives you review and understand in order to pass the test.

• CNCF Exam Curriculum repository

Cluster Architecture, Installation, and Configuration 25%

1. Manage role based access control

   • Lab: RBAC with Kubernetes in Minikube

2. Use kubeadm to install a basic cluster

   • Lab: Install Kubernetes On Ubuntu

3. Manage a highly available Kubernetes cluster

   • Options for Highly Available topology
   • Weaveworks Kubeadm HA cluster

4. Provision underlying infrastructure to deploy Kubernetes cluster

5. Peform a version upgrade on Kubernetes cluster using kubeadm

6. implment etcd backup and restore

   Kubecon Europe 2020: Kubeadm deep dive

#etcd backup and restore brief
export ETCDCTL_API=3  # needed to specify etcd api versions, not sure if it is needed anylonger with k8s 1.19+ 
etcdctl snapshot save -h   #find save options
etcdctl snapshot restore -h  #find restore options

## possible example of save, options will change depending on cluster context, as TLS is used need to give ca,crt, and key paths
etcdctl snapshot save /backup/snapshot.db  --cert=/etc/kubernetes/pki/etcd/server.crt  --key=/etc/kubernetes/pki/etcd/server.key --      cacert=/etc/kubernetes/pki/etcd/ca.crt


# evicting pods/nodes and bringing back node back to cluster
kubectl drain  <node># to drain a node
kubectl uncordon  <node> # to return a node after updates back to the cluster from unscheduled state to Ready
kubectl cordon  <node>   # to not schedule new pods on a node

#backup/restore the cluster (e.g. the state of the cluster in etcd)


# upgrade kubernetes worker node
kubectl drain <node>
apt-get upgrade -y kubeadm=<k8s-version-to-upgrade>
apt-get upgrade -y kubelet=<k8s-version-to-upgrade>
kubeadm upgrade node config --kubelet-version <k8s-version-to-upgrade>
systemctl restart kubelet
kubectl uncordon <node>


#kubeadm upgrade steps
kubeadm upgrade plan
kubeadm upgrade apply

Workloads & Scheduling – 15%

1. Understand deployments and how to perform rolling update and rollbacks
2. Use ConfigMaps and Secrets to configure applications

• configure a pod with a configmap
• configure a pod with a secret

3. Know how to scale applications

• scaling a statefulset
• scaling a replicaset

4. Understand the primitives used to create robust, self-healing, application deployments

• Replicaset
• Deployments
• Statefulsets
• Daemonset

5. Understand how resource limits can affect Pod scheduling
6. Awareness of manifest management and common templating tools

• Kustomize
  • Kustomize Blog
• manage kubernetes objects
• Install service catalog using helm
  • Non-k8s.io resource: CNCF Kubecon video: An introduction to Helm - Bridget Kromhout, Microsoft & Marc Khouzam, City of Montreal

• Non-k8s.io resource: External resource: templating-yaml-with-code

Services & Networking – 20%

1. Understand host networking configuration on the cluster nodes

2. Understand connectivity between Pods

   • The concept of Pods networking

3. Understand ClusterIP, NodePort, LoadBalancer service types and endpoints

   • service

4. Know how to use Ingress controllers and Ingress resources

   • Ingress concepts

5. Know how to configure and use CoreDNS

6. Choose an appropriate container network interface plugin

   • Kubernetes Networking Intro and Deep-Dive - Bowei Du & Tim Hockin, Google
   • Kubernetes and Networks: why is this so dang hard?
   • Kubecon Eu 2020 Tutorial: Communication Is Key - Understanding Kubernetes Networking - Jeff Poole, Vivint Smart Home

Storage – 10%

1. Understand storage classes, persistent volumes
2. Understand volume mode, access modes and reclaim policies for volumes
3. Understand persistent volume claims primitive
4. Know how to configure applications with persistent storage

#### Storage Class example
#

#### Persistent Volume Claim example
#
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: local-pvc
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: local-storage-sc
  resources:
    requests:
      storage: 100Mi

## Persistent Volume example
#
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-pv
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 200Mi
  local:
    path: /data/pv/disk021
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage-sc
  volumeMode: Filesystem

###  Pod using the pvc
#
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    volumeMounts:
      - name: local-persistent-storage
        mountPath: /var/www/html
  volumes:
    - name: local-persistent-storage
      persistentVolumeClaim:
        claimName: local-pvc

Troubleshooting – 30%

1. Evaluate cluster and node logging
2. Understand how to monitor applications
3. Manage container stdout & stderr logs
4. Troubleshoot application failure
   • Pending or termintated pods
5. Troubleshoot cluster component failure
6. Troubleshoot networking
   • DNS troubleshooting

Tips:

practice practice practice

Get familiar with:

• Familiarize yourself with the documentation, initially concepts and mostly tasks, kubectl explain command, kubectl cheatsheet, and kubectl commands reference

  • https://kubernetes.io/docs/concepts/
  • https://kubernetes.io/docs/tasks/
  • https://kubernetes.io/docs/user-guide/kubectl-cheatsheet/
  • https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands

• kubectl api-versions and kubectl api-resources wih grep for a specific resoruce e.g. pv, pvc, deployment, storageclass, ..etc can help figure out the apiVersion, and kind combined with explain below will help in constructing the yaml manifest

• kubectl explain --recurisve to construct out any yaml manifest you need and find its specd and details

• When using kubectl for investigations and troubleshooting utilize the wide output it gives your more details

     $kubectl get pods -o wide  --show-labels  --all-namespaces
     or
     $kubectl get pods -o wide  --show-labels  -A     # -A is quicker than --all-namespaces

• In kubectl utilizie --all-namespaces or better -A to ensure deployments, pods, objects are on the right name space, and right desired state

• for events and troubleshooting utilize kubectl describe if its pod/resource related and logs if it is application issue related

     $kubectl describe pods <PODID>   # for pod, deployment, other k8s resource issues/events
     $kubectl logs <PODID>            # for container/application issues like crash loops
     

• fast with kubectl e.g. the '-o yaml' in conjuction with --dry-run=client allows you to create a manifest template from an imperative spec, combined with --edit it allows you to modify the object before creation

kubectl create service clusterip my-svc -o yaml --dry-run=client > /tmp/srv.yaml
kubectl create --edit -f /tmp/srv.yaml

• use kubectl aliases to speed up and reduce typo errors, practice these alaises early at your work and study for the exam. some example aliases:

alias k='kubectl'
alias kg='kubectl get'
alias kgpo='kubectl get pod'
alias kcpyd='kubectl create pod -o yaml --dry-run=client'
alias ksysgpo='kubectl --namespace=kube-system get pod'

alias kd='kubectl delete'
alias kdf='kubectl delete -f'
## for quick deletes you can add --force --grace-period=0  **Not sure if it is a good idea if you are in a production cluster**
alias krmgf='kubectl delete --grace-period 0 --force'
alias kgsvcoyaml='kubectl get service -o=yaml'
alias kgsvcwn='watch kubectl get service --namespace'
alias kgsvcslwn='watch kubectl get service --show-labels --namespace'

#example usage of aliases
krmgf nginx-8jk71    # kill pod nginx-8jk71 using grace period 0 and force

• Enable kubectl autocomplete. Autocomplete is the life saviour in any timebound exam as well as our day to day work (e.g. If autocomplete enabled k -n [Press Tab] will suggest available namespaces). Example command to enable autocomplete is available at official kubectl Cheat Sheet page, you don't have to remember anything.

source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.
echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.

alias k=kubectl
complete -F __start_kubectl k

Miscellaneous (resources not allowed during exam):

1. Troubleshooting use cases by Ian/Container solutions

Popular training and practice sites:

Double check if the course is uptodate with the latest exam information (e.g. api, or curicuilim)

• Mumshad CKA with practice tests and mock exams - Highly recommended
• Killer.sh CKA simulator ⟹ use code walidshaari for 20% discount - they update frequently
• AWS Container hero NANA CKA course
• Kube Academy free How to prepare for the CKA exam training
• A Cloud Guru - Certified Kubernetes Administrator (CKA)
• Pluralsight CKA course by Anthony E. Nocentino
• LinuxAcademy/ACloudGuru CKA course
• rx-m online CKA course
• Duffie Cooly hands-on CKA video using KinD and accompanying notes
• Stilian Stoilov practice questions - 50+ tasks with increasing difficulty.

Quick review material

• Adnan Rashisd CKA notes: can be found at https://adnan.study/

What's Next:

• Learn more about Kubernetes core components from Duffie Cooly TGIK Grokking playlist
• CKAD Certified Kubernetes Application Developer
• CKS Certified Kubernetes Security Specialist
• Klustered: live youtube series of advanced level of internals troubleshooting. fun and interesting to watch Klustered