Certified Kubernetes Administrator (CKA)

Notes - v1.27 (2023)
Kubernetes
3 min read

25%: Cluster Architecture, Installation & Configuration

Manage role based access control (RBAC)

RBAC in Kubernetes consists of the following descriptors.

Subjects

Subjects are the identity of the entity which can perform actions. For example,
User, Group, Service Account.

Roles

Roles consist of:

  • Verbs (actions): create, delete, get, watch, list.
  • Resources (targets (GVK)): pods, deployments.
# Role example.
# This role allows any subjects bound to it to `get` and `list` pods in the
# `my-app-environment` namespace.
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: my-app-environment
  name: read-pods
rules:
  - apiGroups: [""]
    resources: ["pods"]
    verbs: ["get", "list"]

RoleBindings

RoleBindings binds given Subjects to a given Role.

# RoleBinding example.
# This rolebinding binds a User "Bob" to be able to read pods within the
# `my-app-environment` namespace.
apiVersion: rbac.authorizaton.k8s.io/v1
kind: RoleBinding
metadata:
  namespace: my-app-environment
  name: read-pods-bob

roleRef:
  kind: Role
  name: read-pods
  apiGroup: rbac.authorization.k8s.io

subjects:
  - kind: User
    name: Bob
    apiGroup: rbac.authorization.k8s.io

Use kubeadm to install a basic cluster

Reference: https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/create-cluster-kubeadm/

Node Prerequisites

  • Unique MAC address ip link or ipconfig -a.
  • Unique Product UUID sudo cat /sys/class/dmi/id/product_uuid.
  • Swap Must be disabled.
  • kubeadm, kubelet, kubectl all installed with and maximum 1 minor version apart.
Ports

Required ports for the Control Plane:

ProtocolDirectionPort RangePurposeUsed by
TCPInbound6443Kubernetes API ServerAll
TCPInbound2379-2380etcd Server client APIkube-apiserver, etcd
TCPInbound10250Kubelet APISelf, Control plane
TCPInbound10259kube-schedulerSelf
TCPInbound10257kube-controller-managerSelf

Required ports for Worker nodes:

ProtocolDirectionPort RangePurposeUsed By
TCPInbound10250Kubelet APISelf, Control Plane
TCPInbound30000-32767NodePort ServicesAll

Manage a highly-available Kubernetes cluster

Provision underlying infrastructure to deploy a Kubernetes cluster

Perform a version upgrade on a Kubernetes cluster using Kubeadm

Implement etcd backup and restore

15%: Workloads & Scheduling

Understand deployments and how to perform rolling update and rollbacks

Use ConfigMaps and Secrets to configure applications

Know how to scale applications

Understand the primitives used to create robust, self-healing, application deployments

Understand how resource limits can affect Pod scheduling

Awareness of manifest management and common templating tools

20%: Services & Networking

Understand host networking configuration on the cluster nodes

Understand connectivity between Pods

Understand ClusterIP, NodePort, LoadBalancer service types and endpoints

Know how to use Ingress controllers and Ingress resources

Know how to configure and use CoreDNS

Choose an appropriate container network interface plugin

10%: Storage

Understand storage classes, persistent voluments

Understand volume mode, access modes and reclaim policies for volumes

Understand persistent volume claims primitive

Know how to configure applications with persistent storage

30%: Troubleshooting

Evaluate cluster and node logging

Understand how to monitor applications

Manage container stdout & stderr logs

Troubleshoot application failure

Troubleshoot cluster component failure

Troubleshoot networking