diff --git a/AbnormalDevOpsIterations/img/15.png b/AbnormalDevOpsIterations/img/15.png new file mode 100644 index 0000000..a68613e Binary files /dev/null and b/AbnormalDevOpsIterations/img/15.png differ diff --git a/_includes/cka.md b/_includes/cka.md index dc3578a..f543cef 100644 --- a/_includes/cka.md +++ b/_includes/cka.md @@ -1,169 +1,391 @@ -# Certified Kubernetes Administrator (CKA) Preparation Course -### Preparing to Master Kubernetes Administration +## Certified Kubernetes Administrator (CKA) Preparation + +#### A slides deck with the topics to learn for the CKA certification exam. + +### Agenda +1. Introduction to Kubernetes and its ecosystem +2. Cluster Architecture, Installation, and Configuration +3. Workloads and Scheduling +4. Services and Networking +5. Storage in Kubernetes +6. Security Essentials +7. Cluster Maintenance and Troubleshooting +8. Practice Labs and Mock Exams + +First chapter provides an overview of Kubernetes, its key features, ecosystem, and core components. For the exam preparation, you don't need to know most of the mentioned tools and resources. --- -## Course Agenda -1. **Introduction to Kubernetes** -2. **Cluster Architecture, Installation, and Configuration** -3. **Workloads and Scheduling** -4. **Services and Networking** -5. **Storage in Kubernetes** -6. **Security Essentials** -7. **Cluster Maintenance and Troubleshooting** -8. **Practice Labs and Mock Exams** +## Chapter 1: Introduction to Kubernetes ---- +### Learn the Basics +- What is Kubernetes, and why is it important? +- Key features that make Kubernetes the leading container orchestration platform. +- Core components and architecture of a Kubernetes cluster. +- Terminology and concepts essential for working with Kubernetes. +- The Kubernetes ecosystem: Tools, extensions, and the CNCF landscape. +--- -# What is Kubernetes? -- Kubernetes, often abbreviated as **K8s**, is an open-source platform for **automating deployment**, **scaling**, and **management of containerized applications**. -- Originally developed by Google and donated to the **Cloud Native Computing Foundation (CNCF)**. +## What is Kubernetes? +- Kubernetes (commonly called **K8s**) is an open-source platform for **automating deployment**, **scaling**, and **management** of containerized applications. +- Originally developed by **Google**; donated to the **Cloud Native Computing Foundation (CNCF)** in 2015. +- Provides an abstraction layer for managing workloads in distributed systems. πŸ”— [Introduction to Kubernetes](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/) --- -# Why Kubernetes? -- Simplifies managing containerized applications in distributed environments. -- Key advantages: - - **Declarative Configuration**: Define desired state in YAML/JSON. - - **Automated Recovery**: Self-healing capabilities. - - **Horizontal Scaling**: Automatically adjust workloads based on demand. +## Why Kubernetes? + +### Solves Key Challenges of Containerized Workloads +1. **Resource Efficiency**: Optimizes utilization of compute, storage, and network resources. +2. **Portability**: Runs seamlessly across on-premises, public cloud, or hybrid environments. +3. **Resilience**: High availability through redundancy and self-healing. +4. **Flexibility**: Handles stateless, stateful, and batch workloads. +5. **Scalability**: Scales applications horizontally or vertically based on demand. +6. **Automation**: Simplifies deployment, scaling, and management of applications. -πŸ”— [Why Kubernetes](https://kubernetes.io/docs/concepts/overview/why-kubernetes/) +### Kubernetes in Numbers +- Thousands of contributors globally. +- Backed by major organizations (Google, Red Hat, Amazon, Microsoft, etc.). +- Widely adopted by enterprises for cloud-native applications. +- **CNCF Survey 2021**: 91% of respondents use Kubernetes in production. + +πŸ”— [Why Kubernetes](https://cloud.google.com/learn/what-is-kubernetes) --- -# Kubernetes Use Cases -- **Microservices Architecture**: Simplifies deployment and management. -- **High-Availability Applications**: Ensures uptime through redundancy. -- **CI/CD Pipelines**: Accelerates development and delivery cycles. -- **Hybrid/Multicloud Deployments**: Unified control across environments. +## Key features of Kubernetes -πŸ”— [Kubernetes Use Cases](https://kubernetes.io/docs/concepts/overview/use-cases/) +### Orchestration +- Automates the deployment, scaling, and management of containerized applications. ---- +### Service Discovery and Load Balancing +- Built-in DNS and network load balancers ensure reliable communication. -# Kubernetes Key Terminology -- **Container**: A lightweight, standalone executable (e.g., Docker). -- **Pod**: The smallest deployable unit in Kubernetes. -- **Cluster**: A set of nodes working together. -- **Namespace**: Logical isolation of resources within a cluster. +### Self-Healing +- Automatically restarts failed containers, reschedules workloads, and kills non-responsive applications. -πŸ”— [Key Concepts](https://kubernetes.io/docs/concepts/) +### Declarative Configuration +- Define desired state in YAML/JSON files for version-controlled, reproducible infrastructure. + +### Scalability +- Dynamically scale up/down workloads based on demand or predefined rules. + +πŸ”— [Kubernetes Use Cases](https://www.ibm.com/think/topics/kubernetes-use-cases) --- -# Key Features of Kubernetes -1. **Orchestration**: Automates container scheduling and lifecycle management. -2. **Service Discovery and Load Balancing**: Automatically discovers services and balances traffic. -3. **Self-Healing**: Replaces failed containers and restarts unhealthy pods. -4. **Declarative Configuration**: Manage resources using YAML/JSON manifests. -5. **Storage Orchestration**: Supports dynamic and persistent storage. +## Kubernetes Terminology + +### Core Objects +- **Pod**: Smallest deployable unit, encapsulates one or more containers. +- **Service**: Exposes applications running in pods to internal or external traffic. +- **ConfigMap**: Manages configuration data decoupled from application code. +- **Secret**: Stores sensitive information securely. +- **Volume**: Provides persistent storage for pods. -πŸ”— [Kubernetes Features](https://kubernetes.io/docs/concepts/overview/components/) +### Namespaces +- Logical isolation for resources in a cluster. +- Use cases: Separate environments for dev/stage/prod. + +πŸ”— [Key Concepts](https://kubernetes.io/docs/concepts/) --- -# Kubernetes vs. Traditional Systems +## Kubernetes vs. Traditional Systems + | Feature | Kubernetes | Traditional Systems | |------------------------|--------------------------------|--------------------------------| | Deployment | Declarative (YAML/JSON) | Manual or Script-based | | Scaling | Automatic | Manual or Limited | | Failover | Self-healing | Requires Manual Intervention | | Resource Utilization | Optimized | Often Over-provisioned | +| Networking | Service Discovery Built-in | Requires Manual Configuration | +| Configuration | Declarative (YAML/JSON) | Manual or Script-based | +| Portability | Runs on Any Cloud Platform | Vendor-specific | +| Monitoring | Integrated Metrics and Logs | Requires Third-party Tools | +| Security | Role-Based Access Control | Limited Access Control | +| Cost | Efficient Resource Utilization | Often Over-provisioned | πŸ”— [Kubernetes Overview](https://kubernetes.io/docs/concepts/overview/) --- -# Kubernetes Ecosystem -- **Core Components**: Nodes, Control Plane, etc. -- **Tools and Extensions**: Helm (Package Manager), Prometheus (Monitoring), Istio (Service Mesh). -- **CNI Plugins**: Flannel, Calico, Weave for networking. -- **Storage Options**: NFS, AWS EBS, GCP PD, Ceph. +## Kubernetes Ecosystem - Core Components + +#### Package Management +- **Helm**: Kubernetes package manager for deploying pre-configured application templates. πŸ”— [Helm Documentation](https://helm.sh/docs/) + +#### Monitoring and Observability +- **Prometheus**: Metric collection, monitoring, and alerting system. πŸ”— [Prometheus Kubernetes Integration](https://prometheus.io/docs/prometheus/latest/installation/) +- **Grafana**: Visualization tool for monitoring data. πŸ”— [Grafana Kubernetes Integration](https://grafana.com/docs/grafana/latest/installation/kubernetes/) + +#### Networking Plugins [CNI Plugins Documentation](https://kubernetes.io/docs/concepts/extend-kubernetes/compute-storage-net/network-plugins/) +- **Flannel**: Simple and easy-to-use networking solution. πŸ”— [Flannel](https://github.com/flannel-io/flannel) +- **Calico**: Provides network policy enforcement. πŸ”— [Calico Documentation](https://docs.projectcalico.org/) +- **WeaveNet**: Network plugin with built-in encryption and observability. πŸ”— [WeaveNet Documentation](https://www.weave.works/docs/net/latest/) +- **Cilium**: Provides networking, security, and observability. πŸ”— [Cilium Documentation](https://cilium.io/) + +#### Service Mesh +- **Istio**: Service mesh with traffic management, security, and observability features. πŸ”— [Istio Documentation](https://istio.io/latest/docs/) +- **Linkerd**: Lightweight service mesh for cloud-native applications. πŸ”— [Linkerd Documentation](https://linkerd.io/) +- **Consul**: Service mesh with service discovery and configuration management. πŸ”— [Consul Documentation](https://www.consul.io/) + +--- + +## Kubernetes Operators + +### What Are Operators? +- Extend Kubernetes functionality by automating domain-specific tasks. +- Encapsulate application lifecycle management logic (e.g., provisioning, scaling, and failover). +- Use Custom Resource Definitions (CRDs) to define new resources. +- **Operator SDK**: Framework for building Kubernetes Operators. πŸ”— [Operator SDK Documentation](https://sdk.operatorframework.io/) + +### Popular Operators: +- **PostgreSQL Operator**: Automates database management. +- **Prometheus Operator**: Simplifies Prometheus deployment and configuration. +- **ElasticSearch Operator**: Manages ElasticSearch clusters. + +πŸ”— [Kubernetes Operators Documentation](https://kubernetes.io/docs/concepts/extend-kubernetes/operator/) + +--- + +## Kubernetes Distributions + +### Open-Source Distributions + +- **k3s**: Lightweight Kubernetes, ideal for edge or IoT use cases. πŸ”— [k3s Documentation](https://k3s.io/) +- **MicroK8s**: Canonical’s lightweight Kubernetes distribution. πŸ”— [MicroK8s Documentation](https://microk8s.io/) +- **k0s**: Zero-friction Kubernetes distribution. πŸ”— [k0s Documentation](https://k0sproject.io/) +- **Kind**: Kubernetes in Docker for local development. πŸ”— [Kind Documentation](https://kind.sigs.k8s.io/) + + +### Enterprise Distributions +- **Red Hat OpenShift**: Enterprise-grade Kubernetes with built-in CI/CD and security features. πŸ”— [OpenShift Documentation](https://www.openshift.com/) +- **Rancher**: Kubernetes management platform for multi-cluster operations. πŸ”— [Rancher Documentation](https://rancher.com/) +- **VMware Tanzu**: Kubernetes platform for building, running, and managing applications. πŸ”— [VMware Tanzu Documentation](https://tanzu.vmware.com/) +- **D2iQ Konvoy**: Kubernetes distribution with built-in monitoring and logging. πŸ”— [D2iQ Konvoy Documentation](https://d2iq.com/) +- **Mirantis Kubernetes Engine (formerly Docker Enterprise)**: Kubernetes platform with integrated container runtime. πŸ”— [Mirantis Kubernetes Engine Documentation](https://www.mirantis.com/software/kubernetes-engine/) + +--- + +## Managed Cloud Solutions -πŸ”— [Kubernetes Ecosystem](https://kubernetes.io/docs/home/) +- **Amazon Elastic Kubernetes Service (EKS)**: Kubernetes on AWS. πŸ”— [EKS Documentation](https://aws.amazon.com/eks/) +- **Google Kubernetes Engine (GKE)**: Fully managed Kubernetes from Google. πŸ”— [GKE Documentation](https://cloud.google.com/kubernetes-engine) +- **Azure Kubernetes Service (AKS)**: Kubernetes on Microsoft Azure. πŸ”— [AKS Documentation](https://learn.microsoft.com/en-us/azure/aks/) +- **IBM Cloud Kubernetes Service**: Managed Kubernetes on IBM Cloud. πŸ”— [IBM Cloud Kubernetes Service Documentation](https://www.ibm.com/cloud/kubernetes) +- **DigitalOcean Kubernetes**: Managed Kubernetes on DigitalOcean. πŸ”— [DigitalOcean Kubernetes Documentation](https://www.digitalocean.com/products/kubernetes/) +- **Alibaba Cloud Container Service for Kubernetes**: Managed Kubernetes on Alibaba Cloud. πŸ”— [Alibaba Cloud Kubernetes Service Documentation](https://www.alibabacloud.com/product/kubernetes) --- -# Cluster Architecture +## CNCF Landscape + +### What is CNCF? +- **Cloud Native Computing Foundation (CNCF)**: Governing body supporting open-source, cloud-native projects. +- Manages the Kubernetes project and fosters a thriving ecosystem. -### Control Plane Components: -1. **kube-apiserver**: - - Acts as the front end for the Kubernetes control plane. - - Handles all REST requests and validates configurations. - - πŸ”— [kube-apiserver Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) +### CNCF Landscape Highlights: +- Kubernetes is part of a broader cloud-native ecosystem, including: + 1. **Container Runtimes**: containerd, CRI-O, Docker. + 2. **Storage Solutions**: Rook, OpenEBS, Ceph. + 3. **CI/CD Tools**: Tekton, ArgoCD, Flux. + 4. **Security**: Falco, OPA, Kyverno. -2. **etcd**: - - A distributed, reliable key-value store for all cluster data. - - Ensures consistency and stores the state of the cluster. - - πŸ”— [etcd Documentation](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/) +πŸ”— [CNCF Interactive Landscape](https://landscape.cncf.io/) -3. **kube-scheduler**: - - Assigns workloads (pods) to appropriate nodes. - - Bases decisions on resource availability, taints/tolerations, and affinity/anti-affinity rules. - - πŸ”— [kube-scheduler Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/) +--- -4. **kube-controller-manager**: - - Runs controllers to ensure desired state: - - Node Controller - - Replication Controller - - Endpoints Controller - - Service Account Controller - - πŸ”— [kube-controller-manager Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) +## Chapter 1: Introduction to Kubernetes | Wrap-Up + +### Key Takeaways: +- Kubernetes (K8s) automates deployment, scaling, and management of containerized applications. +- Features: Service discovery, load balancing, self-healing, declarative configuration, scalability. +- Architecture: Control Plane (API server, etcd, scheduler, controllers) and Nodes (kubelet, kube-proxy). +- Use cases: Microservices, high-availability applications, CI/CD pipelines, hybrid/multi-cloud. +- Ecosystem: Helm (packages), Prometheus (monitoring), Istio (service mesh), CNCF projects. +- Managed solutions: EKS, GKE, AKS, OpenShift, Tanzu, DigitalOcean Kubernetes. --- -# Node Components +## Chapter 2: Cluster Architecture, Installation, and Configuration + +### Understand How Clusters Work +- Explore the architecture of a Kubernetes cluster. +- Learn about the Control Plane and Node components. +- Install Kubernetes using tools like kubeadm and Minikube. +- Configure clusters for security, scalability, and performance. +- Follow best practices for managing configurations and resources. + +--- + +## Cluster Architecture - Control Plane Components + +**kube-apiserver** πŸ”— [Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) +- Acts as the front end for the Kubernetes control plane. +- Handles all REST requests and validates configurations. -1. **kubelet**: - - An agent that runs on each node. - - Ensures containers in pods are running as expected. - - Communicates with the control plane. - - πŸ”— [kubelet Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) +**etcd** πŸ”— [Documentation](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/) +- A distributed, reliable key-value store for all cluster data. +- Ensures consistency and stores the state of the cluster. -2. **kube-proxy**: - - Handles networking for Kubernetes Services. - - Maintains network rules and forwards requests to the appropriate pods. - - πŸ”— [kube-proxy Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/) +**kube-scheduler** πŸ”— [Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/) +- Assigns workloads (pods) to appropriate nodes. +- Bases decisions on resource availability, taints/tolerations, and affinity/anti-affinity rules. -3. **Container Runtime**: - - Responsible for running containers (e.g., containerd, CRI-O, Docker). - - πŸ”— [Container Runtimes Documentation](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) +**kube-controller-manager** πŸ”— [Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) +- Runs controllers to ensure desired state of the cluster +- Node Controller, Replication Controller, Endpoints Controller, Service Account Controller --- -# Installation Tools +## Cluster Architecture - Node Components -### 1. kubeadm -- A standard tool to set up Kubernetes clusters easily. -- Automates installation of control plane and worker node components. -- Ideal for production-grade clusters. -- πŸ”— [kubeadm Documentation](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) +**kubelet** πŸ”— [Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) + - An agent that runs on each node. + - Ensures containers in pods are running as expected. + - Communicates with the control plane. + +**kube-proxy** πŸ”— [Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/) + - Handles networking for Kubernetes Services. + - Maintains network rules and forwards requests to the appropriate pods. + +**Container Runtime** πŸ”— [Documentation](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) + - Responsible for running containers (e.g., containerd, CRI-O, Docker). + - Communicates with the kubelet to manage container lifecycle. --- -### 2. Minikube -- Lightweight Kubernetes for local testing. -- Sets up a single-node cluster on a local machine. -- Suitable for development and practice. -- πŸ”— [Minikube Documentation](https://minikube.sigs.k8s.io/docs/) +## Cluster Architecture - Topologies + +### Single-Node Cluster +- All components run on a single node (control plane and worker node). +- Ideal for development and testing. +- Can be scaled to a multi-node cluster if needed. + +### Multi-Node Cluster +- Control Plane: Manages the cluster state and API requests. +- Worker Nodes: Run workloads (pods) and communicate with the control plane. +- Scalable and fault-tolerant. +- For HA, run multiple instances (at least 3) of control plane components --- -### 3. Managed Kubernetes Solutions -- Cloud providers offer managed Kubernetes services: - - **Amazon EKS**: πŸ”— [Amazon EKS Documentation](https://docs.aws.amazon.com/eks/) - - **Azure AKS**: πŸ”— [Azure AKS Documentation](https://learn.microsoft.com/en-us/azure/aks/) - - **Google GKE**: πŸ”— [Google GKE Documentation](https://cloud.google.com/kubernetes-engine) +## Installation Tools + +**kubeadm** πŸ”— [Documentation](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) + - A standard tool to set up Kubernetes clusters easily. + - Automates installation of control plane and worker node components. + - Ideal for production-grade clusters. + +**kind** πŸ”— [Documentation](https://kind.sigs.k8s.io/docs/user/quick-start/) + - Kubernetes in Docker for local development. + - Creates a multi-node cluster using Docker containers. + - Suitable for testing and development. + +**Minikube** πŸ”— [Documentation](https://minikube.sigs.k8s.io/docs/) + - Lightweight Kubernetes for local testing. + - Sets up a single-node cluster on a local machine. + - Suitable for development and practice. --- -# Configuration Best Practices +## Installation prerequisites + +On a node where you want to install Kubernetes, ensure the following prerequisites are met: +- A **Linux** host with at least 2 CPUs and 2GB of RAM. +- **Container Runtime**: Install a container runtime like containerd, CRI-O, or Docker. +- **kubeadm, kubectl, kubelet**: Install the Kubernetes binaries. +- **Disable swap**: Disable swap to ensure Kubernetes runs smoothly. +- **Firewall Rules on control plane** + Open required ports for inbound traffic (defaults, can be customized): + - API Server: 6443 (used by All) + - etcd Server client API: 2379-2380 (used by etcd and kube-apiserver) + - Kubelet API: 10250 (used by kubelet and control plane) + - Controller Manager: 10257 (used by kube-controller-manager) + - Scheduler: 10259 (used by kube-scheduler) +- **Firewall Rules on worker nodes** + - Kubelet API: 10250 (used by kubelet and control plane) + - Kube-proxy: 10256 (used by kube-proxy and load balancers) + - NodePort Services: 30000-32767 (used by external clients) + +--- +## Installing Kubernetes with kubeadm 1/2 + +**Initialize the Cluster**: +On the master node, run a command as follows: + ```bash + kubeadm init --pod-network-cidr 192.168.0.0/16 + ``` +Some common options: + - **--pod-network-cidr**: Specify the pod network CIDR. Can be different based on the network plugin used. + - **--apiserver-advertise-address**: Specify the API server address, as used by worker nodes. + - **--control-plane-endpoint**: Specify the control plane endpoint (IP or DNS name), useful if you plan to use external load balancers. + +**Configure client tools**: +After initializing the cluster, you'll be shown commands to run in order configure kubectl to access the cluster. +```bash +mkdir -p $HOME/.kube +sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config +sudo chown $(id -u):$(id -g) $HOME/.kube/config +``` + +--- + +## Installing Kubernetes with kubeadm 2/2 + +**Set Up Networking**: +By default Kubernetes doesn't provide any networking. You need to install a CNI plugin to enable pod-to-pod communication. +Common choices are Flannel, Calico, or WeaveNet. Example with Calico (which uses, by default, the network CIDR 192.168.0.0/16 specified during initialization): + ```bash + kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml + ``` +**Join Worker Nodes**: +On Worker nodes, use the join command provided after initializing the master node. +You can get the join command running: + ```bash + kubeadm token create --print-join-command + ``` +The join command looks like: + ```bash + kubeadm join : --token --discovery-token-ca-cert-hash + ``` + +--- + +## kubeadm commands + +Common kubeadm commands +- **kubeadm init**: Initialize a Kubernetes cluster. +- **kubeadm join**: Join a node to the cluster. +- **kubeadm token**: Manage tokens for joining nodes. +- **kubeadm config**: Manage configuration files. +- **kubeadm upgrade**: Upgrade a Kubernetes cluster. +- **kubeadm reset**: Reset a node to its initial state. + +--- + +## Kubernetes Configuration + +#### kubectl Configuration +The tool **kubectl** uses **kubeconfig** files where are stored cluster information, authentication details, and context. +The default kubeconfig path is **~/.kube/config**. + +Inside a kubeconfig file you can have different contexts, each pointing to a different cluster. +With the command `kubectl config get-contexts` you can see the available contexts. +With the command `kubectl config use-context ` you can switch between contexts. +With the command `kubectl config view` you can see the merged kubeconfig settings. -### Use ConfigMaps and Secrets +--- + +## Kubernetes Configuration + + + +#### Use ConfigMaps and Secrets - **ConfigMaps**: Store non-sensitive configuration data separately from application code. - πŸ”— [ConfigMaps Documentation](https://kubernetes.io/docs/concepts/configuration/configmap/) - **Secrets**: Store sensitive data securely. @@ -171,7 +393,7 @@ --- -### Leverage Namespaces +#### Leverage Namespaces - **Namespaces**: - Isolate resources within the same cluster. - Ideal for multi-team or multi-environment use cases (e.g., dev, staging, production). @@ -179,7 +401,7 @@ --- -### Resource Management +#### Resource Management 1. **Resource Quotas**: - Limit resource consumption per namespace. - πŸ”— [Resource Quotas Documentation](https://kubernetes.io/docs/concepts/policy/resource-quotas/) @@ -190,9 +412,35 @@ --- -# Key Kubernetes Workloads +## Chapter 2: Cluster Architecture, Installation, and Configuration | Wrap-Up + +### Key Takeaways: +- **Cluster Architecture**: Control Plane manages cluster state; nodes run workloads. +- **Installation Tools**: + - kubeadm: Standard tool for production clusters. + - Minikube: Lightweight tool for local testing. + - kind: Kubernetes in Docker for development. +- **Configuration Best Practices**: + - Use ConfigMaps/Secrets for app configs and sensitive data. + - Organize resources with namespaces. + - Enforce resource limits using ResourceQuotas and LimitRanges. + +--- + +## Chapter 3: Workloads and Scheduling -### 1. **Pods** +### Manage Workloads Effectively +- Discover Kubernetes workloads: Pods, Deployments, StatefulSets, and Jobs. +- Learn about DaemonSets for node-specific tasks. +- Master scheduling concepts like node affinity, taints/tolerations, and resource allocation. +- Practice debugging and resolving workload issues. + + +--- + +## Key Kubernetes Workloads + +#### 1. **Pods** - Smallest deployable unit in Kubernetes. - Can run a single container or multiple tightly coupled containers. - Pods share: @@ -202,14 +450,14 @@ --- -## Example: Creating a Pod +### Example: Creating a Pod -### Command Line +#### Command Line ```bash kubectl run my-pod --image=nginx --restart=Never ``` -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Pod @@ -223,9 +471,9 @@ spec: --- -# Deployments +## Deployments -### 2. **Deployments** +#### 2. **Deployments** - Manage **stateless applications** and ensure the desired number of pods are running. - Supports: - Rolling updates. @@ -235,14 +483,14 @@ spec: --- -## Example: Creating a Deployment +### Example: Creating a Deployment -### Command Line +#### Command Line ```bash kubectl create deployment my-deployment --image=nginx ``` -### YAML File +#### YAML File ```yaml apiVersion: apps/v1 kind: Deployment @@ -265,9 +513,9 @@ spec: --- -# StatefulSets +## StatefulSets -### 3. **StatefulSets** +#### 3. **StatefulSets** - Manage **stateful applications** requiring stable, persistent identities. - Ensures: - Stable network identities. @@ -277,9 +525,9 @@ spec: --- -## Example: Creating a StatefulSet +### Example: Creating a StatefulSet -### YAML File (Command line not recommended for StatefulSets) +#### YAML File (Command line not recommended for StatefulSets) ```yaml apiVersion: apps/v1 kind: StatefulSet @@ -303,9 +551,9 @@ spec: --- -# DaemonSets +## DaemonSets -### 4. **DaemonSets** +#### 4. **DaemonSets** - Ensure all (or some) nodes run a copy of a specific pod. - Common use cases: - Log collectors (e.g., Fluentd). @@ -314,9 +562,9 @@ spec: --- -## Example: Creating a DaemonSet +### Example: Creating a DaemonSet -### YAML File (Command line not recommended for DaemonSets) +#### YAML File (Command line not recommended for DaemonSets) ```yaml apiVersion: apps/v1 kind: DaemonSet @@ -338,9 +586,9 @@ spec: --- -# Jobs and CronJobs +## Jobs and CronJobs -### 5. **Jobs and CronJobs** +#### 5. **Jobs and CronJobs** - **Jobs**: Run tasks to completion. Useful for batch processing. πŸ”— [Jobs Documentation](https://kubernetes.io/docs/concepts/workloads/controllers/job/) - **CronJobs**: Schedule tasks based on time intervals. Ideal for periodic backups or cleanups. @@ -348,14 +596,14 @@ spec: --- -## Example: Creating a Job +### Example: Creating a Job -### Command Line +#### Command Line ```bash kubectl create job my-job --image=busybox -- echo "Hello Kubernetes" ``` -### YAML File +#### YAML File ```yaml apiVersion: batch/v1 kind: Job @@ -373,14 +621,14 @@ spec: --- -## Example: Creating a CronJob +### Example: Creating a CronJob -### Command Line +#### Command Line ```bash kubectl create cronjob my-cronjob --image=busybox --schedule="*/1 * * * *" -- echo "Hello from CronJob" ``` -### YAML File +#### YAML File ```yaml apiVersion: batch/v1 kind: CronJob @@ -401,9 +649,9 @@ spec: --- -# Scheduling Basics +## Scheduling Basics -### 1. Labels and Selectors +#### 1. Labels and Selectors - **Labels**: Key-value pairs attached to objects (e.g., pods, nodes). - Examples: `app=frontend`, `tier=backend`. - **Selectors**: Match labels to identify objects for scheduling. @@ -411,9 +659,9 @@ spec: --- -# Node Affinity and Anti-Affinity +## Node Affinity and Anti-Affinity -### 2. Node Affinity and Anti-Affinity +#### 2. Node Affinity and Anti-Affinity - **Node Affinity**: Schedule pods on nodes based on labels. - Example: "Only schedule on nodes with SSD storage." - **Anti-Affinity**: Prevent pods from being scheduled on the same node. @@ -422,9 +670,9 @@ spec: --- -## Example: Node Affinity +### Example: Node Affinity -### YAML File Example +#### YAML File Example ```yaml apiVersion: v1 kind: Pod @@ -447,9 +695,9 @@ spec: --- -# Taints and Tolerations +## Taints and Tolerations -### 3. Taints and Tolerations +#### 3. Taints and Tolerations - **Taints**: Applied to nodes to restrict pod scheduling. - Example: `NoSchedule` taint prevents pods without tolerations from being scheduled. - **Tolerations**: Allow pods to bypass taints and be scheduled on specific nodes. @@ -457,14 +705,14 @@ spec: --- -## Example: Taints and Tolerations +### Example: Taints and Tolerations -### Add Taint to a Node +#### Add Taint to a Node ```bash kubectl taint nodes node1 key=value:NoSchedule ``` -### YAML File Example for Toleration +#### YAML File Example for Toleration ```yaml apiVersion: v1 kind: Pod @@ -483,9 +731,9 @@ spec: --- -# Resource Requests and Limits +## Resource Requests and Limits -### 4. Resource Requests and Limits +#### 4. Resource Requests and Limits - **Resource Requests**: Minimum CPU/Memory a pod needs to run. - **Resource Limits**: Maximum CPU/Memory a pod can consume. - Prevents resource starvation and overcommitment. @@ -493,9 +741,9 @@ spec: --- -## Example: Resource Requests and Limits +### Example: Resource Requests and Limits -### YAML File Example +#### YAML File Example ```yaml apiVersion: v1 kind: Pod @@ -516,9 +764,9 @@ spec: --- -# Priority Classes +## Priority Classes -### 5. Priority Classes +#### 5. Priority Classes - Define the importance of workloads during scheduling. - Higher-priority pods are scheduled first. - Lower-priority pods are evicted to make space during resource shortages. @@ -526,14 +774,14 @@ spec: --- -## Example: Priority Classes +### Example: Priority Classes -### Create a Priority Class +#### Create a Priority Class ```bash kubectl create priorityclass high-priority --value=1000 --global-default=false --description="High-priority workload" ``` -### YAML File Example for Priority Class +#### YAML File Example for Priority Class ```yaml apiVersion: scheduling.k8s.io/v1 kind: PriorityClass @@ -544,7 +792,7 @@ globalDefault: false description: "High-priority workload" ``` -### Pod Using Priority Class +#### Pod Using Priority Class ```yaml apiVersion: v1 kind: Pod @@ -559,9 +807,9 @@ spec: --- -# Debugging Scheduling Issues +## Debugging Scheduling Issues -### Debugging Commands +#### Debugging Commands - Use `kubectl describe pod ` to review scheduling events. - Check events for detailed scheduling-related messages: ```bash @@ -572,9 +820,31 @@ spec: --- -# Kubernetes Networking Model +## Chapter 3: Workloads and Scheduling | Wrap-Up + +### Key Takeaways: +- **Workloads**: Pods (smallest deployable unit), Deployments (stateless apps), StatefulSets (stateful apps), Jobs/CronJobs (batch/scheduled tasks), DaemonSets (node-specific tasks). +- **Scheduling**: + - Node affinity, taints/tolerations, and priority classes control pod placement. + - Resource requests/limits manage CPU and memory allocation. + - Network policies secure pod communication. +- **Debugging**: Use `kubectl describe`, `kubectl logs`, and ephemeral containers for troubleshooting. + +--- -### Networking in Kubernetes: Key Principles +## Chapter 4: Services and Networking + +### Enable Connectivity and Communication +- Learn how Kubernetes handles networking between pods and services. +- Explore service types: ClusterIP, NodePort, LoadBalancer, and Ingress. +- Use DNS for service discovery and networking plugins for pod communication. +- Implement Network Policies to secure traffic within your cluster. + +--- + +## Kubernetes Networking Model + +#### Networking in Kubernetes: Key Principles 1. **Flat Network Space**: All pods can communicate with each other without NAT. 2. **Service Discovery**: Built-in DNS to resolve service names. 3. **Flexible Connectivity**: Supports ClusterIP, NodePort, LoadBalancer, and Ingress. @@ -583,23 +853,23 @@ spec: --- -# Services in Kubernetes +## Services in Kubernetes -### 1. ClusterIP (Default) +#### 1. ClusterIP (Default) - Exposes a service internally within the cluster. - Pods access the service via its DNS name or IP address. - πŸ”— [ClusterIP Documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types) --- -## Example: ClusterIP +### Example: ClusterIP -### Command Line +#### Command Line ```bash kubectl expose deployment my-deployment --type=ClusterIP --port=80 ``` -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Service @@ -617,21 +887,21 @@ spec: --- -### 2. NodePort +#### 2. NodePort - Exposes a service on each node's IP and a static port (30000-32767). - Allows external access to the service. - πŸ”— [NodePort Documentation](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport) --- -## Example: NodePort +### Example: NodePort -### Command Line +#### Command Line ```bash kubectl expose deployment my-deployment --type=NodePort --port=80 ``` -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Service @@ -650,21 +920,21 @@ spec: --- -### 3. LoadBalancer +#### 3. LoadBalancer - Exposes a service externally using a cloud provider's load balancer. - Requires integration with supported cloud providers (e.g., AWS, Azure, GCP). - πŸ”— [LoadBalancer Documentation](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) --- -## Example: LoadBalancer +### Example: LoadBalancer -### Command Line +#### Command Line ```bash kubectl expose deployment my-deployment --type=LoadBalancer --port=80 ``` -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Service @@ -682,9 +952,9 @@ spec: --- -# Ingress +## Ingress -### 4. Ingress +#### 4. Ingress - Provides HTTP(S) routing to services within the cluster. - Supports advanced features like TLS termination and path-based routing. - Requires an **Ingress Controller** (e.g., NGINX, Traefik). @@ -692,9 +962,9 @@ spec: --- -## Example: Ingress +### Example: Ingress -### YAML File +#### YAML File ```yaml apiVersion: networking.k8s.io/v1 kind: Ingress @@ -716,9 +986,9 @@ spec: --- -# Core Networking Concepts +## Core Networking Concepts -### 1. DNS in Kubernetes +#### 1. DNS in Kubernetes - Automatically creates DNS entries for services. - Pods can resolve services using their names: ```plaintext @@ -728,25 +998,25 @@ spec: --- -## Example: Verifying DNS +### Example: Verifying DNS -### Command Line +#### Command Line ```bash kubectl exec -it -- nslookup my-service ``` --- -### 2. Network Policies +#### 2. Network Policies - Control traffic flow between pods or between pods and external resources. - Specify **allow/deny** rules for ingress/egress traffic. - πŸ”— [Network Policies Documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) --- -## Example: Network Policy +### Example: Network Policy -### YAML File +#### YAML File ```yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -768,9 +1038,9 @@ spec: --- -# Debugging Networking Issues +## Debugging Networking Issues -### Troubleshooting Steps +#### Troubleshooting Steps 1. **Check Service and Pod Connectivity**: ```bash kubectl exec -it -- curl : @@ -792,9 +1062,32 @@ spec: --- -# Storage in Kubernetes +## Chapter 4: Services and Networking | Wrap-Up + +### Key Takeaways: +- **Networking Models**: All pods in a cluster can communicate without NAT. +- **Services**: Expose applications via ClusterIP (internal), NodePort, LoadBalancer, or Ingress. +- **Core Networking Concepts**: + - DNS for service discovery. + - CNI plugins (Calico, Flannel) handle pod networking. + - Network policies restrict traffic flow between pods. +- Debugging: Test connectivity with `curl`, verify DNS resolution, and review events for issues. + +--- + +## Chapter 5: Storage in Kubernetes + +### Persist and Manage Data +- Understand how Kubernetes manages storage for containerized applications. +- Use Persistent Volumes (PV) and Persistent Volume Claims (PVC). +- Configure dynamic storage provisioning with StorageClasses. +- Work with ConfigMaps and Secrets to manage configurations and sensitive data securely. + +--- + +## Storage in Kubernetes -### Key Concepts +#### Key Concepts 1. **Volumes**: Attach storage to pods. 2. **Persistent Volumes (PV)**: Cluster-wide storage resources. 3. **Persistent Volume Claims (PVC)**: Requests for storage by pods. @@ -804,9 +1097,9 @@ spec: --- -# Volumes +## Volumes -### What are Volumes? +#### What are Volumes? - Allow pods to persist data beyond the lifecycle of a container. - Types of volumes: - **emptyDir**: Temporary storage tied to the pod’s lifecycle. @@ -818,9 +1111,9 @@ spec: --- -## Example: Using a Volume +### Example: Using a Volume -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Pod @@ -840,9 +1133,9 @@ spec: --- -# Persistent Volumes (PV) +## Persistent Volumes (PV) -### What are Persistent Volumes? +#### What are Persistent Volumes? - Abstracts storage from specific pods. - Supports multiple backends like NFS, AWS EBS, GCE PD. - Must be **manually created** or dynamically provisioned. @@ -851,9 +1144,9 @@ spec: --- -## Example: Creating a Persistent Volume +### Example: Creating a Persistent Volume -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: PersistentVolume @@ -871,9 +1164,9 @@ spec: --- -# Persistent Volume Claims (PVC) +## Persistent Volume Claims (PVC) -### What are Persistent Volume Claims? +#### What are Persistent Volume Claims? - A request for storage from a pod. - Links pods with available Persistent Volumes. - Defines: @@ -884,9 +1177,9 @@ spec: --- -## Example: Creating a PVC +### Example: Creating a PVC -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: PersistentVolumeClaim @@ -902,9 +1195,9 @@ spec: --- -# Dynamic Provisioning +## Dynamic Provisioning -### What is Dynamic Provisioning? +#### What is Dynamic Provisioning? - Automatically provisions storage when PVCs are created. - Requires a **StorageClass** configured in the cluster. @@ -912,9 +1205,9 @@ spec: --- -## Example: Dynamic Provisioning with a StorageClass +### Example: Dynamic Provisioning with a StorageClass -### StorageClass YAML +#### StorageClass YAML ```yaml apiVersion: storage.k8s.io/v1 kind: StorageClass @@ -925,7 +1218,7 @@ parameters: type: gp2 ``` -### PVC Using the StorageClass +#### PVC Using the StorageClass ```yaml apiVersion: v1 kind: PersistentVolumeClaim @@ -942,22 +1235,22 @@ spec: --- -# Storage for Configurations and Secrets +## Storage for Configurations and Secrets -### ConfigMaps +#### ConfigMaps - Use ConfigMaps to store configuration data as files or environment variables. πŸ”— [ConfigMaps Documentation](https://kubernetes.io/docs/concepts/configuration/configmap/) --- -## Example: Using a ConfigMap +### Example: Using a ConfigMap -### Create a ConfigMap from CLI +#### Create a ConfigMap from CLI ```bash kubectl create configmap app-config --from-literal=key1=value1 ``` -### YAML File Example +#### YAML File Example ```yaml apiVersion: v1 kind: ConfigMap @@ -970,20 +1263,20 @@ data: --- -### Secrets +#### Secrets - Use Secrets to store sensitive data securely (e.g., passwords, tokens). πŸ”— [Secrets Documentation](https://kubernetes.io/docs/concepts/configuration/secret/) --- -## Example: Using a Secret +### Example: Using a Secret -### Create a Secret from CLI +#### Create a Secret from CLI ```bash kubectl create secret generic app-secret --from-literal=username=admin --from-literal=password=pass123 ``` -### YAML File Example +#### YAML File Example ```yaml apiVersion: v1 kind: Secret @@ -997,9 +1290,9 @@ data: --- -# Debugging Storage Issues +## Debugging Storage Issues -### Common Troubleshooting Commands +#### Common Troubleshooting Commands 1. **Verify Persistent Volumes and Claims**: ```bash kubectl get pv,pvc @@ -1019,9 +1312,32 @@ data: --- -# Authentication and Authorization +## Chapter 5: Storage in Kubernetes | Wrap-Up + +### Key Takeaways: +- **Storage Concepts**: + - Volumes (temporary storage), Persistent Volumes (PV), Persistent Volume Claims (PVC). + - Dynamic provisioning simplifies storage management using StorageClasses. +- **ConfigMaps and Secrets**: + - ConfigMaps manage non-sensitive configuration data. + - Secrets securely store sensitive information like passwords or keys. +- Debugging: Use `kubectl describe pv/pvc` for storage issues and check pod logs for mount errors. + +--- -### Authentication +## Chapter 6: Security Essentials + +### Secure Your Cluster and Applications +- Learn Kubernetes authentication and authorization mechanisms. +- Use Role-Based Access Control (RBAC) for fine-grained permissions. +- Apply Pod Security Standards and define security contexts for pods. +- Secure communication and traffic with Network Policies. + +--- + +## Authentication and Authorization + +#### Authentication - Identifies **who** is making a request (e.g., users, service accounts). - Common authentication methods: - Certificates @@ -1032,7 +1348,7 @@ data: --- -### Authorization +#### Authorization - Controls **what** a user or process can do. - Methods: - **Role-Based Access Control (RBAC)**: Assign permissions to users or groups. @@ -1042,9 +1358,9 @@ data: --- -## Example: RBAC Role and RoleBinding +### Example: RBAC Role and RoleBinding -### Role YAML File +#### Role YAML File ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -1057,7 +1373,7 @@ rules: verbs: ["get", "list", "watch"] ``` -### RoleBinding YAML File +#### RoleBinding YAML File ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding @@ -1076,9 +1392,9 @@ roleRef: --- -# Pod Security +## Pod Security -### Pod Security Standards (PSS) +#### Pod Security Standards (PSS) - Ensure security at the pod level. - Three predefined standards: 1. **Privileged**: No restrictions. @@ -1089,16 +1405,16 @@ roleRef: --- -## Example: Enforcing Pod Security +### Example: Enforcing Pod Security -### Apply Pod Security Standards via Labels +#### Apply Pod Security Standards via Labels ```bash kubectl label namespace my-namespace pod-security.kubernetes.io/enforce=baseline ``` --- -### Securing Pods with SecurityContext +#### Securing Pods with SecurityContext - Set security options for pods or containers. - Examples: Run as non-root, drop capabilities, restrict privilege escalation. @@ -1106,9 +1422,9 @@ kubectl label namespace my-namespace pod-security.kubernetes.io/enforce=baseline --- -## Example: SecurityContext +### Example: SecurityContext -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Pod @@ -1130,9 +1446,9 @@ spec: --- -# Networking Security +## Networking Security -### Network Policies +#### Network Policies - Control pod-to-pod and pod-to-external traffic. - Define **allow** or **deny** rules for ingress and egress. @@ -1140,9 +1456,9 @@ spec: --- -## Example: Network Policy +### Example: Network Policy -### YAML File +#### YAML File ```yaml apiVersion: networking.k8s.io/v1 kind: NetworkPolicy @@ -1165,9 +1481,9 @@ spec: --- -# Image Security +## Image Security -### Recommendations for Secure Container Images +#### Recommendations for Secure Container Images 1. Use minimal base images. 2. Regularly scan images for vulnerabilities. 3. Avoid running containers as root. @@ -1176,9 +1492,9 @@ spec: --- -## Example: Using an ImagePullSecret +### Example: Using an ImagePullSecret -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Secret @@ -1205,9 +1521,9 @@ spec: --- -# Secrets Management +## Secrets Management -### Use Kubernetes Secrets for Sensitive Data +#### Use Kubernetes Secrets for Sensitive Data - Store sensitive information like passwords, tokens, and SSH keys. - Secrets are **base64-encoded**, not encrypted by default. @@ -1215,9 +1531,9 @@ spec: --- -## Example: Secret for Environment Variables +### Example: Secret for Environment Variables -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Secret @@ -1254,9 +1570,9 @@ spec: --- -# Debugging Security Issues +## Debugging Security Issues -### Common Troubleshooting Commands +#### Common Troubleshooting Commands 1. **Inspect RoleBindings and ClusterRoleBindings**: ```bash kubectl get rolebinding,clusterrolebinding -A @@ -1278,9 +1594,34 @@ spec: --- -# Cluster Maintenance +## Chapter 6: Security Essentials | Wrap-Up + +### Key Takeaways: +- **Authentication and Authorization**: + - Authentication via certificates, tokens, or external providers. + - RBAC controls access to resources. +- **Pod Security**: + - Use Pod Security Standards (Baseline, Restricted). + - Define security context to enforce non-root execution and drop privileges. +- **Networking Security**: + - Network policies control ingress/egress traffic between pods. +- Best Practices: Regularly scan images, use Secrets for sensitive data, and audit logs for potential breaches. + +--- + +## Chapter 7: Cluster Maintenance and Troubleshooting + +### Keep Your Cluster Healthy +- Perform routine cluster maintenance tasks like upgrades and backups. +- Monitor cluster performance with Metrics Server, Prometheus, and Grafana. +- Debug and troubleshoot issues with logs, events, and ephemeral containers. +- Prepare for disaster recovery by restoring etcd and validating cluster state. + +--- + +## Cluster Maintenance -### 1. Regular Cluster Backups +#### 1. Regular Cluster Backups - Backup **etcd**, the key-value store holding the cluster state. - Use `etcdctl` or automation tools like Velero. @@ -1288,9 +1629,9 @@ spec: --- -## Example: Backing up etcd +### Example: Backing up etcd -### Command Line +#### Command Line ```bash ETCDCTL_API=3 etcdctl snapshot save snapshot.db \ --endpoints=https://127.0.0.1:2379 \ @@ -1301,7 +1642,7 @@ ETCDCTL_API=3 etcdctl snapshot save snapshot.db \ --- -### 2. Upgrading Kubernetes Clusters +#### 2. Upgrading Kubernetes Clusters - Use `kubeadm upgrade` to safely update control plane and nodes. - Ensure you follow version skew policies between components. @@ -1309,14 +1650,14 @@ ETCDCTL_API=3 etcdctl snapshot save snapshot.db \ --- -## Example: Upgrading a Cluster +### Example: Upgrading a Cluster -### Upgrade Control Plane +#### Upgrade Control Plane ```bash kubeadm upgrade apply v1.26.0 ``` -### Upgrade kubelet and kubectl on Nodes +#### Upgrade kubelet and kubectl on Nodes ```bash apt-get update && apt-get install -y kubelet=1.26.0-00 kubectl=1.26.0-00 systemctl restart kubelet @@ -1324,9 +1665,9 @@ systemctl restart kubelet --- -# Monitoring and Logging +## Monitoring and Logging -### 1. Enable Metrics Server +#### 1. Enable Metrics Server - Provides resource metrics for pods and nodes. - Required for `kubectl top` commands. @@ -1334,9 +1675,9 @@ systemctl restart kubelet --- -## Example: Install Metrics Server +### Example: Install Metrics Server -### YAML File +#### YAML File ```yaml apiVersion: apps/v1 kind: Deployment @@ -1362,7 +1703,7 @@ spec: --- -### 2. Logging with Fluentd and Elasticsearch +#### 2. Logging with Fluentd and Elasticsearch - Aggregate logs for the cluster using tools like Fluentd or Loki. - Analyze logs via Kibana or Grafana. @@ -1370,9 +1711,9 @@ spec: --- -# Troubleshooting Basics +## Troubleshooting Basics -### 1. Inspect Pods and Nodes +#### 1. Inspect Pods and Nodes - View pod details: ```bash kubectl describe pod @@ -1386,7 +1727,7 @@ spec: --- -### 2. Debugging Pods +#### 2. Debugging Pods - Check pod logs: ```bash kubectl logs @@ -1401,9 +1742,9 @@ spec: --- -# Troubleshooting Tools +## Troubleshooting Tools -### 1. Use `kubectl` Debugging Features +#### 1. Use `kubectl` Debugging Features - Debug a pod with ephemeral containers: ```bash kubectl debug --image=busybox @@ -1413,7 +1754,7 @@ spec: --- -### 2. Network Troubleshooting +#### 2. Network Troubleshooting - Test service connectivity: ```bash kubectl exec -it -- curl : @@ -1428,7 +1769,7 @@ spec: --- -### 3. Analyze Events +#### 3. Analyze Events - Check cluster events for errors or warnings: ```bash kubectl get events --sort-by='.metadata.creationTimestamp' @@ -1436,9 +1777,9 @@ spec: --- -# Disaster Recovery +## Disaster Recovery -### Key Steps for Recovery +#### Key Steps for Recovery 1. Restore **etcd** from a backup. 2. Recreate control plane components with `kubeadm`. 3. Validate cluster state and reconfigure workloads. @@ -1447,9 +1788,9 @@ spec: --- -## Example: Restoring etcd +### Example: Restoring etcd -### Command Line +#### Command Line ```bash ETCDCTL_API=3 etcdctl snapshot restore snapshot.db \ --data-dir=/var/lib/etcd-from-backup @@ -1459,14 +1800,14 @@ Update the `etcd` pod configuration to point to the restored data directory. --- -# Best Practices +## Best Practices -### Maintenance Tips +#### Maintenance Tips - Regularly back up **etcd** and validate snapshots. - Test upgrades in a staging environment before production. - Use tools like Prometheus and Grafana for proactive monitoring. -### Troubleshooting Advice +#### Troubleshooting Advice - Always start with `kubectl describe` for resource details. - Check cluster-wide events for anomalies. - Keep cluster logs centralized and searchable. @@ -1475,9 +1816,35 @@ Update the `etcd` pod configuration to point to the restored data directory. --- -# Practice Labs and Mock Exams +## Chapter 7: Cluster Maintenance and Troubleshooting | Wrap-Up + +### Key Takeaways: +- **Maintenance**: + - Regularly back up etcd using `etcdctl snapshot save`. + - Upgrade clusters with `kubeadm upgrade`. +- **Monitoring**: + - Use Metrics Server for resource metrics (`kubectl top`). + - Visualize metrics and logs with Prometheus and Grafana. +- **Troubleshooting**: + - Debug pods using logs (`kubectl logs`) and ephemeral containers. + - Analyze events (`kubectl get events`) and validate DNS/network configurations. +- Disaster Recovery: Restore etcd from backups and validate control plane. + +--- + +## Chapter 8: Practice Labs and Mock Exams + +### Prepare for Real-World Scenarios +- Gain hands-on experience with Kubernetes through structured labs. +- Set up clusters, deploy workloads, and configure networking and storage. +- Secure your cluster and troubleshoot common issues. +- Test your knowledge with mock exam scenarios and practical exercises. + +--- + +## Practice Labs and Mock Exams -### Goal of Hands-On Practice +#### Goal of Hands-On Practice - Reinforce understanding of Kubernetes concepts. - Prepare for real-world cluster management tasks. - Build confidence for the CKA exam. @@ -1486,9 +1853,9 @@ Update the `etcd` pod configuration to point to the restored data directory. --- -# Lab 1: Setting Up a Kubernetes Cluster +## Lab 1: Setting Up a Kubernetes Cluster -### Tasks: +#### Tasks: 1. Install Kubernetes using `kubeadm`. 2. Configure networking with **Calico** or **Flannel**. 3. Add worker nodes to the cluster. @@ -1497,9 +1864,9 @@ Update the `etcd` pod configuration to point to the restored data directory. --- -## Example: Initializing the Cluster +### Example: Initializing the Cluster -### Command Line +#### Command Line ```bash kubeadm init --pod-network-cidr=192.168.0.0/16 ``` @@ -1511,9 +1878,9 @@ kubectl apply -f https://docs.projectcalico.org/v3.25/manifests/calico.yaml --- -# Lab 2: Managing Workloads +## Lab 2: Managing Workloads -### Tasks: +#### Tasks: 1. Create a Deployment with 3 replicas of **nginx**. 2. Scale the Deployment to 5 replicas. 3. Update the Deployment to a new version of nginx. @@ -1522,27 +1889,27 @@ kubectl apply -f https://docs.projectcalico.org/v3.25/manifests/calico.yaml --- -## Example: Scaling a Deployment +### Example: Scaling a Deployment -### Command Line +#### Command Line ```bash kubectl scale deployment my-deployment --replicas=5 ``` --- -## Example: Updating a Deployment +### Example: Updating a Deployment -### Command Line +#### Command Line ```bash kubectl set image deployment/my-deployment nginx=nginx:1.21 ``` --- -# Lab 3: Configuring Services and Networking +## Lab 3: Configuring Services and Networking -### Tasks: +#### Tasks: 1. Create a **ClusterIP** service for a backend pod. 2. Create an **Ingress** for HTTP traffic to a web application. 3. Define a **NetworkPolicy** to allow traffic only from specific pods. @@ -1551,7 +1918,7 @@ kubectl set image deployment/my-deployment nginx=nginx:1.21 --- -## Example: ClusterIP Service YAML +### Example: ClusterIP Service YAML ```yaml apiVersion: v1 kind: Service @@ -1569,9 +1936,9 @@ spec: --- -# Lab 4: Persistent Storage +## Lab 4: Persistent Storage -### Tasks: +#### Tasks: 1. Create a Persistent Volume (PV) and Persistent Volume Claim (PVC). 2. Mount the PVC to a pod. 3. Dynamically provision storage using a **StorageClass**. @@ -1580,9 +1947,9 @@ spec: --- -## Example: Mounting a PVC in a Pod +### Example: Mounting a PVC in a Pod -### YAML File +#### YAML File ```yaml apiVersion: v1 kind: Pod @@ -1603,9 +1970,9 @@ spec: --- -# Lab 5: Securing the Cluster +## Lab 5: Securing the Cluster -### Tasks: +#### Tasks: 1. Create and apply a **NetworkPolicy** to secure traffic. 2. Use **RBAC** to define granular permissions. 3. Apply a **PodSecurityPolicy** to restrict privileged operations. @@ -1614,9 +1981,9 @@ spec: --- -## Example: RBAC Role for Pods +### Example: RBAC Role for Pods -### YAML File +#### YAML File ```yaml apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -1631,9 +1998,9 @@ rules: --- -# Lab 6: Cluster Maintenance +## Lab 6: Cluster Maintenance -### Tasks: +#### Tasks: 1. Backup and restore **etcd** data. 2. Upgrade the cluster using `kubeadm`. 3. Set up monitoring with **Metrics Server** and visualize metrics in Prometheus/Grafana. @@ -1642,33 +2009,69 @@ rules: --- -# Mock Exam: Sample Scenarios +## Mock Exam: Sample Scenarios -### Scenario 1: Troubleshooting +#### Scenario 1: Troubleshooting - Pod stuck in **CrashLoopBackOff**. - Debug and resolve the issue using logs and events. -### Scenario 2: Scaling and Updates +#### Scenario 2: Scaling and Updates - Scale a Deployment, then perform a rolling update. -### Scenario 3: Networking +#### Scenario 3: Networking - Secure communication between frontend and backend pods using **NetworkPolicy**. --- -# Exam Preparation Tips +## Exam Preparation Tips -### 1. Time Management +#### 1. Time Management - Practice solving tasks within time limits. - Prioritize tasks based on complexity. -### 2. Focus Areas +#### 2. Focus Areas - Master `kubectl` commands. - Familiarize yourself with YAML file structures. -### 3. Read Official Documentation +#### 3. Read Official Documentation - The exam environment provides access to Kubernetes documentation. πŸ”— [CKA Tips and Tricks](https://training.linuxfoundation.org/certification/certified-kubernetes-administrator-cka/) --- + +## Useful shortcuts + +During th exam you'll find yourself running the same commands over and over again. +To save time, you can create shortcuts for these commands. Here are some examples: + +```bash + +# Options to generate yaml output based on a command +export dryrun='--dry-run=client -o yaml' +# kubectl run nginx --image=nginx $dryrun + +# Quickly Show the Example section of the help +alias example='grep Examples -A15' +# kubectl create role -h | example + +# Quickly switch namespace +alias kn='kubectl config set-context --namespace' +# kn mynamespace +``` +--- + +# Chapter 8: Practice Labs and Mock Exams | Wrap-Up + +### Key Takeaways: +- Hands-on labs include: + - Cluster setup (kubeadm, Minikube). + - Deploying workloads (Deployments, StatefulSets, Jobs). + - Configuring networking (Services, Ingress, Network Policies). + - Managing storage (PV, PVC, StorageClasses). +- Mock exam scenarios cover troubleshooting, scaling, and securing clusters. +- Exam preparation tips: + - Master `kubectl` commands and YAML manifests. + - Prioritize tasks and practice within time limits. + - Leverage official Kubernetes documentation during the exam. + diff --git a/_includes/head_remark.html b/_includes/head_remark.html index 28063cc..e24ec2b 100644 --- a/_includes/head_remark.html +++ b/_includes/head_remark.html @@ -1,14 +1,40 @@ \ No newline at end of file diff --git a/_includes/header_presentation.html b/_includes/header_presentation.html deleted file mode 100644 index 081d8c5..0000000 --- a/_includes/header_presentation.html +++ /dev/null @@ -1,28 +0,0 @@ - - diff --git a/_includes/home_opensource.html b/_includes/home_opensource.html index 524d86d..4e12303 100644 --- a/_includes/home_opensource.html +++ b/_includes/home_opensource.html @@ -20,6 +20,7 @@

Open Source

Presentations are mostly on Slideshare
+{% if site.url != 'https://example42.com/' %}
Tutorials (2025 Update in Progress): {% for post in site.presentations %} @@ -28,6 +29,7 @@

Open Source

{% endfor %}
+{% endif %}
Open Source
diff --git a/_includes/presentation.html b/_includes/presentation.html index fac353b..0e4135a 100644 --- a/_includes/presentation.html +++ b/_includes/presentation.html @@ -17,5 +17,6 @@

{{ page.title }}

\ No newline at end of file diff --git a/_layouts/presentation.html b/_layouts/presentation.html index b8e490f..be15bfa 100644 --- a/_layouts/presentation.html +++ b/_layouts/presentation.html @@ -3,8 +3,8 @@ {% include iubenda_cookie.html %} {% include analytics.html %} -{% include head_remark.html %} {% include head.html %} +{% include head_remark.html %} {% include header.html %} diff --git a/_presentations/certified-kubernetes-administrator-cka-preparation.md b/_presentations/certified-kubernetes-administrator-cka-preparation.md index d74b9fa..3b04fba 100644 --- a/_presentations/certified-kubernetes-administrator-cka-preparation.md +++ b/_presentations/certified-kubernetes-administrator-cka-preparation.md @@ -15,1680 +15,3 @@ tags: - CNCF --- - -class: center, middle - -# Certified Kubernetes Administrator (CKA) Preparation Course -### Preparing to Master Kubernetes Administration - ---- - -## Course Agenda -1. **Introduction to Kubernetes** -2. **Cluster Architecture, Installation, and Configuration** -3. **Workloads and Scheduling** -4. **Services and Networking** -5. **Storage in Kubernetes** -6. **Security Essentials** -7. **Cluster Maintenance and Troubleshooting** -8. **Practice Labs and Mock Exams** - ---- - - -# What is Kubernetes? -- Kubernetes, often abbreviated as **K8s**, is an open-source platform for **automating deployment**, **scaling**, and **management of containerized applications**. -- Originally developed by Google and donated to the **Cloud Native Computing Foundation (CNCF)**. - -πŸ”— [Introduction to Kubernetes](https://kubernetes.io/docs/concepts/overview/what-is-kubernetes/) - ---- - -# Why Kubernetes? -- Simplifies managing containerized applications in distributed environments. -- Key advantages: - - **Declarative Configuration**: Define desired state in YAML/JSON. - - **Automated Recovery**: Self-healing capabilities. - - **Horizontal Scaling**: Automatically adjust workloads based on demand. - -πŸ”— [Why Kubernetes](https://kubernetes.io/docs/concepts/overview/why-kubernetes/) - ---- - -# Kubernetes Use Cases -- **Microservices Architecture**: Simplifies deployment and management. -- **High-Availability Applications**: Ensures uptime through redundancy. -- **CI/CD Pipelines**: Accelerates development and delivery cycles. -- **Hybrid/Multicloud Deployments**: Unified control across environments. - -πŸ”— [Kubernetes Use Cases](https://kubernetes.io/docs/concepts/overview/use-cases/) - ---- - -# Kubernetes Key Terminology -- **Container**: A lightweight, standalone executable (e.g., Docker). -- **Pod**: The smallest deployable unit in Kubernetes. -- **Cluster**: A set of nodes working together. -- **Namespace**: Logical isolation of resources within a cluster. - -πŸ”— [Key Concepts](https://kubernetes.io/docs/concepts/) - ---- - -# Key Features of Kubernetes -1. **Orchestration**: Automates container scheduling and lifecycle management. -2. **Service Discovery and Load Balancing**: Automatically discovers services and balances traffic. -3. **Self-Healing**: Replaces failed containers and restarts unhealthy pods. -4. **Declarative Configuration**: Manage resources using YAML/JSON manifests. -5. **Storage Orchestration**: Supports dynamic and persistent storage. - -πŸ”— [Kubernetes Features](https://kubernetes.io/docs/concepts/overview/components/) - ---- - -# Kubernetes vs. Traditional Systems -| Feature | Kubernetes | Traditional Systems | -|------------------------|--------------------------------|--------------------------------| -| Deployment | Declarative (YAML/JSON) | Manual or Script-based | -| Scaling | Automatic | Manual or Limited | -| Failover | Self-healing | Requires Manual Intervention | -| Resource Utilization | Optimized | Often Over-provisioned | - -πŸ”— [Kubernetes Overview](https://kubernetes.io/docs/concepts/overview/) - ---- - -# Kubernetes Ecosystem -- **Core Components**: Nodes, Control Plane, etc. -- **Tools and Extensions**: Helm (Package Manager), Prometheus (Monitoring), Istio (Service Mesh). -- **CNI Plugins**: Flannel, Calico, Weave for networking. -- **Storage Options**: NFS, AWS EBS, GCP PD, Ceph. - -πŸ”— [Kubernetes Ecosystem](https://kubernetes.io/docs/home/) - ---- - -# Cluster Architecture - -### Control Plane Components: -1. **kube-apiserver**: - - Acts as the front end for the Kubernetes control plane. - - Handles all REST requests and validates configurations. - - πŸ”— [kube-apiserver Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-apiserver/) - -2. **etcd**: - - A distributed, reliable key-value store for all cluster data. - - Ensures consistency and stores the state of the cluster. - - πŸ”— [etcd Documentation](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/) - -3. **kube-scheduler**: - - Assigns workloads (pods) to appropriate nodes. - - Bases decisions on resource availability, taints/tolerations, and affinity/anti-affinity rules. - - πŸ”— [kube-scheduler Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-scheduler/) - -4. **kube-controller-manager**: - - Runs controllers to ensure desired state: - - Node Controller - - Replication Controller - - Endpoints Controller - - Service Account Controller - - πŸ”— [kube-controller-manager Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-controller-manager/) - ---- - -# Node Components - -1. **kubelet**: - - An agent that runs on each node. - - Ensures containers in pods are running as expected. - - Communicates with the control plane. - - πŸ”— [kubelet Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kubelet/) - -2. **kube-proxy**: - - Handles networking for Kubernetes Services. - - Maintains network rules and forwards requests to the appropriate pods. - - πŸ”— [kube-proxy Documentation](https://kubernetes.io/docs/reference/command-line-tools-reference/kube-proxy/) - -3. **Container Runtime**: - - Responsible for running containers (e.g., containerd, CRI-O, Docker). - - πŸ”— [Container Runtimes Documentation](https://kubernetes.io/docs/setup/production-environment/container-runtimes/) - ---- - -# Installation Tools - -### 1. kubeadm -- A standard tool to set up Kubernetes clusters easily. -- Automates installation of control plane and worker node components. -- Ideal for production-grade clusters. -- πŸ”— [kubeadm Documentation](https://kubernetes.io/docs/reference/setup-tools/kubeadm/) - ---- - -### 2. Minikube -- Lightweight Kubernetes for local testing. -- Sets up a single-node cluster on a local machine. -- Suitable for development and practice. -- πŸ”— [Minikube Documentation](https://minikube.sigs.k8s.io/docs/) - ---- - -### 3. Managed Kubernetes Solutions -- Cloud providers offer managed Kubernetes services: - - **Amazon EKS**: πŸ”— [Amazon EKS Documentation](https://docs.aws.amazon.com/eks/) - - **Azure AKS**: πŸ”— [Azure AKS Documentation](https://learn.microsoft.com/en-us/azure/aks/) - - **Google GKE**: πŸ”— [Google GKE Documentation](https://cloud.google.com/kubernetes-engine) - ---- - -# Configuration Best Practices - -### Use ConfigMaps and Secrets -- **ConfigMaps**: Store non-sensitive configuration data separately from application code. - - πŸ”— [ConfigMaps Documentation](https://kubernetes.io/docs/concepts/configuration/configmap/) -- **Secrets**: Store sensitive data securely. - - πŸ”— [Secrets Documentation](https://kubernetes.io/docs/concepts/configuration/secret/) - ---- - -### Leverage Namespaces -- **Namespaces**: - - Isolate resources within the same cluster. - - Ideal for multi-team or multi-environment use cases (e.g., dev, staging, production). - - πŸ”— [Namespaces Documentation](https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/) - ---- - -### Resource Management -1. **Resource Quotas**: - - Limit resource consumption per namespace. - - πŸ”— [Resource Quotas Documentation](https://kubernetes.io/docs/concepts/policy/resource-quotas/) - -2. **Limit Ranges**: - - Set default requests and limits for containers in a namespace. - - πŸ”— [Limit Ranges Documentation](https://kubernetes.io/docs/tasks/administer-cluster/manage-resources/limit-range/) - ---- - -# Key Kubernetes Workloads - -### 1. **Pods** -- Smallest deployable unit in Kubernetes. -- Can run a single container or multiple tightly coupled containers. -- Pods share: - - **Network namespace**: Same IP and ports. - - **Storage**: Shared volumes. -- πŸ”— [Pods Documentation](https://kubernetes.io/docs/concepts/workloads/pods/) - ---- - -## Example: Creating a Pod - -### Command Line -```bash -kubectl run my-pod --image=nginx --restart=Never -``` - -### YAML File -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: my-pod -spec: - containers: - - name: nginx - image: nginx -``` - ---- - -# Deployments - -### 2. **Deployments** -- Manage **stateless applications** and ensure the desired number of pods are running. -- Supports: - - Rolling updates. - - Rollbacks to previous versions. -- Useful for web servers and API backends. -- πŸ”— [Deployments Documentation](https://kubernetes.io/docs/concepts/workloads/controllers/deployment/) - ---- - -## Example: Creating a Deployment - -### Command Line -```bash -kubectl create deployment my-deployment --image=nginx -``` - -### YAML File -```yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: my-deployment -spec: - replicas: 3 - selector: - matchLabels: - app: nginx - template: - metadata: - labels: - app: nginx - spec: - containers: - - name: nginx - image: nginx -``` - ---- - -# StatefulSets - -### 3. **StatefulSets** -- Manage **stateful applications** requiring stable, persistent identities. -- Ensures: - - Stable network identities. - - Persistent storage across pod restarts. -- Commonly used for databases like MySQL, MongoDB. -- πŸ”— [StatefulSets Documentation](https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/) - ---- - -## Example: Creating a StatefulSet - -### YAML File (Command line not recommended for StatefulSets) -```yaml -apiVersion: apps/v1 -kind: StatefulSet -metadata: - name: my-statefulset -spec: - serviceName: "my-service" - replicas: 3 - selector: - matchLabels: - app: my-app - template: - metadata: - labels: - app: my-app - spec: - containers: - - name: nginx - image: nginx -``` - ---- - -# DaemonSets - -### 4. **DaemonSets** -- Ensure all (or some) nodes run a copy of a specific pod. -- Common use cases: - - Log collectors (e.g., Fluentd). - - Monitoring agents (e.g., Prometheus Node Exporter). -- πŸ”— [DaemonSets Documentation](https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/) - ---- - -## Example: Creating a DaemonSet - -### YAML File (Command line not recommended for DaemonSets) -```yaml -apiVersion: apps/v1 -kind: DaemonSet -metadata: - name: my-daemonset -spec: - selector: - matchLabels: - name: my-daemonset - template: - metadata: - labels: - name: my-daemonset - spec: - containers: - - name: nginx - image: nginx -``` - ---- - -# Jobs and CronJobs - -### 5. **Jobs and CronJobs** -- **Jobs**: Run tasks to completion. Useful for batch processing. - πŸ”— [Jobs Documentation](https://kubernetes.io/docs/concepts/workloads/controllers/job/) -- **CronJobs**: Schedule tasks based on time intervals. Ideal for periodic backups or cleanups. - πŸ”— [CronJobs Documentation](https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/) - ---- - -## Example: Creating a Job - -### Command Line -```bash -kubectl create job my-job --image=busybox -- echo "Hello Kubernetes" -``` - -### YAML File -```yaml -apiVersion: batch/v1 -kind: Job -metadata: - name: my-job -spec: - template: - spec: - containers: - - name: my-container - image: busybox - command: ["echo", "Hello Kubernetes"] - restartPolicy: Never -``` - ---- - -## Example: Creating a CronJob - -### Command Line -```bash -kubectl create cronjob my-cronjob --image=busybox --schedule="*/1 * * * *" -- echo "Hello from CronJob" -``` - -### YAML File -```yaml -apiVersion: batch/v1 -kind: CronJob -metadata: - name: my-cronjob -spec: - schedule: "*/1 * * * *" - jobTemplate: - spec: - template: - spec: - containers: - - name: my-container - image: busybox - command: ["echo", "Hello from CronJob"] - restartPolicy: Never -``` - ---- - -# Scheduling Basics - -### 1. Labels and Selectors -- **Labels**: Key-value pairs attached to objects (e.g., pods, nodes). - - Examples: `app=frontend`, `tier=backend`. -- **Selectors**: Match labels to identify objects for scheduling. -- πŸ”— [Labels and Selectors Documentation](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/) - ---- - -# Node Affinity and Anti-Affinity - -### 2. Node Affinity and Anti-Affinity -- **Node Affinity**: Schedule pods on nodes based on labels. - - Example: "Only schedule on nodes with SSD storage." -- **Anti-Affinity**: Prevent pods from being scheduled on the same node. - - Example: "Spread replicas across multiple nodes." -- πŸ”— [Affinity and Anti-Affinity Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#affinity-and-anti-affinity) - ---- - -## Example: Node Affinity - -### YAML File Example -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: affinity-pod -spec: - affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: kubernetes.io/hostname - operator: In - values: - - node1 - containers: - - name: nginx - image: nginx -``` - ---- - -# Taints and Tolerations - -### 3. Taints and Tolerations -- **Taints**: Applied to nodes to restrict pod scheduling. - - Example: `NoSchedule` taint prevents pods without tolerations from being scheduled. -- **Tolerations**: Allow pods to bypass taints and be scheduled on specific nodes. -- πŸ”— [Taints and Tolerations Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/) - ---- - -## Example: Taints and Tolerations - -### Add Taint to a Node -```bash -kubectl taint nodes node1 key=value:NoSchedule -``` - -### YAML File Example for Toleration -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: toleration-pod -spec: - tolerations: - - key: "key" - operator: "Equal" - value: "value" - effect: "NoSchedule" - containers: - - name: nginx - image: nginx -``` - ---- - -# Resource Requests and Limits - -### 4. Resource Requests and Limits -- **Resource Requests**: Minimum CPU/Memory a pod needs to run. -- **Resource Limits**: Maximum CPU/Memory a pod can consume. -- Prevents resource starvation and overcommitment. -- πŸ”— [Resource Management Documentation](https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/) - ---- - -## Example: Resource Requests and Limits - -### YAML File Example -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: resource-pod -spec: - containers: - - name: nginx - image: nginx - resources: - requests: - memory: "64Mi" - cpu: "250m" - limits: - memory: "128Mi" - cpu: "500m" -``` - ---- - -# Priority Classes - -### 5. Priority Classes -- Define the importance of workloads during scheduling. -- Higher-priority pods are scheduled first. -- Lower-priority pods are evicted to make space during resource shortages. -- πŸ”— [Priority Classes Documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/pod-priority-preemption/) - ---- - -## Example: Priority Classes - -### Create a Priority Class -```bash -kubectl create priorityclass high-priority --value=1000 --global-default=false --description="High-priority workload" -``` - -### YAML File Example for Priority Class -```yaml -apiVersion: scheduling.k8s.io/v1 -kind: PriorityClass -metadata: - name: high-priority -value: 1000 -globalDefault: false -description: "High-priority workload" -``` - -### Pod Using Priority Class -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: priority-pod -spec: - priorityClassName: high-priority - containers: - - name: nginx - image: nginx -``` - ---- - -# Debugging Scheduling Issues - -### Debugging Commands -- Use `kubectl describe pod ` to review scheduling events. -- Check events for detailed scheduling-related messages: - ```bash - kubectl get events --sort-by='.metadata.creationTimestamp' - ``` -- Use the **Kubernetes Scheduler Simulator** to test specific scenarios. -- πŸ”— [Debugging Pods Documentation](https://kubernetes.io/docs/tasks/debug/debug-application/debug-pod-replication-controller/) - ---- - -# Kubernetes Networking Model - -### Networking in Kubernetes: Key Principles -1. **Flat Network Space**: All pods can communicate with each other without NAT. -2. **Service Discovery**: Built-in DNS to resolve service names. -3. **Flexible Connectivity**: Supports ClusterIP, NodePort, LoadBalancer, and Ingress. - -πŸ”— [Kubernetes Networking Overview](https://kubernetes.io/docs/concepts/cluster-administration/networking/) - ---- - -# Services in Kubernetes - -### 1. ClusterIP (Default) -- Exposes a service internally within the cluster. -- Pods access the service via its DNS name or IP address. -- πŸ”— [ClusterIP Documentation](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services---service-types) - ---- - -## Example: ClusterIP - -### Command Line -```bash -kubectl expose deployment my-deployment --type=ClusterIP --port=80 -``` - -### YAML File -```yaml -apiVersion: v1 -kind: Service -metadata: - name: my-service -spec: - selector: - app: my-deployment - ports: - - protocol: TCP - port: 80 - targetPort: 80 - type: ClusterIP -``` - ---- - -### 2. NodePort -- Exposes a service on each node's IP and a static port (30000-32767). -- Allows external access to the service. -- πŸ”— [NodePort Documentation](https://kubernetes.io/docs/concepts/services-networking/service/#nodeport) - ---- - -## Example: NodePort - -### Command Line -```bash -kubectl expose deployment my-deployment --type=NodePort --port=80 -``` - -### YAML File -```yaml -apiVersion: v1 -kind: Service -metadata: - name: my-service -spec: - selector: - app: my-deployment - ports: - - protocol: TCP - port: 80 - targetPort: 80 - nodePort: 30007 - type: NodePort -``` - ---- - -### 3. LoadBalancer -- Exposes a service externally using a cloud provider's load balancer. -- Requires integration with supported cloud providers (e.g., AWS, Azure, GCP). -- πŸ”— [LoadBalancer Documentation](https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer) - ---- - -## Example: LoadBalancer - -### Command Line -```bash -kubectl expose deployment my-deployment --type=LoadBalancer --port=80 -``` - -### YAML File -```yaml -apiVersion: v1 -kind: Service -metadata: - name: my-service -spec: - selector: - app: my-deployment - ports: - - protocol: TCP - port: 80 - targetPort: 80 - type: LoadBalancer -``` - ---- - -# Ingress - -### 4. Ingress -- Provides HTTP(S) routing to services within the cluster. -- Supports advanced features like TLS termination and path-based routing. -- Requires an **Ingress Controller** (e.g., NGINX, Traefik). -- πŸ”— [Ingress Documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/) - ---- - -## Example: Ingress - -### YAML File -```yaml -apiVersion: networking.k8s.io/v1 -kind: Ingress -metadata: - name: my-ingress -spec: - rules: - - host: my-app.example.com - http: - paths: - - path: / - pathType: Prefix - backend: - service: - name: my-service - port: - number: 80 -``` - ---- - -# Core Networking Concepts - -### 1. DNS in Kubernetes -- Automatically creates DNS entries for services. -- Pods can resolve services using their names: - ```plaintext - ..svc.cluster.local - ``` -- πŸ”— [DNS Documentation](https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/) - ---- - -## Example: Verifying DNS - -### Command Line -```bash -kubectl exec -it -- nslookup my-service -``` - ---- - -### 2. Network Policies -- Control traffic flow between pods or between pods and external resources. -- Specify **allow/deny** rules for ingress/egress traffic. -- πŸ”— [Network Policies Documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) - ---- - -## Example: Network Policy - -### YAML File -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-frontend -spec: - podSelector: - matchLabels: - app: frontend - ingress: - - from: - - podSelector: - matchLabels: - app: backend - ports: - - protocol: TCP - port: 80 -``` - ---- - -# Debugging Networking Issues - -### Troubleshooting Steps -1. **Check Service and Pod Connectivity**: - ```bash - kubectl exec -it -- curl : - ``` - -2. **Inspect Network Policies**: - ```bash - kubectl describe networkpolicy - ``` - -3. **Test DNS Resolution**: - ```bash - kubectl exec -it -- nslookup - ``` - -4. **Verify Pod-to-Pod Communication**: Use `ping` or `curl`. - -πŸ”— [Debugging Services Documentation](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/) - ---- - -# Storage in Kubernetes - -### Key Concepts -1. **Volumes**: Attach storage to pods. -2. **Persistent Volumes (PV)**: Cluster-wide storage resources. -3. **Persistent Volume Claims (PVC)**: Requests for storage by pods. -4. **Dynamic Provisioning**: Automatically provisions storage using a StorageClass. - -πŸ”— [Storage Concepts Documentation](https://kubernetes.io/docs/concepts/storage/) - ---- - -# Volumes - -### What are Volumes? -- Allow pods to persist data beyond the lifecycle of a container. -- Types of volumes: - - **emptyDir**: Temporary storage tied to the pod’s lifecycle. - - **hostPath**: Maps a host machine’s directory into the pod. - - **configMap**: Provide configurations as files. - - **secret**: Securely provide sensitive information. - -πŸ”— [Volumes Documentation](https://kubernetes.io/docs/concepts/storage/volumes/) - ---- - -## Example: Using a Volume - -### YAML File -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: volume-pod -spec: - containers: - - name: nginx - image: nginx - volumeMounts: - - mountPath: "/data" - name: my-volume - volumes: - - name: my-volume - emptyDir: {} -``` - ---- - -# Persistent Volumes (PV) - -### What are Persistent Volumes? -- Abstracts storage from specific pods. -- Supports multiple backends like NFS, AWS EBS, GCE PD. -- Must be **manually created** or dynamically provisioned. - -πŸ”— [Persistent Volumes Documentation](https://kubernetes.io/docs/concepts/storage/persistent-volumes/) - ---- - -## Example: Creating a Persistent Volume - -### YAML File -```yaml -apiVersion: v1 -kind: PersistentVolume -metadata: - name: my-pv -spec: - capacity: - storage: 1Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - hostPath: - path: "/mnt/data" -``` - ---- - -# Persistent Volume Claims (PVC) - -### What are Persistent Volume Claims? -- A request for storage from a pod. -- Links pods with available Persistent Volumes. -- Defines: - - Requested size. - - Access modes (e.g., ReadWriteOnce). - -πŸ”— [Persistent Volume Claims Documentation](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#persistentvolumeclaims) - ---- - -## Example: Creating a PVC - -### YAML File -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: my-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 500Mi -``` - ---- - -# Dynamic Provisioning - -### What is Dynamic Provisioning? -- Automatically provisions storage when PVCs are created. -- Requires a **StorageClass** configured in the cluster. - -πŸ”— [Dynamic Provisioning Documentation](https://kubernetes.io/docs/concepts/storage/dynamic-provisioning/) - ---- - -## Example: Dynamic Provisioning with a StorageClass - -### StorageClass YAML -```yaml -apiVersion: storage.k8s.io/v1 -kind: StorageClass -metadata: - name: my-storageclass -provisioner: kubernetes.io/aws-ebs -parameters: - type: gp2 -``` - -### PVC Using the StorageClass -```yaml -apiVersion: v1 -kind: PersistentVolumeClaim -metadata: - name: dynamic-pvc -spec: - accessModes: - - ReadWriteOnce - resources: - requests: - storage: 1Gi - storageClassName: my-storageclass -``` - ---- - -# Storage for Configurations and Secrets - -### ConfigMaps -- Use ConfigMaps to store configuration data as files or environment variables. -πŸ”— [ConfigMaps Documentation](https://kubernetes.io/docs/concepts/configuration/configmap/) - ---- - -## Example: Using a ConfigMap - -### Create a ConfigMap from CLI -```bash -kubectl create configmap app-config --from-literal=key1=value1 -``` - -### YAML File Example -```yaml -apiVersion: v1 -kind: ConfigMap -metadata: - name: app-config -data: - key1: value1 - key2: value2 -``` - ---- - -### Secrets -- Use Secrets to store sensitive data securely (e.g., passwords, tokens). -πŸ”— [Secrets Documentation](https://kubernetes.io/docs/concepts/configuration/secret/) - ---- - -## Example: Using a Secret - -### Create a Secret from CLI -```bash -kubectl create secret generic app-secret --from-literal=username=admin --from-literal=password=pass123 -``` - -### YAML File Example -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: app-secret -type: Opaque -data: - username: YWRtaW4= - password: cGFzczEyMw== -``` - ---- - -# Debugging Storage Issues - -### Common Troubleshooting Commands -1. **Verify Persistent Volumes and Claims**: - ```bash - kubectl get pv,pvc - ``` - -2. **Inspect Events for Failures**: - ```bash - kubectl describe pvc - ``` - -3. **Check Pod Logs for Mount Errors**: - ```bash - kubectl logs - ``` - -πŸ”— [Debugging PV and PVC Documentation](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-persistent-volumes/) - ---- - -# Authentication and Authorization - -### Authentication -- Identifies **who** is making a request (e.g., users, service accounts). -- Common authentication methods: - - Certificates - - Bearer Tokens - - External identity providers (e.g., OIDC). - -πŸ”— [Authentication Documentation](https://kubernetes.io/docs/reference/access-authn-authz/authentication/) - ---- - -### Authorization -- Controls **what** a user or process can do. -- Methods: - - **Role-Based Access Control (RBAC)**: Assign permissions to users or groups. - - Attribute-Based Access Control (ABAC) and Webhook Authorization (less common). - -πŸ”— [Authorization Documentation](https://kubernetes.io/docs/reference/access-authn-authz/authorization/) - ---- - -## Example: RBAC Role and RoleBinding - -### Role YAML File -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: default - name: pod-reader -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["get", "list", "watch"] -``` - -### RoleBinding YAML File -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBinding -metadata: - name: read-pods - namespace: default -subjects: - - kind: User - name: jane - apiGroup: rbac.authorization.k8s.io -roleRef: - kind: Role - name: pod-reader - apiGroup: rbac.authorization.k8s.io -``` - ---- - -# Pod Security - -### Pod Security Standards (PSS) -- Ensure security at the pod level. -- Three predefined standards: - 1. **Privileged**: No restrictions. - 2. **Baseline**: Minimum standards for common workloads. - 3. **Restricted**: High-security standards. - -πŸ”— [Pod Security Standards Documentation](https://kubernetes.io/docs/concepts/security/pod-security-standards/) - ---- - -## Example: Enforcing Pod Security - -### Apply Pod Security Standards via Labels -```bash -kubectl label namespace my-namespace pod-security.kubernetes.io/enforce=baseline -``` - ---- - -### Securing Pods with SecurityContext -- Set security options for pods or containers. -- Examples: Run as non-root, drop capabilities, restrict privilege escalation. - -πŸ”— [Security Context Documentation](https://kubernetes.io/docs/tasks/configure-pod-container/security-context/) - ---- - -## Example: SecurityContext - -### YAML File -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: secure-pod -spec: - securityContext: - runAsUser: 1000 - runAsGroup: 3000 - fsGroup: 2000 - containers: - - name: nginx - image: nginx - securityContext: - allowPrivilegeEscalation: false - capabilities: - drop: ["ALL"] -``` - ---- - -# Networking Security - -### Network Policies -- Control pod-to-pod and pod-to-external traffic. -- Define **allow** or **deny** rules for ingress and egress. - -πŸ”— [Network Policies Documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) - ---- - -## Example: Network Policy - -### YAML File -```yaml -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-from-frontend - namespace: default -spec: - podSelector: - matchLabels: - app: backend - ingress: - - from: - - podSelector: - matchLabels: - app: frontend - ports: - - protocol: TCP - port: 80 -``` - ---- - -# Image Security - -### Recommendations for Secure Container Images -1. Use minimal base images. -2. Regularly scan images for vulnerabilities. -3. Avoid running containers as root. - -πŸ”— [Securing Images Documentation](https://kubernetes.io/docs/concepts/containers/images/#security) - ---- - -## Example: Using an ImagePullSecret - -### YAML File -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: my-registry-secret -data: - .dockerconfigjson: -type: kubernetes.io/dockerconfigjson -``` - -Associate the secret with a pod: -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: secure-pod -spec: - imagePullSecrets: - - name: my-registry-secret - containers: - - name: nginx - image: my-private-registry/nginx:1.21 -``` - ---- - -# Secrets Management - -### Use Kubernetes Secrets for Sensitive Data -- Store sensitive information like passwords, tokens, and SSH keys. -- Secrets are **base64-encoded**, not encrypted by default. - -πŸ”— [Secrets Documentation](https://kubernetes.io/docs/concepts/configuration/secret/) - ---- - -## Example: Secret for Environment Variables - -### YAML File -```yaml -apiVersion: v1 -kind: Secret -metadata: - name: db-secret -type: Opaque -data: - username: YWRtaW4= - password: cGFzczEyMw== -``` - -Use the secret in a pod: -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: db-pod -spec: - containers: - - name: app - image: my-app - env: - - name: DB_USER - valueFrom: - secretKeyRef: - name: db-secret - key: username - - name: DB_PASS - valueFrom: - secretKeyRef: - name: db-secret - key: password -``` - ---- - -# Debugging Security Issues - -### Common Troubleshooting Commands -1. **Inspect RoleBindings and ClusterRoleBindings**: - ```bash - kubectl get rolebinding,clusterrolebinding -A - ``` - -2. **Check Pod SecurityContext**: - ```bash - kubectl describe pod - ``` - -3. **Inspect Network Policies**: - ```bash - kubectl describe networkpolicy - ``` - -4. **Audit Logs**: Enable and inspect logs to identify unauthorized access. - -πŸ”— [Debugging Access Issues Documentation](https://kubernetes.io/docs/tasks/debug/debug-cluster/access/) - ---- - -# Cluster Maintenance - -### 1. Regular Cluster Backups -- Backup **etcd**, the key-value store holding the cluster state. -- Use `etcdctl` or automation tools like Velero. - -πŸ”— [Backing up etcd Documentation](https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/#backing-up-etcd) - ---- - -## Example: Backing up etcd - -### Command Line -```bash -ETCDCTL_API=3 etcdctl snapshot save snapshot.db \ - --endpoints=https://127.0.0.1:2379 \ - --cacert=/etc/kubernetes/pki/etcd/ca.crt \ - --cert=/etc/kubernetes/pki/etcd/server.crt \ - --key=/etc/kubernetes/pki/etcd/server.key -``` - ---- - -### 2. Upgrading Kubernetes Clusters -- Use `kubeadm upgrade` to safely update control plane and nodes. -- Ensure you follow version skew policies between components. - -πŸ”— [Cluster Upgrades Documentation](https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/) - ---- - -## Example: Upgrading a Cluster - -### Upgrade Control Plane -```bash -kubeadm upgrade apply v1.26.0 -``` - -### Upgrade kubelet and kubectl on Nodes -```bash -apt-get update && apt-get install -y kubelet=1.26.0-00 kubectl=1.26.0-00 -systemctl restart kubelet -``` - ---- - -# Monitoring and Logging - -### 1. Enable Metrics Server -- Provides resource metrics for pods and nodes. -- Required for `kubectl top` commands. - -πŸ”— [Metrics Server Documentation](https://github.com/kubernetes-sigs/metrics-server) - ---- - -## Example: Install Metrics Server - -### YAML File -```yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: metrics-server - namespace: kube-system -spec: - replicas: 1 - selector: - matchLabels: - k8s-app: metrics-server - template: - metadata: - labels: - k8s-app: metrics-server - spec: - containers: - - name: metrics-server - image: k8s.gcr.io/metrics-server/metrics-server:v0.5.0 - args: - - --kubelet-insecure-tls -``` - ---- - -### 2. Logging with Fluentd and Elasticsearch -- Aggregate logs for the cluster using tools like Fluentd or Loki. -- Analyze logs via Kibana or Grafana. - -πŸ”— [Logging Documentation](https://kubernetes.io/docs/concepts/cluster-administration/logging/) - ---- - -# Troubleshooting Basics - -### 1. Inspect Pods and Nodes -- View pod details: - ```bash - kubectl describe pod - ``` - -- Check node status: - ```bash - kubectl get nodes - kubectl describe node - ``` - ---- - -### 2. Debugging Pods -- Check pod logs: - ```bash - kubectl logs - ``` - -- Execute commands in a running pod: - ```bash - kubectl exec -it -- /bin/bash - ``` - -πŸ”— [Debugging Pods Documentation](https://kubernetes.io/docs/tasks/debug/debug-application/debug-pod/) - ---- - -# Troubleshooting Tools - -### 1. Use `kubectl` Debugging Features -- Debug a pod with ephemeral containers: - ```bash - kubectl debug --image=busybox - ``` - -πŸ”— [Debugging Ephemeral Containers Documentation](https://kubernetes.io/docs/tasks/debug/debug-application/debug-running-pod/#ephemeral-container) - ---- - -### 2. Network Troubleshooting -- Test service connectivity: - ```bash - kubectl exec -it -- curl : - ``` - -- Verify DNS resolution: - ```bash - kubectl exec -it -- nslookup - ``` - -πŸ”— [Debugging Network Issues Documentation](https://kubernetes.io/docs/tasks/debug/debug-application/debug-service/) - ---- - -### 3. Analyze Events -- Check cluster events for errors or warnings: - ```bash - kubectl get events --sort-by='.metadata.creationTimestamp' - ``` - ---- - -# Disaster Recovery - -### Key Steps for Recovery -1. Restore **etcd** from a backup. -2. Recreate control plane components with `kubeadm`. -3. Validate cluster state and reconfigure workloads. - -πŸ”— [Disaster Recovery Documentation](https://kubernetes.io/docs/tasks/administer-cluster/disaster-recovery/) - ---- - -## Example: Restoring etcd - -### Command Line -```bash -ETCDCTL_API=3 etcdctl snapshot restore snapshot.db \ - --data-dir=/var/lib/etcd-from-backup -``` - -Update the `etcd` pod configuration to point to the restored data directory. - ---- - -# Best Practices - -### Maintenance Tips -- Regularly back up **etcd** and validate snapshots. -- Test upgrades in a staging environment before production. -- Use tools like Prometheus and Grafana for proactive monitoring. - -### Troubleshooting Advice -- Always start with `kubectl describe` for resource details. -- Check cluster-wide events for anomalies. -- Keep cluster logs centralized and searchable. - -πŸ”— [Cluster Administration Documentation](https://kubernetes.io/docs/tasks/administer-cluster/) - ---- - -# Practice Labs and Mock Exams - -### Goal of Hands-On Practice -- Reinforce understanding of Kubernetes concepts. -- Prepare for real-world cluster management tasks. -- Build confidence for the CKA exam. - -πŸ”— [CKA Exam Curriculum](https://training.linuxfoundation.org/certification/certified-kubernetes-administrator-cka/) - ---- - -# Lab 1: Setting Up a Kubernetes Cluster - -### Tasks: -1. Install Kubernetes using `kubeadm`. -2. Configure networking with **Calico** or **Flannel**. -3. Add worker nodes to the cluster. - -πŸ”— [Kubeadm Setup Documentation](https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/) - ---- - -## Example: Initializing the Cluster - -### Command Line -```bash -kubeadm init --pod-network-cidr=192.168.0.0/16 -``` - -Apply a network plugin (e.g., Calico): -```bash -kubectl apply -f https://docs.projectcalico.org/v3.25/manifests/calico.yaml -``` - ---- - -# Lab 2: Managing Workloads - -### Tasks: -1. Create a Deployment with 3 replicas of **nginx**. -2. Scale the Deployment to 5 replicas. -3. Update the Deployment to a new version of nginx. - -πŸ”— [Workloads Documentation](https://kubernetes.io/docs/concepts/workloads/) - ---- - -## Example: Scaling a Deployment - -### Command Line -```bash -kubectl scale deployment my-deployment --replicas=5 -``` - ---- - -## Example: Updating a Deployment - -### Command Line -```bash -kubectl set image deployment/my-deployment nginx=nginx:1.21 -``` - ---- - -# Lab 3: Configuring Services and Networking - -### Tasks: -1. Create a **ClusterIP** service for a backend pod. -2. Create an **Ingress** for HTTP traffic to a web application. -3. Define a **NetworkPolicy** to allow traffic only from specific pods. - -πŸ”— [Networking Documentation](https://kubernetes.io/docs/concepts/services-networking/) - ---- - -## Example: ClusterIP Service YAML -```yaml -apiVersion: v1 -kind: Service -metadata: - name: backend-service -spec: - selector: - app: backend - ports: - - protocol: TCP - port: 80 - targetPort: 8080 - type: ClusterIP -``` - ---- - -# Lab 4: Persistent Storage - -### Tasks: -1. Create a Persistent Volume (PV) and Persistent Volume Claim (PVC). -2. Mount the PVC to a pod. -3. Dynamically provision storage using a **StorageClass**. - -πŸ”— [Storage Documentation](https://kubernetes.io/docs/concepts/storage/) - ---- - -## Example: Mounting a PVC in a Pod - -### YAML File -```yaml -apiVersion: v1 -kind: Pod -metadata: - name: storage-pod -spec: - volumes: - - name: my-pvc-volume - persistentVolumeClaim: - claimName: my-pvc - containers: - - name: nginx - image: nginx - volumeMounts: - - mountPath: "/data" - name: my-pvc-volume -``` - ---- - -# Lab 5: Securing the Cluster - -### Tasks: -1. Create and apply a **NetworkPolicy** to secure traffic. -2. Use **RBAC** to define granular permissions. -3. Apply a **PodSecurityPolicy** to restrict privileged operations. - -πŸ”— [Security Documentation](https://kubernetes.io/docs/concepts/security/) - ---- - -## Example: RBAC Role for Pods - -### YAML File -```yaml -apiVersion: rbac.authorization.k8s.io/v1 -kind: Role -metadata: - namespace: default - name: pod-manager -rules: - - apiGroups: [""] - resources: ["pods"] - verbs: ["create", "delete"] -``` - ---- - -# Lab 6: Cluster Maintenance - -### Tasks: -1. Backup and restore **etcd** data. -2. Upgrade the cluster using `kubeadm`. -3. Set up monitoring with **Metrics Server** and visualize metrics in Prometheus/Grafana. - -πŸ”— [Cluster Maintenance Documentation](https://kubernetes.io/docs/tasks/administer-cluster/) - ---- - -# Mock Exam: Sample Scenarios - -### Scenario 1: Troubleshooting -- Pod stuck in **CrashLoopBackOff**. -- Debug and resolve the issue using logs and events. - -### Scenario 2: Scaling and Updates -- Scale a Deployment, then perform a rolling update. - -### Scenario 3: Networking -- Secure communication between frontend and backend pods using **NetworkPolicy**. - ---- - -# Exam Preparation Tips - -### 1. Time Management -- Practice solving tasks within time limits. -- Prioritize tasks based on complexity. - -### 2. Focus Areas -- Master `kubectl` commands. -- Familiarize yourself with YAML file structures. - -### 3. Read Official Documentation -- The exam environment provides access to Kubernetes documentation. - -πŸ”— [CKA Tips and Tricks](https://training.linuxfoundation.org/certification/certified-kubernetes-administrator-cka/) - ---- diff --git a/css/landing-page.css b/css/landing-page.css index a743482..da12fdc 100644 --- a/css/landing-page.css +++ b/css/landing-page.css @@ -94,7 +94,7 @@ p { .presentation-header { padding-top: 40px; /* If you're making other pages, make sure there is 50px of padding to make sure the navbar doesn't overlap content! */ - padding-bottom: 10px; + padding-bottom: 1px; text-align: center; color: #f8f8f8; background: url(../img/background-podcast.jpg) no-repeat center center;