开源软件名称（OpenSource Name）：

开源软件地址(OpenSource Url)：

开源编程语言(OpenSource Language)：

开源软件介绍(OpenSource Introduction)：

Kubernetes (K8s)

Curriculum

Open Source Curriculum for CNCF Certification Courses

This is the the latest version of the curriculum for the following CNCF exams:

• Certified Kubernetes Administrator (CKA)
• Certified Kubernetes Application Developer (CKAD)
• Certified Kubernetes Security Specialist (CKS)

• CNCF Official CKAD Main
• CNCF Kubernetes Curriculum Repo

Getting Started with Docker

• What is Docker?
• Getting started with Docker
• Play with Docker
• Docker for Beginners
• Docker for Intermediate
• Docker for Advanced
• Docker Certificate Associate Exam Preparation
• More than Certified in Docker
• Docker Cheatsheet

Getting Started with Kubernetes

• What is Kubernetes?
• Kubernetes Concepts
• Kubernetes Tasks
• Getting Started with Kubernetes - Eric Shanks
• Kubernetes Certified Application Developer (CKAD) - Mumshad Mannambeth
• Certified Kubernetes Administrator (CKA) - Mumshad Mannambeth
• Certified Kubernetes Security Specialist (CKS) - Mumshad Mannambeth
• Kubernetes Components
• A visual guide on troubleshooting Kubernetes deployments
• JSON Path for Beginners
• CKAD

CKAD Exercises

A set of exercises that helped me prepare for the Certified Kubernetes Application Developer exam, offered by the Cloud Native Computing Foundation, organized by curriculum domain. They may as well serve as learning and practicing with Kubernetes.

During the exam, you are allowed to keep only one other browser tab open to refer official documentation. Make a mental note of the breadcrumb at the start of the excercise section, to quickly locate the relevant document in kubernetes.io. It is recommended that you read official documents before attempting exercises below it.

Contents

• Core Concepts - 13%
• Configuration - 18%
• Multi-container pods - 10%
• Observability - 18%
• Pod design - 20%
• Services and networking - 13%
• State persistence - 8%
• Bonus Exercises
• CKAD Study Guide

Where to Practice

• Killercoda CKS
• Access the practice test environment on Katacoda:
• Learn Kubernetes
• Play with Kubernetes
• Instruct Getting started with Kubernetes
• Kubernetes by example
• Core Concepts - 13%
• Configuration - 18%
• Multi-Container Pods - 10%
• Observability - 18%
• Pod Design - 20%
• Services & Networking - 13%
• State Persistence - 8%
• addtional resources

Create 2 node Cluster on Linux Academy playgroud or you can spinup cluster in one of the cloud providers (AWS, Azure or GCP)

creating 2 node cluster with Kubeadm

Tasks from Kubernetes Doc

The following are primarily links to either the 'concepts' or 'tasks' section of the kubernetes.io documentation. The 'task' items are very useful to use as labs. I've tied them directly to the curriculum to ensure they are appropriate study material for the exam.

Core Concepts and Kubectl

• Tasks -> Accessing Multiple Clusters
• Tasks -> Accessing Cluster with API
• Tasks -> Port Forwarding
• Tasks -> Shell to Running Container (exec)

Multi-Container Pods

• Tasks -> Init Containers
• Concepts -> Logging Architecture

Pod Design

• Concepts -> Assign Pods to Nodes - Selectors
• Concepts -> Annotations
• Concepts -> Labels and Selectors
• Tasks -> ReplicaSet Rolling Updates
• Concepts -> Deployments, Rollouts, and Rollbacks

Configuration

• Task -> Config Maps
• Task -> Security Contexts
• Tasks -> Assigning Memory Resources to Pods
• Tasks -> Assigning CPU Resources to Pods
• Tasks -> Pod QOS
• Tasks -> Credentials using Secrets
• Tasks -> Project Volume w/Secrets
• Tasks -> Setting Service Account

Observability

• Tasks -> App Introspection and Debugging
• Tasks - Liveness and Readiness Probes
• Tasks -> Debugging Pods
• Tasks -> Troubleshooting Applications
• Tasks -> Debugging Services
• Tasks -> Debugging Services Locally
• Tasks -> Tools for Monitoring Resources

Services and Networking

• Concepts -> Connecting Apps with Services
• Tasks -> Declare Network Policy

State Persistence

• Concepts -> Persistent Volumes
• Tasks -> Configuring PVCs

CRON

• Tasks -> Automated Tasks with Cron Jobs
• Tasks -> Parallel Jobs with Expansions
• Tasks -> Course Parallel Processing with a Work Queue
• Tasks -> Fine Parallel Processsing with a Work Queue

CKAD Exam Preparation Notes

List of resources and notes for passing the Certified Kubernetes Application Developer (CKAD) exam. Official links below.

• CNCF Official CKAD Main
• CNCF Kubernetes Curriculum Repo
• CNCF Official CKAD Exam Tips
• CNCF Official CKAD Candidate Handbook
• VIM Cheatsheet - You should know VIM pretty well
• Excellent CKAD Exercises to complement this guide
• More CKAD Practice Questions
• TMUX Cheat Sheet - TMUX is useful, especially for CKA

Current Kubernetes Version (EXAM)

Version: 1.20

Important vi Tips

The moment you get into your exam terminal the first thing is you need to is below

$ vim ~/.vimrc
set nu
set ic
set expandtab
set shiftwidth=2
set tabstop=2
set list  ( This is very helpfull to see hidden charecters)

To Shift+v is used for visual mode .. Once you are visual mode you can select number of rows using up/down arrow keys
once desired number of rows selected you can use shift + , or shift + . to move the indentation as needed.
save this and you are good to write the exam and not to worry about the YAML indention issues

Cloud Server Hostname mapping   
172.31.38.***   xhyrgkf8ada5c.myserver.com
172.31.38.***   ControlPlane
172.31.36.***   WorkerNode1
172.31.41.***   WorkerNode2

$ sudo hostnamectl set-hostname ControlPlane
$ sudo hostnamectl set-hostname WorkerNode1
$ sudo hostnamectl set-hostname WorkerNode2

'dG' - Deletes contents from cursor to end of file. This is very useful when editing YAML files.
'ZZ' - Save and exit quickly. 

• Vim Commands
• Vim Interactive
• Vim Shortcuts
• vi editor in Linux tutorial
• RHCSA 8 Complete Course in Single Video | Linux Certification

kubectl Tips

To set nano as your editor for 'kubectl edit'

export KUBE_EDITOR="nano"

Outline

Right now there are five primary sections to this document.

• General Exam Tips
• Overview
• A Checklist of Curriculum Progress
• Where to Practice?
• Detailed Review (with Tips) Ordered by Curriculum
• List of Resources Ordered by Curriculum (mostly K8s.io) for Study

Tips

Okay, this section is new and contains some general pointers to help pass the exam.

First, as discussed later, the exam is primarily about speed. With that in mind, the best way to approach the moderate to complex questions is to generate the initial YAML via the dry run flag. Then, edit the file with either vi or nano, and then create the required resource. The steps are outlined below.

$ kubectl run nginx --image=nginx --restart=Never --dry-run -o yaml > mypod.yaml
$ nano mypod.yaml
$ kubectl create -f mypod.yaml
pod "nginx" created

There you go. If you're not satisfied with the results. Delete the resource, re-edit the declaritive yaml file, and redo.

$ kubectl delete -f mypod.yaml
pod "nginx" deleted
$ nano mypod.yaml
$ kubectl create -f mypod.yaml
pod "nginx" created

Overview

The CKAD exam requires an excellent understanding of K8s along with how to efficiently use kubectl to accomplish various tasks on Kubernetes. I'm sure they use this exam approach as it pretty much precludes any form of cheating. You either know the material and can very quickly implement it or not.

You will be given a list of 'tasks' to accomplish on one of four kubernetes clusters (these are described in the official exam tips above). The exam is 'open book' but only with the content available at kubernetes.io. You will have one tab for the exam content and one additional tab for kubernetes.io. However, don't expect that you can just research questions during the exam, as there will be very little time for 'learning' a specific k8s concept at exam time. It's there to help with YAML syntax detail only, IMO.

The items in this particular repo / page describe and follow the official curriculum and point back to the various documents at Kubernetes.io. There is a lot of content on k8s and a lot of it does not pertain to the CKAD exam, so I've pulled out the sections that are pertinent based on the curriculum. There is a nice checklist below that you can update once you think you have mastered a particular topic.

Create 2 Node Cluster on GKE

This particular exam is difficult for me as I didn't have a k8s cluster to use at work. CKA exam prepation requires more cluster-level work, I tried different approaches for an inexpensive k8s environment. I setup my 2 node cluster in Linux Academy Playgroud as well as Docker-Desktop single node cluster on Windows Laptop. In my opinion, that is all it required to pass this exam. You can also setup a gcloud account, and use a two-node GKE cluster for studying. You can even use the very nice google cloud shell and not even leave your browser.

gcloud command line (SDK) documentation

Here are commands used to create a two-node cluster for studying. I keep these here just so I can fire up and destroy a cluster for a few hours each day for study. Notice that you can tailor the cluster version to match the k8s version for the exam.

gcloud config set compute/zone us-central1-a
gcloud config set compute/region us-central1
gcloud container clusters create my-cluster --cluster-version=1.15.8-gke.2 --image-type=ubuntu --num-nodes=2

The result:

NAME        LOCATION       MASTER_VERSION  MASTER_IP     MACHINE_TYPE   NODE_VERSION  NUM_NODES  STATUS
my-cluster  us-central1-a  v1.15.8-gke.2   35.232.253.6  n1-standard-1  v1.15.8-gke.2  2          RUNNING

cloudshell:~$ kubectl get nodes
NAME                                        STATUS    ROLES     AGE       VERSION
gke-my-cluster-default-pool-5f731fab-9d6n   Ready     <none>    44s       v1.15.8-gke.2
gke-my-cluster-default-pool-5f731fab-llrb   Ready     <none>    41s       v1.15.8-gke.2

Setting kubectl Credentials

If using the cloud shell, you'll sometimes need to authorize kubectl to connect to your cluster instance.

gcloud container clusters get-credentials my-cluster

Deleting Your Cluster

No need to keep the cluster around when not studying, so:

gcloud container clusters delete my-cluster

To Get Current GKE Kubernetes Versions

  gcloud container get-server-config

Detailed Review

The exam is about speed and efficiency. If you spend very much time looking at documentation, you will have zero chance of completing the many questions. With that said, the following will help with time management. I've aligned the tips to follow the curriculum. This section is best used to provide a quick overview of the curriculum along with the needed kubectl commands for a hands-on exam.

CORE CONCEPTS

The core concepts section covers the core K8s API and its primitives and resources. It also covers the important concept of a POD. This is the basic unit of deployment for app developers and so this 'POD' concept is important to understand as well as how they are managed with kubectl. To me, this is embodied in the kubectl RUN command.

Using the RUN/CREATE command for Pods, Deployments, etc.

The run command allows quick creation of the various high-level execution resources in k8s, and provides speed, which we need for the exam. (NOTE: The use of run to handle various resource creations was updated to instead use the create command as of 1.14)

The specific, underlying resource created from a particular create/run command is based on its 'generator'.

$ kubectl create deployment nginx --image=nginx  #deployment
$ kubectl run nginx --image=nginx --restart=Never  #pod
$ kubectl create job nginx --image=nginx  #job
$ kubectl create cronjob nginx --image=nginx --schedule="* * * * *"  #cronJob

The above is helpful in the exam as speed is important. If the question indicates to 'create a pod', use the quick syntax to get a pod going.

CONFIGURATION

Configuration covers how run-time 'config' data is provided to your applications running in k8s. This includes environment variables, config maps, secrets, etc. Other items that are pertinent to config are the service account and security contexts used to execute the containers. The below items are covered by this part of the curriculum.

Config Maps / Environment Variables

The exam is about application development and its support within Kubernetes. With that said, high on the list of objectives is setting up config options and secrets for your applications. To create the most basic config map with a key value pair, see below.

$ kubectl create configmap app-config --from-literal=key123=value123
configmap "app-config" created

There are many ways to map config map items to environment variables within a container process. One quick, but tricky (syntax) option is shown below. This would be for a simple nginx container.

spec:
  containers:
  - image: nginx
    name: nginx
    envFrom:
    - configMapRef:
        name: app-config

Here is another way to map a specific value to a specific environment variable value.

  containers:
  - image: nginx
    name: nginx
    env:
      - name: SPECIAL_APP_KEY
        valueFrom:
          configMapKeyRef:
            name: app-config
            key: key123

Now to verify it worked.

$ kubectl exec -it nginx /bin/bash
root@nginx:/# env
HOSTNAME=nginx
SPECIAL_APP_KEY=value123
KUBERNETES_PORT_443_TCP_PROTO=tcp
...

Security Contexts

Security contexts can be applied at either the pod or container level. Of course pod-level contexts apply to all containers within that pod. There are several ways of defining privileges and access controls with these contexts.

These concepts are covered well in the tasks section below, but here is a basic RunAs example from the doc that shows both pod and container contexts being used.

apiVersion: v1
kind: Pod
spec:
  securityContext:
    runAsUser: 1000
  containers:
  - name: sec-ctx-demo
    image: gcr.io/google-samples/node-hello:1.0
    securityContext:
      runAsUser: 2000
      allowPrivilegeEscalation: false

App Resource Requirements

Defining the memory and cpu requirements for your containers is something that should always be done. It allows for more efficient scheduling and better overall hygiene for your application environment. Again, covered well in the tasks section below, but here is a brief snippet for the standard mem/cpu specification.

apiVersion: v1
kind: Pod
spec:
  containers:
  - name: demo
    image: polinux/stress
    resources:
      limits:
        memory: 200Mi
        cpu: 200m
      requests:
        memory: 100Mi
        cpu: 100m

Now to verify:

$ kubectl describe po stress
Name:         stress
Namespace:    default
Labels:       run=stress
IP:           10.36.1.17
Containers:
  stress:
  Image:          polinux/stress
  Limits:
      cpu:     200m
      memory:  200Mi
    Requests:
      cpu:        100m
      memory:     100Mi

Secrets

To quickly generate secrets, use the --from-literal flag like this:

$ kubectl create secret generic my-secret --from-literal=foo=bar -o yaml --dry-run > my-secret.yaml

This produces the following secret that can then be consumed by your containers. The value is encoded.

apiVersion: v1
data:
  foo: YmFy
kind: Secret
metadata:
  creationTimestamp: null
  name: my-secret

Now create the secret:

$ kubectl create -f my-secret.yaml
secret "my-secret" created

Now have a look at it:

 kubectl get secret my-secret -o yaml
apiVersion: v1
data:
  foo: YmFy
kind: Secret
metadata:
  name: my-secret
  namespace: default
  uid: bae5b8d8-d01a-11e8-8972-42010a800002
type: Opaque

Decode it:

$ echo "YmFy" | base64 --decode
bar

Secrets can be mounted as data volumes or be exposed as environment variables to be used by a container in a pod. Here we'll mount our above secret as a volume.

apiVersion: v1
kind: Pod
metadata:
  name: secrets-test-pod
spec:
  containers:
  - image: nginx
    name: test-container
    volumeMounts:
    - mountPath: /etc/secret/volume
      name: secret-volume
  volumes:
  - name: secret-volume
    secret:
      secretName: my-secret

Service Accounts

When pods are created by K8s they are provided an identify via the service account. In most cases, pods use the default service account, but it can be specified directly.

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  serviceAccountName: build-robot
  ...

MULTI-CONTAINER PODS

This particular section needs additional detail as these concepts are not covered that well via the tasks provided at kubernetes.io. Actually, the best coverage (for sidecars) is in the concepts section under logging architecture.

• One or more containers running within a pod for enhancing the main container functionality (logger container, git synchronizer container); These are sidecar container

• One or more containers running within a pod for accessing external applications/servers (Redis cluster, memcache cluster); These are called ambassador container

• One or more containers running within a pod to allow access to application running within the container (Monitoring container); These are called as adapter containers-

Concepts -> Logging Architecture

POD DESIGN

The Pod design section mostly covers deployments, rolling updates, and rollbacks (and jobs). These are all covered well in the tasks section later in this document. The primary trick here is to really understand the basic commands for updating a deployment which causes a new replicaSet to be created for the rollout. Both replica sets exist as the rollout continues and completes.

Deployment Updates

Below is a quick example of creating a deployment and then updating its image. This will force a rolling deployment to start. You can then roll it back.

$ kubectl run nginx --image=nginx  --replicas=3
deployment.apps "nginx" created

Okay, now force a rolling update by updating its image.

$ kubectl set image deploy/nginx nginx=nginx:1.9.1
deployment.apps "nginx" image updated

Now you can check the status of the roll out.

$ kubectl rollout status