Skip to content

Instantly share code, notes, and snippets.

@juniorz
Last active October 12, 2019 21:50
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save juniorz/ad0ecb669c641ac7581961a5b3a21854 to your computer and use it in GitHub Desktop.
Save juniorz/ad0ecb669c641ac7581961a5b3a21854 to your computer and use it in GitHub Desktop.

Certified Kubernetes Administrator (CKA)

Curriculum v1.14.1

Source: https://github.com/cncf/curriculum/blob/master/CKA_Curriculum_V1.14.1.pdf

Core Concepts (19%)

Understand the Kubernetes API primitives

Understand the Kubernetes cluster architecture

Understand Services and other network primitives

Installation, Configuration & Validation (12%)

Design a Kubernetes cluster

Install Kubernetes masters and nodes

Configure secure cluster communications

Configure Highly-Available Kubernetes cluster

Know where to get the Kubernetes release binaries

Provision underlying infrastructure to deploy a Kubernetes cluster

Choose a network solution

Run end-to-end tests on your cluster

Analyse end-to-end tests on your cluster

Run Node end-to-end tests

Install and use kubeadm to install, configure, and manage Kubernetes clusters.

Security (12%)

Know how to configure authentication and authorization

Understand Kubernetes security primitives

Know to configure network policies

Create and manage TLS certificates for cluster components

Work with images securely

Define security contexts

Secure persistent key value store

Networking (11%)

Understand the networking configuration on the cluster nodes

Understand Pod networking concepts

Understand Service networking

Deploy and configure network load balancer.

Know how to configure and use the cluster DNS

Understand CNI

Cluster (11%)

Understand Kubernetes cluster upgrade process

Facilitate operating system upgrades

Implement backup and restore methodologies

Troubleshooting (10%)

Trobleshoot application failure

Troubleshoot control plane failure

Troubleshoot worker node failure

Trobleshoot networking

Application Lifecycle Management (8%)

Understand Deployments and how to perform rolling updates and rollbacks

Know Various ways to configure applications

Know how to scale applications

Understand the primitives necessary to create self-healing application

Storage (7%)

Understand persistent volumes and how to create them

Understand access modes for volumes

Understand persistent volume claims primitive

Know how to configure applications with persistent storage

Logging/Monioring (5%)

Understand how to monitor all cluster components

Understand how to monitor applications

Manage cluster component logs

Manage application logs

Scheduling (5%)

Use label selectors to schedule Pods

Understand the role of DaemonSets

Understand how resource limits can affect Pod scheduling

Understand how to run multiple schedulers and how to configure Pods to use them

Manually schedule a pod without a scheduler

Display scheduler events

Know how to configure the Kubernetes scheduler

Certified Kubernetes Administrator (CKA)

Valid for 3 years and can be revoked "Performance-based" test (practical)

Logistics

Source: https://training.linuxfoundation.org/wp-content/uploads/2019/08/CKA-CKAD-Candidate-Handbook-8.5.19.pdf

Curriculum v1.15

Source: https://github.com/cncf/curriculum/blob/master/certified_kubernetes_administrator_exam_v1.15.pdf

Core Concepts (19%)

Understand the Kubernetes cluster architecture

  • Master

    • API server: exposes API
    • Scheduler: schedule pods
    • Controller Manager (+ cloud controller mgr):
    • etcd: datastore
  • Worker

    • kubelet
    • kube-proxy
    • container runtime (implements CRI)
  • Addons

    • DNS (required) - coredns
    • network (required?) - calico / flannel / loopback

Skills

Get nodes: kubectl get nodes Get control plane status: kubectl get componenestatus Get control plane components: kubectl get all -n kube-system

Understand the Kubernetes API primitives

Every object has:

  • apiVersion
  • Kind
  • metadata
  • spec
  • status

kubectl is used to interact with the API server, who is the gateway to the data store (etcd).

Understand Services and other network primitives

  • Pods have an IP assigned
  • Endpoints group IPs of pods targeted by a Service.
    • Endpoints are automatically created iff the service has a selector.
    • One can also manually create an Endpoint that matches a service name to route to non-virtual IPs.
  • Services decouple consumers from replicated pods, and also have an IP assigned (at creation time).
    • Label selectors define the target set of pods
    • Ports define destination ports for the service IP
    • Types
      • Type=ClusterIP: assigns a virtual IP ("cluster IP")
      • Type=NodePort: reserve a port on every node (regardless of having a pod targetet by the service) and route that port on each node's IP to the service's endpoints.
      • Type=LoadBalancer: users cloud-controller to create an ELB and assign a nodeport to the service.

kube-proxy implements a form of virtual IP for Services. 3 proxy modes are supported (v1.8+): userspace, iptables (default), and ipvs. kube-proxy in iptables mode watches for addition/removal of Service and Endpoint and manages iptable rules to redirect traffic to one of the pods at random.

Useful docs:

Installation, Configuration & Validation (12%)

Design a Kubernetes cluster

Install Kubernetes masters and nodes

Configure secure cluster communications

Configure Highly-Available Kubernetes cluster

Know where to get the Kubernetes release binaries

Provision underlying infrastructure to deploy a Kubernetes cluster

Choose a network solution

Chose your Kubernetes infrastructure configuration (new)

Run end-to-end tests on your cluster

Analyse end-to-end tests on your cluster

Run Node end-to-end tests

Install and use kubeadm to install, configure, and manage Kubernetes clusters.

Security (12%)

  • users:

    • service account: managed via API server
    • external: everything else
  • apiserver

    • secure port (--secure-port default 6443): authentication, authorization, admission, validation, storage
    • insecure port (--insecure-port default 8080): admission, validation, storage
    • for each request: transport, authentication, authorization, admission, validation
      • transport: TLS with self-signed certificate (usually)
      • authentication:
        • X509:
          • --client-ca-file configured
          • username: cert's subject Common Name (CN)
          • group(s): cert's subject Organization (O)
        • Static token
          • --token-auth-file is a CSV file contiaing: token, user, uid, "group-1, group-N"
          • token is sent as a bearer token (Authorization: Bearer <token>)
        • Bootstrap Tokens (beta)
          • --enable-bootstrap-token-auth configured and TokenCleaner controller enabled.
          • token is sent as a bearer token (Authorization: Bearer <token>)
          • token are secret with type=bootstrap.kubernetes.io/token, and usually managed via kubeadm token
          • can be used to sign a ConfigMap with cluster-info config to bootstrap (TLS) trust
        • Static password
          • --basic-auth-file is a CSV file containing: password, user, uid, "group-1, group-N"
          • user/password is sent via HTTP Basic Auth (Authorization: Basic BASE64ENCODED(<user>:<password>))
      • authentication:
      • authentication:
      • authorization:
      • admission:
      • validation:
      • persistence:
  • kubelet

Know how to configure authentication and authorization

Understand Kubernetes security primitives

Know to configure network policies

Create and manage TLS certificates for cluster components

Work with images securely

Define security contexts

Secure persistent key value store

Networking (11%)

Understand the networking configuration on the cluster nodes

Understand Pod networking concepts

Understand Service networking

Deploy and configure network load balancer.

Know how to use Ingress rules (new)

Know how to configure and use the cluster DNS

Understand CNI

  • Flannel
  • Calico
  • Loopback

Cluster Maintenance (11%)

Understand Kubernetes cluster upgrade process

Facilitate operating system upgrades

Implement backup and restore methodologies

Troubleshooting (10%)

Trobleshoot application failure

Troubleshoot control plane failure

Troubleshoot worker node failure

Trobleshoot networking

Application Lifecycle Management (8%)

Understand Deployments and how to perform rolling updates and rollbacks

Know Various ways to configure applications

Know how to scale applications

Understand the primitives necessary to create self-healing application

Storage (7%)

Understand persistent volumes and how to create them

Understand access modes for volumes

Understand persistent volume claims primitive

Understand Kubernetes storage objects (new)

Know how to configure applications with persistent storage

Logging/Monioring (5%)

Understand how to monitor all cluster components

Understand how to monitor applications

Manage cluster component logs

Manage application logs

Scheduling (5%)

Use label selectors to schedule Pods

Understand the role of DaemonSets

Understand how resource limits can affect Pod scheduling

Understand how to run multiple schedulers and how to configure Pods to use them

Manually schedule a pod without a scheduler

Display scheduler events

Know how to configure the Kubernetes scheduler

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment