Certified Kubernetes Administrator (CKA) Exam Guide: Validate your knowledge of Kubernetes and implement it in a real-life production environment

BIRMINGHAM—MUMBAI

Certified Kubernetes Administrator (CKA) Exam Guide

Copyright © 2022 Packt Publishing

All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews.

Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing or its dealers and distributors, will be held liable for any damages caused or alleged to have been caused directly or indirectly by this book.

Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information.

Group Product Manager: Rahul Nair

Publishing Product Manager: Niranjan Naikwadi

Senior Editor: Arun Nadar

Content Development Editor: Sujata Tripathi

Technical Editor: Arjun Varma

Copy Editor: Safis Editing

Project Coordinator: Ashwin Dinesh Kharwa

Proofreader: Safis Editing

Indexer: Sejal Dsilva

Production Designer: Vijay Kamble

Marketing Coordinator: Nimisha Dua

First published: November 2022

Production reference: 1071022

Published by Packt Publishing Ltd.

Livery Place

35 Livery Street

Birmingham

B3 2PB, UK.

ISBN 978-1-80323-826-5

www.packt.com

Foreword

Over the last decade, Kubernetes has gone mainstream. Builders of cloud applications are expected to be familiar with cloud-native design tools and techniques. Becoming certified in Kubernetes demonstrates that you have the knowledge and skills necessary to meet the expectations of businesses, enterprises, and consumers.

Whether you are a cloud-native expert or a beginner, this book will familiarize you with the tools, technologies, and terminology in the cloud-native ecosystem. Mélony’s own experience getting involved in the cloud-native ecosystem and its rapidly changing array of open source projects and cloud-based products, enable her to write an approachable book that can serve as your guide to the modern way that today’s applications are built.

The expectations of business, customers, and users of today’s applications have never been greater. Kubernetes and cloud-native are the skills that will enable you to build applications that meet the standards necessary to compete in the world of modern application development.

Brendan Burns, co-founder of Kubernetes open source project.

I first met Mélony back in 2018. I’d been speaking at an event in London and when I finished, she approached the stage to ask a question. That was just a few days before she started working at Microsoft and I’ve had the pleasure of working with her since then. It’s rare to get to work with such a talented individual, someone who has a real passion for technology, learning, and helping others to learn.

I’ve been working in technology for over 30 years in roles across operations, engineering, and architecture. A lot of that time was spent working in large corporations. Containers and Kubernetes have had a massive effect on the way applications are developed, deployed, and managed. It would have solved so many problems if I’d had these tools available earlier on in my career. Back in 2014, a colleague of mine told me to keep a close eye on this Docker thing they’d heard about as they were convinced it was going to be a big deal. I have kept an eye on it and they were right. It has been a big deal!

As your maturity with containers grows, you’ll find yourself involved with Kubernetes. If you’re going to use Kubernetes, then you really need to understand how it works. It’s complicated and you can easily get things wrong, so you really, really need to know what you’re doing. Certification exams are always a great way to build your knowledge, test yourself, and prove that you know your stuff! I’ve sat all of the current Kubernetes certification exams and I can tell you from personal experience, these exams are hard. You can’t get away with guessing which multiple-choice answer is the right one. You can’t wing it. Oh no, you need to actually put the work in to learn Kubernetes before you sit this exam! And that’s a good thing, because it makes the Kubernetes certification more valuable knowing that you can’t pass it without putting in the effort.

If you’ve got this book in your hands or on your digital reading device of choice, then you’ve made a great start! Kubernetes certifications are hard, make no mistake, but you will pass if you put the work in. Mélony will guide you through the topics you need to learn and help set you up for success.

Good luck. You’ve got this!

Mark Whitby, Cloud-native architecture and engineering lead, principal global black belt (GBB) at Microsoft

Certifications are the best way to show the world your passion, your interests, and your skills, in the ever competitive and fierce landscape for talent sprung by the adoption of the cloud native paradigm. Mélony has done an amazing job to demystify the many mysteries of Kubernetes into simple, easy to understand concepts that will guide you in your studies, and hopefully lead you to a successful certification. She truly understands the learning journey and the many hurdles of cloud native, and she’s motivated to make your journey easier.

I met Mélony several years ago at one of the Microsoft OpenHacks events, and her passion for learning and sharing struck me. So, I’m both glad and proud to write the foreword to her new book, which undoubtedly will help many cloud native engineers in their own personal learning path.

Alessandro Vozza, Principal Software Engineer at Microsoft, CNCF Ambassador, Founder of Cloud Pirates

Note from the author

Containerization is an approach to managing applications; a container image contains all its deployment dependencies and configurations. Managing one, or even a couple of containers for dev/testing purposes, is relatively easy. The real challenge comes when you have to manage hundreds, or even thousands of containers, especially for enterprise-grade product environments, where you’ll be managing networking, deployments, configuration, etc. This is where the container orchestrator comes in.

Looking back, many open source container orchestrators have been popular in the market at one point in time. Although we’re still hearing about Docker Swarm, Mesosphere’s DC/OS, Kubernetes is by far the most popular container orchestration tool.

We have seen tremendous growth in Kubernetes and its ecosystem over the last 7 years. Yet, the complexity of managing the tool remains the major blocker for enterprises that prevents them from taking complete advantage of this fantastic technology. Learning Kubernetes and its ecosystem will help organizations overcome their challenges in deploying, managing, and operating Kubernetes clusters.

Acquiring a Certified Kubernetes Administrator (CKA) certification is the best way to help you train the essential skills on working with Kubernetes. In particular, you’ll learn how to manage and operate Kubernetes.

The Certified Kubernetes Administrator (CKA) certification is founded by Cloud Native Computing Foundation (CNCF), and it is designed to ensure that certification candidates have the skills and knowledge to help them establish their credibility and value in the job market, and to support business growth. It is widely recognized by various sizes of businesses across different industries.

This book is an exam guide and a knowledge book, and it covers all the important aspects required by the CKA certification. We’ll start with an introduction to Kubernetes architecture, turning to the core concept of Kubernetes. Then, we will dive deeply into the main Kubernetes primitives, installation and configuration, cluster management, workload scheduling, networking, and security. We’ll also cover various ways to troubleshoot Kubernetes.

Each chapter will cover core concepts as well as code samples. It is not a book to read conventionally – it is a practice guide that requires you to get out of your comfort zone and go break some eggs!

While I was writing this book, I was at the lowest point of my life, having relocated to a new continent, as well as undergoing surgery for the first time in my life during the first 2 months of relocation. This all took place alongside many other challenges. I can’t thank my family enough for the huge support I received from them, especially my beloved mother, Nancy Deng. I also want to thank my lovely local and remote friends, the Packt team, and other people who supported me during that period.

As a human being, those unprecedented life challenges also made me rethink the definition of living a meaningful life. Hence, I decided to turn those challenges into something positive and meaningful by pushing myself to the max to work on this book. This experience also encouraged me to create the CloudMelon Vis YouTube channel, alongside my website cloud-melon.com that I have been blogging on for years. Sharing is caring!

Rethinking my community evangelization in the past, I hope to make my life more meaningful by making a more positive impact on the community. This book aims to help people find their new career path with Kubernetes, in particular those who lost their jobs during the pandemic. Kubernetes is one of the most life-changing technologies that empowered my own career path, and I hope it will make a positive impact on your career, too.

Last but not least, I wish you the best of luck with your CKA exam and hope you will enjoy your journey in building your future with this book. Thanks!

Contributors

About the author

Mélony Qin, aka CloudMelon, is the founder of CloudMelonVision and a product manager at a top tech company, as well as being the author of Microsoft Azure Infrastructure, the Kubernetes Workshop, and Certified Kubernetes Administrator (CKA) Exam Guide by Packt Publishing, and the technical reviewer for Azure for Architects, Third Edition. Her community contribution mainly concerns OSS, DevOps, Kubernetes, serverless, big data analytics, and IoT on Microsoft Azure. She is also a member of the Association for Computing Machinery (ACM) and Project Management Institute (PMI). She can be reached via Twitter using @MelonyQ or @CloudMelonVis, through the Contact me page of her blog (www.cloud-melon.com), and via her YouTube channel: CloudMelon Vis https://www.youtube.com/c/CloudMelonVis.

About the reviewers

Erol Kavas has worked in the IT industry for more than 20 years, with 10 years dedicated to infrastructure, the cloud, and DevOps. He has helped many Canadian and US enterprises and governments to build their cloud foundations and embark upon their containerization and Kubernetes journeys. He is fully certified on AWS, Azure, Google Cloud Platform, and Kubernetes in all disciplines. He is a partner and chief consultant in a DevOps and cloud consulting firm that helps Canadian and US start-ups in their cloud and DevOps journeys. He is also a Microsoft Certified Trainer (MCT) regional lead for Canada and trains many new cloud professionals at CloudCamp.ca.

Dustin Specker has been in the tech industry for almost 10 years. He started as a frontend web developer focused on usability. In the last few years, Dustin has pivoted to developing cloud solutions. He has used Kubernetes for on-premises environments and public cloud for the last four years. He has earned the CKAD, CKA, and CKS certifications. He received a Bachelor of Science degree in nuclear engineering from the Missouri University of Science and Technology, where he discovered that he enjoyed programming much more than nuclear engineering.

Bruno S. Brasil is a cloud engineer who has used Linux since he was a kid. He started out working in on-premises environments before living out the migration to cloud solutions and joining the DevOps culture, choosing Google Cloud Platform as his specialization focus. Since then, he has worked on projects of this type as a consultant and engineer for several types of businesses, ranging from digital banks and marketplaces to start-ups. He has always focused on implementing best practices in the development of infrastructure as code, disseminating the DevOps culture, and implementing SRE strategies. He is enthusiastic about the open source community and believes that this is the most important path in terms of the growth of new professionals and new technologies.

Juri Sinar is a senior DevOps engineer working for a London fintech start-up. Kubernetes is the main platform that he has used to run and integrate infrastructure for the past five years. It helps Juri to connect and automate a large global network of open banking for his clients in a way that would not have been possible just 10 years ago.

Table of Contents

Preface

Part 1: Cluster Architecture, Installation, and Configuration

1

Kubernetes Overview

CKA exam overview

What to expect in your CKA exam

CKA exam tips and tricks

Cluster architecture and components

Kubernetes core concepts

Containerized workloads

Container images

Container registry

Container runtimes

Kubernetes basic workflow

Kubernetes plugin model

Kubernetes API primitives

Sharing a cluster with namespaces

Kubernetes in-market distribution and ecosystems

Upstream vanilla Kubernetes

Managed Kubernetes

Kubernetes ecosystems

Summary

2

Installing and Configuring Kubernetes Clusters

Technical requirements

Hands-on Kubernetes tooling

Core tools

Deployment tools

Other tools

Installing and configuring a Kubernetes cluster

Prerequisites for installing a Kubernetes cluster

Using minikube to set up a single node Kubernetes cluster

Using kubeadm to install a basic Kubernetes cluster

Setting up a highly available cluster with kubeadm

Summary

Mock CKA scenario-based practice test

Scenario 1:

Scenario 2:

Scenario 3 (optional):

FAQs

3

Maintaining Kubernetes Clusters

Demystifying Kubernetes cluster maintenance

Upgrading a Kubernetes cluster using kubeadm

Upgrading the master node

Upgrading the worker node

Working with etcd

Exploring the ETCD cluster pod

Listing etcd cluster members

Checking the etcd cluster status

Installing etcd

Backing up etcd

Restoring etcd

Summary

Mock CKA scenario-based practice test

Scenario 1

Scenario 2

Scenario 3

Scenario 4

FAQs

Part 2: Managing Kubernetes

4

Application Scheduling and Lifecycle Management

Technical requirements

The basics of Kubernetes workloads

Imperative management versus declarative management

Understanding pods

Deploying and managing applications

Deploying applications

Performing rolling updates and rollbacks

Rolling updates with kubectl

Rollback

Scaling applications

ReplicaSets

Workload scheduling

Understanding namespaces

Labels, node selectors, and annotations

Node affinity and anti-affinity

Taints and tolerations

Resource management

Configuring applications

Manifest management with kustomize

Common package management and templating with Helm

Summary

Mock CKA scenario-based practice test

Scenario 1

Scenario 2

Scenario 3

Scenario 4

Scenario 5

FAQs

5

Demystifying Kubernetes Storage

Technical requirements

Stateful versus stateless workloads

Kubernetes volumes

Ephemeral storage

Persistent storage

Cracking stateful applications in Kubernetes

Configuring an application with mounted storage

Configuring an application with persistent storage

Summary

Mock CKA scenario-based practice test

Scenario 1

Scenario 2

FAQs

6

Securing Kubernetes

Technical requirements

Securing Kubernetes in layers

Kubernetes authentication and authorization

Service accounts versus user accounts

Kubernetes service accounts

Organizing the cluster access using kubeconfig

Configuring access to multiple clusters

Kubernetes authorization

Kubernetes RBAC

Managing the security of Kubernetes applications

Summary

Mock CKA scenario-based practice test

Scenario 1

Scenario 2

Scenario 3

FAQs

7

Demystifying Kubernetes Networking

Technical requirements

Understanding the Kubernetes networking model

Container-to-container communication

Pod-to-pod communication

Pod-to-service and external-to-service communications

Node-to-node communication

Choosing an appropriate Container Network Interface plugin

CNI networking in Kubernetes

Decision metrics

Configuring Ingress controllers and Ingress resources

How Ingress and an Ingress controller works

Using multiple Ingress controllers

Work with Ingress resources

Ingress annotations and rewrite-target

Configuring and leveraging CoreDNS

Check whether the CoreDNS server is up and running

Pod IPs and DNS hostnames

Service IPs and DNS hostnames

Summary

Mock CKA scenario-based practice test

Scenario 1

Scenario 2

Scenario 3

Scenario 4

Scenario 5

Scenario 6

FAQs

Part 3: Troubleshooting

8

Monitoring and Logging Kubernetes Clusters and Applications

Technical requirements

Monitoring on a cluster node

Checking whether Metrics Server is installed

Installing Metrics Server in your current Kubernetes cluster

Checking out CPU/memory metrics

Monitoring applications on a Kubernetes cluster

Monitoring the resource usage of an application

Checking application details

Monitoring cluster events

Managing logs at the cluster node and Pod levels

Cluster-level logging

Checking out the node details

Checking the node status

Managing container stdout and stderr logs

Summary

Mock CKA scenario-based practice test

Scenario 1

FAQs

9

Troubleshooting Cluster Components and Applications

Technical requirements

General practices in Kubernetes troubleshooting

Troubleshooting cluster components

Inspecting the cluster

Inspecting the node

Troubleshooting applications

Getting a high-level view

Inspecting namespace events

Troubleshooting failing pods

Troubleshooting init containers

Summary

FAQs

10

Troubleshooting Security and Networking

Technical requirements

Troubleshooting RBAC failures

Initiating a minikube cluster

Managing a minikube cluster

Troubleshooting networking

Troubleshooting a Kubernetes DNS server

Troubleshooting a service in Kubernetes

Get a shell for troubleshooting

Summary

FAQs

Appendix - Mock CKA scenario-based practice test resolutions

Chapter 2 – Installing and Configuring Kubernetes Clusters

Scenario 1

Scenario 2

Scenario 3 (optional)

Chapter 3 – Maintaining Kubernetes Clusters

Scenario 1

Scenario 2

Scenario 3

Scenario 4

Chapter 4 – Application scheduling and lifecycle management

Scenario 1

Scenario 2

Scenario 3

Scenario 4

Scenario 5

Chapter 5 – Demystifying Kubernetes Storage

Scenario 1

Scenario 2

Chapter 6 – Securing Kubernetes

Scenario 1

Scenario 2

Scenario 3

Chapter 7 – Demystifying Kubernetes networking

Scenario 1

Scenario 2

Scenario 3

Scenario 4

Scenario 5

Scenario 6

Chapter 8 – Monitoring and logging Kubernetes Clusters and Applications

Scenario 1

Index

Other Books You May Enjoy

Preface

Kubernetes is by far the most popular container orchestration tool, yet the complexities of managing the tool have led to the rise of fully