CKA Exam Preparation

This section contains my notes to prepare for Certified KubernetesAdministrator (CKA) Exam.

📄️ Certified Kubernetes Administrator

The Certified Kubernetes Administrator (CKA) exam focuses on assessing your ability to handle the day-to-day responsibilities of a Kubernetes administrator. The CKA curriculum is well-defined by the Cloud Native Computing Foundation (CNCF) and typically includes the following core domains:

📄️ Kubernetes Network Design Principles

Kubernetes Network

📄️ Setup Kubernetes Cluster using Minikube

We will use minikube in to run kubernetes cluster in your local machine. You can download and install minikube from their official website//minikube.sigs.k8s.io/docs/.

📄️ Namespace

Namespaces provide a mechanism for isolating groups of resources within a single cluster. Names of resources need to be unique within a namespace, but not across namespaces. Namespace-based scoping is applicable only for namespaced objects (e.g. Deployments, Services, Pods, etc.) and not for cluster-wide objects (e.g. StorageClass, Nodes, PersistentVolumes, etc.).

📄️ Role-Based Access Control (RBAC)

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization.

📄️ ResourceQuota

When several users or teams share a cluster with a fixed number of nodes, there is a concern that one team could use more than its fair share of resources Resource quotas are a tool for administrators to address this concern.

📄️ Deployment

A Deployment manages a set of Pods to run an application workload, usually one that doesn't maintain state.

📄️ Deployment: Rollout

A rollout occurs when a Deployment or StatefulSet updates its Pods to a new version. Kubernetes gradually replaces old Pods with new ones, following a defined strategy.

📄️ Pod

Pods are the smallest deployable units of computing that you can create and manage in Kubernetes.

📄️ ConfigMap

A ConfigMap is an API object used to store non-confidential data in key-value pairs. Pods can consume ConfigMaps as environment variables, command-line arguments, or as configuration files in a volume.

📄️ Service

Expose an application running in your cluster behind a single outward-facing endpoint, even when the workload is split across multiple backends.

📄️ Service: kubectl expose

Another way to create a service is by using kubectl expose command.

📄️ Limit Range

By default, containers run with unbounded compute resources on a Kubernetes cluster.

📄️ Pod: Quality of Service Class

Kubernetes classifies the Pods that we run and allocates each Pod into a specific quality of service (QoS) class. Kubernetes assigns every Pod a QoS class based on the resource requests and limits of its component Containers. QoS classes are used by Kubernetes to decide which Pods to evict from a Node experiencing Node Pressure.

📄️ Pod & Container: Resource Management

In Kubernetes, we can specify CPU and memory requests and limits for each containers using the resources field in your Deployment or Pod specification.

📄️ Pod & Container: Probes

In Kubernetes, a probe is a mechanism used to determine the health and readiness of a container running within a pod. Probes defined in the pod specification and performed periodically to make sure that the containers inside a pod running properly.

📄️ Scaling: Manual

The kubectl scale command manually adjusts the number of pod replicas for a Deployment, ReplicaSet, StatefulSet, or Job.

📄️ Scaling: Horizontal Pod Autoscaler

In Kubernetes, a HorizontalPodAutoscaler automatically updates a workload resource (such as a Deployment or StatefulSet), with the aim of automatically scaling the workload to match demand.

📄️ Persistent Volume & Claim

A Persistent Volume (PV) is the actual storage resource, while a Persistent Volume Claim (PVC) is a request for storage by a Pod.

📄️ Secret

Kubernetes Secrets are used to store sensitive information such as passwords, API keys, and certificates in a secure way. They help separate configuration from application code, improving security and manageability.

📄️ Ingress: Routing

Ingress exposes HTTP and HTTPS routes from outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

📄️ Ingress: TLS (Transport Layer Security)

To secure an Ingress (HTTPS) we can do it by specifying a Secret that contains a TLS private key and certificate.

📄️ Ingress: Rate Limit

In production setup it's crucial to setup rate limit. These can be use to mitigate DDoS Attacks.

📄️ Ingress: Basic Auth

We can secure our ingres setup by adding basic auth.

📄️ Ingress: CRD (Custom Resource Definition)

A Ingress CRD is a custom resource created to extend Kubernetes and provide advanced ingress capabilities beyond the standard Ingress resource.

📄️ Job

Jobs represent one-off tasks that run to completion and then stop.

📄️ CronJob

Previously we already create a Job to backup the postgres database service that we have. But its inconvenient to run this job manually every time we want to backup. We can use CronJob for this.

📄️ Multi-Node Clusters

A multi-node Kubernetes cluster is a cluster that consists of at least one or more ControlPlane nodes and one or more Worker nodes. Control Plane Node(s) responsible for managing the cluster’s lifecycle and schedules workloads. Worker nodes runs the actual applications (Pods).