The preparation for the CKA (Certified Kubernetes Administrator) requires lots of practice and practice. Fortunately, we have lots of online playgrounds to keep practicing, there are lots of free courseware available and lots of paid as well are available. In addition to that, we get two attempts to clear the exam
- There is training conducted by the https://training.linuxfoundation.org/ itself who conducts the CKA exams.
- But I felt this course from Udemy is good https://www.udemy.com/course/certified-kubernetes-administrator-with-practice-tests/, it has videos that explain each concept and have lots of practical sessions and mock exams.
- The https://killer.sh/ is another tool where you can practice and the questions asked in the killer.sh are complex and tests real skill. If we subscribe to the CKA exam, we will get two free sessions to solve the problems in the killer.sh
- https://www.katacoda.com/courses/kubernetes this is very useful if you are a beginner in kubernetes. It starts with a very simple usecase/scenario and we can solve in our own pace and try any number of times
- https://killercoda.com/ is another useful online tool that we can use like a playground to solve scenario-based problems
Command Cheatsheet
• Create
○ kubectl run nginx --image=nginx
○ kubectl create deployment nginx --image=nginx --dry-run -o yaml
○ kubectl create deployment nginx --image=nginx --replicas=4
○ kubectl expose pod redis --name=redis-service --port=8080
○ kubectl create service clusterip redis --tcp=6379:6379
• Update
○ kubectl scale deployment nginx --replicas=5
○ kubectl scale --replica=5 replicaset/my-replicaset
• Read
○ kubectl get all
○ kubectl get pods --selector env=dev
○ kubectl get pods -l name=internal
○ kubectl get pods --show-labels
○ kubectl get pod webapp -o yaml > webapp-pod.yaml
○ kubectl get deployments.apps
○ kubectl get nodes -o json
○ kubectl get nodes -o=jsonpath='{.items[*].metadata.name}'
○ kubectl get nodes -o=custom-columns=NODE:.metadata.name,CPU:.status.capacity.cpu
• Node Related
○ Taint and Tolerance
§ kubectl taint nodes node01 app=blue:NoSchedule
§ kubectl describe node node01 | grep Taints
○ Label
§ kubectl label nodes node01 size=large
○ Upgrades
§ kubectl drain node01
§ kubectl cordon node01
§ kubectl uncordon node01
○ Events
§ kubectl get events
§ kubectl get events -o wide
• Namespaces
○ kubectl create namespace dev
○ kubectl config set-context $(kubectl config current-context) --namespace = dev
○ kubectl get pods --all-namespaces
• DaemonSet
○ kubectl get daemonsets
• Events
○ kubectl get events
• Monitoring
○ kubectl top node
○ kubectl top pod
○ kubectl logs -f <pod-name> <container-name>
○ kubectl logs -f --previous <pod-name> <container-name>
§ helpful when the pod are getting restarted and wanted to see the previous pod log
• Application Lifecycle
○ kubectl rollout status deployment/my-deployment
○ kubectl rollout history deployment/my-deployment
○ kubectl rollout undo deployment/my-deployement
• To get the sample definition
○ kubectl explain pods --recursive
• Maintenance
○ kubeadm upgrade plan
○ apt-get upgrade -y kubeadm=1.12.0-00
○ kubeadm upgrade apply v1.12.0 (First we should install v1.12.0 kubeadm)
○ apt-get upgrade -y kubelet=1.12.0-00
○ systemctl restart kubelet
○ kubeadm upgrade node config --kubelet-version v1.12.0
• Backup
○ kubectl get all --all-namespaces -o yaml > all-deploy-services.yaml
• Certificates creations
○ openssl genrsa -out ca.key 2048 => For creating private key
○ openssl req -new -key ca.key -subj "/CN=KUBERNETES-CA" -out ca.csr => For creating a CSR or Certificate Signing Request file
○ openssl x509 -req -in ca.csr -signkey ca.key -out ca.crt => For creating the signed certificate, for CA we use the its own private key for signing the certificate
○ openssl x509 -in apiserver.crt -text -noout => for viewing the certificate details
• Certificate APIs
○ kubectl get csr
○ kubectl certificate approve jane
○ kubectl get csr jane -o yaml
• kubeconfig
○ kubectl config view
○ kubectl config use-context prod
• Authorization
○ kubectl auth can-i create deployments
○ kubectl auth can-i create deployments --as dev-user
• List of all the resource type in K8S
○ kubectl api-resources --namespaced=true
○ kubectl api-resources --namespaced=false (This will return cluster scoped resources)
References
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands
No comments:
Post a Comment