日拱一卒
0%

Certified Kubernetes Application Developer Exam Preparation

Posted on

Practice

Pods

1
2
3
4
kubectl create namespace -h
kubectl config set-context --current --namespace=ckad
kubectl run -h
# --rm=false: If true, delete resources created in this command for attached containers.

ConfigMaps

Configure a Pod to Use a ConfigMap

Use envFrom to define all of the ConfigMap's data as container environment variables. The key from the ConfigMap becomes the environment variable name in the Pod.

1
2
3
4
5
kubectl create configmap -h
# --from-env-file
# Specify the path to a file to read lines of key=val pairs to create a configmap.
kubectl run -h
# --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the object that would be sent, without sending it.

Secrets

Using Secrets as environment variables

1
2
3
kubectl create secret generic -h
# --from-file
# Specifying a directory will iterate each named file in the directory that is a valid secret key.

SecurityContext

Configure a Security Context for a Pod or Container

1
2
3
kubectl explain Pod.spec.securityContext
# fsGroup
# A special supplemental group that applies to all containers in a pod. Some volume types allow the Kubelet to change the ownership of that volume to be owned by the pod.

Resource Quotas

Resource Quotas

A resource quota, defined by a ResourceQuota object, provides constraints that limit aggregate resource consumption per namespace. It can limit the quantity of objects that can be created in a namespace by type, as well as the total amount of compute resources that may be consumed by resources in that namespace.

Resource Management for Pods and Containers

1
kubectl create quota -h

Service Accounts

Configure Service Accounts for Pods

1
2
3
kubectl explain Pod.spec
# serviceAccountName
# ServiceAccountName is the name of the ServiceAccount to use to run this pod.

Readiness and Liveness Probes

Configure Liveness, Readiness and Startup Probes

Labels

Labels and Selectors

Set-based label requirements allow filtering keys according to a set of values. Three kinds of operators are supported: in,notin and exists (only the key identifier).

1
kubectl label -h

Secrets

Using Secrets as files from a Pod

1
kubectl create deployment -h

Deployments

Rolling Back a Deployment

1
2
3
4
5
6
kubectl set image -h
kubectl rollout history -h
# --revision
# See the details, including podTemplate of the revision specified
kubectl scale -h
kubectl rollout undo -h

CronJob

1
kubectl create cronjob -h

Cron schedule syntax

Jobs History Limits

Service

Publishing Services (ServiceTypes)

1
2
# --rm
kubectl run <pod name> --image=busybox -it --rm --restart=Never -- <command>

Network Policies

The NetworkPolicy resource

podSelector: Each NetworkPolicy includes a podSelector which selects the grouping of pods to which the policy applies. An empty podSelector selects all pods in the namespace.

Init Containers

Configure Pod Initialization

Helm

Installing Helm

Helm Completion

Helm Repo

1
2
helm repo add stable https://charts.helm.sh/stable
helm repo add bitnami https://charts.bitnami.com/bitnami

Helm Search

Helm Install

Helm List

Helm Upgrade

Helm Show

Helm Uninstall

Exam Simulator

Question 1 | Namespaces

Output options

1
2
kubectl get -h
# -o name Print only the resource name and nothing else.

Question 3 | Job

Parallel execution for Jobs

1
2
kubectl explain Job.spec.completions
kubectl explain Job.spec.parallelism

Question 4 | Helm Management

1
2
3
4
5
6
7
8
9
10
11
12
helm list --namespace [NAMESPACE]
# -a, --all
# show all releases without any filter applied
helm uninstall [RELEASE_NAME] --namespace [NAMESPACE]
# upgrade
helm repo list
helm repo update
helm search repo [keyword]
helm upgrade [RELEASE] [CHART] --namespace [NAMESPACE]
# install
helm show values [CHART]
helm install [NAME] [CHART] --set replicaCount=[n] --namespace [NAMESPACE]

Question 5 | ServiceAccount, Secret

1
2
3
4
# base64 encoded token
kubectl get secrets [NAME] -o yaml
# base64 decoded token
kubectl describe secrets [NAME]

Question 11 | Working with Containers

1
2
3
4
5
6
7
8
9
docker build -t NAME[:TAG] -t NAME[:TAG] .
docker push NAME[:TAG]

# podman
podman build -t NAME[:TAG]
podman push NAME[:TAG]
podman run -d --name NAME IMAGE
podman ps
podman logs CONTAINER

Question 13 | Storage, StorageClass, PVC

Storage Classes

Dynamic Volume Provisioning

Question 19 | Service ClusterIP to NodePort

Type NodePort

Question 20 | NetworkPolicy

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: <name>
  namespace: <namespace>
spec:
  podSelector:
    matchLabels:
      <key>: <value>
  policyTypes:
  - Egress
  egress:
  - to:
    - podSelector:
        matchLabels:
          <key>: <value>
  - ports: # 2nd egress rule
    - port: <port>
      protocol: UDP
    - port: <port>
      protocol: TCP

Notice that we specify two egress rules in the yaml above. If we specify multiple egress rules then these are connected using a logical OR.

Question 22 | Labels, Annotations

1
kubectl label pods -l "KEY in (KEY_1,KEY_2)" KEY_3=VAL_3 ... KEY_N=VAL_N