CKA Study

Question 1

Command: Apply configuration changes to a resource

Answer 1

kubectl apply -f FILENAME

Question 2

Command: Access a web server via a NodePort

Answer 2

curl http://<Node>:<NodePort>
ie: http://198.168.1.2:30008</NodePort></Node>

Question 3

Command: Create a resource

Answer 3

kubectl create -f FILENAME

Question 4

Command: Creating a file from a Deployment

Answer 4

kubectl create deployment –image=nginx nginx –dry-run=client -o yaml > nginx-deployment.yaml

Question 5

Command: Edit and update the definition of a resource

Answer 5

kubectl edit (-f FILENAME | TYPE NAME)

Question 6

Command: Get documentation for a resource type

Answer 6

kubectl explain RESOURCE-TYPE

Question 7

Command: Replace a resource

Answer 7

kubectl replace –force -f FILENAME

Question 8

Command: Update the size of the specified replication controller

Answer 8

kubectl scale -f FILENAME

Question 9

Command: Change the ETCD API version for commands

Answer 9

If you get the message, “No help topic for …”

export ETCDCTL_API=3 (default is 2)

Question 10

Command: Execute a command against an resource

Answer 10

kubectl exec etcd-master -n kube-system etcdctl get / –prefix - keys-only

Question 11

Command: List Pods

Answer 11

kubectl get pods

Question 12

Command: Display the detailed state of a Pod

Answer 12

kubectl describe pod <Pod> -n=NAMESPACE</Pod>

Question 13

Command: View a running resource and its effective options

Answer 13

ps -aux | grep <Process-Name></Process-Name>

Question 14

If a specific Controller doesn’t seem to work or exist

Answer 14

Look at the Kube-Controller-Manager options
Kubeadm: /etc/kubernetes/manifests/kube-controller-manager.yaml
Non-Kubeadm: /etc/systemd/system/kube-controller-manager.service

Question 15

Location: Where is the Pod Definition file located

Answer 15

Kubeadm: /etc/kubernetes/manifests/kube-apiserver.yaml
Non-Kubeadm: /etc/systemd/system/kube-apiserver.service

Question 16

Object: ETCD-Master

Answer 16

Key/Value data store
Runs on Port 2379
Can be accessed via a browser at https://<IP>:2379</IP>

Set Value: ./etcdctl set key1 value1
Get Value: ./etcdctl set key1

Question 17

Object: Kube-APIServer

Answer 17

Authenticate User
Validate Request
Retrieve Data
Update ETCD
Used by Kube-Scheduler-Master and Kubelet

Question 18

Object: Kube-Proxy

Answer 18

Runs on each Node in the Cluster
Look for new Services
Creates an new Rule on each Node to forward traffic to those Services

Question 19

Object: Kube-Scheduler

Answer 19

Decides which Pod goes on which Node
Kubeadm: /etc/kubernetes/manifests/kube-scheduler.yaml
Non-Kubeadm: /etc/systemd/system/kube-scheduler.service

Question 20

Object: Kubelet

Answer 20

Registers Node on the K8S cluster
Creates Pods
Monitors Nodes and Pods
Configuration located at /var/lib/kubelet/config.yaml

Question 21

Object: Master Node

Answer 21

ETCD: Information on the cluster
Kube-Scheduler: Schedule applications or containers
Kube-Controller-Manager: Takes care of all controllers
Kube-APIServer: Orchestrating operations on the cluster

Question 22

Object: Kube-Controller-Manager

Answer 22

Monitors services and brings them to the desired state

Question 23

Object: Node-Controller

Answer 23

Monitor Nodes and keeps Pods running

Question 24

Object: Namespace Kube-System

Answer 24

Namespace for system resources

Question 25

Object: Namespace Kube-Public

Answer 25

Namespace for shared resources

Question 26

Object: ResourceQuota

Answer 26

apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
spec:
hard:
pods: “10”
requests.cpu: “4”
requests.memory: 5Gi
limits.cpu: “10”
limits.memory: 10Gi

Question 27

Object: ClusterIP Service

Answer 27

Creates a virtual IP to enable communication between services and pods, in the cluster

Question 28

Object: NodePort Service

Answer 28

Listens to a port and forwards requests on that port to another port, across the cluster
- the Port is required and must be between 30000 and 32676
- if the TargetPort is not specified, it will be the same value as Port
- if the NodePort is not specified, it will be automatically assigned
NodePort services also externally exposes the IP Address

Question 29

Object: LoadBalancer Service

Answer 29

Provisions a Load Balancer for applications

Question 30

Object: Pods

Answer 30

A single instance of an Application
Helper Containers, supporting the Application, can be in the same Pod
There are many Pods in a Node

Question 31

Object: Replication-Controller

Answer 31

Manages the Replicate Sets
- Pods per Set
- High Availability and Resiliency

Question 32

Object: Worker Node

Answer 32

Container Engine: Docker (other engines are available)
Kubelet: Listens to Kube-API-Server and carries out instructions
Kube-Proxy: communication between nodes

Question 33

YAML: Service NodePort

Answer 33

apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
type: NodePort
ports:
- targetPort: 80
port: 80
nodePort: 30008
selector:
app: myapp
type: frontend

In the Selector, app and type are copied from the Pod’s Labels section

Question 34

YAML: Deployment

Answer 34

apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deployment
labels:
app: myapp
tier: frontend
spec:
template:
metadata:
name: myapp-pod
labels:
app: myapp
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx
replicas: 3
selector:
matchLabels:
type: frontend

Question 35

YAML: Namespace

Answer 35

apiVersion: v1
kind: Namespace
metadata:
name: my-namespace

Question 36

YAML: Pod

Answer 36

apiVersion: v1
kind: Pod
metadata:
name: my-nginx
labels:
app: nginx
tier: frontend
spec:
containers:
- name: my-nginx
image: nginx

Question 37

YAML: ReplicaSet

Answer 37

apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: myapp-replicaset
labels: // these labels are for the ReplicaSet
app: myapp
tier: frontend
spec:
template:
metadata:
name: myapp-pod
labels: // these labels are for filtering the specific Pods
app: myapp
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx
replicas: 3
selector:
matchLabels: // these matchLabels must match the Pod filtering labels
type: frontend

Question 38

YAML: ReplicationController

Answer 38

apiVersion: v1
kind: ReplicationController
metadata:
name: myapp-rc
labels:
app: myapp
tier: frontend
spec:
template:
metadata:
name: myapp-pod
labels:
app: myapp
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx
replicas: 3

Question 39

YAML: Service ClusterIP

Answer 39

apiVersion: v1
kind: Service
metadata:
name: backend
spec:
type: ClusterIP
ports:
- targetPort: 80
port: 80
selector:
app: myapp
type: backend

In the Selector, app and type are copied from the Pod’s Labels section

Question 40

YAML: Service LoadBalancer

Answer 40

apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
type: LoadBalancer
ports:
- targetPort: 80
port: 80
nodePort: 30008

Question 41

Command: Create a Pod from the command line

Answer 41

kubectl run nginx –image=nginx –port=8080

Question 42

Command: Create a Service to expose a Deployment or Pod

Answer 42

kubectl expose deployment nginx –port 80 –name nginx-service
kubectl expose pod redis –port 80 –name redis-service

Question 43

Command: Update an Image on a Deployment

Answer 43

kubectl set image deployment nginx nginx=nginx:1.18

Question 44

Command: Getting Help

Answer 44

kubectl create service clusterip –help

Question 45

Command: Check if the K8S components are executing

Answer 45

kubectl get nodes -n kube-system

Question 46

Command: Filter by Labels

Answer 46

kubectl get pods –selector LABEL1=VALUE1,LABEL2=VALUE2

Question 47

Command: Taints

Answer 47

Add: kubectl taint nodes NODE-NAME key=value:taint-effect
taint-effects: NoSchedule | PreferNoSchedule | MoExecute

Remove: kubectl taint nodes NODE-NAME TAINT-

Question 48

Command: Labels

Answer 48

kubectl label nodes NODE-NAME KEY=VALUE

Question 49

YAML: Node Affinity

Answer 49

apiVersion: v1
kind: Pod
metadata:
name: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: size
operator: In
values:
- Large
- Medium

Question 50

Command: Create YAML from running resource

Answer 50

kubectl get pod PODNAME -o yaml > PODNAME.yaml

Question 51

YAML: DaemonSet

Answer 51

Same YAML as ReplicaSet, except the kind is DaemonSet

Question 52

Location: Path of the Static Pod Manifests

Answer 52

Usually, these are in /etc/kubernetes/manifests
If not, view /var/lib/kubelet/config.yaml
Look for “staticPodPath”

Question 53

Command: Viewing Docker processes

Answer 53

docker ps

Question 54

Command: Verify if a Pod is Static

Answer 54

Execute kubectl get pod NAME -o yaml
Investigate the ownerReferences section
If “kind: Node”, then it’s a static pod

Question 55

YAML: Create a Pod with an imbedded command

Answer 55

kubectl run <…> –command – sleep 100
Make sure “command” is the last parameter

Question 56

YAML: Pod with tolerations

Answer 56

Using a Pod YAML, under the “spec” section, at the same indent as “containers”, add:

tolerations:
- key: “app”
operator: “Equal”
value: “blue”
effect: “NoSchedule”

Question 57

Command: Get Events

Answer 57

kubectl get events

Question 58

Command: View Scheduler Logs

Answer 58

kubectl logs SCHEDULERNAME –name-space=kube-system

Question 59

YAML: Additional Scheduler

Answer 59

apiVersion: v1
kind: Pod
metadata:
name: my-custom-scheduler
namespace: kube-system
spec:
containers:
- command:
- kube-scheduler
- –address=127.0.0.1
- –kubeconfig=/etc/kubernetes/scheduler.conf
- –leader-elect=true
- –scheduler-name=my-custom-scheduler
- –lock-object-name=my-custom-scheduler
image: k8s.gcr.io/…
name: kube-scheduler

In /etc/kubernetes/manifests/kube-scheduler.yaml
Either change the “–leader-elect=true” to false
- or -
Add the “–lock-object-name=CustomSchedulerName”

Question 60

YAML: Using a custom scheduler

Answer 60

Using a Pod YAML, under the “spec” section, at the same indent as “containers”, add:

schedulerName: SCHEDULERNAME

Question 61

Command: View Performance

Answer 61

kubectl top Node
kubectl top pod

Question 62

Command: Install K8S Metrics Server

Answer 62

git clone https://github.com/kodekloudhub/kubernetes-metrics-server.git
kubectl create -f kubernetes-metrics-server/.

Question 63

Command: Display Logs for a Pod

Answer 63

kubectl logs -f PODNAME CONTAINERNAME –previous

Question 64

Command: App Rollout Status

Answer 64

kubectl rollout status DEPLOYMENTNAME

Question 65

Command: App Rollout History

Answer 65

kubectl rollout history DEPLOYMENTNAME

Question 66

Command: App Rollback

Answer 66

kubectl rollout undo DEPLOYMENTNAME

Question 67

YAML: Pod Command and Arguments

Answer 67

Using a Pod YAML, under the “spec” section, under the “containers” section,
at the same indent as “image”, add:

command:[“COMMAND”]
args: [“ARGUMENTS”]

Question 68

YAML: Pod Environment Variables

Answer 68

Using a Pod YAML, under the “spec” section, under the “containers” section,
at the same indent as “image”, add:

env:
- name: myVar
value: pink

Question 69

Command: Configmap

Answer 69

kubectl create configmap \
CONFIGNAME –from-literal=KEY=VALUE
–from-literal=KEY=VALUE
- OR -
kubectl create configmap \
CONFIGNAME –from-file=PATHANDFILE

Question 70

YAML: Configmap File

Answer 70

apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
KEY1: VALUE1
KEY2: VALUE2

Question 71

YAML: Pod and Configmap

Answer 71

Using a Pod YAML, under the “spec” section, under the “containers” section,
at the same indent as “image”, add:

envFrom:
- configMapRef:
name: CONFIGMAPNAME

• OR -

env:
- name: ENVNAME
valueFrom:
configMapKeyRef:
name: CONFIGMAPNAME
key: ENVNAME

• OR -

volumes:
- name: app-config-volume
configMap:
name: CONFIGMAPNAME
name: CONFIGMAPNAME2

Question 72

Command: Secret

Answer 72

kubectl create secret generic \
SECRETNAME –from-literal=KEY=VALUE
–from-literal=KEY=VALUE

kubectl create secret generic \
SECRETNAME –from-file=PATHANDFILE

Question 73

YAML: Secret File

Answer 73

apiVersion: v1
kind: Secret
metadata:
name: app-secret
data:
KEY1: VALUE1
KEY2: VALUE2

Question 74

Command: Base64 Encode and Decode

Answer 74

Encode: echo -n ‘VALUE’ | base64
- OR -
cat <FILENAME> | base64 -w 0
Decode: echo -n 'VALUE' | base64 --decode</FILENAME>

Question 75

YAML: Pod and Secret File

Answer 75

Using a Pod YAML, under the “spec” section, under the “containers” section,
at the same indent as “image”, add:

envFrom:
- secretRef:
name: SECRETNAME

• OR -

env:
- name: SECRETKEYNAME
valueFrom:
configMapKeyRef:
name: SECRETNAME
key: SECRETKEYNAME

• OR -

volumes:
- name: app-secret-volume
configMap:
name: SECRETNAME
name: SECRETNAME2

Question 76

Command: Execute within the Pod

Answer 76

kubectl exec PODNAME -it
- OR -
kubectl exec PODNAME – <command></command>

Question 77

SYSParm: Pod Eviction Timeout

Answer 77

kube-controller-manager –pod-eviction-timeout

Question 78

Command: Drain Node

Answer 78

kubectl drain NODENAME
then, kubectl uncordon NODENAME

Question 79

Command: Cordon/Uncordon Node

Answer 79

Cordon: kubectl cordon NODENAME
Uncordon: kubectl uncordon NODENAME

Question 80

Command: Alias kubectl

Answer 80

alias k=kubectl

Question 81

Command: Latest Stable K8S Version

Answer 81

kubeadm upgrade plan

Question 82

Command: Snapshot ETCD

Answer 82

Values can be found in etcd pod.

etcdctl snapshot save FILENAME.db \
–endpoints=”listen-client-urls” \ (exclude https:\)
–cacert=”trusted-ca-file” \
–cert=”cert-file” \
–key=”key-file”

View Status: etcdctl snapshot status FILENAME.db

Question 83

Command: ETCD Restore

Answer 83

a) etcdctl snapshot restore –data-dir NEWDIRECTORYNAME SNAPSHOTFILENAME
b) vi /etc/kubernetes/manifests/etcd.yaml
c) change the data-data directory in the volumes section
d) save will recreate etcd pod

Question 84

Command: Switching Context

Answer 84

1) kubectl config view
2) kubectl config set-context –current –namespace=<NewNamespace></NewNamespace>

Question 85

YAML: Pod and Volumes

Answer 85

Using a Pod YAML, under the “spec” section, under the “containers” section,
at the same indent as “image”, add:

volumeMounts:
- mountPath: CONTAINERDIRPATH
name: VOLUMENAME

Also, at the same indent as “containers”, add:

volumes:
- name: VOLUMENAME
hostPath:
path: HOSTDIRPATH

Question 86

YALM: Persistent Volumes

Answer 86

apiVersion: v1
kind: PersistentVolume
metadata:
name: my-persist-vol
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce (must match Access in PVC)
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /pv/log

Question 87

YAML: Persistent Volume Claims

Answer 87

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: CLAIMNAME (must match CLAIMNAME in Pod)
spec:
accessModes:
- ReadWriteOnce (must match Access in PV)
resources:
requests:
storage: 500Mi

Question 88

YAML: Pods and Persistent Volume Claims

Answer 88

Using a Pod YAML, under the “spec” section, under the “containers” section,
at the same indent as “image”, add:

volumeMounts:
- mountPath: CONTAINERDIRPATH
name: VOLUMENAME

Also, at the same indent as “containers”, add:

volumes:
- name: VOLUMENAME
persistentVolumeClaim:
claimName: CLAIMNAME (must match CLAIMNAME in PVC)

Question 89

YAML: StorageClass

Answer 89

apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: Wait ForFirstConsumer

Question 90

Object: TLS Certificates

Answer 90

Three Server Certificates:
1) API Server
2) ETCD Server
3) Kubelet Server

Four Client Certificates:
1) Admin
2) Kube Scheduler
3) Kube Controller Manager
4) Kube Proxy

Question 91

Command: Inspect Service Logs

Answer 91

Kubeadm: kubectl logs etcd-master
- OR -
journalctl -u etcd.service -l
- OR -
docker ps -a
docker logs <CONTAINERID>
- OR -
crictl ps -a
crictl logs <CONTAINERID></CONTAINERID></CONTAINERID>

Question 92

Command: Approve CSR

Answer 92

kubectl certificate approve <CSRNAME></CSRNAME>

Question 93

Location: where is the default kubeconfig file ?

Answer 93

$HOME/.kube/config

Question 94

Command: API Groups URL

Answer 94

Available API Groups: http://localhost:6443 -k
Supported Resource Groups: http://localhost:6443/apis -k | grep “name”

Be aware: start kubectl proxy service so you don’t need to enter certificate info
1) kubectl proxy
2) http://localhost:8001 -k

Question 95

Location: API Server Authorization Mode

Answer 95

In /etc/kubernetes/manifests/kube-aip-server.yaml, add:
“–authorization-mode=”

Question 96

Command: RBAC

Answer 96

1) kubectl get roles
2) kubectl get rolebindings
3) kubectl describe role <ROLENAME></ROLENAME>

Question 97

Command: Check My Access

Answer 97

kubectl auth can-i create deployments –as <USERNAME></USERNAME>

Question 98

Command: Cluster Roles

Answer 98

1) kubectl get clusterroles
2) kubectl get clusterrolebindings
3) kubectl describe clusterrole <CLUSTERROLENAME></CLUSTERROLENAME>

Question 99

Command: List All Resources

Answer 99

kubectl api-resources

Question 100

Command: Service Account

Answer 100

1) kubectl create serviceaccount <SVCACCTNAME>
2) kubectl create token <SVCACCTNAME></SVCACCTNAME></SVCACCTNAME>

Question 101

Command: Private Repository

Answer 101

1) kubectl create secret docker-registry <DOCKERREGREDS> \
--docker-server= \
--docker-username= \
--docker-password= \
-- docker-email=
2) Using a Pod YAML, under the "spec" section, at the same indent as "containers" section, add:</DOCKERREGREDS>

imagePullSecrets:
- name: <DOCKERREGREDS></DOCKERREGREDS>

Question 102

Command: Install Weave Net

Answer 102

kubectl apply -f “https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d ‘\n’)”

Question 103

Object: CoreDNS

Answer 103

DNS solution
Configuration file is located at: /etc/coredns/Corefile

Question 104

Command: Return IP Address of Service or Pod

Answer 104

Service: host <SERVICENAME> (may be partially qualified)
Pod: host 10-244-2-5.default.pod.cluster.local</SERVICENAME>

Question 105

Command: View Ingress Controller

Answer 105

kubectl get ingress

Question 106

Kubeadm Steps

Answer 106

1) Provision VMs
2) Designate Master node
3) Install Docker on all nodes
4) Install kubeadm on all nodes
5) Initialize Master node
- verify IP Addr (ifconfig eth0) when creating kubeadm inti command
6) Set up networking solution (Pod Network)
7) Join Worker nodes to Master node

Question 107

Command: Check Control Plane Services

Answer 107

service kube-apiserver status

Question 108

Kubectl Cheat Sheet

Answer 108

K8S Doc&raquo_space; Reference&raquo_space; Command Line Tool&raquo_space; kubectl Cheat Sheet

Question 109

Command: Using JSON Path Queries

Answer 109

kubectl get deployments.apps
-o=custom-columns=’COLHEADER:JSONPATH,COLHEADER:JSONPATH’ –sort-by=JSONPATH
(remember to exclude “.items” portion of JSONPATH)

kubectl get deployments.apps
-o=jsonpath=’{range .items[*]}{JSONPATH}{“\t”}{JSONPATH}