Wayne Khan

Technology musings...

Newly-minted Certified Kubernetes Administrator (CKA)

In July I became a CKA on my second attempt, improving my score from 67% to 79% (74% to pass).

A couple of people – nerds, really – asked me about it, so I thought I’d write down some of the things I picked up along the way.

What worked

What didn’t work

General

kubectl explain is a life-saver: use it to explain (of course), what the level of indentation, as well as what type of value(s) is expected.

The https://kubernetes.io/docs/reference/kubectl/cheatsheet/ is a handy collection of tips; e.g.,

Don’t waste time typing out kubectl in full – just use your new k alias defined below, and please enable Tab auto-completion (of resource names):

echo "source <(kubectl completion bash)" >> ~/.bashrc
alias k=kubectl
complete -F __start_kubectl k
source ~/.bashrc

Don’t waste time typing out manifest files; e.g., use k run --generator=run-pod/v1 --image=foo --dry-run -o=yaml > foo.yaml, it’s far quicker to modify an existing manifest.

Workloads

For standard, non-headless Services, a DNS name is created so it is not necessary to know which Endpoints to use. But there is also Pods DNS, which I remember as the “dashed IP of a given Pod”, followed by something like “.default.pod.cluster.local”; e.g., 192-168-1-39.default.pod.cluster.local. See https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/.

Two containers within the same Pod will not see the same filesystem unless they have the same named volumeMounts specification. See https://kubernetes.io/docs/concepts/storage/volumes/.

Nodes

Swap must be disabled in order for kubelet.service to work correctly (e.g., swapoff -a). See https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/.

It’s possible to configure kubelet with Pod manifests (e.g., /etc/kubernetes/manifests/), but check if --staticPodPath is also defined. See https://kubernetes.io/docs/tasks/administer-cluster/static-pod/.

To take a snapshot of your etcd, use etcdctl snapshot save --endpoints= --cacert= --cert= --key=, with the last 4 arguments having values specific to your cluster. See https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/.

Carefully inspect the output of systemctl status kubelet. If you’re seeing a NotReady node, it mght be because the kubelet.service file references a config file – there are multiple! – that doesn’t exist, so it’s just a matter of correcting the filepath/name, and perhaps grabbing a copy off a node that you already know works.

References