Meta information (about the exam)

Plan

  • [ ] Buy the practice exams (Udemy)
  • [ ] Initial pass of the Kubernetes Docs
  • [ ] A run through of Kubernetes The Hard Way

Kubernetes Fundamentals (46%)

Topics: Kubernetes Resources, Kubernetes Architecture, Kubernetes API, Containers, Scheduling

Basics: Service discovery and load balancing, self-healing, secrets management.

What it is not: CI/CD

Kubernetes Objects (infra as code reference)

  • Represent the state of your cluster. Your desired declarative end state. Most often provided via kubectl by passing a YAML file.

Methods of interacting with Kubernetes objects

  1. Imperative - User interacts directly on live objects. User provides operations to the kubectl command as arguments or flags.
  2. Imperative object - Apply changes given in a single file, but still specifies which operation (create / read / update / delete etc).
  3. Declarative object configuration - Does not define the operation, nor the specific file, operates on full directory structures.

Kubeconfig file access

Component: Nodes

Nodes are worker machines which host pods, where every cluster has at least 1 node.

  • Node names are unique
  • Kubelet can self-register with the API server

Node authorisation

https://kubernetes.io/docs/reference/access-authn-authz/node/

  • Kubelet
    • The agent running on a node, connects with apiserver. Makes sure that containers are running in a pod.
    • Takes PodSpec typically from api-server (but can be provided via a static file or a reference to an HTTP endpoint) to ensure that containers defined in the PodSpec are running and healthy.
  • kube-proxy
    • Network proxy that runs on each node in your cluster.
  • container runtime
    • Software responsible for running containers (containerd, CRI-O).
    • systemd generates and consumes a root control group and acts as a cgroup manager
    • There is a cgroup v1 and cgroup v2

Component: Pods

  • Smallest deployable units of compute that you can deploy in Kubernetes
  • Shared storage and network resources (co-located, co-scheduled, run in shared context)
  • Can include init - These run before app containers in a pod.
  • And ephemeral containers - Used for inspecting running applicataions, rather than for running applications. They lack guarentees for completion, and are not automatically restarted. Useful when you can't exec into a container.
  • "User accounts" are for humans, "service accounts" are for processes. User accounts are global, service accounts are namespaced. Pods created use the default "service account".

Component: Kubernetes API

  • Let's you query and manipulate the state of API objects in Kubernetes. Can be accessed through CLI commands such as kubectl and kubeadm, also has client libraries.

  • kube-apiserver

    • Exposes the Kubernetes API.

Other Components

  • etcd - Consistent, highly-available key/value store used as a backing store for cluster data.
  • kube-scheduler - Watches for newly created pods and selects nodes for them to run on.
  • kube-controller-manager - Runs controller processes. Each controller is a separate process, but are compiled into a single binary.
  • cloud-controller-manager - Cloud specific control logic. When ran on-premise or on your computer you do not have this component. Executes as a single binary.
  • Addons - Such as cluster DNS, Web UI, container resource monitoring, cluster-level logging

Container Orchestration (22%)

Topics: Container Orchestration Fundamentals, Runtime, Security, Networking, Service Mesh, Storage

Networking

Overview

  • Each pod gets it's own IP
  • Kubernetes IP addresses exist at the Pod scope
  • Containers within a Pod can all reach each other's ports on localhost
  • Containers within a Pod must coordinate port usage, but this is no different from processes in a VM.

Cloud Native Architecture (16%)

Topics: Autoscaling, Serverless, Community and Governance, Roles and Personas, Open Standards

Cloud Native Observability (8%)

Topics: Telemetry & Observability, Prometheus, Cost Management

Cloud Native Application Delivery (8%)

Topics: Application Delivery Fundamentals, GitOps, CI/CD

Questions

  • Are things like canary deployments handled with plugins?
  • Would you deploy databases from within Kubernetes?
  • GRPC vs HTTP

results matching ""

    No results matching ""