Kubernetes Exam Important Topics With Informative Diagram

            During the Exam Preparation, What are a thing I have prepared I am sharing with you.  Certified Kubernetes Exam (CKA) is a real practical exam, Similar to the Redhat and it is an open book exam. This exam during my period, it contacts five topics. Storage, Networking, Application Troubleshooting, Workload Scheduling, and Cluster Architecture Installation Configuration. During the examination, I have found Storage and Networking are hard to answer exams. So now Let me share Diagram, which will help you to remember the topics much easier.

Table of Contents

What is Kubernetes
Application Failure + Deployment + LogKubernetes Network Architecture
Ingress
Kubernetes Upgrade Process
Kubernetes Backup and Recovery
Kubernetes Cluster Component
Kubernetes Cluster Role and RoleBinding.
Storage Persistent Volume and Persistent Volume Claim
Troubleshooting Node Failure
Comparison Between Label,ConfigMap and Taint

What is Kubernetes

       Kubernetes is a powerful orchestration tool. Since it has a great responsibility, it will come with great complexity and power. For Load balancing application, reverse proxy no need to maintain a separate service. Just simply deploy the respective pod-like deployment and ingress Nginx reverse proxy, which will do the activity.

Application Failure

       Regarding Application Troubleshooting, the Application comes with a two-tier application. it means two pods running with corresponding two services. Example I have taken with Backend MySQL and front end web services. Frontend service connected to the backend with Hostname and MySQL username and password

      The above diagram illustration, it shows How the web service pod connected to the MySQL with Hostname and Login credentials details.

This diagram illustrates How the web service is connected to the corresponding pod.

Application Deployment

   

      Application deployment is mainly used to deploy the application as much faster and, also in case if we want to update we can update the application without downtime and, the same thing applicable to old image setup that is also we can do without any hassle. 

      Rolling update and Rollback, we can update the deployment strategy. This strategy rather than downgrade all the pods, we can downgrade and upgrade the pod one by one, so that we can eliminate service downtime.  Deamonset and replica set is the lower version of the deployment. if we delete any pod from deployment it will automatically create, but the same thing not applicable to the replica set and daemonset.

Application Logs

 To see the error in the application container, we can use the above command. Instead of --stdin we can use -I ---tty we can use -t. So finally the command looks like this 

#kubectl exec -i -t pod/web app -- /bin/sh 

Kubernetes Docker Network Architecture

 

 Kubernetes Docker has three types of networking concepts, NodePort, ClusterIP, LBalancer.

NodePort -> is used to access the service outside. with http://IP:port_number this information we can get it from the service description Endpoint option.

1)ClusterIP -> is used to communicate the network between pod to pod.

2)Coredns IP -> 10.44.0.1 -> Fixed   -> Depends on this all the Pod ip will be assigned

What about the service IP, How it is derived from?

3)Service IP which is specified in the /etc/kubernetes/manifest/kube-apiserver.yaml

controlplane $ grep -r -i 10 kube-apiserver.yaml 

    - --service-cluster-ip-range=10.96.0.0/12

Ingress

By Default all the object will display using #kubectl get all -A except the ingress.

What is the purpose of Ingress?

   By default, we can access the service with IP and port number, this is not user-friendly to customer to avoid and bring the naming conversion, Ingress was introduced.

Ingress Rules configuration

Ingress namespace configuration

Kubernetes Upgrade control plane kubelet and kubectl

    Upgrading Kubernetes is much easier, but we have to follow the proper step-by-step implementation. 

First, we have to make unscheduled > kubectl cordon control plane

then we have to drain the node >  kubectl drain control plane

then we have to upgrade them using >  apt install kubeadm=1.20.0-00 

kubeadm upgrade plan > kubeadm upgrade apply 1.20.0

Upgrade kubelet > apt install kubelet=1.20.0-00

Upgrade kubectl > apt install kubectl=1.20..0-00

Kubectl Backup and Recovery

  kubectl backup is used to back up the etcd configuration and we can restore it whenever it is required.

#ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 --cacert="/etc/kubernetes/pki/etcd/ca.crt" --cert="/etc/kubernetes/pki/etcd/server.crt" --key="/etc/kubernetes/pki/etcd/server.key" snapshot save /opt/snapshot-pre-boot.db

   if we are not able to get this option we can get it from etcdctl --help option and this certificate and key file we can get it from the #kubectl -n kubesystem describe etcd-controlplane, In the same way we can recover it. For etcdctl we have to install etcdctl client.

#ETCDCTL_API=3 etcdctl --data-dir <directory_name> snapshot restore /file/filename.db

Kubernetes Cluster Component

it is having, API, scheduler, etc,controller-manager.

Kubernetes Cluster Role and RoleBinding

Role -> Create a Role with what are the options can do with resources.

RoleBinding -> Bind the Role with user to perform the operation.

Storage Persistent Volume and Persistent Volume Claim

How To TroubleShoot Node is Not-ready State

Worker Node we have to check the following things

1)node is ready or not #kubectl get node -o wide

-> 2) check specific node kubelet status systemctl status kubelet

-> 3) if kublet is not started check #journactl -u kubelet -l (or) systemctl status kuebelet

-> 4) if there is any error try to find error meessage in the log file

->5) Then check the kubelet configuration file /etc/systemd/system/kubelet.service.d/10-kubeam.conf

->6) root@node01:/etc/systemd/system/kubelet.service.d# grep -r -i wrong /var/lib/kubelet/*

->7)if still everything looks good node kublet configuraiton file 

-> /etc/kubernetes/kubelet.conf file and check all the port and other configuraiton is looks good

Configuraiton file details

systemctl status node -o wide

1)/etc/systemd/system/kubelet.service/10-kubeadm.conf - Configuration check

2)systemctl daemon-reload

3)journactl -u kubelet -f - Check the Log file

4)systemctl status kubelet -l - Check the kubelet

5)kubelet cluster-info - Check the clusterinfomation whether match with configuration

6)cat /etc/kubenets/kubelet.conf

Control plane Configuration Verification 

ConfigMap

ConfigMap in Pod

Configmap in Corefile

DNS Name Resolution

service-name.namespace.service.domain

What is Different Between Label, ConfigMap, and Taint

Label and Taint > Do a similar operation.

Lable > Label is used to schedule with corresponding matching labels. 

Taint >  Taint has some more information, which helps to schedule or not schedule the app.

Example Taint Configuraiton 

key=spray value= moretin Effect=NoSchedule Spray=moretin:Noschedule

And after every object, it would be array means add - Finally look like this

spec:

  containers:

  - image: nginx

    name: bee

  tolerations:

  - effect: NoSchedule

    key: spray

    operator: Equal

    value: mortei

# kubectl taint node controlplane node-role.kubernetes.io/master:NoSchedule-

configmap > will act as an environment variable.

if you want to know more about Kubernetes, refer to the below link it would be helpful

https://kubernetes.io/docs/reference/kubectl/cheatsheet/

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands