Kubernetes Exam Important Topics With Informative Diagram

            During the Exam Preparation, What are a thing I have prepared I am sharing with you.  Certified Kubernetes Exam (CKA) is a real practical exam, Similar to the Redhat and it is an open book exam. This exam during my period, it contacts five topics. Storage, Networking, Application Troubleshooting, Workload Scheduling, and Cluster Architecture Installation Configuration. During the examination, I have found Storage and Networking are hard to answer exams. So now Let me share Diagram, which will help you to remember the topics much easier.

Table of Contents

What is Kubernetes
Application Failure + Deployment + LogKubernetes Network Architecture
Kubernetes Upgrade Process
Kubernetes Backup and Recovery
Kubernetes Cluster Component
Kubernetes Cluster Role and RoleBinding.
Storage Persistent Volume and Persistent Volume Claim
Troubleshooting Node Failure
Comparison Between Label,ConfigMap and Taint

What is Kubernetes

       Kubernetes is a powerful orchestration tool. Since it has a great responsibility, it will come with great complexity and power. For Load balancing application, reverse proxy no need to maintain a separate service. Just simply deploy the respective pod-like deployment and ingress Nginx reverse proxy, which will do the activity.

Application Failure

Two Tier Applicaiton Architecture

       Regarding Application Troubleshooting, the Application comes with a two-tier application. it means two pods running with corresponding two services. Example I have taken with Backend MySQL and front end web services. Frontend service connected to the backend with Hostname and MySQL username and password

Applicaiton Architecure
      The above diagram illustration, it shows How the web service pod connected to the MySQL with Hostname and Login credentials details.

Application Troubleshooting IP and selector

This diagram illustrates How the web service is connected to the corresponding pod.

Application Deployment

      Application deployment is mainly used to deploy the application as much faster and, also in case if we want to update we can update the application without downtime and, the same thing applicable to old image setup that is also we can do without any hassle. 
Deployment Rolling Strategy
      Rolling update and Rollback, we can update the deployment strategy. This strategy rather than downgrade all the pods, we can downgrade and upgrade the pod one by one, so that we can eliminate service downtime.  Deamonset and replica set is the lower version of the deployment. if we delete any pod from deployment it will automatically create, but the same thing not applicable to the replica set and daemonset.

Application Logs
Kubernets Logging Architecture
 To see the error in the application container, we can use the above command. Instead of --stdin we can use -I ---tty we can use -t. So finally the command looks like this 

#kubectl exec -i -t pod/web app -- /bin/sh 

Kubernetes Docker Network Architecture

Kubernetes Docker Network Architecture
CK8S Network Communication
 Kubernetes Docker has three types of networking concepts, NodePort, ClusterIP, LBalancer.
NodePort -> is used to access the service outside. with http://IP:port_number this information we can get it from the service description Endpoint option.
1)ClusterIP -> is used to communicate the network between pod to pod.
2)Coredns IP -> -> Fixed   -> Depends on this all the Pod ip will be assigned
What about the service IP, How it is derived from?
3)Service IP which is specified in the /etc/kubernetes/manifest/kube-apiserver.yaml
controlplane $ grep -r -i 10 kube-apiserver.yaml 
    - --service-cluster-ip-range=

CK8S IP Derived from


By Default all the object will display using #kubectl get all -A except the ingress.

What is the purpose of Ingress?

   By default, we can access the service with IP and port number, this is not user-friendly to customer to avoid and bring the naming conversion, Ingress was introduced.
What is the purpose of Ingress?

Ingress Rules configuration

Ingress Rules configuration

Ingress namespace configuration
Ingress namespace configuration

Kubernetes Upgrade control plane kubelet and kubectl

    Upgrading Kubernetes is much easier, but we have to follow the proper step-by-step implementation. 
Kubernetes Upgrade control plane kubelet and kubectl
First, we have to make unscheduled > kubectl cordon control plane
then we have to drain the node >  kubectl drain control plane
then we have to upgrade them using >  apt install kubeadm=1.20.0-00 
kubeadm upgrade plan > kubeadm upgrade apply 1.20.0
Upgrade kubelet > apt install kubelet=1.20.0-00
Upgrade kubectl > apt install kubectl=1.20..0-00

Kubectl Backup and Recovery

  kubectl backup is used to back up the etcd configuration and we can restore it whenever it is required.
#ETCDCTL_API=3 etcdctl --endpoints= --cacert="/etc/kubernetes/pki/etcd/ca.crt" --cert="/etc/kubernetes/pki/etcd/server.crt" --key="/etc/kubernetes/pki/etcd/server.key" snapshot save /opt/snapshot-pre-boot.db
   if we are not able to get this option we can get it from etcdctl --help option and this certificate and key file we can get it from the #kubectl -n kubesystem describe etcd-controlplane, In the same way we can recover it. For etcdctl we have to install etcdctl client.
#ETCDCTL_API=3 etcdctl --data-dir <directory_name> snapshot restore /file/filename.db

Kubernetes Cluster Component

it is having, API, scheduler, etc,controller-manager.
Kubernetes Cluster Component

Kubernetes Cluster Component LoadBalancer

Kubernetes Cluster Role and RoleBinding

Role -> Create a Role with what are the options can do with resources.
RoleBinding -> Bind the Role with user to perform the operation.
Kubernetes Cluster Role and RoleBinding

Storage Persistent Volume and Persistent Volume Claim

Persistent Volume ClaimHow To TroubleShoot Node is Not-ready State

TroubleShoot Node is Not-ready State

Worker Node we have to check the following things

1)node is ready or not #kubectl get node -o wide
-> 2) check specific node kubelet status systemctl status kubelet
-> 3) if kublet is not started check #journactl -u kubelet -l (or) systemctl status kuebelet
-> 4) if there is any error try to find error meessage in the log file
->5) Then check the kubelet configuration file /etc/systemd/system/kubelet.service.d/10-kubeam.conf
->6) root@node01:/etc/systemd/system/kubelet.service.d# grep -r -i wrong /var/lib/kubelet/*
->7)if still everything looks good node kublet configuraiton file 
-> /etc/kubernetes/kubelet.conf file and check all the port and other configuraiton is looks good

Configuraiton file details

systemctl status node -o wide
1)/etc/systemd/system/kubelet.service/10-kubeadm.conf - Configuration check
2)systemctl daemon-reload
3)journactl -u kubelet -f - Check the Log file
4)systemctl status kubelet -l - Check the kubelet
5)kubelet cluster-info - Check the clusterinfomation whether match with configuration
6)cat /etc/kubenets/kubelet.conf

Control plane Configuration Verification 

Control plane Configuration Verification



ConfigMap in Pod
Pod ConfigMap

Configmap in Corefile

Configmap in Corefile

DNS Name Resolution

DNS Name Resolution

What is Different Between Label, ConfigMap, and Taint

Label and Taint > Do a similar operation.
Lable > Label is used to schedule with corresponding matching labels. 
Taint >  Taint has some more information, which helps to schedule or not schedule the app.
Example Taint Configuraiton 
key=spray value= moretin Effect=NoSchedule Spray=moretin:Noschedule
And after every object, it would be array means add - Finally look like this
  - image: nginx
    name: bee
  - effect: NoSchedule
    key: spray
    operator: Equal
    value: mortei
# kubectl taint node controlplane node-role.kubernetes.io/master:NoSchedule-
configmap > will act as an environment variable.

if you want to know more about Kubernetes, refer to the below link it would be helpful

Post a Comment