CKAD Cluster Setup and Training Resources

Useful curated resources to prepare for CKAD

Online Courses

• Udemy CKAD Course - Learn concepts and practice for the Kubernetes Certification with hands-on labs right in your browser - DevOps - CKAD (really good and up2date as of 2020)
• LinuxAcademy CKAD Course - with free "personal" instances, also very comprehensive, but at least some labs used outdated Kubernetes version as of 2020
• CKAD @ katacode - useful for practicing, integrated in Undemy course

Offical Exam Resources

• Cloud Native Foundation CKAD | About the program Overview
• Linux Foundation FAQ: CKA and CKAD & CKS (Official)
• Linux Foundation CKAD T&C DOC (official legal stuff)
• CKA and CKAD - T&C DOC (firewall, sudo etc.)
• Exam Browser / OS Compatibility Check

Experiences from other participants

• CKAD exp. Cédric Moular (Good), vim tips etc.
• twajr/ckad-prep-notes: Huge repo with List of resources and notes for passing the exam
• CKAD Exercises : dgkanatsios, yeat another good collections of info and exercises
• lucassha/CKAD-resources Github Repo: Study materials for k8s CKAD
• The CKAD browser terminal. Easy Preparation Read | by Kim Wuestkamp | codeburst
• Some CKAD exam experience | LinkedIn

Watch ...

• Video: How to CRUSH the CKAD Exam (10min, easy to watch)
• Video: Muralidaran Tips on preparing for CKAD - YouTube 25min, some good hints

Snippets to speed your cluster interaction (très impoortante)

Time managament is essential, so these may help to save some seconds here and there ...

# useful aliases
alias kc=kubectl # or whaever you prefer, but make it short
alias kns='kubectl config set-context --current --namespace '
alias pods="kubectl get pods" # needed it all the time
alias ke="kubectl explain --recursive" # didn't know that one before

export dry="--dry-run=client -o yaml" # for kubectl run quick yaml export
export force="--force --grace-period=0" # to speed up kubectl delete xy

# auto complete
source <(kubectl completion bash)
complete -F __start_kubectl kc # enable also for kc alias

# tune vim tabstop, softtabstop, shiftwdith and tabs=>spaces
echo "set ts=2 sts=2 sw=2 et" > ~/.vimrc 

Curated kubernetes.io deeplinks

Since you are allowed to use the offical kubernetes.io documentation, it can pay off to bookmark a couple of useful locations for code cut'n'paste, as not to waste time to search for them during the exam under time pressure.

• kubectl Cheat Sheet - Kubernetes
• Pod: Shell to a Running Container with empyDir volmount
• Pod: ConfigMaps Mount from a Pod | Kubernetes
• Pod: Use configMapKeyRef in busybox
• Pod: Mount Secrets via Volumes | Kubernetes
• Pod: Security Context, Pod or Container | Kubernetes
• Pod: Volumes empyDirExample
• Pod: Liveness, Readiness and Startup Probes | Kubernetes
• Pod: Request and Limits Mem CPU
• Nodes+pods: Taints and Tolerations | Kubernetes
• Nodes+Pods: Assign Pods to Nodes using Node Affinity
• Nodes+Pods: Assign Pods2 Nodesnodelector | Kubernetes
• Nodes+Pods: use nodeName to assign
• Cronjob: Creation with yaml, busybox example
• Deployment: Sample with 4 replicas
• Deployment: Expose as Service
• Deployments: Rollback history + rollout set image
• Deployment: Updating Resources Cheatsheet
• Deployments: Stateful Set + Init Container
• Jobs: completions, backoffLimit
• Services: Expose curlpod as nodeport
• Service: Multiport Service Ex
• Network Policy | Limit Ingress Access to pod
• Network Policies | the resources (big)
• Ingress | http path rules
• Persistent Volumes: Create PV + PVC
• PersistentVolume: Configure Podwith hostPath and pvc for Storage
• Labels and Selectors | Kubernetes

Vim yaml tuning explained

You need to be fluent with either nano or vim, I picked vim. Since you'll be mostly editing yaml, it makes sense to optimize the settings to deal with yaml files, especially when it comes to indentation. Don't even bother to working with .yaml extensions, save time and keep filenames short but use quesiton numbers if you come back later.

• echo "set ts=2 sts=2 sw=2 et" > ~/.vimrc
• Source: For YAML files (...) instruct Vim to use 2 spaces for indentation, use spaces instead of tabs and
• Mark lines: Esc+V (then arrow keys), Copy marked lines: y, cut: d, Paste: p or P
• Delete from cursor to end of file: 'dG'

Setup your own Cluster for Training using this repo

Background

This repo started as a fork of the kubeadm-ansible and spins up a Kubernetes cluster using Ansible with kubeadm.

My primary goal was to use the resulting cluster to prepare for the Certified Kubernetes Application Developer (CKAD) Program to have an easy-to-(re)create environment to play around with.

The setup playbook has been tested successfully with the following configuration:

• Kubernetes 1.19
• Docker (docker-ce) 18.06
• Calico Networking intead of flannel
• Two Ubuntu 18.04 LTS small sized machines (2 vCPU, 2 GiB RAM), one acting as master and one as worker node

I've used servers managed by Linux Academy Cloud Playground as they also provide a dedicated CKAD Training, but could use any cloud provider or on premise infrastructure. Remember you need to perform some intial ssh setup before running the playbook, see System requirements below

System requirements

• Deployment environment must have Ansible 2.4.0+ (pip install --user ansible)
• Master and nodes must have passwordless SSH access. For ssh login you can easily create a keypair and add the public key to remote ~/.ssh/authorized_keys.

   # both private and public key are placed in .secret and git-ignored 
   ssh-keygen -t rsa -b 4096 -f .secret/id_rsa  -N ""
   ssh-copy-id -i .secret/id_rsa.pub cloud_user@till1.server.com # repeat or each host

• For easy access you can setup an custom Host entry in your ~/.ssh/config file

Host *.server.com 
  User cloud_user
  IdentityFile ~/path/to/ckad-cluster/.secret/id_rsa
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null

• Since ansible needs to execute some commands with elevated privileges, you may also have to use Ansible's --ask-become-pass option or store it in hosts.ini (not recommended)

Cluster Customization

Add the system information gathered above into a file called hosts.ini, you can use hosts.ini.tmpl as a template and just adapt hostnames and ssh config

Also adapt group_vars/all.yml to your specified configuration. For example, pick a different version of Kubenernetes or choose flannel instead of calico To update docker version, check available versions and update roles/docker/defaults/main.yml accordingly.

Note: Depending on your setup, you may need to modify cni_opts to an available network interface. By default, kubeadm-ansible uses eth1. Your default interface may be eth0.

After going through the setup, run the site.yaml playbook:

$ ansible-playbook site.yaml
...
kubernetes/master : Init Kubernetes cluster -------------------------------------------------------------------------------------------------------------------------------- 51.30s
kubernetes/node : Recreate kube-dns ---------------------------------------------------------------------------------------------------------------------------------------- 21.63s
commons/pre-install : Install kubernetes packages (Debian/Ubuntu) ---------------------------------------------------------------------------------------------------------- 19.56s
commons/pre-install : Install kubernetes packages (Debian/Ubuntu) ---------------------------------------------------------------------------------------------------------- 18.10s
docker : Install docker engine (Debian/Ubuntu) ----------------------------------------------------------------------------------------------------------------------------- 15.32s
docker : Install apt-transport-https --------------------------------------------------------------------------------------------------------------------------------------- 13.02s
docker : Add Docker APT repository ------------------------------------------------------------------------------------------------------------------------------------------ 8.62s
commons/pre-install : Add Kubernetes APT repository ------------------------------------------------------------------------------------------------------------------------- 7.59s
commons/pre-install : Add Kubernetes APT repository ------------------------------------------------------------------------------------------------------------------------- 7.45s
kubernetes/node : Join to Kubernetes cluster -------------------------------------------------------------------------------------------------------------------------------- 6.74s
Gathering Facts ------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.60s
Gathering Facts ------------------------------------------------------------------------------------------------------------------------------------------------------------- 4.29s
commons/pre-install : Disable swappiness and pass bridged IPv4 traffic to iptable's chains ---------------------------------------------------------------------------------- 3.30s
commons/pre-install : Disable swappiness and pass bridged IPv4 traffic to iptable's chains ---------------------------------------------------------------------------------- 3.27s
docker : Copy Docker engine service file ------------------------------------------------------------------------------------------------------------------------------------ 3.12s
docker : Copy Docker environment config file -------------------------------------------------------------------------------------------------------------------------------- 2.64s
cni : Copy calico YAML files ------------------------------------------------------------------------------------------------------------------------------------------------ 2.50s
commons/pre-install : Copy kubeadm conf to drop-in directory ---------------------------------------------------------------------------------------------------------------- 2.49s
Gathering Facts ------------------------------------------------------------------------------------------------------------------------------------------------------------- 2.46s
commons/pre-install : Copy kubeadm conf to drop-in directory ---------------------------------------------------------------------------------------------------------------- 2.42s

The playbook will download /etc/kubernetes/admin.conf file to .secret/admin.conf from master and populate it to ~/.kube/conf on each node (which is the default location so you don't need to specify KUBECONFIG) environment variable

Verify cluster is fully running using kubectl:

$ kubectl get node
NAME                         STATUS   ROLES    AGE   VERSION
till1.server.com             Ready    master   23m   v1.17.2
till2.server.com             Ready    <none>   17m   v1.17.2

$ kubectl get po --all-namespaces
NAME                                    READY     STATUS    RESTARTS   AGE
etcd-master1                            1/1       Running   0          23m
...

$ kubectl cluster-info
Kubernetes master is running at https://172.xx.xx.xx:6443
KubeDNS is running at https://172.xx.xx.xx:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

$ kubectl run nginx --image=nginx
$ kubectl get pods
NAME    READY   STATUS    RESTARTS   AGE
nginx   1/1     Running   0          13s

Resetting the environment

Finally, reset all kubeadm installed state using reset-site.yaml playbook:

$ ansible-playbook reset-site.yaml

Additional features

These are features that you could want to install to make your life easier.

Enable/disable these features in group_vars/all.yml (all disabled by default):

# Additional feature to install
additional_features:
  healthcheck: false

Healthcheck

This will install k8s-healthcheck (https://github.com/emrekenci/k8s-healthcheck), a small application to report cluster status.