Setting Environement
Starting the exam and setting alias
Alias setup for kubectl command.
Check Kubernetes Cluster Information
Verifies the connection to the Kubernetes cluster and displays cluster endpoints.
Check Nodes in the Cluster
Lists all nodes in the Kubernetes cluster, verifying connectivity and cluster health.
Check Kubernetes Version
Displays the Kubernetes client and server versions to ensure compatibility and functionality.
Workload & Scheduling
Deployments
Create Deployment
Creates a deployment using a specified container image.
Scale Deployment
Scales the number of replicas in a deployment.
Expose Service
Exposes a deployment as a service on a specified port.
Update Deployment Image
Updates the container image used in a deployment.
Rollout Status
Checks the status of a deployment rollout.
Rollback Deployment
Rolls back a deployment to a previous revision.
Delete Deployment
Deletes a deployment.
Pods
List Pods
Lists all pods in the Kubernetes cluster.
Describe Pod
Describes detailed information about a specific pod.
Logs of Pod
Displays the logs of a specific pod.
Exec into Pod
Opens an interactive shell session inside a specific pod.
Delete Pod
Deletes a specific pod.
Jobs
Run Job
Runs a one-time job using a specified container image.
List Jobs
Lists all jobs in the Kubernetes cluster.
Describe Job
Describes detailed information about a specific job.
Delete Job
Deletes a specific job.
CronJobs
Create CronJob
Creates a cron job using a specified container image.
List CronJobs
Lists all cron jobs in the Kubernetes cluster.
Describe CronJob
Describes detailed information about a specific cron job.
Delete CronJob
Deletes a specific cron job.
Services & Networking
Services
Create Service
Creates a service of a specified type and name, exposing a TCP port.
Get Services
Lists all services in the current namespace.
Describe Service
Provides detailed information about a specific service.
Delete Service
Deletes a specific service.
Network Policies
Create NetworkPolicy
Creates a network policy with a specified name, namespace, and specification.
Get NetworkPolicies
Lists all network policies in the current namespace.
Describe NetworkPolicy
Provides detailed information about a specific network policy.
Delete NetworkPolicy
Deletes a specific network policy.
Storage
Persistent Volumes (PVs)
Persistent Volumes are a cluster-wide storage resource provisioned by an administrator. They provide storage resources that can be dynamically or statically provisioned.
Create Persistent Volume
Creates a Persistent Volume using the definition provided in the YAML file <pv-definition.yaml>.
Get Persistent Volumes
Lists all the Persistent Volumes available in the cluster.
Describe Persistent Volume
Provides detailed information about a specific Persistent Volume named <pv-name>.
Delete Persistent Volume
Deletes the Persistent Volume named <pv-name> from the cluster.
Persistent Volume Claims (PVCs)
Persistent Volume Claims are requests for storage by a user. They claim a Persistent Volume and bind it to a pod.
Create Persistent Volume Claim
Creates a Persistent Volume Claim using the definition provided in the YAML file <pvc-definition.yaml>.
Get Persistent Volume Claims
Lists all the Persistent Volume Claims in the current namespace.
Describe Persistent Volume Claim
Provides detailed information about a specific Persistent Volume Claim named <pvc-name>.
Delete Persistent Volume Claim
Deletes the Persistent Volume Claim named <pvc-name> from the cluster.
Storage Classes
Storage Classes provide a way to describe the 'classes' of storage offered by a cluster. Different classes might map to quality-of-service levels, backup policies, or arbitrary policies determined by the cluster administrators.
Get Storage Classes
Lists all the Storage Classes available in the cluster.
Create Storage Class
Creates a Storage Class using the definition provided in the YAML file <storageclass-definition.yaml>.
Describe Storage Class
Provides detailed information about a specific Storage Class named <storageclass-name>.
Delete Storage Class
Deletes the Storage Class named <storageclass-name> from the cluster.
Troubleshooting
Troubleshooting in Kubernetes involves identifying and resolving issues with the various resources and workloads running in the cluster. Here are the imperative commands that are particularly useful for troubleshooting:
Logs
Fetches and displays the logs of a specific pod, which is useful for debugging and understanding the behavior of the applications running in the pod.
Get Logs of a Specific Container
Fetches and displays the logs of a specific container within a pod.
Stream Logs
Streams the logs of a pod, useful for monitoring logs in real-time.
Events
Displays detailed information about a specific resource, including events associated with it.
List Events
Lists all events in the current namespace, providing an overview of what has happened in the cluster.
Exec into Container
Executes a command in a container within a pod, allowing interactive access (such as a bash shell) for troubleshooting.
Execute a Command in a Specific Container
Executes a command in a specific container within a pod, useful when dealing with multi-container pods.
Port Forwarding
Forwards a local port to a port on a pod, allowing access to a pod's service on the local machine.
Port Forwarding for a Service
Forwards a local port to a port on a service, useful for accessing a service locally.
Describe Pod
Displays detailed information about a pod, including its status, events, and resource usage.
Describe Node
Displays detailed information about a node, which can help diagnose node-specific issues.
Get Pod Info
Retrieves detailed YAML representation of a pod, useful for understanding its configuration and current state.
Get Node Info
Retrieves detailed YAML representation of a node, useful for understanding its configuration and current state.
Debugging a Pod with Debug Container
Attaches a debug container to a running pod for in-depth troubleshooting.
View System Logs with journalctl
Fetches and displays logs for a specific system service managed by systemd.
Stream System Logs with journalctl
Streams logs for a specific system service in real-time.
View Logs for All Services
Displays the systemd logs for all services with detailed debugging information.
Security and RBAC
Security in Kubernetes involves managing permissions, roles, and network policies to ensure that only authorized users and services can access resources and perform actions within the cluster. Here are the key imperative commands to manage security-related resources:
Create Role
Creates a role with specific permissions (verbs) for a given resource. Roles are namespaced.
Get Role
Lists all roles in the current namespace.
Describe Role
Displays detailed information about a specific role, including the permissions it grants.
Delete Role
Deletes a specific role from the current namespace.
Create Role Binding
Binds a role to a user, granting them the permissions defined in the role within a namespace.
Get Role Binding
Lists all role bindings in the current namespace.
Describe Role Binding
Displays detailed information about a specific role binding, including the role it references and the subjects it binds to.
Delete Role Binding
Deletes a specific role binding from the current namespace.
Create ClusterRole
Creates a cluster-wide role with specific permissions for a given resource.
Get ClusterRole
Lists all cluster roles in the cluster.
Describe ClusterRole
Displays detailed information about a specific cluster role, including the permissions it grants.
Delete ClusterRole
Deletes a specific cluster role from the cluster.
Create ClusterRole Binding
Binds a cluster role to a user, granting them the permissions defined in the role cluster-wide.
Get ClusterRole Binding
Lists all cluster role bindings in the cluster.
Describe ClusterRole Binding
Displays detailed information about a specific cluster role binding, including the role it references and the subjects it binds to.
Delete ClusterRole Binding
Deletes a specific cluster role binding from the cluster.
Create Service Account
Creates a new service account in the current namespace.
Get Service Account
Lists all service accounts in the current namespace.
Describe Service Account
Displays detailed information about a specific service account.
Delete Service Account
Deletes a specific service account from the current namespace.
Cluster Maintenance
Drain Node
Safely evicts all pods from a node to perform maintenance.
Cordon Node
Marks a node as unschedulable, preventing new pods from being scheduled on it.
Uncordon Node
Marks a node as schedulable, allowing new pods to be scheduled on it.
Cluster Information
Displays information about the cluster's master and services.
Backup/Restore
Backup and restore operations are crucial for maintaining data integrity and recoverability. This can be done manually by backing up the etcd database or using kube-apiserver snapshots.
Backup etcd Manually
Creates a snapshot of the etcd database, which can be used for disaster recovery.
Restore etcd Manually
Restores the etcd database from a snapshot.
Backup Using kube-apiserver
Fetches critical Kubernetes components' state for backup.
Restore Using kube-apiserver
Restores Kubernetes components' state from backup.
Upgrade a Cluster with kubeadm
Upgrading a Kubernetes cluster involves several children to ensure a smooth transition to the new version.
Upgrade the Control Plane
Plans and applies the upgrade to the control plane.
Upgrade kubelet and kubectl
Upgrades the kubelet and kubectl binaries on each node.
Upgrade Worker Nodes
Drains each worker node, applies the upgrade, and then marks the node as schedulable again.
Helm
Helm Commands and Applying Helm Charts
Helm Install
Installs a Helm chart onto your Kubernetes cluster. `<release-name>`: Specifies the name for the release of the Helm chart. `<chart>`: Specifies the name or path to the Helm chart to install.
Helm Upgrade
Upgrades an existing Helm release to a new version of a chart or with modified configuration. `<release-name>`: Specifies the name of the release to upgrade. `<chart>`: Specifies the name or path to the new Helm chart or chart archive.
`kubectl` Command for Applying Helm Charts
Applies the Kubernetes manifests contained in `<helm-chart.yaml>`, which represents the rendered Kubernetes YAML manifests of a Helm chart.
Certificates
OpenSSL Commands for Generating Keys and Certificates
Generate a Private Key for the CA
Generates a 2048-bit private key for the CA.
Create a Self-Signed Certificate for the CA
Generates a self-signed CA certificate valid for 365 days. You will be prompted to enter information about the CA.
Generating Public and Private Keys
Generate a Private Key
Generates a 2048-bit private key.
Create a Certificate Signing Request (CSR)
Generates a CSR using the private key. You will be prompted to enter information about the certificate.
Sign the CSR with the CA to Create the Certificate
Signs the CSR with the CA’s private key to generate a certificate valid for 365 days.
Viewing the Public Key Information
Generate a Private Key
Generates a 2048-bit private key.
Create a Certificate Signing Request (CSR)
Generates a CSR using the private key. You will be prompted to enter information about the certificate.
Sign the CSR with the CA to Create the Certificate
Signs the CSR with the CA’s private key to generate a certificate valid for 365 days.
View Public Key Information from the Certificate
Displays the content of the certificate, including the public key information.
Extract the Public Key from the Private Key
Extracts the public key from the private key and saves it to a file.
View Public Key Information from the Public Key File
Displays the content of the public key file.