book

Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition

Name: Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition
Author: Benjamin Muschko
ISBN: 9781098169497

by Benjamin Muschko

May 2024

Intermediate to advanced

366 pages

7h 58m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Sandbox

Foreword
Preface
Who This Book Is ForWhat You Will LearnWhat’s New in the Second EditionConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
I. Introduction
1. Exam Details and Resources
Kubernetes Certification Learning PathKubernetes and Cloud Native Associate (KCNA)Kubernetes and Cloud Native Security Associate (KCSA)Certified Kubernetes Application Developer (CKAD)Certified Kubernetes Administrator (CKA)Certified Kubernetes Security Specialist (CKS)Exam ObjectivesCurriculumApplication Design and BuildApplication DeploymentApplication Observability and MaintenanceApplication Environment, Configuration, and SecurityServices and NetworkingInvolved Kubernetes PrimitivesDocumentationExam Environment and TipsCandidate SkillsTime ManagementCommand-Line Tips and TricksSetting a Context and NamespaceUsing the Alias for kubectlUsing kubectl Command Auto-CompletionInternalize Resource Short NamesPracticing and Practice ExamsSummary
2. Kubernetes in a Nutshell
What Is Kubernetes?FeaturesHigh-Level ArchitectureControl Plane Node ComponentsCommon Node ComponentsAdvantagesSummary
3. Interacting with Kubernetes
API Primitives and ObjectsUsing kubectlManaging ObjectsImperative Object ManagementDeclarative Object ManagementHybrid ApproachWhich Approach to Use?Summary
II. Application Design and Build
4. Containers
Container TerminologyContainerizing a Java-Based ApplicationWriting a DockerfileBuilding the Container ImageListing Container ImagesRunning the ContainerListing ContainersInteracting with the ContainerPublishing the Container ImageSaving and Loading a Container ImageGoing FurtherSummaryExam EssentialsSample Exercises
5. Pods and Namespaces
Working with PodsCreating PodsListing PodsPod Life Cycle PhasesRendering Pod DetailsAccessing Logs of a PodExecuting a Command in ContainerCreating a Temporary PodUsing a Pod’s IP Address for Network CommunicationConfiguring PodsDeleting a PodWorking with NamespacesListing NamespacesCreating and Using a NamespaceSetting a Namespace PreferenceDeleting a NamespaceSummaryExam EssentialsSample Exercises
6. Jobs and CronJobs
Working with JobsCreating and Inspecting JobsJob Operation TypesRestart BehaviorWorking with CronJobsCreating and Inspecting CronJobsConfiguring Retained Job HistorySummaryExam EssentialsSample Exercises

7. Volumes
Working with StorageVolume TypesEphemeral VolumesPersistent VolumesStorage ClassesSummaryExam EssentialsSample Exercises
8. Multi-Container Pods
Working with Multiple Containers in a PodInit ContainersThe Sidecar PatternThe Adapter PatternThe Ambassador PatternSummaryExam EssentialsSample Exercises
9. Labels and Annotations
Working with LabelsDeclaring LabelsInspecting LabelsModifying Labels for a Live ObjectUsing Label SelectorsRecommended LabelsWorking with AnnotationsDeclaring AnnotationsInspecting AnnotationsModifying Annotations for a Live ObjectReserved AnnotationsSummaryExam EssentialsSample Exercises
III. Application Deployment
10. Deployments
Working with DeploymentsCreating DeploymentsListing Deployments and Their PodsRendering Deployment DetailsDeleting a DeploymentPerforming Rolling Updates and RollbacksUpdating a Deployment’s Pod TemplateRolling Out a New RevisionAdding a Change Cause for a RevisionRolling Back to a Previous RevisionScaling WorkloadsManually Scaling a DeploymentAutoscaling a DeploymentCreating Horizontal Pod AutoscalersListing Horizontal Pod AutoscalersRendering Horizontal Pod Autoscaler DetailsDefining Multiple Scaling MetricsSummaryExam EssentialsSample Exercises
11. Deployment Strategies
Rolling Deployment StrategyImplementationUse Cases and Trade-OffsFixed Deployment StrategyImplementationUse Cases and Trade-OffsBlue-Green Deployment StrategyImplementationUse Cases and Trade-OffsCanary Deployment StrategyImplementationUse Cases and Trade-OffsSummaryExam EssentialsSample Exercises
12. Helm
Managing an Existing ChartIdentifying a ChartAdding a Chart RepositorySearching for a Chart in a RepositoryInstalling a ChartListing Installed ChartsUpgrading an Installed ChartUninstalling a ChartSummaryExam EssentialsSample Exercises
IV. Application Observability and Maintenance
13. API Deprecations
Understanding the Deprecation PolicyListing Available API VersionsHandling Deprecation WarningsHandling a Removed or Replaced APISummaryExam EssentialsSample Exercises
14. Container Probes
Working with ProbesProbe TypesHealth Verification MethodsHealth Check AttributesThe Readiness ProbeThe Liveness ProbeThe Startup ProbeSummaryExam EssentialsSample Exercises
15. Troubleshooting Pods and Containers
Troubleshooting PodsRetrieving High-Level InformationInspecting EventsUsing Port ForwardingTroubleshooting ContainersInspecting LogsOpening an Interactive ShellInteracting with a Distroless ContainerInspecting Resource MetricsSummaryExam EssentialsSample Exercises
V. Application Environment, Configuration, and Security
16. CustomResourceDefinitions (CRDs)
Working with CRDsExample CRDImplementing a CRD SchemaInstantiating an Object for the CRDDiscovering CRDsImplementing a ControllerSummaryExam EssentialsSample Exercises
17. Authentication, Authorization, and Admission Control
Processing a RequestAuthentication with kubectlThe KubeconfigManaging Kubeconfig Using kubectlAuthorization with Role-Based Access ControlRBAC OverviewUnderstanding RBAC API PrimitivesDefault User-Facing RolesCreating RolesListing RolesRendering Role DetailsCreating RoleBindingsListing RoleBindingsRendering RoleBinding DetailsSeeing the RBAC Rules in EffectNamespace-Wide and Cluster-Wide RBACWorking with Service AccountsThe Default Service AccountCreating a Service AccountSetting Permissions for a Service AccountAdmission ControlSummaryExam EssentialsSample Exercises
18. Resource Requirements, Limits, and Quotas
Working with Resource RequirementsDefining Container Resource RequestsDefining Container Resource LimitsDefining Container Resource Requests and LimitsWorking with Resource QuotasCreating ResourceQuotasRendering ResourceQuota DetailsExploring a ResourceQuota’s Runtime BehaviorWorking with Limit RangesCreating LimitRangesRendering LimitRange DetailsExploring a LimitRange’s Runtime BehaviorSummaryExam EssentialsSample Exercises
19. ConfigMaps and Secrets
Working with ConfigMapsCreating a ConfigMapConsuming a ConfigMap as Environment VariablesMounting a ConfigMap as a VolumeWorking with SecretsCreating a SecretConsuming a Secret as Environment VariablesMounting a Secret as a VolumeSummaryExam EssentialsSample Exercises
20. Security Contexts
Working with Security ContextsDefining a Security Context on the Pod LevelDefining a Security Context on the Container LevelDefining a Security Context on the Pod and Container LevelSummaryExam EssentialsSample Exercises
VI. Services and Networking
21. Services
Working with ServicesService TypesPort MappingCreating ServicesListing ServicesRendering Service DetailsThe ClusterIP Service TypeCreating and Inspecting the ServiceAccessing the ServiceThe NodePort Service TypeCreating and Inspecting the ServiceAccessing the ServiceThe LoadBalancer Service TypeCreating and Inspecting the ServiceAccessing the ServiceSummaryExam EssentialsSample Exercises
22. Ingresses
Working with IngressesInstalling an Ingress ControllerDeploying Multiple Ingress ControllersConfiguring Ingress RulesCreating IngressesDefining Path TypesListing IngressesRendering Ingress DetailsAccessing an IngressSummaryExam EssentialsSample Exercises
23. Network Policies
Working with Network PoliciesInstalling an Network Policy ControllerCreating a Network PolicyListing Network PoliciesRendering Network Policy DetailsApplying Default Network PoliciesRestricting Access to Specific PortsSummaryExam EssentialsSample Exercises
A. Answers to Review Questions
Chapter 4, ContainersChapter 5, Pods and NamespacesChapter 6, Jobs and CronJobsChapter 7, VolumesChapter 8, Multi-Container PodsChapter 9, Labels and AnnotationsChapter 10, DeploymentsChapter 11, Deployment StrategiesChapter 12, HelmChapter 13, API DeprecationsChapter 14, Container ProbesChapter 15, Troubleshooting Pods and ContainersChapter 16, Custom Resource Definitions (CRDs)Chapter 17, Authentication, Authorization, and Admission ControlChapter 18, Resource Requirements, Limits, and QuotasChapter 19, ConfigMaps and SecretsChapter 20, Security ContextsChapter 21, ServicesChapter 22, IngressesChapter 23, Network Policies
B. Exam Review Guide
Application Design and BuildApplication DeploymentApplication Observability and MaintenanceApplication Environment, Configuration, and SecurityServices and Networking
Index
About the Author

Content preview from Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition

Chapter 17. Authentication, Authorization, and Admission Control

The API server is the gateway to the Kubernetes cluster. Any human user, client (e.g., kubectl), cluster component, or service account will access the API server by making a RESTful API call via HTTPS. It is the central point for performing operations like creating a Pod or deleting a Service.

In this chapter, we’ll focus on the security-specific aspects relevant to the API server. For a detailed discussion on the inner workings of the API server and use of the Kubernetes API, refer to Managing Kubernetes by Brendan Burns and Craig Tracey (O’Reilly).

Processing a Request

Figure 17-1 illustrates the stages a request goes through when a call is made to the API server. For reference, you can find more information in the Kubernetes documentation.

The first stage of request processing is authentication. Authentication validates the identity of the caller by inspecting the client certificates or bearer tokens. If the bearer token is associated with a service account, then it will be verified here.

The second stage determines if the identity provided in the first stage can access the verb and HTTP path request. Therefore, ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

Certified Kubernetes Application Developer (CKAD), 4th Edition

Publisher Resources

ISBN: 9781098152857Errata Page

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition

by Benjamin Muschko

Chapter 17. Authentication, Authorization, and Admission Control

Processing a Request

Figure 17-1. API server request processing

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.