book

Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition

by Benjamin Muschko

May 2024

Intermediate to advanced

366 pages

7h 43m

English

O'Reilly Media, Inc.

Read now

Unlock full access

Includes

Has Sandbox

Who This Book Is ForWhat You Will LearnWhat’s New in the Second EditionConventions Used in This BookUsing Code ExamplesO’Reilly Online LearningHow to Contact UsAcknowledgments
Kubernetes Certification Learning PathKubernetes and Cloud Native Associate (KCNA)Kubernetes and Cloud Native Security Associate (KCSA)Certified Kubernetes Application Developer (CKAD)Certified Kubernetes Administrator (CKA)Certified Kubernetes Security Specialist (CKS)Exam ObjectivesCurriculumApplication Design and BuildApplication DeploymentApplication Observability and MaintenanceApplication Environment, Configuration, and SecurityServices and NetworkingInvolved Kubernetes PrimitivesDocumentationExam Environment and TipsCandidate SkillsTime ManagementCommand-Line Tips and TricksSetting a Context and NamespaceUsing the Alias for kubectlUsing kubectl Command Auto-CompletionInternalize Resource Short NamesPracticing and Practice ExamsSummary
What Is Kubernetes?FeaturesHigh-Level ArchitectureControl Plane Node ComponentsCommon Node ComponentsAdvantagesSummary
API Primitives and ObjectsUsing kubectlManaging ObjectsImperative Object ManagementDeclarative Object ManagementHybrid ApproachWhich Approach to Use?Summary
Container TerminologyContainerizing a Java-Based ApplicationWriting a DockerfileBuilding the Container ImageListing Container ImagesRunning the ContainerListing ContainersInteracting with the ContainerPublishing the Container ImageSaving and Loading a Container ImageGoing FurtherSummaryExam EssentialsSample Exercises
Working with PodsCreating PodsListing PodsPod Life Cycle PhasesRendering Pod DetailsAccessing Logs of a PodExecuting a Command in ContainerCreating a Temporary PodUsing a Pod’s IP Address for Network CommunicationConfiguring PodsDeleting a PodWorking with NamespacesListing NamespacesCreating and Using a NamespaceSetting a Namespace PreferenceDeleting a NamespaceSummaryExam EssentialsSample Exercises
Working with JobsCreating and Inspecting JobsJob Operation TypesRestart BehaviorWorking with CronJobsCreating and Inspecting CronJobsConfiguring Retained Job HistorySummaryExam EssentialsSample Exercises

Working with StorageVolume TypesEphemeral VolumesPersistent VolumesStorage ClassesSummaryExam EssentialsSample Exercises
Working with Multiple Containers in a PodInit ContainersThe Sidecar PatternThe Adapter PatternThe Ambassador PatternSummaryExam EssentialsSample Exercises
Working with LabelsDeclaring LabelsInspecting LabelsModifying Labels for a Live ObjectUsing Label SelectorsRecommended LabelsWorking with AnnotationsDeclaring AnnotationsInspecting AnnotationsModifying Annotations for a Live ObjectReserved AnnotationsSummaryExam EssentialsSample Exercises
Working with DeploymentsCreating DeploymentsListing Deployments and Their PodsRendering Deployment DetailsDeleting a DeploymentPerforming Rolling Updates and RollbacksUpdating a Deployment’s Pod TemplateRolling Out a New RevisionAdding a Change Cause for a RevisionRolling Back to a Previous RevisionScaling WorkloadsManually Scaling a DeploymentAutoscaling a DeploymentCreating Horizontal Pod AutoscalersListing Horizontal Pod AutoscalersRendering Horizontal Pod Autoscaler DetailsDefining Multiple Scaling MetricsSummaryExam EssentialsSample Exercises
Rolling Deployment StrategyImplementationUse Cases and Trade-OffsFixed Deployment StrategyImplementationUse Cases and Trade-OffsBlue-Green Deployment StrategyImplementationUse Cases and Trade-OffsCanary Deployment StrategyImplementationUse Cases and Trade-OffsSummaryExam EssentialsSample Exercises
Managing an Existing ChartIdentifying a ChartAdding a Chart RepositorySearching for a Chart in a RepositoryInstalling a ChartListing Installed ChartsUpgrading an Installed ChartUninstalling a ChartSummaryExam EssentialsSample Exercises
Understanding the Deprecation PolicyListing Available API VersionsHandling Deprecation WarningsHandling a Removed or Replaced APISummaryExam EssentialsSample Exercises
Working with ProbesProbe TypesHealth Verification MethodsHealth Check AttributesThe Readiness ProbeThe Liveness ProbeThe Startup ProbeSummaryExam EssentialsSample Exercises
Troubleshooting PodsRetrieving High-Level InformationInspecting EventsUsing Port ForwardingTroubleshooting ContainersInspecting LogsOpening an Interactive ShellInteracting with a Distroless ContainerInspecting Resource MetricsSummaryExam EssentialsSample Exercises
Working with CRDsExample CRDImplementing a CRD SchemaInstantiating an Object for the CRDDiscovering CRDsImplementing a ControllerSummaryExam EssentialsSample Exercises
Processing a RequestAuthentication with kubectlThe KubeconfigManaging Kubeconfig Using kubectlAuthorization with Role-Based Access ControlRBAC OverviewUnderstanding RBAC API PrimitivesDefault User-Facing RolesCreating RolesListing RolesRendering Role DetailsCreating RoleBindingsListing RoleBindingsRendering RoleBinding DetailsSeeing the RBAC Rules in EffectNamespace-Wide and Cluster-Wide RBACWorking with Service AccountsThe Default Service AccountCreating a Service AccountSetting Permissions for a Service AccountAdmission ControlSummaryExam EssentialsSample Exercises
Working with Resource RequirementsDefining Container Resource RequestsDefining Container Resource LimitsDefining Container Resource Requests and LimitsWorking with Resource QuotasCreating ResourceQuotasRendering ResourceQuota DetailsExploring a ResourceQuota’s Runtime BehaviorWorking with Limit RangesCreating LimitRangesRendering LimitRange DetailsExploring a LimitRange’s Runtime BehaviorSummaryExam EssentialsSample Exercises
Working with ConfigMapsCreating a ConfigMapConsuming a ConfigMap as Environment VariablesMounting a ConfigMap as a VolumeWorking with SecretsCreating a SecretConsuming a Secret as Environment VariablesMounting a Secret as a VolumeSummaryExam EssentialsSample Exercises
Working with Security ContextsDefining a Security Context on the Pod LevelDefining a Security Context on the Container LevelDefining a Security Context on the Pod and Container LevelSummaryExam EssentialsSample Exercises
Working with ServicesService TypesPort MappingCreating ServicesListing ServicesRendering Service DetailsThe ClusterIP Service TypeCreating and Inspecting the ServiceAccessing the ServiceThe NodePort Service TypeCreating and Inspecting the ServiceAccessing the ServiceThe LoadBalancer Service TypeCreating and Inspecting the ServiceAccessing the ServiceSummaryExam EssentialsSample Exercises
Working with IngressesInstalling an Ingress ControllerDeploying Multiple Ingress ControllersConfiguring Ingress RulesCreating IngressesDefining Path TypesListing IngressesRendering Ingress DetailsAccessing an IngressSummaryExam EssentialsSample Exercises
Working with Network PoliciesInstalling an Network Policy ControllerCreating a Network PolicyListing Network PoliciesRendering Network Policy DetailsApplying Default Network PoliciesRestricting Access to Specific PortsSummaryExam EssentialsSample Exercises
Chapter 4, ContainersChapter 5, Pods and NamespacesChapter 6, Jobs and CronJobsChapter 7, VolumesChapter 8, Multi-Container PodsChapter 9, Labels and AnnotationsChapter 10, DeploymentsChapter 11, Deployment StrategiesChapter 12, HelmChapter 13, API DeprecationsChapter 14, Container ProbesChapter 15, Troubleshooting Pods and ContainersChapter 16, Custom Resource Definitions (CRDs)Chapter 17, Authentication, Authorization, and Admission ControlChapter 18, Resource Requirements, Limits, and QuotasChapter 19, ConfigMaps and SecretsChapter 20, Security ContextsChapter 21, ServicesChapter 22, IngressesChapter 23, Network Policies
Application Design and BuildApplication DeploymentApplication Observability and MaintenanceApplication Environment, Configuration, and SecurityServices and Networking

Content preview from Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition

Chapter 23. Network Policies

The uniqueness of the IP address assigned to a Pod is maintained across all nodes and namespaces. This is accomplished by allocating a dedicated subnet to each registered node during its creation. The Container Network Interface (CNI) plugin handles the leasing of IP addresses from the assigned subnet when a new Pod is created on a node. Consequently, Pods on a node can seamlessly communicate with all other Pods running on any node within the cluster.

Network policies in Kubernetes function similarly to firewall rules, specifically designed for governing Pod-to-Pod communication. These policies include rules specifying the direction of network traffic (ingress and/or egress) for one or multiple Pods within a namespace or across different namespaces. Additionally, these rules define the targeted ports for communication. This fine-grained control enhances security and governs the flow of traffic within the Kubernetes cluster.

Working with Network Policies

Within a Kubernetes cluster, any Pod can talk to any other Pod without restrictions using its IP address or DNS name, even across namespaces. Not only does unrestricted inter-Pod communication pose a potential security risk, it also makes it harder to understand the mental communication model of your architecture. A network policy defines the rules that ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Start your free trial

Certified Kubernetes Application Developer (CKAD) Study Guide

Publisher Resources

ISBN: 9781098152857Errata Page Supplemental Content

Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition

by Benjamin Muschko

Chapter 23. Network Policies

Working with Network Policies

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

You might also like