Acing the Certified Kubernetes Administrator Exam 2ed 2025 (Chad M. Crowell, Rafael Brito) (Z-Library)

📄 File Format: PDF

💾 File Size: 25.2 MB

📖 Read Online ⬇️ Download

Registered users can read the full content for free

Register as a Gaohf Library member to read the complete e-book online for free and enjoy a better reading experience.

📄 Page 1

M A N N I N G Chad M. Crowell Rafael Brito SECOND EDITION

📄 Page 2

Exam competencies and percentages at which they will be tested on the exam Cluster Architecture, Installation, and Configuration: 25%  Manage role-based access control (RBAC)  Implement and configure a highly available control plane  Create and manage Kubernetes clusters using kubeadm  Manage the lifecycle of Kubernetes clusters  Prepare underlying infrastructure for installing a Kubernetes cluster  Use Helm and Kustomize to install cluster components  Understand extension interfaces like container network interface (CNI), container storage interface (CSI), and container runtime interface (CRI)  Install and configure operators with an understanding of custom resource definitions (CRD) Workloads and Scheduling: 15%  Understand application deployments and how to perform rolling updates and rollbacks  Use ConfigMaps and secrets to configure applications  Configure workload autoscaling  Understand the primitives used to create robust, self-healing, application deployments  Configure pod admission and scheduling (requests, limits, node affinity, etc.) Services and Networking: 20%  Understand host networking configuration on pods and nodes  Define and enforce network policies  Understand ClusterIP, NodePort, and LoadBalancer service types and endpoints  Know how to use ingress controllers and ingress resources  Use Gateway API to manage ingress traffic  Know how to configure and use CoreDNS Storage: 10%  Implement storage classes and dynamic volume provisioning  Configure volume types, access modes, and reclaim policies  Manage persistent volumes and persistent volume claims Troubleshooting: 30%  Troubleshoot clusters and nodes  Understand how to monitor cluster and application resource usage  Manage and evaluate container logs from stdout and stderr  Troubleshoot cluster component failure  Troubleshoot services and networking

📄 Page 3

Praise for the First Edition As someone who helped establish the CKA, I’m impressed! Great explanations, great visuals, and excellent hands-on exercises. That’s what counts to pass the CKA exam! —Michael Hausenblas, AWS Solution Engineering Lead and CNCF Ambassador An invaluable resource. All exam topics are covered in detail and clearly explained. —Rob Pacheco, Forward Financing I just passed CKA. Do you need a better recommendation? —David Moravec, Y Soft An absolute marvel. It’s clear, instructive, and hands-on. Highly recommended! —Giang Châu, AppHub A reference book for anyone who wants to learn more and become an expert in Kubernetes. —Giampiero Granatella, ManyDesigns Kubernetes is one of the hottest technologies in the industry. Setting yourself apart from the field by earning the Certified Kubernetes Administrator credential can be a huge career boost. This book will serve as your definitive guide as you learn Kubernetes and prepare to pass the exam! —Shawn Bolan, New Horizons Computer Learning Centers A concrete and detailed reference to pass the exam. —Emanuele Piccinelli, Infovista Everything you need to get you prepared and pass the valuable CKA exam. —Roman Levchenko, Microsoft

📄 Page 4

(This page has no text content)

📄 Page 5

Acing the Certified Kubernetes Administrator Exam, Second Edition CHAD M. CROWELL RAFAEL BRITO MANN I NG SHELTER ISLAND

📄 Page 6

For online information and ordering of this and other Manning books, please visit www.manning.com. The publisher offers discounts on this book when ordered in quantity. For more information, please contact Special Sales Department Manning Publications Co. 20 Baldwin Road PO Box 761 Shelter Island, NY 11964 Email: orders@manning.com ©2026 by Manning Publications Co. All rights reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted, in any form or by means electronic, mechanical, photocopying, or otherwise, without prior written permission of the publisher. Many of the designations used by manufacturers and sellers to distinguish their products are claimed as trademarks. Where those designations appear in the book, and Manning Publications was aware of a trademark claim, the designations have been printed in initial caps or all caps. Recognizing the importance of preserving what has been written, it is Manning’s policy to have the books we publish printed on acid-free paper, and we exert our best efforts to that end. Recognizing also our responsibility to conserve the resources of our planet, Manning books are printed on paper that is at least 15 percent recycled and processed without the use of elemental chlorine. The authors and publisher have made every effort to ensure that the information in this book was correct at press time. The authors and publisher do not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors or omissions result from negligence, accident, or any other cause, or from any usage of the information herein. Manning Publications Co. Development editor: Connor O’Brien 20 Baldwin Road Technical editor: Nicolas Fränkel PO Box 761 Review editor: Kishor Ritt Shelter Island, NY 11964 Production editor: Kathy Rossland Copy editor: Kari Lucke Proofreader: Melody Dolab Technical proofreader: Iuliia Kozlova Typesetter: Dennis Dalinnik Cover designer: Marija Tudor ISBN: 9781633435308 Printed in the United States of America

📄 Page 7

To you and to the ever-curious cloud-native community, whose endless thirst for knowledge and innovation moves us all forward. To my wife,Veronica, and our sons, Douglas and William. —Rafa To those in the field with me, may your Kubernetes journey be prosperous. To my wife and two kids: may you ever stay curious. —Chad

📄 Page 8

(This page has no text content)

📄 Page 9

brief contents 1 ■ First steps 1 2 ■ Kubernetes cluster 26 3 ■ Identity and access management 51 4 ■ Deploying applications in Kubernetes 78 5 ■ Running applications in Kubernetes 103 6 ■ Communication in a Kubernetes cluster 146 7 ■ Storage in Kubernetes 193 8 ■ Troubleshooting Kubernetes 214 9 ■ Taking the test 252 appendix A ■ Creating a Kubernetes cluster with kind 265 appendix B ■ Advanced configurations for kind 274 appendix C ■ Installing a CNI in a kind cluster 281 appendix D ■ Solving the practice exercises 287vii

📄 Page 10

(This page has no text content)

📄 Page 11

contents preface xiii acknowledgments xv about this book xvi about the authors xix about the cover illustration xx 1 First steps 1 1.1 Introducing the Certified Kubernetes Administrator exam 2 1.2 What’s in store 6 1.3 What is a Kubernetes administrator? 7 1.4 Meeting Kubernetes 8 Cluster architecture, installation, and configuration 10 Workloads and scheduling 10 ■ Services and networking 12 Storage 12 ■ Troubleshooting 13 1.5 Control plane node 13 1.6 Worker nodes 15 1.7 API model and public key infrastructure 18 1.8 Linux background processes 20 1.9 Declarative syntax 23ix

📄 Page 12

CONTENTSx2 Kubernetes cluster 26 2.1 Kubernetes cluster components 27 Kubernetes version upgrade 28 ■ The control plane 30 Taints and tolerations 31 ■ Nodes in kind 37 2.2 Cluster state 42 Client and server certificates 43 2.3 Extension interfaces 45 Container runtime interface 46 ■ Container network interface 47 ■ Container storage interface 48 3 Identity and access management 51 3.1 Role-based access control 52 Roles and role bindings 55 ■ System roles and groups 61 3.2 Users and groups 64 3.3 Service accounts 69 4 Deploying applications in Kubernetes 78 4.1 Scheduling applications 79 Node selectors 82 ■ Node and pod affinity 85 4.2 Configuring pods 90 Resource requests and limits 90 ■ Multicontainer pods 92 PriorityClass 95 ■ ConfigMaps 96 ■ Secrets 98 5 Running applications in Kubernetes 103 5.1 Orchestrating applications 104 Modifying running applications 105 ■ Application maintenance 107 ■ Application rollouts 114 Exposing Deployments 117 ■ Autoscaling 118 5.2 Node maintenance 121 Cordon and drain nodes 123 ■ Adding nodes to the cluster 126 5.3 Using Helm and Kustomize 131 Helm 131 ■ Kustomize 135 5.4 Custom Resource Definitions and operators 137 Defining a CRD 138 ■ Installing operators and CRDs 139 Utilizing operators 141

📄 Page 13

CONTENTS xi6 Communication in a Kubernetes cluster 146 6.1 Configuring DNS 147 6.2 CoreDNS 154 Service CIDR 155 ■ Config files 155 ■ Replicating DNS 156 Pod-to-pod connectivity 159 6.3 Ingress and ingress controllers 162 6.4 Services 168 ClusterIP Service 170 ■ NodePort Service 172 LoadBalancer Service 174 6.5 Cluster node networking configuration 176 6.6 Network Policies 180 6.7 Gateway API 185 7 Storage in Kubernetes 193 7.1 Persistent volumes 194 The problem with hostPath 199 ■ Volume modes 201 Access modes 203 ■ Reclaim policies 204 7.2 Persistent volume claims 205 7.3 Storage class 207 Inheriting from the storage class 210 7.4 Nonpersistent volumes 211 8 Troubleshooting Kubernetes 214 8.1 Understanding application logs 215 Container log detail 219 ■ Troubleshooting from inside the container 224 8.2 Cluster component failure 226 Troubleshooting cluster events 230 ■ Worker node failure 231 Did you specify the right host or port? 234 ■ Troubleshooting kubeconfig 236 ■ Multiple errors: Where to start? 239 8.3 Network troubleshooting 244 Troubleshooting the config 244 ■ Troubleshooting Services 248 Troubleshooting cluster-wide communications 251 9 Taking the test 252 9.1 Exam basics 252 Competencies condensed 253

📄 Page 14

CONTENTSxii9.2 Exam clusters 254 9.3 Chapter reviews 254 Quick review of chapter 2 254 ■ Quick review of chapter 3 255 Quick review of chapter 4 255 ■ Quick review of chapter 5 256 Quick review of chapter 6 257 ■ Quick review of chapter 7 258 Quick review of chapter 8 259 9.4 Kubernetes documentation review 259 9.5 Practice exam 263 9.6 Additional tips for the exam 263 appendix A Creating a Kubernetes cluster with kind 265 appendix B Advanced configurations for kind 274 appendix C Installing a CNI in a kind cluster 281 appendix D Solving the practice exercises 287 index 337

📄 Page 15

preface Thank you for your interest in Acing the Certified Kubernetes Administrator Exam, Second Edition. Rafael Brito joins as my co-author, bringing his many years of valuable industry knowledge and experience to you, the reader. We have thoroughly revised the book with updated study materials for the new CKA exam to reflect the changes to the domains and objectives. To some, Kubernetes is considered overly complex and challenging to learn, as it abstracts away many components of a Linux system. I’m not going to pretend that’s not true, but I think we’ve done a great job in this book of explaining each component—to pull back the curtain, so to speak, and provide greater context, helping you better grasp concepts through real-world examples. Although this book is focused on the exam, I think it’s also a good resource to learn the fundamentals of Kubernetes. How- ever, if you’d like to dive deeper into a specific topic, fortunately, there are many other valuable resources available. For example, the book Kubernetes in Action, by Marko Lukša, is the book I recommend most often. Rafael and I relate to you, as we were learning Kubernetes back in 2016 and 2017, respectively, and failed to find easy-to-understand materials. The concepts in this book will come more easily to you if you have experience working with Linux and container technology. The great thing about Kubernetes is that it builds on existing technology, such as iptables, DNS, cgroups, and namespaces. It’s not reinventing the wheel; it’s simply using existing technology to create efficient ways of decoupling components and distributing load to complement whichever applications you’re running on it.xiii

📄 Page 16

PREFACExiv This book primarily follows the CKA exam objectives, but it’s broad enough to cover a wide spectrum of Kubernetes primitives. This includes networking, identity, storage, troubleshooting, and running applications on Kubernetes. We think you’ll enjoy the practical examples and how we will quickly get a Kubernetes cluster up and running so that building a cluster is not a barrier to success as you follow along in this book. This book does have a lot of examples, which allow you to practice what you learn. This is crucial because the CKA exam is solely hands-on, and the curriculum was revamped in 2025 with new domains, which the second edition of this book covers. We aim to both give you the necessary knowledge to ace the exam and deliver the content in a way that’s easy to absorb. We presented the material as if we were all sit- ting down together and having a conversation, so I hope it comes across that way. You’ve taken the initiative to purchase and read this book, so we take your time seri- ously and genuinely want you to succeed. If there’s anything in the book that you’d like to discuss with us, you can use the liveBook discussion forum on the Manning website. Also, you can send me a direct message in the KubeSkills community at https://community.kubeskills.com. —CHAD M. CROWELL

📄 Page 17

acknowledgments We’d like to thank everyone who helped us publish this book at Manning, including content development editor Connor O’Brien, acquisitions editor Mike Stephens, technical proofreader Iuliia Kozlova, technical reviewer Glen Yu, and production manager Aleksandar Dragosavljevic. Thank you to the production team who helped us get this book published on time. Special thanks to our technical editor Nicolas Fränkel. Nicolas is a technologist focusing on cloud-native technologies, DevOps, CI/CD pipelines, and system observ- ability. With a strong background in software, he has worked extensively with the JVM, applying his expertise across various industries. Thank you to Cris Nevares, who provided helpful guidance on the book, and to the volunteer reviewers Ajay Lotan Thakur, Alex Speranza, Alexey Kuksin, Alireza Aghamohammadi, Anand Satheesh Kumar Nair, Andrii Humeniuk, Arun Pandiyan Perumal, Ashish Bhatia, Billy Yuen, Biswanath Chowdhury, Christiaan de Wet, Christopher Powell, Clyde Kallahan, Drew Elliott, Francisco Sedano Crippa, Gunnar Prüfer, Ish Sookun, Iuliia Kozlova, Jobin James, John Guthrie, Lalit Bhardwaj, Leo Pastor, Leonardo Taccari, Manuel Mussini, Md Muhtasim Fuad, Michael Bright, Mladen Knežić, Neeraj Gupta, Prashant Dwivedi, Pravin Pandey, Purushotham Chikkanayakanhalli Krishnegowda, Richard Rose, Sanat Pattanaik, Scott Lewis-Kelly, Sören Schellhoff, Steve Goodman, Vasily Dervoedov, Vishakha Sadhwani, Vladyslav Haina, and Werner Dijkerman. Your suggestions helped make this a better book.xv

📄 Page 18

about this book The goal of this book is to help you not only pass the Certified Kubernetes Adminis- trator (CKA) exam but also master the knowledge and skills required to confidently operate Kubernetes clusters in real-world environments. The content is structured around the official Cloud Native Computing Foundation (CNCF) CKA curriculum, ensuring that everything you study directly maps to the topics tested on the exam. Through a blend of explanations, examples, exercises, and practice scenarios, this book aims to transform theory into practical expertise. Who should read this book This book is for  System administrators, DevOps engineers, and SREs preparing for the CKA exam  Developers and architects who want to gain a deeper operational understand- ing of Kubernetes  IT professionals looking to validate their Kubernetes skills with a respected industry certification No prior Kubernetes certification is required, but familiarity with Linux, containers, and basic networking concepts will make the material more approachable. xvi

📄 Page 19

ABOUT THIS BOOK xviiHow this book is organized: A road map The book is aligned with the CKA exam domains:  Cluster Architecture, Installation, and Configuration—Setting up clusters, managing lifecycle and HA, installing operators, and understanding CRDs  Workloads and Scheduling—Deploying applications, scaling, configuring auto- scaling, and workload management  Services and Networking—Core service types, DNS, Network Policies, Gateway API, and Ingress  Storage—Persistent volumes, claims, and storage classes  Troubleshooting—Debugging workloads, nodes, and control plane components Each chapter includes explanations, guided examples, and hands-on exercises. The book also includes sample exam questions and strategies to help you manage your time effectively during the test. About the code This book contains many examples of source code both in numbered listings and in line with normal text. In both cases, source code is formatted in a fixed-width font like this to separate it from ordinary text. Sometimes code is also in bold to high- light code that has changed from previous steps in the chapter, such as when a new feature is added to an existing line of code. In many cases, the original source code has been reformatted; we’ve added line breaks and reworked indentation to accommodate the available page space in the book. In rare cases, even this was not enough, and listings include line-continuation markers (➥). Additionally, comments in the source code have often been removed from the listings when the code is described in the text. Code annotations accompany many of the listings, highlighting important concepts. You can get executable snippets of code from the liveBook (online) version of this book at https://livebook.manning.com/book/acing-the-certified-kubernetes -administrator-exam-second-edition. The complete code for the examples in the book is available for download from the Manning website at https://www.manning.com/ books/acing-the-certified-kubernetes-administrator-exam-second-edition. All YAML manifests, scripts, and exercise files used in this book are available from GitHub at https://github.com/chadmcrowell/acing-the-cka-exam. These resources allow you to follow along, practice, and adapt the examples to your own environment. Software and hardware requirements To follow along with this book, you’ll need  Hardware—A machine with at least 8 GB RAM, 4 CPUs, and 20 GB free disk space.  Software— – A Linux-based environment (local VM, cloud instance, or laptop with WSL2/ Mac) – kubectl (latest stable version)

📄 Page 20

ABOUT THIS BOOKxviii– A container runtime (e.g., containerd) – A tool to provision clusters (kind) – Helm and Kustomize for advanced exercises The appendices of the book help you with installing these requirements to ensure you can follow along with every exercise presented in the book. liveBook discussion forum Purchase of Acing the Certified Kubernetes Administrator Exam, Second Edition includes free access to liveBook, Manning’s online reading platform. Using liveBook’s exclusive dis- cussion features, you can attach comments to the book globally or to specific sections or paragraphs. It’s a snap to make notes for yourself, ask and answer technical ques- tions, and receive help from the authors and other users. To access the forum, go to https://livebook.manning.com/book/acing-the-certified-kubernetes-administrator-exam -second-edition/discussion. Manning’s commitment to our readers is to provide a venue where a meaningful dialogue between individual readers and between readers and the authors can take place. It is not a commitment to any specific amount of participation on the part of the authors, whose contribution to the forum remains voluntary (and unpaid). We suggest you try asking the authors some challenging questions lest their interest stray! The forum and the archives of previous discussions will be accessible from the pub- lisher’s website as long as the book is in print. Other online resources  CNCF Curriculum—The official exam outline is available at https://training .linuxfoundation.org.  Killer.sh CKA Simulator—Access to exam-like practice environments (included with your exam voucher).  CKA Exam Exercises Repository—A collection of practice tasks to reinforce each chapter’s content.  Kubernetes Documentation—The official Kubernetes docs are your primary refer- ence during the exam: https://kubernetes.io/docs. How to use this book To get the most out of this book  Follow along in order if you are new to Kubernetes; each chapter builds on the last.  Jump to specific domains if you’re reinforcing weak areas before the exam.  Do the exercises: the exam is 100% hands-on, so practicing commands and YAML is the key to success.  Use the GitHub repo and practice simulators to replicate real exam conditions. By the end of this book, you’ll not only be exam-ready but also job-ready, with the practical skills needed to operate production-grade Kubernetes clusters.