Welcome to our comprehensive collection of learning resources for Kubernetes! Here, you'll discover a curated list of the best learning materials we've assembled just for you.
Take a moment to explore these valuable resources, handpicked to enhance your understanding of Kubernetes. We strive to provide the most up-to-date and informative content available.
Name | Comments |
---|---|
kubernetes.io | Official Kubernetes site by Google |
Kubernetes 101 | Great beginner article on Kubernetes fundamental concepts |
Kubernetes Tutorial for Beginners | Full video of 4 hours on Kubernetes (2020) |
Learning Path: Kubernetes | From basic to advanced Kubernetes learning series |
Kubernetes 101 - Concepts and Why It Matters | |
kubernetes-workshop | |
Kubernetes Deployment Tutorial | |
Katacoda | Learn Kubernetes using Interactive Browser-Based Scenarios |
Kubernetes Scheduler | How does the Kubernetes scheduler work? |
Name | Comments |
---|---|
Kubernetes Networking | Kubernetes Networking Resources |
Liveness and Readiness Probes |
Name | Comments |
---|---|
troubleshoot.sh | "A kubectl plugin providing diagnostic tools for Kubernetes applications" |
Kubernetes Troubleshooting Visual Guide |
Name | Comments |
---|---|
Kubescape | "Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA" |
Falco | "Falco...is the de facto Kubernetes threat detection engine" |
Name | Comments |
---|---|
confTest | "Conftest is a utility to help you write tests against structured configuration data" (Used in the development phase) |
datree | "Prevent Kubernetes Misconfigurations From Reaching Production" (Used in development phase) |
gatekeeper | Used in the production |
telepresence | "FAST, LOCAL DEVELOPMENT FOR KUBERNETES AND OPENSHIFT MICROSERVICES" |
Kubernetes CheatSheet | |
OperatiorHub.io | Kubernetes native applications |
YAML templates | |
Kubesort | "kubesort helps you sort the results from kubectl get in an easy way" |
IngressMonitorController | "A Kubernetes controller to watch ingresses and create liveness alerts for your apps/microservices" |
Name | Comments |
---|---|
KubeInvaders | "Chaos Engineering Tool for Kubernetes and Openshift" |
Name | Comments |
---|---|
CKAD-Practice-Questions | "a consolidated list for CKAD practice questions" |
CKAD Prep Exam Video | A video of doing a CKAD prep exam (2020) |
CKA Complete Prep Exam | CKA prep exam (2021) |
CKAD Complete Prep Exam | CKAD prep exam (2021) |
CKS Complete Prep Exam | CKA prep exam (2021) |
Name | Comments |
---|---|
Building a Kubernetes 1.23 Cluster with Kubeadm | "Labs CKA - Build a Kubernetes cluster 1.23" |
- Secure inter-service communication (one way is to use Istio to provide mutual TLS)
- Isolate different resources into separate namespaces based on some logical groups
- Use supported container runtime (if you use Docker then drop it because it's deprecated. You might want to CRI-O as an engine and podman for CLI)
- Test properly changes to the cluster (e.g. consider using Datree to prevent kubernetes misconfigurations)
- Limit who can do what (by using for example OPA gatekeeper) in the cluster
- Use NetworkPolicy to apply network security
- Consider using tools (e.g. Falco) for monitoring threats
- Minikube version:
minikube version
- Start cluster:
minikube start
- Delete cluster:
minikube delete
- Create objects defined in a YAML: kubectl apply -f rs.yaml
- List service accounts:
kubectl get serviceaccounts
- Cluster version:
kubectl version
- Cluster information:
kubectl cluster-info
- List nodes:
kubectl get nodes
- List all containers images from all namespaces:
kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" |\
tr -s '[[:space:]]' '\n' |\
sort |\
uniq -c
-
List of Pods in current namespace:
kubectl get po
-
List of Pods in all amespaces:
kubectl get po --all-namespaces
-
Get containers names:
kubectl get po <POD_NAME> -o jsonpath="{.spec.containers[*].name}"
-
Create a Pod from file:
kubectl create -f pod_definition.yaml
-
Delete a Pod using a YAML definition:
kubectl delete -f pod_definition.yaml
-
Delete a Pod using the Pod name:
kubectl delete <POD_NAME>
-
Delete a Pod instantly:
kubectl delete <POD_NAME> --grace-period=0 --force
-
Execute commands inside a container:
kubectl exec -it -c <CONTAINER_NAME> <POD_NAME> ls
-
Display logs of a Pod:
kubectl logs <POD_NAME>
-
Display logs of a specific container in a Pod:
kubectl logs <POD_NAME> -c <CONTAINER_NAME>
-
Get Pod name based on specific labels
POD_NAME=$(kubectl get pod \
--no-headers \
-o=custom-columns=NAME:.metadata.name \
-l type=api,service=some-service \
| tail -1)
- Get pods sorted by time creation:
kubectl get pods --sort-by='{.metadata.creationTimestamp}'
- Run long/endless running container:
kubectl run test --image ubuntu -- sleep 2000000000
- Get a shell access to a container:
kubectl exec --stdin --tty some-shell -- /bin/bash
- Creating a new user
openssl genrsa -out user.key 2048 # create key
openssl req key user.key user.csr -subj "/CN=user /O=sgroup" # create csr
openssl x509 -req -in user.csr -CA ca.crt -CAkey ca.key -CAcreateseral -out user.crt -days 365
kubectl config set-credentials myuser --client-certificates=$PWD/user.crt --client-key=$PWD/user.key
kubectl config set-context myuser-context --cluster=k8s-cluster --user=user
- Expose a ReplicaSet:
kubectl expose rs REPLICASET_NAME --name=SERVICE_NAME --target-port=PORT --type=NodePort/SOME_OTHER_SERVICE_TYPE
- Create and delete a deployment in one step:
$ kubectl create deployment demo --image=cloudnatived/demo:hello
$ kubectl get pods --selector app=demo
$ kubectl delete pods --selector app=demo
$ kubectl delete all --selector app=demo
- Use kubectl aliases to speed up and reduce typo errors, practice these alaises early at your work and study for the exam. some example aliases:
alias k='kubectl'
alias kg='kubectl get'
alias kgpo='kubectl get pod'
alias kcpyd='kubectl create pod -o yaml --dry-run=client'
alias ksysgpo='kubectl --namespace=kube-system get pod'
alias kd='kubectl delete'
alias kdf='kubectl delete -f'
## for quick deletes you can add --force --grace-period=0 **Not sure if it is a good idea if you are in a production cluster**
alias krmgf='kubectl delete --grace-period 0 --force'
alias kgsvcoyaml='kubectl get service -o=yaml'
alias kgsvcwn='watch kubectl get service --namespace'
alias kgsvcslwn='watch kubectl get service --show-labels --namespace'
#example usage of aliases
krmgf nginx-8jk71 # kill pod nginx-8jk71 using grace period 0 and force
- Install metrics-server using Minikube:
minikube addons enable metrics-server
- Install Bitnami Sealed secrets controller
helm repo add sealed-secrets https://bitnami-labs.github.io/sealed-secrets
helm repo update
helm install sealed-secrets-controller sealed-secrets/sealed-secrets
-
sealed-secrets binary:
https://github.com/bitnami-labs/sealed-secrets/releases
-
encrypt secret in yaml or json format:
kubeseal -n my-namespace <.db-creds.yml> db-creds.json
-
apply secret on the cluser:
kubectl apply -f db-creds.json -n my-namespace
- Generate customized YAML file(s):
kustomize build name_of_application
- Apply generated customized YAML file(s) to the cluster:
kustomize build name_of_application
If you have any additional resources or links that you believe would benefit others, please feel free to contribute. Our goal is to create a repository of the best learning materials, ensuring everyone has access to top-notch content.
We appreciate your visit to this repository. If you find our initiatives valuable, kindly star this repository to show your support.
Thank you once again, and happy learning!