    Role-based access control (RBAC), 2 parts: role and roleBinding

    Attribute-based access control (ABAC), only 1 file: ABAC permission file.
    https://kubernetes.io/docs/reference/access-authn-authz/abac/

Use kubeadm to install a basic cluster
- Lab: Install Kubernetes On Ubuntu
Manage a highly available Kubernetes cluster
- Options for Highly Available topology
- Weaveworks Kubeadm HA cluster
Provision underlying infrastructure to deploy Kubernetes cluster
Peform a version upgrade on Kubernetes cluster using kubeadm
Implment etcd backup and restore
Kubecon Europe 2020: Kubeadm deep dive

sample commands used during backup/restore/update of nodes

#etcd backup and restore brief
export ETCDCTL_API=3  # needed to specify etcd api versions, not sure if it is needed anylonger with k8s 1.19+ 
etcdctl snapshot save -h   #find save options
etcdctl snapshot restore -h  #find restore options

## possible example of save, options will change depending on cluster context, as TLS is used need to give ca,crt, and key paths
etcdctl snapshot save /backup/snapshot.db  --cert=/etc/kubernetes/pki/etcd/server.crt  --key=/etc/kubernetes/pki/etcd/server.key --      cacert=/etc/kubernetes/pki/etcd/ca.crt


# evicting pods/nodes and bringing back node back to cluster
kubectl drain  <node># to drain a node
kubectl uncordon  <node> # to return a node after updates back to the cluster from unscheduled state to Ready
kubectl cordon  <node>   # to not schedule new pods on a node

#backup/restore the cluster (e.g. the state of the cluster in etcd)


# upgrade kubernetes worker node
kubectl drain <node>
apt-get upgrade -y kubeadm=<k8s-version-to-upgrade>
apt-get upgrade -y kubelet=<k8s-version-to-upgrade>
kubeadm upgrade node config --kubelet-version <k8s-version-to-upgrade>
systemctl restart kubelet
kubectl uncordon <node>


#kubeadm upgrade steps
kubeadm upgrade plan
kubeadm upgrade apply

🌈 Workloads & Scheduling – 15% #

Understand deployments and how to perform rolling update and rollbacks
Use ConfigMaps and Secrets to configure applications

Know how to scale applications

Understand the primitives used to create robust, self-healing, application deployments

Replicaset
Deployments
Statefulsets

Daemonset

Daemonset Node Selector and Schduler ↕

    .spec.template.spec.nodeSelector
    .spec.template.spec.affinity

    .spec.template.spec.schedulerName

Understand how resource limits can affect Pod scheduling
Awareness of manifest management and common templating tools

Kustomize
- Kustomize Blog
manage kubernetes objects
Install service catalog using helm
- Non-k8s.io resource: CNCF Kubecon video: An introduction to Helm - Bridget Kromhout, Microsoft & Marc Khouzam, City of Montreal

Non-k8s.io resource: External resource: templating-yaml-with-code

🌈 Services & Networking – 20% #

Understand host networking configuration on the cluster nodes
Understand connectivity between Pods
- The concept of Pods networking
Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
- service
Know how to use Ingress controllers and Ingress resources
- Ingress concepts
Know how to configure and use CoreDNS
Choose an appropriate container network interface plugin

🌈 Storage – 10% #

Understand storage classes, persistent volumes
Understand volume mode, access modes and reclaim policies for volumes
Understand persistent volume claims primitive
Know how to configure applications with persistent storage

StorageClass, PersistentVolume, and PersitentVolumeClaim examples

#### Storage Class example
#

#### Persistent Volume Claim example
#
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: local-pvc
spec:
  accessModes:
  - ReadWriteOnce
  storageClassName: local-storage-sc
  resources:
    requests:
      storage: 100Mi

## Persistent Volume example
#
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-pv
spec:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 200Mi
  local:
    path: /data/pv/disk021
  persistentVolumeReclaimPolicy: Retain
  storageClassName: local-storage-sc
  volumeMode: Filesystem

###  Pod using the pvc
#
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
    volumeMounts:
      - name: local-persistent-storage
        mountPath: /var/www/html
  volumes:
    - name: local-persistent-storage
      persistentVolumeClaim:
        claimName: local-pvc

🌈 Troubleshooting – 30% #

Tips: #

Mock Exams #

序号	题目	Note
第一题	RBAC访问控制
第二题	Node节点维护
第三题	K8S集群版本升级
第四题	ETCD数据库备份及恢复
第五题	NetworkPolicy网络策略
第六题	Service四层负载
第七题	Ingress七层负载
第八题	deployment扩容
第九题	调度pod到指定节点
第十题	统计Ready状态节点数量
第十一题	创建多容器的pod
第十二题	按要求创建PV
第十三题	创建和使用PVC
第十四题	监控pod的日志
第十五题	Sidecar代理
第十六题	查看cpu使用率最高的pod
第十七题	排查集群中故障节点