Kubernetes-and-Cloud-Native-Associate KCNA
Note: A documentation of notes & curated useful resources to help you prepare for the Kubernetes and Cloud Native Associate Exam (KCNA) Feel free to share them :)
For any fixes, updates or new additions to the syllabus, please raise an issue or make a pull-request (PR). Thank you!
- Regardless of you sitting the KCNA exam or not, once you have studied these topics, you will have a good overall understanding of the Cloud-Native, Containers and Kubernetes eco-system. What matters is that you enjoy the learning process. Goodluck on your learning journey!
The KCNA is a certification aimed for individuals who want to advance to the professional level by demonstrating an understanding of the core knowledge and abilities of Kubernetes. This certification is ideal for students learning about or candidates interested in working with cloud native technologies.
Exam Brief
- Duration : 1.5 hours
-
Passing score: 75%
-
Certification validity: 3 years
-
Prerequisite: None
-
Cost: $250 USD, 1 year exam eligibility, with a free retake within the year.
-
Result: Emailed 24 hours after exam completion
-
The exam consists of around 60 MCQ questions.
Linux Foundation offer several discounts around the year such as CyberMonday, Kubecon and various other events - ensure to utilise these
KCNA topics overview
- Kubernetes Fundamentals - 46%
- Container Orchestration - 22%
- Cloud Native Architecture - 16%
- Cloud Native Observability - 8%
- Cloud Native Application Delivery - 8%
Practice questions for KCNA
Extra helpful materials
Useful keys & Common accronyms in Kubernetes
- K8s = Kubernetes
- CNCF = Cloud Native Computing Foundation
- NetPol = Network Policies
- PV = Persistent Volumes
- PVC = Persistent Volume Claims
- CSI = Container Storage Interface
- CNI = Container Network Interface
- CI/CD = Continuous Integration & Continuous Deployment
- RBAC = Role Based Access Control
- OCI = Open Container Initiative
- CRI = Container Runtime Interface
- SMI = Service Mesh Interface
- SLO = Service Level Objectives
- SLI = Service Level Indicators
- SLA = Service Level Agreements
🔹 1. Kubernetes Fundamentals - 46%
1.1 Fundamental Kuberenetes resources
Pods in K8s - Click arrow to read more
Pods are the smallest deployable units of computing that you can create and manage in Kubernetes.
Deployments in K8s - Click arrow to read more
A Deployment provides declarative updates for Pods and ReplicaSets.
You describe a desired state in a Deployment, and the Deployment Controller changes the actual state to the desired state at a controlled rate. You can define Deployments to create new ReplicaSets, or to remove existing Deployments and adopt all their resources with new Deployments.
Services in K8s - Click arrow to read more
An abstract way to expose an application running on a set of Pods as a network service.
Types of Services: ClusterIP: Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default ServiceType.
NodePort: Exposes the Service on each Node's IP at a static port (the NodePort). A ClusterIP Service, to which the NodePort Service routes, is automatically created. You'll be able to contact the NodePort Service, from outside the cluster, by requesting :.
LoadBalancer: Exposes the Service externally using a cloud provider's load balancer. NodePort and ClusterIP Services, to which the external load balancer routes, are automatically created.
ExternalName: Maps the Service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up.
Reference: https://kubernetes.io/docs/concepts/services-networking/service/
ReplicaSets in K8s - Click arrow to read more
A ReplicaSet's purpose is to maintain a stable set of replica Pods running at any given time. As such, it is often used to guarantee the availability of a specified number of identical Pods.
Headless Services - Click arrow to read more
Sometimes you don't need load-balancing and a single Service IP. In this case, you can create what are termed "headless" Services, by explicitly specifying "None" for the cluster IP (.spec.clusterIP).
You can use a headless Service to interface with other service discovery mechanisms, without being tied to Kubernetes' implementation.
Useful Kubernetes commands using kubectl
kubectl get pods (obtain/list pods in current namespace)
kubectl get pods -A OR kubectl get pods --all-namespaces (obtain pods in all namespaces)
kubectl api-resources (obtain API resources that are retrievable using the kubect commands)
kubectl run nginx --image=nginx (run a pod named nginx using the nginx image)
kubectl create deploy kcna --image=nginx (create a deployment named "kcna" with the nginx image)
kubectl create deploy kcna --image=nginx --replicas=5 (create a deployment named "kcna" with the nginx image that deploys 5 pods (replicas))
1.2 Kubernetes Architecture
K8s components - Click arrow to read more
Control Plane Components
kube-apiserver:
The API server is a component of the Kubernetes control plane that exposes the Kubernetes API. The API server is the front end for the Kubernetes control plane.
The main implementation of a Kubernetes API server is kube-apiserver. kube-apiserver is designed to scale horizontally—that is, it scales by deploying more instances. You can run several instances of kube-apiserver and balance traffic between those instances.
etcd Consistent and highly-available key value store used as Kubernetes' backing store for all cluster data.
kube-scheduler: Control plane component that watches for newly created Pods with no assigned node, and selects a node for them to run on.
kube-controller-manager: Control plane component that runs controller processes.
Logically, each controller is a separate process, but to reduce complexity, they are all compiled into a single binary and run in a single process.
Some types of these controllers are:
Node controller: Responsible for noticing and responding when nodes go down. Job controller: Watches for Job objects that represent one-off tasks, then creates Pods to run those tasks to completion. Endpoints controller: Populates the Endpoints object (that is, joins Services & Pods). Service Account & Token controllers: Create default accounts and API access tokens for new namespaces.
cloud-controller-manager: A Kubernetes control plane component that embeds cloud-specific control logic. The cloud controller manager lets you link your cluster into your cloud provider's API, and separates out the components that interact with that cloud platform from components that only interact with your cluster. The cloud-controller-manager only runs controllers that are specific to your cloud provider. If you are running Kubernetes on your own premises, or in a learning environment inside your own PC, the cluster does not have a cloud controller manager.
Worker Node Components
kubelet An agent that runs on each node in the cluster. It makes sure that containers are running in a Pod.
kube-proxy kube-proxy is a network proxy that runs on each node in your cluster, implementing part of the Kubernetes Service concept.
kube-proxy maintains network rules on nodes. These network rules allow network communication to your Pods from network sessions inside or outside of your cluster.
K8s API - Click arrow to read more
Kubernetes API
The core of Kubernetes' control plane is the API server. The API server exposes an HTTP API that lets end users, different parts of your cluster, and external components communicate with one another.
The Kubernetes API lets you query and manipulate the state of API objects in Kubernetes (for example: Pods, Namespaces, ConfigMaps, and Events).
Most operations can be performed through the kubectl command-line interface or other command-line tools, such as kubeadm, which in turn use the API. However, you can also access the API directly using REST calls.
1.4 Containers
Containers - Click arrow to read more
Containers are a form of operating system virtualization. A single container might be used to run anything from a small microservice or software process to a larger application. Inside a container are all the necessary executables, binary code, libraries, and configuration files. Compared to server or machine virtualization approaches, however, containers do not contain operating system images.
This makes them more lightweight and portable, with significantly less overhead. In larger application deployments, multiple containers may be deployed as one or more container clusters. Such clusters might be managed by a container orchestrator such as Kubernetes.
Reference : https://www.netapp.com/devops-solutions/what-are-containers/
- What are Containers?
- Containers
- Kubernetes for the Absolute Beginners - Hands-on by Mumshad
- What are Kubernetes Pods Anyway?
- Containers for Beginners
- Kubernetes for Beginners
- Docker Tutorial for Beginners (OPTIONAL)
- Best practices for creating Dockerfiles
- Containers vs VMS
- Container Images
- Kubernetes Tutorial for Beginners – Basic Concepts & Examples
1.5 Scheduling
🔹 2. Container Orchestration - 22%
2.1 Containers Orchestration Fundamentals
2.2 Runtime
- Container runtimes
- Making Sense of the Container Runtime Landscape in Kubernetes
- Container Runtime Interface (CRI)
- What are Runtime Classes?
- Kubernetes is deprecating Docker as a container runtime after v1.20
- Kubernetes is deprecating Docker: what you need to know
- Rancher Desktop – An Open Source App for Desktop Kubernetes and Container Management
- Rancher Desktop GitHub
2.3 Security
- Securing a cluster
- Cloud native security guide for building secure applications
- Kubernetes Security Best Practices: 10 Steps to Securing K8s
- Kubernetes Security Cheat Sheet
- Kubernetes Security: Common Issues and Best Practices
- What is Kubernetes Container Security?
- Kubernetes Security 101: Fundamentals and Best Practices
- Understand Role Based Access Control (RBAC) in Kubernetes
- Controlling access to the K8s API
2.4 Networking
- Cluster networking in K8s
- Network Policies in K8s
- Services, Load Balancing and Networking
- Container Networking From Scratch
- CNI - the Container Network Interface - GitHub
2.5 Service Mesh
- What's a service mesh? (REDHAT)
- What Is a Service Mesh? (NGINX)
- The Istio service mesh
- Istio & Service Mesh - simply explained in 15 mins
- Managing microservice with Istio service mesh
- Istio Architecture
2.6 Storage
- Storage in Kubernetes
- What is Kubernetes Storage?
- Kubernetes Storage 101: Concepts and Best Practices
- Volumes in Kubernetes
- Persistent Volumes aka PVs in K8s
- Why Is Storage On Kubernetes So Hard?
- A complete storage guide for your Kubernetes storage problems by CNCF
- To run or not to run a database on Kubernetes: What to consider
- Kubernetes And Databases
- Container Storage Interface (CSI) for Kubernetes GA
🔹 3. Cloud Native Architecture - 16%
Characteristics of Cloud Native Architecture - Click arrow to read more
- High level of Automation
- Self-healing
- Secure by default
- Cost-efficient
- Easy-to-maintain
- Scalable
Twelve-Factor App - Click arrow to read more
The Twelve Factors
- I. Codebase: One codebase tracked in revision control, many deploys
- II. Dependencies: Explicitly declare and isolate dependencies
- III. Config: Store config in the environment
- IV. Backing services: Treat backing services as attached resources
- V. Build, release, run: Strictly separate build and run stages
- VI. Processes: Execute the app as one or more stateless processes
- VII. Port binding: Export services via port binding
- VIII. Concurrency: Scale out via the process model
- IX. Disposability: Maximize robustness with fast startup and graceful shutdown
- X. Dev/prod parity: Keep development, staging, and production as similar as possible
- XI. Logs: Treat logs as event streams
- XII. Admin processes: Run admin/management tasks as one-off processes
Reference: https://12factor.net/
- The Cloud Native Glossary
- CNCF Cloud Native Interactive Landscape
- The beginners guide to the CNCF landscape
- Graduated and incubaring projects in the CNCF eco-system
- Cloud Native Architecture Fundamentals
- The Twelve-Factor App
- Architecting Kubernetes clusters — choosing the best autoscaling strategy
- Introduction to Monolithic Architecture and MicroServices Architecture
- Microservices Architecture
- Managing microservice with Istio service mesh
- What is microservices architecture?
- Microservices vs Monolithic Architecture
3.1 Autoscaling
- Autoscaling in Kubernetes
- Horizontal Pod Autoscaling (HPA in K8s)
- Kubernetes Autoscaling: 3 Methods and How to Make Them Great
- Kubernetes Autoscaling in Production: Best Practices for Cluster Autoscaler, HPA and VPA
- Horizontal Pod autoscaling in GKE (GCP)
3.2 Serverless
- Microservices vs. Serverless Architecture
- Serverless Functions as a Service for Kubernetes
- Serverless containers on K8s
- Knative GitHub
3.3 Community & Governance
- Community & Governance in K8s (K8s GitHub)
- The Kubernetes Community
- The Official Kuberenetes GitHub
- Kubernetes governance, what you should know
- Kubernetes Community Values
- Kubernetes 1.21: Power to the Community
- Kubernetes in Production: Best Practices for Governance, Cost Management, Security and Access Control
3.4 Roles & Personas
- Personas
- [Podcast] PodCTL #28 - Kubernetes Roles & Personas
- Personas and use cases
- PodCTL - Enterprise Kubernetes - podcast focused on Roles and Personas of K8s environments
3.5 Open Standards
- Navigating open standards for Kubernetes
- Open standards can make or break a Kubernetes implementation
- Three tips to implement Kubernetes with open standards
- Open Container Initiative
- CNI - the Container Network Interface
- Container Runtime Interface (CRI) – a plugin interface which enables kubelet to use a wide variety of container runtimes - GitHub
- Container Storage Interface (CSI) Specification - GitHub
- A standard interface for service meshes on Kubernetes
🔹 4. Cloud Native Observability - 8%
4.1 Telemetry & Observability
- The Cloud Native Landscape: Observability & Analysis
- What is Telemetry? The Guide to Application Monitoring
- Tools for Monitoring Resources
- What is OpenTelemetry and why is it the future of instrumentation?
- Migrating telemetry and security agents from dockershim
- Getting started with OpenTelemetry on Kubernetes
- CNCF Advances OpenTelemetry Initiative
- Splunk Donates eBPF Telemetry Data Collector to CNCF
- Use the native logging mechanisms of containers
4.2 Prometheus
- What is Prometheus?
- An introduction to monitoring with Prometheus
- How Prometheus Monitoring works | Prometheus Architecture explained by Nana Janashia
- What is Prometheus and Why Should You Use It?
- Metrics For Kubernetes System Components
- Query Examples from Prometheus
- Prometheus Cheat Sheet - Basics (Metrics, Labels, Time Series, Scraping)
- Jaeger: open source, end-to-end distributed tracing
4.3 Cost Management
- Cost management for Kubernetes
- Kubernetes Cost Analysis: Manage Your Kubernetes Costs
- Kubernetes Cost Management and Analysis Guide
- Cloud cost optimization: principles for lasting success
🔹 5. Cloud Native Application Delivery - 8%
5.1 Application Delivery Fundamentals
- Continuous delivery at cloud native speed
- What is Helm
- What is CI/CD? by RedHat
- What is Infrastructure as Code (IaC)?
5.2 GitOps
- What is GitOps?
- ArgoCD Kubernetes - YouTube playlist by Just me and Opensource
- ArgoCon 2021 - YouTube playlist
- Guide to GitOps by Weave works
- GitOps on Kubernetes: Deciding Between Argo CD and Flux
- Argo CD vs Flux CD — Right GitOps tool for your Kubernetes cluster
- FluxCD, ArgoCD or Jenkins X: Which Is the Right GitOps Tool for You?
- GitOps tools in comparison by cloudogu
- Flux vs ArgoCD
- Why is a PULL vs a PUSH pipeline important?
- Push vs. Pull in GitOps: Is There Really a Difference?
- ArgoCD Architecture
5.3 CI/CD
- Kubernetes CICD - CI/CD for Kubernetes | Weaveworks
- Kubernetes for CI/CD at scale
- Kubernetes CI/CD pipelines: What, why, and how
- Top Open Source CI/CD Tools for Kubernetes to Know
- Kubernetes CI/CD Best Practices
- CI/CD Pipelines with Kubernetes | Best Practices and Tools
Test your knowledge - Click this for practice questions
Slack
Useful training material
- Kubernetes and Cloud Native Essentials by The Linux Foundation
- Kubernetes and Cloud Native Associate (KCNA) Practice Exams on Udemy by Andrew Brown
- Introduction to GitOps by The Linux Foundation
- Introduction to DevOps & Site Reliability Engineering by The Linux Foundation
- Oh My Git! An open source game about learning Git!
- Learn Git Branching
- Kubernetes and Cloud Native Associate (KCNA)
Useful reading material
- Delivering Cloud Native Infrastructure as Code by Pulumi
- Unlocking the Cloud Operating Model: Provisioning
- GitLab’s guide to CI/CD for beginners
- How to Pass your KCNA Exam by Brad McCoy
- The KCNA Exam — A quick guide to kicking off your K8S and Cloud Native Journey by Marino Wijay
Books
References
Useful Youtube vdeos
- Kubernetes and Cloud Native Associate (KCNA) exam - Katie Gamanji, CNCF
- KCNA breakdown by Saiyam Pathak
- Open Source Values & Advocacy & Deep Dive KCNA Exam | CLOUDNATIVE.FM Ep 31
- KCNA Deep Dive by Katie Gamanji - The CLOUDNATIVEFM With SAIM
- KCNA Prep - Kubernetes Fundamentals Part 1
- KCNA Prep - Kubernetes Fundamentals Part 2