{"id":15848979,"url":"https://github.com/amazingandyyy/k8-cert","last_synced_at":"2026-04-29T19:34:11.040Z","repository":{"id":82578898,"uuid":"233115812","full_name":"amazingandyyy/k8-cert","owner":"amazingandyyy","description":"Notes for Kubernetes Certified Application Developer (CKAD)","archived":false,"fork":false,"pushed_at":"2020-01-17T06:35:38.000Z","size":585,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-06-13T19:44:43.700Z","etag":null,"topics":["ckad","ckad-certification","k8s","kubernetes"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/amazingandyyy.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-01-10T19:24:30.000Z","updated_at":"2020-01-17T06:35:40.000Z","dependencies_parsed_at":null,"dependency_job_id":"eeb21754-c539-4392-8c1c-52b59530ecd2","html_url":"https://github.com/amazingandyyy/k8-cert","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/amazingandyyy/k8-cert","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fk8-cert","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fk8-cert/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fk8-cert/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fk8-cert/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/amazingandyyy","download_url":"https://codeload.github.com/amazingandyyy/k8-cert/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/amazingandyyy%2Fk8-cert/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":32441263,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-04-29T18:12:22.909Z","status":"ssl_error","status_checked_at":"2026-04-29T18:11:33.322Z","response_time":110,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.5:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["ckad","ckad-certification","k8s","kubernetes"],"created_at":"2024-10-05T18:21:12.920Z","updated_at":"2026-04-29T19:34:11.024Z","avatar_url":"https://github.com/amazingandyyy.png","language":"JavaScript","funding_links":[],"categories":[],"sub_categories":[],"readme":"# K8S\n\n```\nkubectl config set-context --current --namespace=\n```\n\n## Certification\n\n### core\n\n- pod\n- deployment\n- replicaSets\n- namespaces\n\n### configurations\n\n#### ConfigMaps\n\n- imperative\n  - use `kubectkl create configMap \u003cname\u003e --from-literal=\u003ckey\u003e=\u003cvalue\u003e`\n  - use `kubectkl create configMap \u003cname\u003e --from-from=\u003cpath\u003e`\n- declarative\n  - kind: ConfigMaps(v1)\n    - no spec, data install, then key: value pairs\n- use configmap in pods\n  \n  ```yaml\n  spec:\n    containers:\n      - name: pod-name\n        image: docker/pod\n        ports:\n          - containerPort: 8080\n        envFrom:\n          - configMapRef:\n            name: app-config\n            # key: APP_COLOR (single env)\n  ```\n\n#### Secret\n\n- imperative: similar to configMap\n- declarative\n  \n  ```yaml\n  spec:\n    envFrom:\n      - secretRef:\n        name: app-config\n  ```\n\nor inject from volume\n  \n  ```yaml\n  spec:\n    volumes:\n      - name: app-secret-volume\n        secret:\n          secretName: app-secret\n  ```\n\n#### SecurityContext\n\n- declarative on container or pod level\n\n```yaml\nspec:\n  securityContext:\n    runAsUser: 1000\n    capabilities:\n      add: [\"MAC_ADMIN\"]\n```\n\n#### Resource\n\n```yaml\nspec:\n  containers:\n  - name: image-name\n    resources:\n      request:\n        memory: \"1Gi\"\n        cpu: 1\n      limits:\n        memory: \"2Gi\"\n        cpu: 2\n```\n\n### Taint \u0026 Tolerations\n\n- `kubectl tain nodes node-1 app=blue:NoSchedule`\n- pod.yaml\n\n```yaml\n...\nspec:\n  containers:\n  - name: nginx\n    image: nginx\n  tolerations:\n  - key: \"app\"\n    operator: \"Equal\"\n    value: \"blue\"\n    effect: \"NoSchedule\"\n\n```\n\n## Node Affinity\n\n```yaml\nspec:\n  containers:\n    ...\n  affinity:\n    nodeAffinity:\n      requiredDuringSchedulingIgnoredDuringExecution:\n        nodeSelectorTerms:\n        - matchExpressions:\n          - key: app_type\n            operator: In\n            values:\n            - beta\n```\n\n\n### Service account\n\n- `kubectl create sa dashboard-sa` it will then create a secret token e.g. dashboard-sa-token-kbbdn\n  - `kubectl describe secret dashboard-sa-token-kbbdn`\n- add to pod with spec.serviceAccount\n\n## Topics\n\n### Multi-container Pod\n\n```yaml\nspec:\n  containers:\n    - name: simple-webapp\n      image: docker/simple-webapp\n      ports:\n        - containerPort: 8080\n    - name: log-agent\n      image: docker/log-agent\n    - name: ...\n```\n\n- logs design patterns:\n  - sidecar(small container along with the main app)\n  - adapter(every main app send to one small container before save to DB)\n  - ambassador(send to a centralized small container and then save to DB)\n\n### Observability\n\n- spec.readinessProbe: health check to make sure the app is really running after deploying\n  \n```yaml\nspec:\n  readinessProbe:\n    httpGet:\n      path: /ready\n      port: 8080\n    initialDelaySeconds: 10\n    periodSeconds: 5\n    failureThreshold: 8\n```\n\n- spec.livenessProbe\n  - health check to avoid when the pod is running but service is down\n\n### Labels\n\n- labels\n  - use metadata.labels\n  - or use `kubectl label pods pod-name key=value`\n  - or use `kubectl run my-server --image=nginx --labels=\"key=value,env=prod\"`\n  - select `kubectl get pods --selector env=pod`\n- spec.selector\n  - spec.selector.matchLabels.key: value\n- example: rs uses selector to find the pod, then service uses the label to connect to the pod in the rs\n  - ![selector](https://i.imgur.com/BhNmKLD.png)\n- metadata.annotations\n\n### Update \u0026 Deployment\n\n- spec.strategy.type can be “Recreate” or “RollingUpdate”(the default value)\n- rolling update\n  - `kubectl apply -f \u003cfile\u003e` will trigger a rolling updates\n- rollout\n  - use `kubectl rollout status deployment/myapp-deployment`\n  - use `kubectl rollout history deployment/myapp-deployment`\n\n### Job/CronJob\n\n- kind: Job(batch/v1beta1), need a pod in spec.template\n  - spec.schedule: \"*/1 * * * *\"\n- kind: CronJob(batch/v1), need a pod in spec.template\n\n### Services** use selector to apply to p\n\n- kind: Service(v1)\n  - spec.type: NodePort\n    - ![NodePort](https://i.imgur.com/rn8Vgg8.png)\n    - spec.ports\n      - targetPort\n      - port\n      - nodePort (to the outside world)\n    - spec.selector\n  - spec.type: ClusterIP\n    - spec.ports\n      - targetPort\n      - port (act like a load balancer)\n    - spec.selector\n\n### Ingress\n\n- Ingress Controller = Deployment + Service + ConfigMap + Auth\n  - ![ingress-controller](https://i.imgur.com/CiPDmgU.png)\n- kind: Ingress - Ingress resources\n  - one service\n  \n  ```yaml\n  apiVersion: networking.k8s.io/v1beta1\n  kind: Ingress\n  metadata:\n    name: test-ingress\n  spec:\n    backend:\n      serviceName: testsvc\n      servicePort: 80\n  ```\n  \n  - route to multiple services\n  \n  ```yaml\n  apiVersion: networking.k8s.io/v1beta1\n  kind: Ingress\n  metadata:\n    name: simple-fanout-example\n    annotations:\n      nginx.ingress.kubernetes.io/rewrite-target: /\n      # (O) http://\u003cingress-service\u003e:\u003cingress-port\u003e/watch --\u003e http://\u003cwatch-service\u003e:\u003cport\u003e/\n      # (X) http://\u003cingress-service\u003e:\u003cingress-port\u003e/watch --\u003e http://\u003cwatch-service\u003e:\u003cport\u003e/watch\n  spec:\n    rules:\n    - host: foo.bar.com\n      http:\n        paths:\n        - path: /foo\n          backend:\n            serviceName: service1\n            servicePort: 4200\n        - path: /bar\n          backend:\n            serviceName: service2\n            servicePort: 8080\n  ```\n  \n  - route to sub domain with multiple services\n  \n  ```yaml\n  spec:\n    rules:\n    - host: foo.bar.com\n      http:\n        paths:\n        - backend:\n            serviceName: service1\n            servicePort: 80\n    - host: bar.foo.com\n      http:\n        paths:\n        - backend:\n            serviceName: service2\n            servicePort: 80\n  ```\n\n### State Persistence\n\n- spec.volumes\n  - spec.volumes.hostPath.path\n  - spec.containers.volumeMounts\n- kind: PersistentVolume(v1)\n  - spec.accessModes\n  - capacity.storage\n- kind: PersistentVolumeClaim(v1)\n  - or use it in the pod, spec.volumes.persistentVolumeClaim.claimName\n\n\n---\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famazingandyyy%2Fk8-cert","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Famazingandyyy%2Fk8-cert","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Famazingandyyy%2Fk8-cert/lists"}