#Container Orchestration
72 posts
Certified Kubernetes Administrator (CKA) #27 Full-Length Practice Exam — 17 Tasks with Solutions
The final post of the Certified Kubernetes Administrator (CKA) series. Work through 17 task scenarios that integrate every domain in the same flow as the real exam, then unfold each task's solution commands, YAML, and explanation to grade yourself. Sum the points against the 66% pass line and lay out a review path for your weak domains.
Certified Kubernetes Security Specialist (CKS) #20 Full-Length Practice Exam — 16 Tasks with Solutions
The final post of the Certified Kubernetes Security Specialist (CKS) series. Work through 16 task scenarios that integrate all six domains in the same flow as the real exam, then unfold each task's solution commands, YAML, and traps to grade yourself. Sum the points against the 67% pass line and lay out a review path for your weak domains.
Certified Kubernetes Administrator (CKA) #26: Exam Tips, Time Management, and Patterns People Miss
A condensed cheat sheet to read one more time right before you sit the CKA hands-on exam. We pull together time management for running roughly 15–20 tasks in 2 hours, the priority order driven by points and troubleshooting, a refreshed kubectl speed setup, context switching across multiple clusters, using the official docs, the recurring patterns where operators bleed points and how to avoid them, easily confused concept pairs, and a pre-exam checklist for each of the five domains. Next up in #27 is a full-scale hands-on mock exam.
Certified Kubernetes Application Developer (CKAD) #21 Full-Length Practice Exam — 18 Tasks with Solutions
The final post of the Certified Kubernetes Application Developer (CKAD) series. Work through 18 task scenarios that integrate every domain in the same flow as the real exam, then unfold each task's solution commands, YAML, and explanation to grade yourself. Check your weak domains against the 66% pass line and lay out a review path.
Certified Kubernetes Security Specialist (CKS) #19: Exam tips, time management, and patterns people get wrong
A condensed read to go through one more time right before you sit the CKS hands-on exam. We cover the time management of running roughly 15–20 tasks in 2 hours, prioritizing tasks by tool, re-running the setup right after the exam starts, switching context across multiple clusters, making use of kubernetes.io/docs and the Falco, Trivy, AppArmor, and gVisor official docs, the recurring patterns that leak points on a security hands-on exam and how to avoid them, easily confused concept pairs, and a per-domain pre-exam checklist across all six domains. Next up, #20 is a full-scale hands-on mock exam.
Certified Kubernetes Administrator (CKA) #25 Troubleshooting 4: Networking, DNS, RBAC, Certificate Expiry
The 25th post in the Certified Kubernetes Administrator (CKA) series. We lay out the diagnostic order to walk when service communication fails — from Endpoints all the way to NetworkPolicy — how to narrow down name-resolution failures with CoreDNS and nslookup, how to read RBAC Forbidden errors with auth can-i, and how to find and fix expired certificates with kubeadm certs check-expiration.
Certified Kubernetes Application Developer (CKAD) #20: Exam Tips, Time Management, and the Patterns People Miss
A compressed read-through to take with you right before the CKAD hands-on exam. We cover the time management for running roughly 15–20 tasks in 2 hours, a refresher on the kubectl speed setup, using imperative generators and the official docs, eight recurring patterns that leak points on the practical and how to avoid them, confusing concept pairs, and a per-domain pre-exam checklist. The next post, #21, is a full-scale hands-on mock exam.
Certified Kubernetes Security Specialist (CKS) #18: Container immutability, forensics
The eighteenth post in the Certified Kubernetes Security Specialist (CKS) series. We cover the final pieces of runtime security — container immutability and incident response. We work through YAML examples for the pattern of hardening the filesystem to read-only with readOnlyRootFilesystem and opening only the paths that need writes via emptyDir, the immutable operating model that forbids in-place changes and only swaps via redeploy, and the forensics procedure of isolating a compromised Pod with a NetworkPolicy and a node cordon, preserving evidence, and then investigating with kubectl debug.
Certified Kubernetes Administrator (CKA) #24 Troubleshooting 3: Control Plane (apiserver/etcd/scheduler Down), etcd Recovery
The twenty-fourth post in the Certified Kubernetes Administrator (CKA) series. Taking the fact that control plane components run as static Pods as the starting point of diagnosis, we organize how to narrow down causes by symptom — from an apiserver down that leaves kubectl unresponsive, to an etcd down, to a scheduler/controller-manager down. We get hands-on with inspecting containers directly via crictl and journalctl, and with fixing manifests so kubelet restarts them.
Certified Kubernetes Application Developer (CKAD) #19 Ingress and NetworkPolicy
The nineteenth post in the Certified Kubernetes Application Developer (CKAD) series. It covers Ingress, which routes external traffic at L7, and NetworkPolicy, which controls Pod-to-Pod communication with a whitelist, from a hands-on exam perspective. We will build everything from host/path routing and pathType, IngressClass, and TLS through to the podSelector-based default deny pattern, with YAML examples.
Certified Kubernetes Security Specialist (CKS) #17 Falco behavioral analysis, audit logs (Runtime)
The 17th post in the Certified Kubernetes Security Specialist (CKS) series. As the core of the final domain — Monitoring, Logging, and Runtime Security — we cover the rule structure of Falco, the syscall-based runtime threat-detection tool, along with writing custom rules and reading its output, then move on to the Kubernetes API audit log: policy levels and stages, apiserver flag configuration, and log analysis — all framed around the tasks that show up on the exam again and again.
Certified Kubernetes Administrator (CKA) #23 Troubleshooting 2: Nodes and kubelet (NotReady, disk/memory pressure)
The twenty-third post in the Certified Kubernetes Administrator (CKA) series. We follow the diagnostic flow for a node that has dropped to NotReady from start to finish. We read conditions with k describe node, SSH into the node and narrow down the cause with systemctl status kubelet and journalctl -u kubelet, and fix a stopped kubelet, a stopped runtime, a full disk, and memory pressure symptom by symptom. We also cover how to isolate a problem node with cordon and drain.