#Container Orchestration

72 posts

Certified Kubernetes Application Developer (CKAD) #3 Multi-container Patterns: Init container, sidecar, ambassador, adapter
8 min read

Certified Kubernetes Application Developer (CKAD) #3 Multi-container Patterns: Init container, sidecar, ambassador, adapter

The third post in the Certified Kubernetes Application Developer (CKAD) series. It covers the collaboration patterns that arise when a single Pod holds multiple containers. We will build, with kubectl commands and YAML examples, the init container that guarantees sequential execution, the sidecar that runs alongside the main container, the ambassador that abstracts outbound connections, and the adapter that standardizes output format. It also covers emptyDir volume sharing and shared process namespace from a hands-on exam perspective.

Certified Kubernetes Security Specialist (CKS) #1: The Exam Environment — CKA prerequisite, tools, time management
8 min read

Certified Kubernetes Security Specialist (CKS) #1: The Exam Environment — CKA prerequisite, tools, time management

The opening post of the Certified Kubernetes Security Specialist (CKS) series. We lay out the structure of the 2-hour hands-on security exam that assumes you already hold CKA, the weight of the six domains, the 67% passing line, and the testing environment — then map out the big picture of the security tools the exam covers (kube-bench, AppArmor, seccomp, OPA/Gatekeeper, Falco, Trivy, cosign) and a strategy for using the docs. This 20-part series targets a CKS pass, wrapping up with a hands-on mock exam in #20.

Certified Kubernetes Administrator (CKA) #7: etcd Backup and Restore — etcdctl snapshot save/restore
9 min read

Certified Kubernetes Administrator (CKA) #7: etcd Backup and Restore — etcdctl snapshot save/restore

The seventh post of the Certified Kubernetes Administrator (CKA) series. It lays out the procedure for backing up and restoring etcd — which holds the entire state of your cluster — with etcdctl. You will get the flow into your hands: find the data-dir and certificate paths in the static Pod manifest, take a snapshot with snapshot save, restore it to a new data-dir with snapshot restore, and then bring etcd back up.

Certified Kubernetes Application Developer (CKAD) #2 Pod and Container Lifecycle — Restart Policy and Container States
5 min read

Certified Kubernetes Application Developer (CKAD) #2 Pod and Container Lifecycle — Restart Policy and Container States

The second post in the Certified Kubernetes Application Developer (CKAD) series. We build it all by hand: the Pod lifecycle (Pending, Running, Succeeded, Failed, Unknown) and how restartPolicy (Always, OnFailure, Never) shapes workload behavior, container states (Waiting, Running, Terminated) and reasons like CrashLoopBackOff, ImagePullBackOff, and OOMKilled, how to read exit codes, and the troubleshooting sequence the exam loves to test.

Certified Kubernetes Administrator (CKA) #6 Cluster Upgrade: kubeadm upgrade plan/apply, Per-node drain
9 min read

Certified Kubernetes Administrator (CKA) #6 Cluster Upgrade: kubeadm upgrade plan/apply, Per-node drain

The sixth post in the Certified Kubernetes Administrator (CKA) series. We lay out the standard procedure for bumping a kubeadm cluster up one minor version, in order from the control plane to the worker nodes. We drill kubeadm upgrade plan/apply, swapping the kubelet and kubectl packages, per-node drain and uncordon, and the traps people miss most often in the exam.

Certified Kubernetes Application Developer (CKAD) #1: The Exam Environment — Mastering kubectl, dry-run, and generators
8 min read

Certified Kubernetes Application Developer (CKAD) #1: The Exam Environment — Mastering kubectl, dry-run, and generators

The opening post of the Certified Kubernetes Application Developer (CKAD) series. We map out the structure of the 2-hour hands-on exam, the weight of the five domains, the passing line, and the testing environment — then drill the kubectl setup (alias, dry-run, generators, vim config) that decides how your exam time runs. This 21-part series targets a CKAD pass, wrapping up with a full-scale mock exam in #21.

Certified Kubernetes Administrator (CKA) #5 HA Clusters: Multiple Control Planes and an External etcd Cluster
12 min read

Certified Kubernetes Administrator (CKA) #5 HA Clusters: Multiple Control Planes and an External etcd Cluster

The fifth post in the Certified Kubernetes Administrator (CKA) series. We tackle the high-availability (HA) cluster that removes the single point of failure of a lone control plane. This is a concept-first walkthrough of the trade-offs between the stacked etcd and external etcd topologies, the load balancer in front of the apiservers and --control-plane-endpoint, etcd quorum and fault tolerance, joining control plane nodes, and verifying membership.

Certified Kubernetes Administrator (CKA) #4 Installing a Cluster with kubeadm: Bootstrapping a Single Control Plane
10 min read

Certified Kubernetes Administrator (CKA) #4 Installing a Cluster with kubeadm: Bootstrapping a Single Control Plane

Part 4 of the Certified Kubernetes Administrator (CKA) series. We stand up a Kubernetes cluster from scratch on a bare Linux machine with kubeadm. From the prerequisites — disabling swap, loading kernel modules, installing containerd — through bootstrapping the control plane with kubeadm init, installing a CNI to bring the node to Ready, and attaching workers with kubeadm join, we walk the whole path command by command.

Certified Kubernetes Administrator (CKA) #3 Cluster Architecture 2: Node (kubelet/kube-proxy/CRI), the Pod Networking Model
12 min read

Certified Kubernetes Administrator (CKA) #3 Cluster Architecture 2: Node (kubelet/kube-proxy/CRI), the Pod Networking Model

The third post in the Certified Kubernetes Administrator (CKA) series. Once the control plane makes a decision, the actual containers run on the nodes. We lay out the roles of the three node components — kubelet, kube-proxy, and the container runtime — and the CRI interface, then look from an operations angle at the Kubernetes Pod networking model where every Pod communicates without NAT, and at where the CNI plugin fits in.

Certified Kubernetes Administrator (CKA) #2 Cluster Architecture 1: Control plane (apiserver/etcd/scheduler/controller-manager)
12 min read

Certified Kubernetes Administrator (CKA) #2 Cluster Architecture 1: Control plane (apiserver/etcd/scheduler/controller-manager)

The second post in the Certified Kubernetes Administrator (CKA) series. We look at how a cluster actually runs, starting from the control plane. We cover what kube-apiserver (the gateway for all communication), etcd (the cluster state store), kube-scheduler (the Pod placement decision), and kube-controller-manager (the reconciliation loop) each do, how the control plane runs as static Pods, and what happens to the cluster when a component dies — all from an operator's point of view.

Certified Kubernetes Administrator (CKA) #1: The Exam Environment — alias and dry-run, vim/yq setup, time management
8 min read

Certified Kubernetes Administrator (CKA) #1: The Exam Environment — alias and dry-run, vim/yq setup, time management

The opening post of the Certified Kubernetes Administrator (CKA) series. We lay out the structure of the 2-hour hands-on exam, the weight of the five domains (Troubleshooting at 30% is the crux), the passing line, and the testing environment — then drill the setup (alias, dry-run, vim/yq, etcdctl, systemctl) that decides how your exam time runs. This 27-part series targets a CKA pass, wrapping up with a hands-on mock exam in #27.

K8s Basics #1: What Is Kubernetes — Why Do We Need a Container Orchestrator?
12 min read

K8s Basics #1: What Is Kubernetes — Why Do We Need a Container Orchestrator?

You can run a single container with Docker. But what if you need 100 — and they need to restart on failure, scale with traffic, and survive a node going down? This first post in the series covers the limits of single-container tools, the problem container orchestrators solve, and the big picture of a Kubernetes cluster.