# Kubernetes Architecture Quick Reference Guide *Essential commands, concepts, and troubleshooting for CKAD success* ## 📐 Core Architecture Components ### Control Plane Components ```bash # Check control plane health kubectl get componentstatuses kubectl get pods -n kube-system # API Server kubectl cluster-info kubectl api-versions kubectl api-resources # etcd cluster health kubectl get pods -n kube-system -l component=etcd # Scheduler kubectl get events --field-selector reason=Scheduled # Controller Manager kubectl get pods -n kube-system -l component=kube-controller-manager ``` ### Worker Node Components ```bash # Node information kubectl get nodes -o wide kubectl describe node # kubelet status kubectl get pods -A -o wide kubectl get --raw /api/v1/nodes//proxy/stats/summary # kube-proxy kubectl get pods -n kube-system -l k8s-app=kube-proxy kubectl logs -n kube-system # Container runtime kubectl get nodes -o jsonpath='{.items[*].status.nodeInfo.containerRuntimeVersion}' ``` --- ## 🔐 Security Architecture ### RBAC Commands ```bash # Check permissions kubectl auth can-i --as= --namespace= kubectl auth can-i "*" "*" --as= # Create service account kubectl create serviceaccount -n # Create role and binding kubectl create role --verb=get,list --resource=pods -n kubectl create rolebinding --role= --user= -n # Cluster-wide permissions kubectl create clusterrole --verb=get,list --resource=nodes kubectl create clusterrolebinding --clusterrole= --user= # Debug RBAC kubectl describe role -n kubectl describe rolebinding -n ``` ### Security Contexts ```bash # Check pod security context kubectl get pod -o jsonpath='{.spec.securityContext}' kubectl get pod -o jsonpath='{.spec.containers[*].securityContext}' # Run as non-root user kubectl run secure-pod --image=nginx --dry-run=client -o yaml > pod.yaml # Edit to add: spec.securityContext.runAsUser: 1000 kubectl apply -f pod.yaml ``` --- ## 🌐 Networking Architecture ### Service Discovery ```bash # Services and endpoints kubectl get services -A kubectl get endpoints -A kubectl describe service # DNS resolution testing kubectl run dns-test --image=busybox --rm -it -- nslookup kubernetes.default.svc.cluster.local kubectl run dns-test --image=busybox --rm -it -- nslookup ..svc.cluster.local ``` ### Network Policies ```bash # List network policies kubectl get networkpolicy -A kubectl describe networkpolicy -n # Test connectivity (basic) kubectl run client --image=curlimages/curl --rm -it -- sh # curl -m 5 http://..svc.cluster.local: # Test cross-namespace connectivity kubectl run client -n --image=curlimages/curl --rm -it -- curl -m 5 http://..svc.cluster.local: ``` --- ## 💾 Storage Architecture ### Persistent Volumes ```bash # Storage classes kubectl get storageclass kubectl describe storageclass # Persistent volumes kubectl get pv kubectl describe pv # Persistent volume claims kubectl get pvc -A kubectl describe pvc -n # Check volume mounts kubectl describe pod | grep -A 10 "Volumes:" kubectl exec -- df -h ``` ### Volume Troubleshooting ```bash # Check volume binding kubectl get pvc -o jsonpath='{.status.phase}' kubectl get events --field-selector involvedObject.name= # CSI driver status kubectl get pods -n kube-system | grep csi kubectl logs -n kube-system ``` --- ## 🏗️ Multi-Container Pod Patterns ### Sidecar Pattern ```bash # Check container status in pod kubectl get pod -o jsonpath='{.status.containerStatuses[*].name}' kubectl get pod -o jsonpath='{.status.containerStatuses[*].ready}' # Logs from specific container kubectl logs -c kubectl logs -c --previous # Execute in specific container kubectl exec -it -c -- /bin/sh ``` ### Init Containers ```bash # Check init container status kubectl get pod -o jsonpath='{.status.initContainerStatuses[*].name}' kubectl describe pod | grep -A 10 "Init Containers:" # Init container logs kubectl logs -c ``` --- ## 📊 Monitoring and Observability ### Resource Usage ```bash # Node resource usage kubectl top nodes kubectl top nodes --sort-by=cpu kubectl top nodes --sort-by=memory # Pod resource usage kubectl top pods -A kubectl top pods -A --sort-by=cpu kubectl top pods -A --containers ``` ### Metrics and Health ```bash # Cluster metrics kubectl get --raw /metrics | grep apiserver kubectl get --raw /api/v1/nodes//proxy/metrics # Pod health checks kubectl get pods -o wide kubectl describe pod | grep -A 10 "Conditions:" kubectl get events --sort-by=.metadata.creationTimestamp ``` --- ## 🚀 Deployment Patterns ### Rolling Updates ```bash # Deployment status kubectl rollout status deployment/ kubectl rollout history deployment/ # Update deployment kubectl set image deployment/ = kubectl rollout restart deployment/ # Rollback deployment kubectl rollout undo deployment/ kubectl rollout undo deployment/ --to-revision=2 ``` ### Scaling and Autoscaling ```bash # Manual scaling kubectl scale deployment --replicas=5 # Horizontal Pod Autoscaler kubectl autoscale deployment --cpu-percent=70 --min=2 --max=10 kubectl get hpa kubectl describe hpa ``` --- ## 🛠️ Troubleshooting Commands ### Pod Issues ```bash # Pod debugging workflow kubectl get pods -o wide kubectl describe pod kubectl logs --previous kubectl exec -it -- /bin/sh # Pod events kubectl get events --field-selector involvedObject.name= kubectl get events --sort-by=.metadata.creationTimestamp --all-namespaces ``` ### Node Issues ```bash # Node troubleshooting kubectl describe node kubectl get events --field-selector involvedObject.name= kubectl get pods --field-selector spec.nodeName= # Node conditions kubectl get nodes -o jsonpath='{.items[*].status.conditions[?(@.type=="Ready")].status}' ``` ### Networking Issues ```bash # Service troubleshooting kubectl get endpoints kubectl get service -o wide kubectl describe service # DNS troubleshooting kubectl run dns-debug --image=busybox --rm -it -- nslookup kubernetes.default.svc.cluster.local kubectl exec -it -- cat /etc/resolv.conf ``` --- ## 🎯 CKAD Exam Quick Tips ### Time-Saving Aliases ```bash # Essential aliases for speed alias k='kubectl' alias kgp='kubectl get pods' alias kdp='kubectl describe pod' alias kl='kubectl logs' alias ke='kubectl explain' alias kaf='kubectl apply -f' alias kdel='kubectl delete' # Multi-container specific alias klc='kubectl logs -c' alias kexc='kubectl exec -it -c' ``` ### Fast YAML Generation ```bash # Generate YAML quickly kubectl run --image= --dry-run=client -o yaml > pod.yaml kubectl create deployment --image= --dry-run=client -o yaml > deployment.yaml kubectl create service clusterip --tcp=80:8080 --dry-run=client -o yaml > service.yaml # ConfigMap and Secret generation kubectl create configmap --from-literal=key=value --dry-run=client -o yaml > cm.yaml kubectl create secret generic --from-literal=key=value --dry-run=client -o yaml > secret.yaml ``` ### Exam Strategy Checklist - [ ] Read question completely before starting - [ ] Use `kubectl explain` for field definitions - [ ] Generate YAML with `--dry-run=client -o yaml` - [ ] Test with `kubectl apply --dry-run=server` - [ ] Verify with `kubectl get` and `kubectl describe` - [ ] Check logs with `kubectl logs` - [ ] Use `kubectl exec` for debugging --- ## 📋 Common Resource Specs ### Pod Template ```yaml apiVersion: v1 kind: Pod metadata: name: example-pod labels: app: example spec: containers: - name: app image: nginx:1.21 ports: - containerPort: 80 resources: requests: cpu: 100m memory: 128Mi limits: cpu: 500m memory: 256Mi livenessProbe: httpGet: path: / port: 80 initialDelaySeconds: 30 periodSeconds: 10 readinessProbe: httpGet: path: / port: 80 initialDelaySeconds: 5 periodSeconds: 5 ``` ### Service Template ```yaml apiVersion: v1 kind: Service metadata: name: example-service spec: selector: app: example ports: - port: 80 targetPort: 80 protocol: TCP type: ClusterIP ``` ### ConfigMap Template ```yaml apiVersion: v1 kind: ConfigMap metadata: name: example-config data: key1: value1 key2: value2 config.yaml: | setting1: value1 setting2: value2 ``` --- ## 🔍 Resource Field Quick Reference ### Common Fields ```bash # Get all possible fields for a resource kubectl explain pod --recursive kubectl explain deployment.spec --recursive # Common paths kubectl explain pod.spec.containers kubectl explain pod.spec.securityContext kubectl explain pod.spec.volumes kubectl explain service.spec kubectl explain networkpolicy.spec ``` ### JSONPath Examples ```bash # Pod information kubectl get pods -o jsonpath='{.items[*].metadata.name}' kubectl get pods -o jsonpath='{.items[*].status.podIP}' kubectl get pods -o jsonpath='{.items[*].spec.containers[*].image}' # Node information kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}' kubectl get nodes -o jsonpath='{.items[*].status.nodeInfo.kubeletVersion}' ``` --- ## 🚨 Emergency Commands ### Pod Not Starting ```bash kubectl describe pod kubectl logs --previous kubectl get events --field-selector involvedObject.name= kubectl exec -it -- /bin/sh # if running ``` ### Service Not Working ```bash kubectl get endpoints kubectl get pods -l kubectl describe service kubectl run test --image=busybox --rm -it -- wget -O- : ``` ### Network Policy Blocking ```bash kubectl get networkpolicy -A kubectl describe networkpolicy kubectl run test --image=busybox --rm -it -- nc -zv ``` --- *Quick Reference Version: June 2025* *For complete details, see the [Kubernetes Architecture Deep Dive](../kubernetes-architecture-deep-dive.md)*