Adding labs

Ch02.md

@@ -1,10 +1,14 @@
-# Chapter 2
+# Chapter 2. Basics of Kubernetes
 
 **Kubernetes**: An open-source system for automating deployment, scaling and management of containerized applications.
 *source: kubernetes.io*
 
 Built from the Google project **Borg**.
 
+![02-02-Kubernetes_Lineage](/Users/johandry/Workspace/johandry/CKA/images/02-02-Kubernetes_Lineage.png)
+
+[LinkedIn Slideshare](https://www.slideshare.net/chipchilders/cloud-foundry-the-platform-for-forging-cloud-native-applications)
+
 Kubernetes is all about decoupled and transient services. **Decoupling** means that everything has been designed to not require anything else in particular. **Transient** means that the whole system expects various components to be terminated and replaced. A **flexible** and **scalable** environment means to have a framework that does not tie itself from one aspect to the next, and expect objects to die and to reconnect to their replacements.
 
 Kubernetes deploy a large number of microservices. Other parties (internal or external to K8s) expect that there are many possible microservices available to respond a request, to die and be replaced.
@@ -16,7 +20,7 @@ Other solutions to Kubernetes are:
 - Docker Swarm
 - Apache Mesos
 - Nomad
-- Rancher: Container orchestrator-agnostic system. Supports Mesos, Swarm and Kubernetes.
+- Rancher: Container orchestrator-agnostic system. Support Mesos, Swarm and Kubernetes.
 
 **Kubernetes Architecture:**
 
@@ -48,3 +52,4 @@ Tools:
 - **Kompose**: translate Docker Compose files into Kubernetes manifests
 
 [Lab 2.1](https://lms.quickstart.com/custom/858487/LAB_2.1.pdf): View Online Resources
+

Ch03.md

@@ -1,4 +1,4 @@
-# Chapter 3
+# Chapter 3. Installation and Configuration
 
 To configure and manage the cluster we'll use `kubectl`.  This command use `~/.kube/config` as configuration file with all the Kubernetes endpoints that you might use.
 

Ch04.md

@@ -1,4 +1,4 @@
-# Chapter 4
+# Chapter 4. Kubernetes Architecture
 
 A Kubernetes cluster is made of by 2 type of nodes: **Masters** and **Workers**
 
@@ -38,7 +38,11 @@ There are 3 network challenges to solve:
 2. Pod to pod communication: Solved by the Kubernetes user (admin or developer) has to do 
 3. External to pod communication: Solved by the Service concept
 
-#### **(1) Container to container communication**
+![04-02-Networking](/Users/johandry/Workspace/johandry/CKA/images/04-02-Networking.png)
+
+![04-03-Networking](/Users/johandry/Workspace/johandry/CKA/images/04-03-Networking.png)
+
+#### (1) Container to container communication**
 
 Kubernetes containers networking is standardized by the [Container Network Interface](https://github.com/containernetworking/cni) (CNI). CNI is a framework to write plugins to configure container networking and remove resources when the container is deleted. There are many plugins for different platforms. CNI is the default network interface mechanism if you install Kubernetes with kubeadm.
 

Ch05.md

@@ -0,0 +1,70 @@
+# Chapter 5. APIs and Access
+
+
+
+- Namespaces
+- Versions: alpha, beta and stable
+
+
+
+The entiere Kubernetes architecture is API-driven, the main agent for communication (internal and external) is the Kubernetes-apiserver. There are API groups that may have multiple versions and follow a domain-name format with reserved names such as the empty group and names ending in `.k8s.io`.
+
+View the API groups with a `curl` query:
+
+```json
+$ curl https://127.0.0.1:6443/apis -k
+....
+    {
+      "name": "apps",
+      "versions": [
+        {
+          "groupVersion": "apps/v1beta1",
+          "version": "v1beta1" 
+        },
+        {
+          "groupVersion": "apps/v1beta2",  
+          "version": "v1beta2"
+        } 
+      ], 
+     },
+....
+```
+
+Make the API calls with `kubectl` (recommended) or use `curl` or other program providing the certificates, keys, and JSON string or file when required.
+
+```bash
+curl --cert userbob.pem \
+  --key userBob-key.pem \ 
+  --cacert /path/to/ca.pem \
+  https://k8sServer:6443/api/v1/pods
+```
+
+It's important to check authorizations. Use `kubectl` to check authorizations as administrator and as a regular user (i.e. bob) in different namespaces:
+
+```bash
+$ kubectl auth can-i create deployments
+yes
+
+$ kubectl auth can-i create deployments --as bob
+no
+
+$ kubectl auth can-i create deployments --as bob --namespace developer
+yes
+```
+
+There are 3 APIs which can be applied to set who and what can be queried:
+
+- `SelfSubjectAccessView`: Access view for any user, useful for delegating to others.
+- `LocalSubjectAccessReview`: Review is restricted to a specific namespace
+- `SelfSubjectRulesReview`: A review shows allied actions for a user in a namespace
+
+The use of `reconcile` allows a check of authorization necessary to create an object from a file. No output means the creation would be allowed.
+
+As mentioned before the serialization for API calls must be JSON, all files in YAML are converted to and from JSON.
+
+The value of `resourceVersion` is used to determine API updates and implement optimistic concurrency which means an object is not locked from the rime it has been read until the object is written.
+
+The `resourceVersion` is backed via the `modifiedIndex` parameter in etc and it's unique to the namespace, kind and server. The operations that do not modifiy an object such as WATCH and GET, do not modify this value.
+
+**Annotations** allow to add metadata to an object, they are key to value maps. Annotations can store more information and in human-readable format, labels are not.
+

README.md

@@ -14,7 +14,7 @@ These are my notes from the Kubernetes Fundamentals training from The Linux Foun
 
 4. **Chapter 4**: [Kubernetes Architecture](Ch04.md)
 
-5. **Chapter 5**: APIs and Access
+5. **Chapter 5**: [APIs and Access](Ch05.md)
 
 ## Sources
 
@@ -36,6 +36,11 @@ These are my notes from the Kubernetes Fundamentals training from The Linux Foun
 
   Require credentials, use: `getsol.sh`
 
+## Other resources
+
+- https://www.cncf.io/wp-content/uploads/2019/02/rx-m-webinar-everything-you-need-to-know-about-the-cka-ckad.pdf
+- https://medium.com/platformer-blog/how-i-passed-the-cka-certified-kubernetes-administrator-exam-8943aa24d71d
+
 ## TODO
 
 * [ ] Review **Kompose**