How to pass the CKA and CKAD exam

Last week, I passed the Certified Kubernetes Administrator (CKA) and Certified Kubernetes Application Developer (CKAD) exam. I had very little knowledge and experience with Kubernetes but after spending only 3 weeks preparing, I managed to successfully pass both exams.

Below, I will detail the process I took in going from zero to hero.


1) Take an online course
It goes without saying that if you have close to zero knowledge on the subject at hand, some guidance to kick things off doesn’t hurt. I can wholeheartedly recommend the LinuxAcademy CKA, CKAD and Kubernetes the Hard Way courses. I found them to be very well structured and well worth the money. Take your time and make sure you know the material well. Redo the hands-on labs until you can recite them by heart. The $49,99 you pay per month is more than enough to help you pass both exams.


2) Take free practice exams
Once you’re done with the courses and know them like the back of your hand, step outside of your comfort zone and challenge yourself further. I’ve managed to find a few other practice exams that helped me a lot.

There’s a short one from the Kubernetes App Developer (CKAD) course from matthewpalmer.net that has a challenge which I found to be quite interesting.

Another free resource I found was the last point of the the Kubernetes certification course over at kodekloud.com. It’s a medium sized exercise that will walk you through many different aspects of k8s. I really enjoyed this one so I can highly recommend it.


3) Do free exercises
Now we get to the sauce. I found https://github.com/dgkanatsios/CKAD-exercises to be an amazing resource in checking your overall knowledge. They are very good exercises to go through, whether you are taking the CKA or the CKAD exam.
Additionally, https://github.com/wiewioras/k8s-labs is one amazing piece of exercise that I recommend to everyone.


4) Prep notes and tips
See https://github.com/twajr/ckad-prep-notes. Make sure to check the kubectl commands from the “core concepts”. They will save you a lot of time when creating resources and time is of the essence. With 24 questions and 3 hours for the CKA, that gives you 7.5 minutes per question. The CKAD is slightly more demanding with 19 questions and 2 hours, giving you an average of 6.3 minutes per question. Both exams are designed in such a way that you don’t have the luxury of spending time checking the docs; you really need to know what you’re doing.


In summary
– take a course
– do as many practice exams as you can
– do as many exercises as you can
– be VERY fast in creating resources
– know as much as possible about k8s


And finally, here are my certs:


Last words:
Kubernetes is a new and cool technology. My take is that it will become the new cloud platform. It is without a shadow of a doubt, the most exciting technology I have seen in the last 10 years. I believe it will become a standard.




[OpenBSD] Installing OpenBSD on top of software raid

In this tutorial, we will demonstrate how easy it is to install OpenBSD on a software RAID1. The same principles can be applied to create RAID0,5 or more.

We have to drop to the shell since the installer does not have this functionality built in. Select “s” at the installer.

Check that we actually have more than 1x hdd:

By default, OpenBSD only creates one hdd. Run the following to manually create the second hdd:

Now initialize the MBR on both disks:

Create a label on both disks called “raid”. Dump it and restore to the second disk. Make sure to select “raid” for the “FS type“. Run the following:

Create the softraid(4) volume using the two “a” partitions. This will create a new drive called “sd0”. Run following:

where “-c” represents the RAID level and “-l” the chunk that will be used to create the RAID. These values can be adjusted to create other types of RAID arrays.

After this is done, exit the shell and proceed with the normal installation (just remember to select the new RAID drive “sd0” as the root disk).

And that’s it! Enjoy your software RAID OpenBSD system!

Making WordPress work behind a reverse proxy

My current web infrastructure includes an LB that does SSL termination via pound and several web servers behind it. Unfortunately WordPress gets confused when dealing with this scenario and will serve, among others, images and CSS over HTTP, and text over HTTPS.

To get around this, all we have to do is edit wp-config.php and add the following code:

Make sure to restart your web server!


[fluentd] add condition based output field

fluentd is an amazing piece of software but can sometimes give one a hard time. Case in point, how can one add a field to an output only if a certain string exists in another record.

Turns out with a little regex, it’s decently simple.

The below code will add a field called “_newfield” with value “OURSTRING” when the “log” record contains the exact same string at the beginning of the line. The regex can be further adjusted as needed.

 

“emit_invalid_record_to_error false” will avoid sending error logs if the regex does not match while “reserve_data true” will preserve the initial message and just add a field to it before passing it out further.

[Ansible] How to json_query a key that contains a dot

Today I found myself needing to extract the value of a json key that contained a dot (‘.’). As usual, json_query to the rescue, except that it didn’t work, returning an empty value. With a little bit of digging and trial and error testing, the solution presented itself. The key is to enclose the json key in quotes and then escape them.

 

Here is an example json file:

 

And an example ansible playbook:

 

We can clearly see the result:

 

PS: In this case we have 3x keys under “dot.key”. We obtain all of them in our result because we are selecting the whole dictionary ( ‘\”dot.key\”[]’ ) — notice the square brackets. We insert a number here and select the position of the key we want to get the value for. If for instance we would only need the 2nd key, we would use ‘\”dot.key\”[1]’ — “0” being the first value

ESX 6.5 and 6.7 on HPE G6/G7 server PSOD fix

Background

HP’s done it again. They’ve managed to break their custom ESX ISO on the G6 and G7 servers. I suspect it’s the same for G8.

If like me you found yourself perplexed by the PSOD (pink screen of death) after upgrading from ESX 6.0 to 6.5, keep on reading for the fix (skip to the bottom for the download link to an already fixed ISO).

The issue

It seems the “hpe-smx-provider” driver version 6.5.0 from the ESX 6.5 ISO is causing the PSOD.

The fix and the drawbacks

(Simply) Replace the driver with it’s older counterpart (version 6.0.0) and reinstall (see below for the procedure or check the “download link” section at the very end for an already fixed ISO).  Unfortunately if you decide to create a custom ISO with the previous version of “hpe-smx-provider”, you will no longer be able to upgrade to any future ESX version and will need to do a full installation every time (thank you HP!). That being said, here is the procedure to customize the ISO:

Customize your own HPE ESX ISO

  1. Install PowerCLI from here.  At the time of this writing, the latest version was 6.5.0R1.
  2. Download both the ESX 6.5 and 6.0 offline bundles and save them to a convenient place (ex: C:\HP) — download from this link. To make it easier, rename them to something like HPE_ESX6.5.zip and HPE_ESX6.0.zip.
  3. Open up PowerCLI and do the following:Add the 6.5 bundle

    # check that the profile was loaded and the vendor is HPE

    # clone the profile (feel free to specify whatever you like for the “vendor” when prompted)

    # double check the profile was indeed cloned

    # Remove the “hpe-smx-provider” driver from the clone

    # Add the 6.0 bundle

    # check the profile

    # check driver versions from both bundles

    # Add hpe-smx-provider version 6.00 to the custom profile

    # Export the profile to an ISO

The results

Download links

The following images have hpe-smx-provider version 600.03.11.00.9-2768847. Nothing else was changed. The 6.5.0d (build 5310538) is running on an HP Proliant DL380 G7 since March 2018 and was also tested on a DL380 G6 for a couple of months. For convenience, I’ve also built a 6.7.0 ISO and at the request of a reader, 6.7.0 Update1 from April of 2019:

VMware-ESXi-6.5.0-5310538-HPE-650.10.1.5.20-Oct2017_CUSTOM.iso
VMware-ESXi-6.7.0-9484548-HPE-Gen9plus-670.10.3.5.6-Sep2018_CUSTOM.iso
VMware-ESXi-6.7.0-Update1-11675023-HPE-Gen9plus-670.U1.10.4.0.19-Apr2019_CUSTOM.iso

Enjoy!