Recently, I passed the Certified Kubernetes Administrator (CKA) exam, and I’m excited to share my experience to help others prepare. The exam is practical and task-oriented, and you'll have access to official Kubernetes documentation in case you need to quickly verify anything.
In this blog, I’ll break down what you need to know and share some useful tips that will make passing the CKA exam feel more approachable.
The Exam: What to Expect
The CKA exam covers 10 core domains of Kubernetes knowledge. You'll be asked to perform real-world administrative tasks in a Kubernetes environment.
Here's a quick breakdown of the key domains you'll encounter and some example questions to help you prepare.
1- Application Lifecycle Management
This domain focuses on your ability to manage applications deployed in Kubernetes. You need to understand how to scale, update, and troubleshoot applications.
Example Question:
- Create a deployment named myapp with 3 replicas using the nginx image. Scale the deployment to 5 replicas.
Solution:
kubectl create deployment myapp --image=nginx --replicas=3 kubectl scale deployment myapp --replicas=5
- You should also be familiar with rolling updates and rollbacks:
kubectl rollout status deployment myapp
kubectl rollout undo deployment myapp
2- Storage:
This domain tests your knowledge of Kubernetes storage, such as Persistent Volumes (PV) and Persistent Volume Claims (PVC), storage classes, access modes, and reclaim policies.
Example Question:
Create a PersistentVolumeClaim named xyz, with a storage class X, 20Gi capacity, and a host path /data
with ReadWriteOnce access mode.
Then, create a pod named mypod using the nginx image, which mounts the PVC at /data
Solution:
- PersistentVolumeClaim YAML:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: xyz
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 20Gi
storageClassName: x
hostPath:
path: /data
- Pod YAML:
apiVersiong: v1
kind: Pod
metadata:
name: mypod
spec:
Volumes:
- name: myvol
persistentVolumeClaim:
claimName: xyz
containers:
- name: mypod-container
image: nginx
VolumeMounts:
- mountPath: /data
name: myvol
3- Cluster Maintenance
You'll be asked to upgrade nodes or manage cluster versions. This domain tests your knowledge of Kubernetes node maintenance and version management.
Example question:
Upgrade a node to the latest version, matching the control-plane node
Solution:
- First, compare the versions of the nodes:
kubectl get nodes
- Drain the node to be upgraded:
kubectl drain node1 --diable-evication --ignore-daemonsets --delete-emptydir-data=false
- Upgrade the Kubernetes components:
sudo apt upgrade -y kubelet=1.30.1-1.1 kubectl=1.30.1-1.1 kubeadm=1.30.1-1 --allow-change-held-packages
4- Installation Configuration
This domain includes tasks like setting up a Kubernetes cluster or adding new nodes to the existing cluster.
Example Question:
Add a new node (new-node) to the cluster.
Solution:
- On the control-plane node, generate the join command:
kubeadm token create --print-join-command
- SSH into the new node and run the join command:
kubeadm join <control-plane-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>
5- Logging and Monitoring
Understanding how to retrieve and analyze logs and monitor pod performance is essential. You should know how to use kubectl logs, kubectl top
Questions
Get the logs for a pod and save them to
/tmp/pod.log
.Find the pod with the highest CPU utilization:
Solution :
1.
kubectl logs pod-name > /tmp/pod.log
2.
kubectl top pods -A --sort-by=cpu --no-headers | head -n 1
6- Networking
Networking is one of the crucial areas in Kubernetes. You need to understand how Kubernetes services (ClusterIP, NodePort, LoadBalancer) work, as well as how to configure and use Ingress controllers.
Example Question:
Configure an Ingress resource that directs traffic to the nginx-service on path /nginx.
Solution:
- Ingress YAML:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
spec:
rules:
- host: myapp.example.com
http:
paths:
- path: /nginx
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80
7- Scheduling
You need to demonstrate an understanding of how to schedule pods on specific nodes, use node affinity, taints, and tolerations.
Also you need to understand static pod and how to create one.
Example Question:
Schedule a pod on a node labeled with env=prod.
Solution:
- Pod YAML with nodeSelector:
apiVersion: v1
kind: Pod
metadata:
name: prod-pod
spec:
nodeSelector:
env: prod
containers:
- name: nginx-container
image: nginx
8- Security
Security covers RBAC, Network Policies, Secrets, and ServiceAccounts.
Example Question:
Create a Network Policy that allows incoming traffic only from pods in the frontend namespace to a pod labeled app=backend in the default namespace on port 80.
Solution:
- Network Policy YAML:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-frontend
namespace: default
spec:
podSelector:
matchLabels:
app: backend
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
name: frontend
ports:
- protocol: TCP
port: 80
9- Troubleshooting
You’ll need to troubleshoot various issues such as application failure, cluster component failure, and networking issues.
Example:
One of the nodes in the cluster isn’t in the Ready status. Investigate and resolve the issue.
Answer:
- Check which node isn’t ready:
kubectl get nodes
- SSH into the node and check the kubelet status and logs:
systemctl status kubelet # to see the status of the kubelet
journalctl -u kubelet # to see the logs from kubelet and undertand how to fis the problem
- Fix the issue and start kubelet again:
systemctl start kubelet
10- Validation
Validation involves ensuring the health and status of your Kubernetes resources, ensuring they are running as expected.
Example Question:
Ensure that the pod mypod is in a Running state. If not, investigate and resolve the issue.
Solution:
- Check the pod’s status:
kubectl get pod mypod
- If the pod is not in the Running state, describe the pod to investigate further:
kubectl describe pod mypod
- Investigate logs or resource configurations to resolve the issue.
Finally Tips
Here are some important commands that you'll frequently use during the CKA exam:
- create a deployment
kubectl create deployment myapp --image=nginx
- Expose deployment using a service
kubectl expose deployment myapp --port=80 --target-port=8080 --type=ClusterIP
- Create a service account
kubectl create serviceaccount my-sa
- Create a Role or ClusterRole:
kubectl create role|clusterrole myrole --verb=get,list,watch --resource=pods
- Create a RoleBinding or ClusterRoleBinding:
kubectl create rolebinding|clusterrolebinding mybinding --role=myrole --serviceaccount=default:my-sa --namespace=default
- Create an Ingress resource:
kubectl create ingress mying --rule="myapp.example.com/nginx*=nginx-service:80"
- Remember to memorize the Pod YAML configuration — this will save you a lot of time when dealing with Pod-related tasks.
Final Exam Tips
- Copy and Paste: You can copy and paste text from the exam environment to save time. Use the following shortcuts:
- Copy: Ctrl+Shift+C
- Paste: Ctrl+Shift+V
- You will be able to use the k8s documentation but you will not have time to look into it so make sure you practice using it
Also you can keep the kubctl cheat sheet command open during the exam just in case if you want to confirm something.
For further insights or any questions, connect with me on: