My Certified Kubernetes Administrator (CKA) Exam Experience

Ahmed Zidan - Sep 19 - - Dev Community

Recently, I passed the Certified Kubernetes Administrator (CKA) exam, and I’m excited to share my experience to help others prepare. The exam is practical and task-oriented, and you'll have access to official Kubernetes documentation in case you need to quickly verify anything.

In this blog, I’ll break down what you need to know and share some useful tips that will make passing the CKA exam feel more approachable.

The Exam: What to Expect

CKA-Exam

The CKA exam covers 10 core domains of Kubernetes knowledge. You'll be asked to perform real-world administrative tasks in a Kubernetes environment.

Here's a quick breakdown of the key domains you'll encounter and some example questions to help you prepare.

1- Application Lifecycle Management

This domain focuses on your ability to manage applications deployed in Kubernetes. You need to understand how to scale, update, and troubleshoot applications.

Example Question:

  • Create a deployment named myapp with 3 replicas using the nginx image. Scale the deployment to 5 replicas.

Solution:

kubectl create deployment myapp --image=nginx --replicas=3 kubectl scale deployment myapp --replicas=5
Enter fullscreen mode Exit fullscreen mode
  • You should also be familiar with rolling updates and rollbacks:
kubectl rollout status deployment myapp 
kubectl rollout undo deployment myapp
Enter fullscreen mode Exit fullscreen mode

2- Storage:

This domain tests your knowledge of Kubernetes storage, such as Persistent Volumes (PV) and Persistent Volume Claims (PVC), storage classes, access modes, and reclaim policies.

Example Question:

Create a PersistentVolumeClaim named xyz, with a storage class X, 20Gi capacity, and a host path /data with ReadWriteOnce access mode.

Then, create a pod named mypod using the nginx image, which mounts the PVC at /data

Solution:

  • PersistentVolumeClaim YAML:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: xyz
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
  storageClassName: x
  hostPath:
    path: /data
Enter fullscreen mode Exit fullscreen mode
  • Pod YAML:
apiVersiong: v1
kind: Pod
metadata:
  name: mypod
spec:
  Volumes:
    - name: myvol
      persistentVolumeClaim:
        claimName: xyz
  containers:
    - name: mypod-container
      image: nginx
      VolumeMounts:
        - mountPath: /data
          name: myvol  
Enter fullscreen mode Exit fullscreen mode

3- Cluster Maintenance

You'll be asked to upgrade nodes or manage cluster versions. This domain tests your knowledge of Kubernetes node maintenance and version management.

Example question:

Upgrade a node to the latest version, matching the control-plane node

Solution:

  • First, compare the versions of the nodes:
kubectl get nodes
Enter fullscreen mode Exit fullscreen mode
  • Drain the node to be upgraded:
kubectl drain node1 --diable-evication --ignore-daemonsets --delete-emptydir-data=false
Enter fullscreen mode Exit fullscreen mode
  • Upgrade the Kubernetes components:
sudo apt upgrade -y kubelet=1.30.1-1.1 kubectl=1.30.1-1.1 kubeadm=1.30.1-1 --allow-change-held-packages
Enter fullscreen mode Exit fullscreen mode

4- Installation Configuration

This domain includes tasks like setting up a Kubernetes cluster or adding new nodes to the existing cluster.

Example Question:

Add a new node (new-node) to the cluster.

Solution:

  1. On the control-plane node, generate the join command:
kubeadm token create --print-join-command
Enter fullscreen mode Exit fullscreen mode
  1. SSH into the new node and run the join command:
kubeadm join <control-plane-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>
Enter fullscreen mode Exit fullscreen mode

5- Logging and Monitoring

Understanding how to retrieve and analyze logs and monitor pod performance is essential. You should know how to use kubectl logs, kubectl top

Questions

  1. Get the logs for a pod and save them to /tmp/pod.log.

  2. Find the pod with the highest CPU utilization:

Solution :

1.
kubectl logs pod-name > /tmp/pod.log
Enter fullscreen mode Exit fullscreen mode
2.
kubectl top pods -A --sort-by=cpu --no-headers | head -n 1
Enter fullscreen mode Exit fullscreen mode

6- Networking

Networking is one of the crucial areas in Kubernetes. You need to understand how Kubernetes services (ClusterIP, NodePort, LoadBalancer) work, as well as how to configure and use Ingress controllers.

Example Question:

Configure an Ingress resource that directs traffic to the nginx-service on path /nginx.

Solution:

  1. Ingress YAML:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /nginx
            pathType: Prefix
            backend:
              service:
                name: nginx-service
                port:
                  number: 80
Enter fullscreen mode Exit fullscreen mode

7- Scheduling

You need to demonstrate an understanding of how to schedule pods on specific nodes, use node affinity, taints, and tolerations.

Also you need to understand static pod and how to create one.

Example Question:

Schedule a pod on a node labeled with env=prod.

Solution:

  1. Pod YAML with nodeSelector:
apiVersion: v1
kind: Pod
metadata:
  name: prod-pod
spec:
  nodeSelector:
    env: prod
  containers:
    - name: nginx-container
      image: nginx
Enter fullscreen mode Exit fullscreen mode

8- Security

Security covers RBAC, Network Policies, Secrets, and ServiceAccounts.

Example Question:

Create a Network Policy that allows incoming traffic only from pods in the frontend namespace to a pod labeled app=backend in the default namespace on port 80.

Solution:

  1. Network Policy YAML:
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend
    ports:
    - protocol: TCP
      port: 80
Enter fullscreen mode Exit fullscreen mode

9- Troubleshooting

You’ll need to troubleshoot various issues such as application failure, cluster component failure, and networking issues.

Example:

One of the nodes in the cluster isn’t in the Ready status. Investigate and resolve the issue.

Answer:

  1. Check which node isn’t ready:
kubectl get nodes
Enter fullscreen mode Exit fullscreen mode
  1. SSH into the node and check the kubelet status and logs:
systemctl status kubelet # to see the status of the kubelet
journalctl -u kubelet # to see the logs from kubelet and undertand how to fis the problem
Enter fullscreen mode Exit fullscreen mode
  1. Fix the issue and start kubelet again:
systemctl start kubelet
Enter fullscreen mode Exit fullscreen mode

10- Validation

Validation involves ensuring the health and status of your Kubernetes resources, ensuring they are running as expected.

Example Question:

Ensure that the pod mypod is in a Running state. If not, investigate and resolve the issue.

Solution:

  1. Check the pod’s status:
kubectl get pod mypod
Enter fullscreen mode Exit fullscreen mode
  1. If the pod is not in the Running state, describe the pod to investigate further:
kubectl describe pod mypod
Enter fullscreen mode Exit fullscreen mode
  1. Investigate logs or resource configurations to resolve the issue.

Finally Tips

Here are some important commands that you'll frequently use during the CKA exam:

  1. create a deployment
kubectl create deployment myapp --image=nginx
Enter fullscreen mode Exit fullscreen mode
  1. Expose deployment using a service
kubectl expose deployment myapp --port=80 --target-port=8080 --type=ClusterIP
Enter fullscreen mode Exit fullscreen mode
  1. Create a service account
kubectl create serviceaccount my-sa
Enter fullscreen mode Exit fullscreen mode
  1. Create a Role or ClusterRole:
kubectl create role|clusterrole myrole --verb=get,list,watch --resource=pods
Enter fullscreen mode Exit fullscreen mode
  1. Create a RoleBinding or ClusterRoleBinding:
kubectl create rolebinding|clusterrolebinding mybinding --role=myrole --serviceaccount=default:my-sa --namespace=default
Enter fullscreen mode Exit fullscreen mode
  1. Create an Ingress resource:
kubectl create ingress mying --rule="myapp.example.com/nginx*=nginx-service:80"
Enter fullscreen mode Exit fullscreen mode
  1. Remember to memorize the Pod YAML configuration — this will save you a lot of time when dealing with Pod-related tasks.

Final Exam Tips

  1. Copy and Paste: You can copy and paste text from the exam environment to save time. Use the following shortcuts:
- Copy: Ctrl+Shift+C
- Paste: Ctrl+Shift+V
Enter fullscreen mode Exit fullscreen mode
  1. You will be able to use the k8s documentation but you will not have time to look into it so make sure you practice using it

Also you can keep the kubctl cheat sheet command open during the exam just in case if you want to confirm something.

For further insights or any questions, connect with me on:

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .