In this comprehensive CKA Exam guide, you’ll find a thorough exploration of the CKA exam’s crucial components. Moreover, we’ll share invaluable tips and insights that played a pivotal role in achieving remarkable CKA exam results.
Looking to save on your CKA exam voucher? We’ve got you covered as well with information on cost-effective options for Kubernetes Administrator certification exam fees. Let’s embark on this CKA certification journey together.
What is Kubernetes ?
Kubernetes, also referred to as “kube” or “k8s,” is software that automatically manages, scales, and maintains multi-container workloads in desired states.
Modern software is increasingly run as fleets of containers, sometimes called microservices. A complete application may comprise many containers, all needing to work together in specific ways. Kubernetes is software that turns a collection of physical or virtual hosts (servers) into a platform that:
- Hosts containerized workloads, providing them with compute, storage, and network resources, and
- Automatically manages large numbers of containerized applications — keeping them healthy and available by adapting to changes and challenges
Why use Kubernetes?
One of the benefits of Kubernetes is that it makes building and running complex applications much simpler. Here’s a handful of the many Kubernetes features:
- Standard services like local DNS and basic load-balancing that most applications need, and are easy to use.
- Standard behaviors (e.g., restart this container if it dies) that are easy to invoke, and do most of the work of keeping applications running, available, and performant.
- A standard set of abstract “objects” (called things like “pods,” “replicasets,” and “deployments”) that wrap around containers and make it easy to build configurations around collections of containers.
- A standard API that applications can call to easily enable more sophisticated behaviors, making it much easier to create applications that manage other applications.
The simple answer to “what is Kubernetes used for” is that it saves developers and operators a great deal of time and effort, and lets them focus on building features for their applications, instead of figuring out and implementing ways to keep their applications running well, at scale.
By keeping applications running despite challenges (e.g., failed servers, crashed containers, traffic spikes, etc.) Kubernetes also reduces business impacts, reduces the need for fire drills to bring broken applications back online, and protects against other liabilities, like the costs of failing to comply with Service Level Agreements (SLAs).
What Is CKA (Certified Kubernetes Administrator) Exam?
The official CNCF certification page says :
The Certified Kubernetes Administrator (CKA) program provides assurance that CKAs have the skills, knowledge, and competency to perform the responsibilities of Kubernetes administrators.
The CKA exam, offered by the Cloud Native Computing Foundation (CNCF), is a performance-based certification that validates an individual’s knowledge and skills in managing and administering Kubernetes clusters. It focuses on real-world scenarios and requires candidates to demonstrate their proficiency in various aspects of Kubernetes.
[20 % Off] CKA Exam Voucher Code
Your first step toward CKA Exam is to register for the exam. You can appear for the exam anytime in 12 months with a free retake.
Register today and use our exclusive coupon code TECK20 for the CKA exam to get a 20% discount on CKA (and KCNA, CKAD, and CKS certifications ). This code expires soon.
With CKA exam registration, you will get free access to killer.sh platform CKA practice exam simulator. Before appearing for the CKA exam, you can practice for the exam in the simulator.
Note
Save $80 Today on CKA | CKAD | CKS certification using the Voucher code TECK20 .
Offer Ends Soon !
Note: You can always check the latest Kubernetes Certification Voucher Codes to save costs on the CKA, CKAD, and CKS certification registration
Certified Kubernetes Administrator (CKA) Exam Preparation Guide
We will look at detailed resources , informations and tips you could use to ace this CKA Exam.
CKA Exam Prerequisites
Personally I preferred to start with CKAD as it offers a narrower focus and a good foundation for understanding Kubernetes. Others might prefer diving into CKA directly, especially if they have experience with Kubernetes administration.
To get started with CKAD Exam Preparation journey check our certification Study Guide here :
CKA Exam Details
Exam Duration | 2 hrs |
CKA passing score | 66 % |
Exam Format | Online proctored |
Number of questions | 15-20 performance-based tasks |
Prerequisite | Nothing |
Results | 24 Hours |
Retry policy | 2 Attempts |
Kubernetes Version | v 1.28 |
CKA certification validity | 3 Years |
CKA Certification Exam Cost | $395 ( GET 20 % OFF using Coupon TECK20) |
CKA Exam User Interface
The online, proctored exam is delivered through PSI’s Proctoring Platform “Bridge” using PSI’s Secure Browser. It’s important to familiarize yourself with the system and testing environment requirements
Read more about the system and testing environment requirements.
The remote desktop is configured with all the tools and software needed to complete the tasks. This includes:
- Terminal Emulator
- Firefox browser to access “Resources Allowed”
- Virtual Keyboard
CKA Exam Environment
The CKA exam environment consists of six clusters ( running Kubernetes v1.28) , each composed of a different number of nodes.
CKA EXam Clusters | |||
Cluster | Members | CNI | Description |
k8s | 1 master, 2 worker | flannel | k8s cluster |
hk8s | 1 master, 2 worker | calico | k8s cluster |
bk8s | 1 master, 1 worker | flannel | k8s cluster |
wk8s | 1 master, 2 worker | flannel | k8s cluster |
ek8s | 1 master, 2 worker | flannel | k8s cluster |
ik8s | 1 master, 1 base node | loopback | k8s cluster − missing workernode |
- To ensure efficiency and minimize context switching, each task in the exam must be completed within a designated cluster/configuration context.
- The tasks are thoughtfully grouped together so that all questions pertaining to a particular cluster are presented consecutively.
CKA Exam Syllabus ( Updated Latest1.28)
Following the official CKA certification curriculum and detailed exam information, you will be assessed on five subjects.
We will look at each section in detail below.
CKA Preparation Course
I recommend going for the CKA preparation course by Mumshad. His course has a lot of quizzes and the quality is top-notch.
CKA Practice Exams
To practice for the CKA exam, you can try the Mock exams. It will help you build confidence and practice many scenarios for the exam.
Personally, I think that this course is the only thing necessary to pass the exam.
CKA Exam Practice Labs
Practice Labs are online, self-paced, hands-on labs that give you the opportunity to practice and prepare for the CKA exam.
These labs provide a real-world environment where you can apply the concepts and techniques learned in the CKA course and improve your skills in using Kubernetes to develop, deploy, and manage applications.
The Practice Labs are a great way to reinforce your learning and increase your confidence in taking the CKA exam.
Killercoda | It is an interactive learning platform and a shell script for the CKA exam | |
Play with Kubernetes (PWK) | It is an online learning platform to practice and test your Kubernetes skills. PWK provides hands-on experience through real-world examples. |
CKA Exam Study Resources
Here, I will be discussing official Kubernetes resources that can be used to prepare for each topic of the CKA exam. You can use these documentation pages during the exam for reference.
Cluster Architecture, Installation & Configuration 25%
This section of the Kubernetes CKA Exam Syllabus will account for 20% of the questions in the actual exam.
As the name implies, you must be familiar with Kubernetes cluster administration. Of course, you must be familiar with and understand its architecture, as well as how to install and configure it.
Manage role based access control (RBAC)
Role-based access control is a method of managing application or individual user access levels. It’s a useful tool in an administrator’s toolkit for granting fine-grained controls to others.
You should know how to create, modify and delete RBACs.
Use Kubeadm to install a basic cluster
According to the official documentation, the kubeadm cluster creates commands and their associated parameters.
You should be able to operate the kubeadm tool to set up a Kubernetes cluster.
Manage a highly-available Kubernetes cluster
Even though there will be no HA questions on the CKA exam, it is useful to understand the high availability architecture.
The main idea here is to understand how to add nodes to the cluster and configure it to be highly available.
Provision underlying infrastructure to deploy a Kubernetes cluster
The main goal here is to be able to lay the groundwork for a Kubernetes cluster installation (network, storage, dependencies, etc.)
For kubernetes to work, you need to have
- Certain system configurations
- Container runtime (CRI-O, Containerd, or Docker)
- kubeadm
- kubelet and kubectl
Perform a version upgrade on a Kubernetes cluster using Kubeadm
In the exam, you will be asked to upgrade a Kubernetes cluster using Kubeadm.
Implement etcd backup and restore
You should learn and practice using the etcdctl utility to backup and restore etcd.
Etcd is the cluster’s key-value store. All cluster configuration and information about pods, services, and so on are stored in key-value format here.
Workloads & Scheduling 15%
This section of the Kubernetes CKA Exam Syllabus will account for 15 % of the questions in the actual exam.
As an orchestrator, Kubernetes is notable for its scaling and system resource management capabilities. To ensure the availability of its applications, the administrator must understand the concepts that enable this feat, as well as how to technically configure them.
Understand deployments and how to perform rolling update and rollbacks
Kubernetes Deployment ensures that an application has a minimum number of replicas running at all times. In the event that a replica fails, the Kubernetes API ensures that a new one is created within minutes.
In the Exam , you should know how to do rollbacks and rollouts of deployments.
Use ConfigMaps and Secrets to configure applications
Configmaps in Kubernetes are useful for storing non-critical data in key-value pair format. They can also be used to inject environment variables into pods.
In the Exam , you should knwo how to use configmaps and secrets objects to create, modify, and delete variables and secrets and make them available to a pod.
Know how to scale applications
Kubernetes offers a variety of ways to scale applications, including the use of deployment objects to increase the number of replicas of your application.
Horizontal Pod Autoscalers (HPAs) can be used to increase the number of replicas based on application metrics.
For the Exam , you should be able to scale a pod/deployment. You can follow this tutorial.
Understand the primitives used to create robust, self-healing, application deployments
For any self-healing application, you should use deployments or stateful sets so that when pods fail, Kubernetes instantly recreates them.
Deployments also allow you to keep track of all the changes you make. You can also easily return to a previous state.
Understand how resource limits can affect Pod scheduling
Cluster management also includes workload management; as an administrator, you should ensure that each pod has access to resources based on its requirements.
Each pod in kubernetes can be assigned a minimum and maximum CPU and memory usage.
Awareness of manifest management and common templating tools
This section assumes you’re familiar with tools like kustomization, helm, and so on.
In general , during the Exam , you should be able to create, modify and apply Kubernetes manifests
Services & Networking 20 %
This section of the Kubernetes CKA Exam Syllabus will account for 20% of the questions in the actual exam.
Elements are made to communicate within a Kubernetes cluster, flows are routed, and endpoints are exposed. This section focuses on the various Kubernetes network concepts.
Understand host networking configuration on the cluster nodes
Kube-proxy is a component that must be installed on each worker node in order for pods to communicate with one another. Kube proxy participation is required for node networking.
Kubelet is the process by which a worker node communicates with the master node. All of these concepts are required to comprehend networking within Kubernetes.
Understand connectivity between Pods
Pods communicate with one another via services. This is made possible by the Kube proxy component.
Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
Understanding each service type and their use cases is critical. Understanding how pods can be added to a service should be given special consideration.
Know how to use Ingress controllers and Ingress resources
External entities are granted access to internal cluster services via ingress resources. Ingress controllers are load balancers that enable it.
For the Exam , you should know how to create and configure Ingress Understand Ingress Controllers
Know how to configure and use CoreDNS
CoreDNS is a highly adaptable and extensible DNS server that can act as the Kubernetes cluster DNS. The CNCF hosts the CoreDNS project, as it does Kubernetes.
Choose an appropriate container network interface plugin
The Container Networking Interface (CNI) aims to develop a generic plugin-based networking solution for containers.
For the Exam , you should Know how to choose a CNI according to your needs.
There are numerous options, including Flannel, Calico, and others.
The network section accounts for 20% of the exam’s content. You’ll almost certainly be asked to create at least one network policy, endpoint, or ingress.
Storage 10%
This section of the Kubernetes CKA Exam Syllabus will account for 10% of the questions in the actual exam.
Storage management questions make up 10% of the exam content. Understanding how to create storage spaces and provide them to pods may appear simple, but it requires knowledge of several terms and mechanics.
Understand storage classes, persistent volumes
Understand volume mode, access modes and reclaim policies for volumes
Understand persistent volume claims primitive
Know how to configure applications with persistent storage
By mounting a PVC, application pods can use persistent storage.
Troubleshooting 30 %
This section of the Kubernetes CKA Exam Syllabus will account for 30% of the questions in the actual exam.
Topic | Concepts | Weightage |
---|---|---|
Troubleshooting | 1. Evaluate cluster and node logging 2. Understand how to monitor applications 3. Manage container stdout & stderr logs 4. Troubleshoot application failure 5. Troubleshoot cluster component failure 6. Troubleshoot networking | 30 % |
The ability to solve problems is the most important skill of an administrator. Kubernetes is a fairly complex factory whose mechanics and the location of relevant failure information must be understood. You will be required to perform live debugging during the exam.
Evaluate cluster and node logging
Application logs can aid in understanding the application’s activities and status. The logs are especially useful for troubleshooting and monitoring cluster activity.
Examining logs of Kubernetes control plane components such as etcd and the scheduler can also be very beneficial.
Understand how to monitor applications
Monitoring applications can be accomplished by storing logs and analyzing application metrics.
Tools like Prometheus and Grafana are popular because they make metric management simple.
Manage container stdout & stderr logs
Troubleshoot application failure
Administrators should also assist users in debugging applications that have been deployed into Kubernetes but are not behaving correctly.
Troubleshoot cluster component failure
When users are confident that their application is properly configured, cluster components must be debugged and troubleshooted for failures.
Troubleshoot networking
There may be instances where things go wrong on the network end, such as incorrect configuration of ingress resources.
Top 7 CKA exam tips and tricks
Practice , Practice , Practice …
This exam is hands-on in nature, emphasizing the importance of proficiency with the Kubernetes command line interface (kubectl).
My advices are :
Cultivate a high level of comfort and familiarity with kubectl, practicing the art of typing commands swiftly and accurately.
Enroll in the two killer,sh, hands-on sessions and aim for outstanding scores in order to thoroughly prepare yourself before attempting the actual exam.
Make sure to practice using Vim as it is a crucial tool for the CKA exam. The exam environment does not offer IDEs like VSCode, so being proficient in Vim will greatly expedite your task-solving abilities.
Become proficient in json-path queries for the exa : Familiarize yourself with the json-path queries and ensure that you can confidently apply them when needed. The Kubernetes documentation provides examples of queries that you can refer to. Additionally, you can enhance your understanding of jsonpath by taking advantage of KodeKloud’s free course on the topic.
Use the short name of K8s Resources
Short name | Full name |
---|---|
cm | configmaps |
ds | daemonsets |
deploy | deployments |
ep | endpoints |
ev | events |
hpa | horizontalpodautoscalers |
ing | ingresses |
limits | limitranges |
ns | namespaces |
no | nodes |
pvc | persistentvolumeclaims |
pv | persistentvolumes |
po | pods |
rs | replicasets |
rc | replicationcontrollers |
quota | resourcequotas |
sa | serviceaccounts |
svc | services |
Useful commands or parameters during the exam
# Use "kubectl describe" for related events and troubleshooting
kubectl describe pods <podid>
# Use "kubectl explain" to check the structure of a resource object.
kubectl explain deployment --recursive
# Add "-o wide" in order to use wide output, which gives you more details.
kubectl get pods -o wide
# Check always all namespaces by including "--all-namespaces"
kubectl get pods --all-namespaces
# Show labels for all pods (or any other Kubernetes object that supports labelling)
kubectl get pods --show-labels
# create a service
kubectl create service clusterip my-service --tcp=8080 --dry-run=client -o yaml
# create a deployment
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml
# create a pod
kubectl run nginx --image=nginx --restart=Never --dry-run=client -o yaml
Use dry run to generate yaml
During the exam, creating K8s resources like pods, deployments, and services from scratch can be time-consuming and challenging to remember their entire structure. To simplify this process, you can use the “dry run” feature to generate a basic YAML file. Then, modify the generated file as needed before using it to create the required resources.
For instance, to address the question of creating an nginx pod with specific resource limits (memory: 1M, CPU: 500m), follow these commands:
Generate the YAML file with dry run:
k run nginx --image=nginx --dry-run=client -o yaml > pod.yaml
Modify the “pod.yaml” file to add the resource limit settings.
Create the pod using the modified YAML file:
k create -f pod.yaml
To save time on input, you can define a shell variable for the --dry-run=client -o yaml
option like this:
export do="--dry-run=client -o yaml"
Then, you can use the defined variable in the command like this:
k run nginx --image=nginx $do > pod.yaml
By employing the “dry run” and shell variable approach, you can efficiently create K8s resources and manage their configurations during the exam.
Time management
Since you will be executing the kubectl command multiple times, setting up aliases can save you valuable seconds with each entry. For instance, assigning an alias like ‘k’ for ‘kube-control’ can potentially grant you an additional minute or two towards the end of the exam
alias k=kubectl
In the exam, you have the privilege to access and consult the Kubernetes documentation pages for obtaining crucial information. This unique aspect sets the Kubernetes certification exam apart from others, as it assesses your capability to effectively utilize the documentation rather than relying solely on memorization.
To excel in the exam, it is essential to become well-acquainted with the documentation’s structure and practice efficient searching techniques. Please be aware that using bookmarks is not allowed during the exam, so it is advised to refrain from attempting to do so.
During the exam, managing your time efficiently is crucial. With approximately 15 to 20 questions of varying difficulty levels, it’s essential to make strategic decisions regarding time allocation. Don’t get trapped on a single challenging question and exhaust all your time.
Review Completed Tasks
After each question, it is crucial to review your work meticulously to ensure accuracy. Avoid the risk of spending 10-15 minutes on a question and unintentionally overlooking potential errors
For example, if you have made changes to the kubelet during a task, it is highly recommended to check its status before moving on to another task. This verification step ensures that the kubelet is functioning as expected after the modifications. To check the kubelet’s status, use the following command:
systemctl status kubelet
Stress Management
You will be able to complete the exam in 2 hours.
PLEASE DON’T get panic because :
- First: if it is your first attempt then you have the other left.
- Second: is that you only need 66 % to crack the exam 🙂
Configuration Management during the Exam
As mentioned previously, the CKA exam environment consists of six clusters, each with its own dedicated set of nodes. It is essential to emphasize the significance of switching contexts correctly between these clusters before attempting any tasks in the exam.
One common mistake individuals make is performing actions on the wrong cluster. To avoid this, ensure that you carefully switch the context to the intended cluster before executing any commands or tasks. Paying close attention to this detail will help maintain accuracy throughout the exam and prevent errors caused by working on the wrong cluster
At the start of each task you’ll be provided with the command to ensure you are on the correct cluster to complete the task , for example :
kubectl config use-context k8s
An example of command to ssh to a master node during a kubernetes cluster update :
ssh mk8s-master-0
Us elevated privileges on the master node :
sudo -i
CKA Exam Questions
Please note that these scripts are not real CKA exam questions.
QUESTION 1 :
You have been asked to create a new ClusterRole that can only create Deployments, Stateful Sets, and DaemonSets. You also need to create a new ServiceAccount in the existing namespace
my-namespace
and bind the new ClusterRole to the new ServiceAccount, limited to the namespacemy-namespace
.
kubectl create clusterrole my-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets
kubectl create serviceaccount my-serviceaccount --namespace=my-namespace
kubectl create rolebinding my-clusterrole-binding --clusterrole=my-clusterrole --serviceaccount=my-namespace:my-serviceaccount -n my-namespace
The first command creates a new ClusterRole named my-clusterrole
with the create
verb and the deployments
, statefulsets
, and daemonsets
resources.
The second command creates a new ServiceAccount named my-serviceaccount
in the namespace my-namespace
.
The third command binds the new ClusterRole my-clusterrole
to the new ServiceAccount my-serviceaccount
in the namespace my-namespace
. This means that the my-serviceaccount
ServiceAccount will now have the ability to create deployments
, statefulsets
, and daemonsets
in the my-namespace
namespace.
Once these commands have been executed, the new ClusterRole, ServiceAccount, and binding will be created and the deployment pipeline will be ready to use.
QUESTION 2
Given a Kubernetes cluster, find pods that have the label
name=max-cpu
and are running high CPU workloads.Write the name of the pod consuming the most CPU to the file
/opt/teckbootcamps/cpumax.txt
. The file already exists.
The following commands can be used to find the pod consuming the most CPU and write its name to the file /opt/teckbootcamps/cpumax.txt
:
kubectl top pods \
-l name=max-cpu \
--sort-by=cpu \
| tail -1 \
> /opt/teckbootcamps/cpumax.txt
QUESTION 3
In the “teckbootcamps” namespace, several pods have been created.
The backend for each of the two applications : app1, app2 is a pod called “my-nginx”
Create a “allow-net” network policy that only permits traffic from two applications to the “nginx-pod”
Network Policy
kubectl -n teckbootcamps get pods u002du002dshow-labels n## this will display the labels allocated to application 1 and 2 and labels for the nginx-pod , we will use these labels while creating our NetworkPolicy.
We have these labels :
- APP1 POD ( name: app1 and tier: front-app )
- APP2 POD ( name: app2 and tier: front-app )
- NGINX-POD ( tier: backend and role: backend-app )
The Network Policy YAML file ( networkPolicy.yaml )
apiVersion: networking.k8s.io/v1
metadata:
name: allow-net
namespace: teckbootcamps
spec:
podSelector:
matchLabels:
tier: backend
role: backend-app
ingress:
- from:
- podSelector:
matchLabels:
name: app1
tier: front-app
- podSelector:
matchLabels:
name: app2
tier: front-app
Create our policy using kubectl command :
kubectl apply -f networkPolicy.yaml
QUESTION 4
Kubelet is down in one node of the cluster , try to start it in order to recover the cluster
# Switch node:
ssh node01
# Enter privileged user:
sudo -i
# Check the kubelet service:
systemctl status kubelet
# Start the service and set it to boot:
systemctl restart kubelet
systemctl enable kubelet
# Finally check:
systemctl status kubelet
QUESTION 5
ETCD Backup Recovery
ETCD Backup Recovery
Backup first, Backing up an etcd cluster
$ etcdctl --endpoints=https://127.0.0.1:2379 --cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> snapshot save <backup-file-location>
Restore, Restoring an etcd cluster
In the document Operating etcd clusters for Kubernetes on the official website , you can view the command introduction of etcd backup and recovery. Backup first, Backing up an etcd cluster
$ etcdctl --endpoints=https://127.0.0.1:2379 --cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> snapshot restore <snapshotdb>;
You may get permission denied when performing restore , typing sudo -i can solve this problem 🙂
QUESTION 5
Scaling Kubernetes Pods
Scaling Applications
# Increase replicas number for nginx-deployment
kubectl scale deployment/nginx-deployment --replicas=5
# Using autoscaling
kubectl autoscale deployment/nginx-deployment --min=2 --max=5
CKA Exam FAQs
CKA is a tricky exam, but you can take it with a good plan, consistent study, and practice. The preparation may take some of your family’s time, but the result makes you feel confident about this cutting-edge technology.
CKAD exam is comparatively easier than CKA as deals with cluster administration and troubleshooting. At the same time, CKAD is more focused on application deployments and troubleshooting.
Yes , I offer 20% on CKA exam registration using the coupon code TECK20.
Retake Policy: You get a maximum of 2 attempts (per exam registration) to take the exam.
You should aim for CKS Exam. Candidates must have finished and passed the Certified Kubernetes Administrator (CKA) exam before actually taking the Certified Kubernetes Security Specialist (CKS) exam.
es, you can retake the CKA exam if you don’t pass on your first attempt. However, there may be a waiting period before you can retake the exam, so it’s important to thoroughly prepare and give your best effort.
Yes. you can connect an extended monitor to a single computer as long as you have the camera attached to it
Conclusion
Congratulations on completing our comprehensive CKA exam study guide.
By following the roadmap we’ve provided and mastering the essential concepts, you’re well on your way to becoming a Certified Kubernetes Administrator. Remember to practice regularly, explore additional resources, and stay up to date with the latest Kubernetes developments. Best of luck in your CKA exam journey!
Check Other Kubernetes Exams Study Guides :