My Certified Kubernetes Administrator (CKA) Exam Experience

Recently, I passed the Certified Kubernetes Administrator (CKA) exam, and I’m excited to share my experience to help others prepare. The exam is practical and task-oriented, and you'll have access to official Kubernetes documentation in case you need to quickly verify anything.

In this blog, I’ll break down what you need to know and share some useful tips that will make passing the CKA exam feel more approachable.

The Exam: What to Expect

The CKA exam covers 10 core domains of Kubernetes knowledge. You'll be asked to perform real-world administrative tasks in a Kubernetes environment.

Here's a quick breakdown of the key domains you'll encounter and some example questions to help you prepare.

1- Application Lifecycle Management

This domain focuses on your ability to manage applications deployed in Kubernetes. You need to understand how to scale, update, and troubleshoot applications.

Example Question:

• Create a deployment named myapp with 3 replicas using the nginx image. Scale the deployment to 5 replicas.

Solution:

kubectl create deployment myapp --image=nginx --replicas=3 kubectl scale deployment myapp --replicas=5

• You should also be familiar with rolling updates and rollbacks:

kubectl rollout status deployment myapp 
kubectl rollout undo deployment myapp

2- Storage:

This domain tests your knowledge of Kubernetes storage, such as Persistent Volumes (PV) and Persistent Volume Claims (PVC), storage classes, access modes, and reclaim policies.

Example Question:

Create a PersistentVolumeClaim named xyz, with a storage class X, 20Gi capacity, and a host path /data with ReadWriteOnce access mode.

Then, create a pod named mypod using the nginx image, which mounts the PVC at /data

Solution:

• PersistentVolumeClaim YAML:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: xyz
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 20Gi
  storageClassName: x
  hostPath:
    path: /data

• Pod YAML:

apiVersiong: v1
kind: Pod
metadata:
  name: mypod
spec:
  Volumes:
    - name: myvol
      persistentVolumeClaim:
        claimName: xyz
  containers:
    - name: mypod-container
      image: nginx
      VolumeMounts:
        - mountPath: /data
          name: myvol  

3- Cluster Maintenance

You'll be asked to upgrade nodes or manage cluster versions. This domain tests your knowledge of Kubernetes node maintenance and version management.

Example question:

Upgrade a node to the latest version, matching the control-plane node

Solution:

• First, compare the versions of the nodes:

kubectl get nodes

• Drain the node to be upgraded:

kubectl drain node1 --diable-evication --ignore-daemonsets --delete-emptydir-data=false

• Upgrade the Kubernetes components:

sudo apt upgrade -y kubelet=1.30.1-1.1 kubectl=1.30.1-1.1 kubeadm=1.30.1-1 --allow-change-held-packages

4- Installation Configuration

This domain includes tasks like setting up a Kubernetes cluster or adding new nodes to the existing cluster.

Example Question:

Add a new node (new-node) to the cluster.

Solution:

1. On the control-plane node, generate the join command:

kubeadm token create --print-join-command

1. SSH into the new node and run the join command:

kubeadm join <control-plane-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>

5- Logging and Monitoring

Understanding how to retrieve and analyze logs and monitor pod performance is essential. You should know how to use kubectl logs, kubectl top

Questions

1. Get the logs for a pod and save them to /tmp/pod.log.

2. Find the pod with the highest CPU utilization:

Solution :

1.
kubectl logs pod-name > /tmp/pod.log

2.
kubectl top pods -A --sort-by=cpu --no-headers | head -n 1

6- Networking

Networking is one of the crucial areas in Kubernetes. You need to understand how Kubernetes services (ClusterIP, NodePort, LoadBalancer) work, as well as how to configure and use Ingress controllers.

Example Question:

Configure an Ingress resource that directs traffic to the nginx-service on path /nginx.

Solution:

1. Ingress YAML:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: nginx-ingress
spec:
  rules:
    - host: myapp.example.com
      http:
        paths:
          - path: /nginx
            pathType: Prefix
            backend:
              service:
                name: nginx-service
                port:
                  number: 80

7- Scheduling

You need to demonstrate an understanding of how to schedule pods on specific nodes, use node affinity, taints, and tolerations.

Also you need to understand static pod and how to create one.

Example Question:

Schedule a pod on a node labeled with env=prod.

Solution:

1. Pod YAML with nodeSelector:

apiVersion: v1
kind: Pod
metadata:
  name: prod-pod
spec:
  nodeSelector:
    env: prod
  containers:
    - name: nginx-container
      image: nginx

8- Security

Security covers RBAC, Network Policies, Secrets, and ServiceAccounts.

Example Question:

Create a Network Policy that allows incoming traffic only from pods in the frontend namespace to a pod labeled app=backend in the default namespace on port 80.

Solution:

1. Network Policy YAML:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
  namespace: default
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
  - Ingress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend
    ports:
    - protocol: TCP
      port: 80

9- Troubleshooting

You’ll need to troubleshoot various issues such as application failure, cluster component failure, and networking issues.

Example:

One of the nodes in the cluster isn’t in the Ready status. Investigate and resolve the issue.

Answer:

1. Check which node isn’t ready:

kubectl get nodes

1. SSH into the node and check the kubelet status and logs:

systemctl status kubelet # to see the status of the kubelet
journalctl -u kubelet # to see the logs from kubelet and undertand how to fis the problem

1. Fix the issue and start kubelet again:

systemctl start kubelet

10- Validation

Validation involves ensuring the health and status of your Kubernetes resources, ensuring they are running as expected.

Example Question:

Ensure that the pod mypod is in a Running state. If not, investigate and resolve the issue.

Solution:

1. Check the pod’s status:

kubectl get pod mypod

1. If the pod is not in the Running state, describe the pod to investigate further:

kubectl describe pod mypod

1. Investigate logs or resource configurations to resolve the issue.

Finally Tips

Here are some important commands that you'll frequently use during the CKA exam:

1. create a deployment

kubectl create deployment myapp --image=nginx

1. Expose deployment using a service

kubectl expose deployment myapp --port=80 --target-port=8080 --type=ClusterIP

1. Create a service account

kubectl create serviceaccount my-sa

1. Create a Role or ClusterRole:

kubectl create role|clusterrole myrole --verb=get,list,watch --resource=pods

1. Create a RoleBinding or ClusterRoleBinding:

kubectl create rolebinding|clusterrolebinding mybinding --role=myrole --serviceaccount=default:my-sa --namespace=default

1. Create an Ingress resource:

kubectl create ingress mying --rule="myapp.example.com/nginx*=nginx-service:80"

1. Remember to memorize the Pod YAML configuration — this will save you a lot of time when dealing with Pod-related tasks.

Final Exam Tips

1. Copy and Paste: You can copy and paste text from the exam environment to save time. Use the following shortcuts:

- Copy: Ctrl+Shift+C
- Paste: Ctrl+Shift+V

1. You will be able to use the k8s documentation but you will not have time to look into it so make sure you practice using it

Also you can keep the kubctl cheat sheet command open during the exam just in case if you want to confirm something.

For further insights or any questions, connect with me on:

• LinkedIn
• Twitter