Certified Kubernetes Administrator CKA Learning Path

The journey in the container world continues with the Certified Kubernetes Administrator CKA certification, which I cleared recently with 90%. After knowing how to use Kubernetes, it was really interesting and intriguing to know Kubernetes internals and how the overall system works.

• CKA focuses on the skills required to be a successful Kubernetes Administrator 
• CKA is an open book test, where you have access to the official Kubernetes documentation exam, but it focuses more on hands-on experience.
• Unlike AWS and GCP certifications, you are required to provision, solve, debug actual problems, and provision resources on a Kubernetes cluster
• Even though it is an open book test, you need to know where the information is.

CKA Exam Pattern

• CKA exam curriculum includes these general domains and their weights on the exam:
  • Cluster Architecture, Installation & Configuration – 25%
  • Workloads & Scheduling – 15%
  • Services & Networking – 20%
  • Storage  – 10%
  • Troubleshooting – 30%
• CKA requires you to solve 24 questions in 3 hours.
• CKA exam has been upgraded and requires you to solve 15-20 questions in 2 hours
• CKA was already upgraded to use the k8s 1.22 version.
• You are allowed to open another browser tab which can be from kubernetes.io or other products documentation like Falco. Do not open any other windows.
• Exam questions can be attempted in any order and don’t have to be sequential. So be sure to move ahead and come back later.

CKA Exam Preparation and Tips

• I used the courses from KodeKloud for practicing and it would good enough to cover what is required for the exam.
• When you book your exam, there are 2 exam simulator sessions provided by killer.sh. These mock exams are VERY tough as compared to the actual exams, as they mention, but do provide a great learning experience. Do not get demotivated if you flunk badly on time on this one :).
• I was not stretched for time for CKA, as compared to CKAD, and was through with my first attempt in 90 minutes, I took the next 30 minutes to review and was done with the exam in 2 hours. However,  I skipped a question with 8%, but that shouldn’t have had a huge impact
  
• Each exam question carries weight so be sure you attempt the exams with higher weights before focusing on the lower ones. So target the ones with higher weights and quicker solutions like debugging ones.
• The exam is provided by killer.sh with 6-8 different preconfigured K8s clusters. Each question refers to a different Kubernetes cluster, and the context needs to be switched. Be sure to execute the kubectl use context command, which is available with every question and you just need to copy-paste it.
• Check for the namespace mentioned in the question, to find resources and create resources. Use the -n <namespace>
• You would be performing most of the interaction from the client node. However, pay attention to the node (master or worker) you need to execute the exams and make sure you return back to the base node.
• With CKS is important to move the master node for any changes to the cluster kube-apiserver .
• SSH to nodes and gaining root access is allowed if needed.
• Read carefully the Information provided within the questions with the i mark. They would provide very useful hints in addressing the question and save time. for e.g. namespaces to look into. for a failed pod, what has already been created like configmap, secrets, network policies so that you do not create the same.
• Make sure you know the imperative commands to create resources, as you won’t have much time to create and edit YAML files.
• If you need to edit further use --dry-run -o yaml to get a headstart with the YAML spec file and edit the same.
• I personally use alias kk=kubectl to avoid typing kubectl

CKA Learning Path

• Go through the CKA Curriculum
• Mumshad Mannambeth Kodekloud course or Udemy Certified Kubernetes Administrator (CKA) with Practice Tests
  • Excellent course which covers the right topics required for the CKA
  • It also provides hands-on labs for each of the topics, giving you actual experience working on the Kubernetes cluster.
  • Make sure to practice the labs, as long as you don’t need to refer to the hints and can do most of it without documentation.
• Udemy Certified Kubernetes Administrator by Zeal Vora
• Practice CKA Exercises
• Cover Kubernetes tutorials which provide a good hands-on guide
• Cover kubectl cheatsheet for commands
• Cover Tasks from Kubernetes documentation

CKA Key Topics

Cluster Architecture, Installation & Configuration – 25%

• Practice CKA Exercises – Cluster Architecture, Installation & Configuration
• Manage role based access control (RBAC)
  • Authorization using Node and RBAC
• Use Kubeadm to install a basic cluster
  • Practice creating kubernetes Cluster using Kubeadm
• Manage a highly-available Kubernetes cluster
  • Configure a highly-available Kubernetes cluster
• Provision underlying infrastructure to deploy a Kubernetes cluster
• Perform a version upgrade on a Kubernetes cluster using Kubeadm
  • Practice Upgrading kubeadm clusters
• Implement etcd backup and restore
  • Make sure you read ETCD backup and practice using documentation

Workloads & Scheduling – 15%

• Practice CKA Exercises – Workloads & Scheduling
• Understand deployments and how to perform rolling update and rollbacks
  • Understand deployments and how to perform rolling update and rollbacks. Practice kubectl rollout commands to check status and undo deployments.
• Use ConfigMaps and Secrets to configure applications
  • ConfigMaps are used to store non-confidential data in key-value pairs.
  • Task Create a ConfigMap and mount it as a volume.
  • Know how to Manage Kubernetes secrets
  • Task Create Secrets and refer to them in a Pod.
  • Exam Tip: Know how to read secret values, create secrets and mount the same on the pods.
  • Exam Tip: Know how to create ConfigMaps and mount the same on the pods.
• Know how to scale applications
  • Understand Scaling an Application using Deployment
• Understand the primitives used to create robust, self-healing, application deployments
  • Know how to scale and create self-healing applications using replicas
• Understand how resource limits can affect Pod scheduling
  • Know how to assign consumed CPU and Memory resources
  • Exam Tip: Know how to configure pods with requests and limits.
• Awareness of manifest management and common templating tools

Services & Networking – 20%

• Practice CKA Exercises – Services & Networking
• Understand host networking configuration on the cluster nodes
• Understand connectivity between Pods
  • Understand Cluster Networking
• Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
  • Understand Service Networking and practice how to expose pod and. deployments as service.
• Know how to use Ingress controllers and Ingress resources
  • Know Ingress and how to use Ingress rules
• Know how to configure and use CoreDNS
  • Practice DNS for Services and Pods using nslookup
  • Understand CoreDNS for Service Discovery
• Choose an appropriate container network interface plugin
  • Know Network Plugins

Storage – 10%

• Practice CKA Exercises – Storage
• Understand storage classes, persistent volumes
  • Understand and focus on creating Persistent Volumes,
• Understand volume mode, access modes, and reclaim policies for volumes
  • Understand volume mode, access modes, and reclaim policies
• Understand persistent volume claims primitive
  • Understand Persistent Volume Claims and associate them with Pods
• Know how to configure applications with persistent storage
  • Practice Configure a Pod to Use a Volume for Storage – focus on using Empty Dir as the volume, so the storage is ephemeral to pod.
  • Practice Configure Pod Container Persistent Volume Storage – focus on creating Pods with host path volumes

Troubleshooting – 30%

• Practice CKA Exercises – Troubleshooting
• Evaluate cluster and node logging
  • Refer Cluster logging
• Understand how to monitor applications
  • Know resource usage monitoring as you would be needed to check resource usage using the kubectl top command
• Manage container stdout & stderr logs
  • Know how to Debug running pods using the kubectl logs command
• Troubleshoot application failure
  • Practice Debug application for troubleshooting application failures
• Troubleshoot cluster component failure
  • Practice Debug cluster for troubleshooting control plane failure and worker node failure.
    • Understand the control plane architecture.
    • Focus on kube-apiserver, static pod config which causes the control panel pods to be referred and deployed.
    • Check pods in kube-system if they are all running. Use docker ps -a command on the node to inspect the reason for exiting containers.
    • Check kubelet service if the worker node is shown not ready
• Troubleshoot networking

Scheduling

• Understand label selectors to schedule Pods on nodes using nodeSelector and Practice Assign Pod Nodes
• Understand DaemonSets and how to provision. Remember there is no imperative way to create DaemonSet, so either create a deployment and filter of copy from the documentation.
• Understand how resource limits can affect Pod scheduling
• Understand how to run multiple schedulers and how to configure Pods to use them
• Practice how to Create Static Pods esp. on worker nodes. Static pods can be configured using yaml files located in staticPodPath referred by the kube-apiserver. Make sure the property is defined.

Security

• Know how to configure authentication and authorization using CertificateSigningRequest and RBAC authorization
• Know how to configure network policies
• Practice manage TLS certificates in a Cluster
• Work with images securely using private repository
• Define security contexts
• Secure persistent key value store using Secrets. Practice passing Secrets to Pods using Volumes and Environment variables.

CKA General information and practices

• The exam can be taken online from anywhere.
• Make sure you have prepared your workspace well before the exams.
• Make sure you have a valid government-issued ID card as it would be checked.
• You are not allowed to have anything around you and no one should enter the room.
• The exam proctor will be watching you always, so refrain from doing any other activities. Your screen is also always shared.
• Copy + Paste works fine.
• You will have an online notepad on the right corner to note down. I hardly used it, but it can be useful to type and modify text instead of using VI editor.

All the Best …