Certified Kubernetes Administrator CKA Learning Path
The journey in the container world continues with the Certified Kubernetes Administrator CKA certification, which I cleared recently with 90%. After knowing how to use Kubernetes, it was really interesting and intriguing to know Kubernetes internals and how the overall system works.
- CKA focuses on the skills required to be a successful Kubernetes Administrator
- CKA is an open book test, where you have access to the official Kubernetes documentation exam, but it focuses more on hands-on experience.
- Unlike AWS and GCP certifications, you are required to provision, solve, debug actual problems and provision resources on a Kubernetes cluster
- Even though it is an open book test, you need to know where the information is.
CKA Exam Pattern and Tips
-
- CKA requires you to solve 24 questions in 3 hours.
- CKA exam curriculum includes these general domains and their weights on the exam:
- Application Lifecycle Management – 8%
- Installation, Configuration & Validation – 12%
- Core Concepts – 19%
- Networking – 11%
- Scheduling – 5%
- Security – 12%
- Cluster Maintenance – 11%
- Logging / Monitoring – 5%
- Storage – 7%
- Troubleshooting – 10%
- I was not stretched for time for CKA, as compared to CKAD, and was through with the my first attempt in 90 minutes, I took next 30 minutes to review and was done with the exam in 2 hours. However, I skipped a question with 8%, but that shouldn’t have had a huge impact.
- Exam questions can be attempted in any order and doesn’t have to be sequential.
- Each exam question carries a weight so be sure you attempt the exams with higher weights before focusing on the lower ones. So target the ones with higher weights and quicker solutions like debugging ones.
- 6-8 different K8s clusters are provisioned. Each question refers to a different kubernetes cluster, and the context needs to be switched. Be sure to execute the
kubectl use context
command, which is available with every question and you just need to copy paste it. - Check for the namespace mentioned in the question, to find resources and create resources. Use the
-n <namespace>
- You would be performing most of the interaction from base node. However, pay attention to check for the node you need to execute the exams and make sure you return back to the base node.
- SSH to nodes and gaining root access is allowed, if needed. Commands are provided. Make sure you use the
sudo -i
command for running docker commands. - Read carefully the Information provided within the questions with the i mark. They would provide very useful hints in addressing the question and save time. for e.g. namespaces to look into. for a failed pod, what has already been created like configmap, secrets, network policies so that you do not create the same.
- CKA was already upgraded to use k8s 1.18 version and
kubectl run
commands did not work for me. Usekubectl create
commands to create deployments. - Make sure you know the imperative commands to create resources, as you won’t have time to time to create and edit yaml files.
- If you need to edit further use
--dry-run -o yaml
to get a headstart with spec yaml file and edit the same. - I personally use
alias kk=kubectl
to avoid typingkubectl
CKA Learning Path
- Go through the CKA-CKAD-Candidate-Handbook-v1.10.pdf
- Linux Foundation CKA COURSE and CKA CERTIFICATION Bundle – $499!
- Mumshad Mannambeth courses at Udemy Certified Kubernetes Administrator (CKA) with Practice Tests
OR Kodekloud
- Excellent course which covers the right topics required for the CKA
- It also provides hands-on labs for each of the topics, giving you actual experience working on kubernetes cluster.
- Make sure to practice the labs, as long as you don’t need to refer the hints and can do most of it without documentation.
- Udemy Certified Kubernetes Administrator by Zeal Vora
- Cover Kubernetes tutorials which provide good hands-on guide
- Cover kubectl cheatsheet for commands
- Cover Tasks from Kubernetes documentation
CKA Key Topics
Application Lifecycle Management
- Understand deployments and how to perform rolling update and rollbacks. Practice
kubectl rollout
commands to check status and undo deployments. - Know how to scale and create self-healing applications using
replicas
- Understand Init Containers and usage
Installation, Configuration & Validation
- Practice creating kubernetes Cluster using Kubeadm
- Configure secure cluster communications
- Configure a highly-available Kubernetes cluster
- Perform cluster management. Drain, Cordon and Uncordon nodes.
Core Concepts
- Understand the Kubernetes API primitives, cluster architecture, Services and other network primitives
- Know how to create namespaces, pods, describe pods
- Know how to export the pods spec as yaml/json file
kubectl get pod pod_name -o json|yaml
- Know how to create deployments and expose services
- Know how to Create a multi container pod
- Practice how to filter the records using label selectors.
- Practice Output formatting using jsonpath. Practice jsonpath samples.
- Know how to monitor consumed CPU and Memory resources.
Networking
- Understand the networking configuration on the cluster nodes
- Understand Pod networking concepts
- Understand Service Networking and practice how to expose pod and. deployments as service.
- Know Ingress and how to use Ingress rules
- Practice DNS for Services and Pods using
nslookup
Scheduling
- Understand label selectors to schedule Pods on nodes using
nodeSelector
and Practice Assign Pod Nodes - Understand DaemonSets and how to provision. Remember there is no imperative way to create DaemonSet, so either create a deployment and filter of copy from the documentation.
- Understand how resource limits can affect Pod scheduling
- Understand how to run multiple schedulers and how to configure Pods to use them
- Practice how to Create Static Pods esp. on worker nodes. Static pods can be configured using yaml files located in
staticPodPath
referred by thekube-apiserver
. Make sure the property is defined.
Security
- Know how to configure authentication and authorization using CertificateSigningRequest and RBAC authorization
- Know how to configure network policies
- Practice manage TLS certificates in a Cluster
- Work with images securely using private repository
- Define security contexts
- Secure persistent key value store using Secrets. Practice passing Secrets to Pods using Volumes and Environment variables.
Cluster Maintenance
- Understand Kubernetes cluster upgrade process
- Implement backup and restore methodologies
- Make sure you read ETCD backup and practice using documentation
- Facilitate operating system upgrades
Logging / Monitoring
- Understand and know how to monitor all cluster components, applications, cluster and application logs
- Know resource usage monitoring as you would be needed to check resource usage using the
kubectl top
command - Know how to Debug running pods using the
kubectl logs
command
Storage
- Understand and focus on creating Persistent Volumes, Persistent Volume Claims and associating them with Pods
- Practice Configure a Pod to Use a Volume for Storage – focus on using Empty Dir as the volume, so the storage is ephemeral to pod.
- Practice Configure Pod Container Persistent Volume Storage – focus on creating Pods with host path volumes
- Exam does not cover other other volume types or storage class.
Troubleshooting
- Practice Debug application for troubleshooting application failures
- Practice Debug cluster for troubleshooting control plane failure and worker node failure.
- Understand the control plane architecture.
- Focus on
kube-apiserver
, static pod config which causes the control panel pods to be referred and deployed. - Check pods in
kube-system
if they are all running. Usedocker ps -a
command on the node to inspect the reason for exiting containers. - Check
kubelet
service if the worker node is shown not ready
- Troubleshoot networking
General information and practices
- You can book the exam from CNCF CKA Certification @ $300. Avail limited time 30% discount coupon.
- Exam can be taken online from anywhere.
- Make sure you have prepared your workspace well before the exams.
- Make sure you have a valid government issued ID card as it would be checked.
- You are not allowed to have anything around you and no one should enter the room.
- Exam proctor will be watching you always, so refrain from doing any other activities. Your screen is also always shared.
- I did not have any warnings with the Proctor, except for a request to have camera focused.
- You would need to install a Google Chrome plugin and the exam provides a web based shell to work on which worked quite well without any glitches. Copy + Paste works fine.
- You will have an online notepad on the right corner to note down. I hardly used it, but it can be good type and modify text instead of using VI editor.
All the Best ..