How I managed to pass the Certified Kubernetes Administrator (CKA)

Kubernetes, often abbreviated as K8s, is an open-source platform. It is part of the Cloud Native Computing Foundation (CNCF) and has quickly become the industry standard for container orchestration. One of the primary reasons for the popularity of Kubernetes is its ability to manage complex containerized applications efficiently. It automates the deployment, scaling, and operation of application containers across clusters of hosts, providing container-centric infrastructure. This automation enhances productivity and reduces the time spent on manual configuration and management.

To address these challenges and ensure a standardized level of expertise in the industry, the Cloud Native Computing Foundation (CNCF) developed a comprehensive certification program. It offers three main certification programs:

• The Certified Kubernetes Application Developer (CKAD) targets developers who design, build, and deploy applications on Kubernetes, ensuring they understand how to use Kubernetes resources effectively.

• The Certified Kubernetes Administrator (CKA) focuses on the skills needed to handle the responsibilities of a Kubernetes administrator, such as installation, configuration, and troubleshooting.

• Lastly, the Certified Kubernetes Security Specialist (CKS) emphasizes security best practices and the skills required to secure container-based applications and Kubernetes platforms throughout the lifecycle.

The CKA exam is a hands-on, performance-based test conducted entirely online. Instead of theoretical questions, candidates work directly with live Kubernetes clusters to complete practical tasks. The exam consists of 15 to 20 tasks covering various topics and difficulty levels. With a time limit of 2 hours, candidates need to score at least 66% to pass.

The topics for the tasks include:

Cluster Architecture, Installation & Configuration: Setting up and configuring Kubernetes clusters. Workloads & Scheduling: Managing application deployments and scheduling tasks. Services & Networking: Configuring networking and services within the cluster. Storage: Managing persistent storage for applications. Troubleshooting: Diagnosing and resolving issues within the cluster.

The exam questions themselves were easy to understand and the instructions were clear and not complicated to understand.

Candidates use a special secure browser called PSI to complete the hands-on tasks. This browser provides an interface similar to a desktop environment, with several applications available. The most important of these is the Terminal, where candidates work with kubectl to interact with Kubernetes clusters. A restricted web browser is also provided, allowing access only to specific Kubernetes-related websites such as official documentation and forums.

The environment can be a bit slow, but in my case, it was sufficient to complete the tasks without any lags or reconnects. Pay attention to having a stable internet connection.

I prepared for the exam using the KodeKloud course, which includes explanatory videos and practical examples for each topic. KodeKloud also offers practice exams with questions similar to those in the CKA exam with solutions and time constraints. I found KodeKloud very helpful. I had previously used it to prepare for the CKAD, and it was beneficial. As an extra with a membership, you can access other courses offered by KodeKloud as well. Alternatively, you can buy the KodeKloud course on Udemy. But there are also many other providers for exam preparation available.

After finishing the practice exams on KodeKloud, I completed the KillerCoda scenarios, which include additional tasks. I didn't do all the scenarios because I felt confident with kubectl, but the Kubernetes troubleshooting tasks were particularly helpful. They taught me where to find logs of the Kubernetes components like kubelet, how to identify errors, and more.

Finally, before the exam, I went through the mock exams on killer.sh, which come bundled with the CKA exam. These exams are slightly harder and have more time pressure, with 25 questions instead of 15 to 20. The environments are quite similar to the real exam, making them good preparation. You have two vouchers and I used both, first as preparation and second as repetition, especially for the questions I haven’t answered correctly.

In the real CKA exam, the instructions for the questions were clear and understandable. After finishing and reviewing all the questions, I still had plenty of time left. Be aware that you are monitored by a proctor via camera and microphone. Try not to murmur or move your head out of the camera's view.

Here are a few tips and tricks I found important for the CKA exam

You can flag questions to review later. I used this feature twice: once for an early question that was too time-consuming and required more patience, and again for a question, I wasn't sure about the correct answer and wanted to double-check. By flagging, I knew exactly which questions were either unfinished or needed special attention.

The CKA exam involves working with multiple Kubernetes clusters. At the beginning of each question, the context to use is provided, including the command to switch contexts. Some questions also specify the namespace, but not always. If a namespace wasn’t given, I always switched to the default namespace.

A common error is forgetting to switch to the correct cluster or namespace. In a hurry, it's easy to miss this step. So, make it a habit to first switch the context and then consider the namespace.

This is an important point. In the exam environment, you can only use certain editors. I used Vim a lot and got used to some shortcuts, which boosted my productivity. If you use Vim, you can also modify .vimrc to suit your needs.

You should also use aliases and exports to shorten common commands, such as switching namespaces. How many you set up depends on your preference. Some people have many, while others have none. Since setting up aliases takes time upfront, find the best value-ratio for you. Additionally, put the aliases and exports into a file with a significant name (I used __source.sh). In case you open a new terminal or restart the browser, you can quickly source the file.

My commands used were:

alias kns="kubectl config set-context --current --namespace" # quickly switch namespaces
alias kaf="kubectl apply -f" # quickly apply declarative files to the cluster
export do="--dry-run=client -oyaml" # when creating resources via kubectl export them as yaml instead of applying them to the cluster
export now="--force --grace-period=0" # kill pods immediately

Since kubectl will be the main CLI for interacting with the cluster, it's crucial to know the necessary commands for managing resources. This includes commands to get pods, nodes, rollouts, scale up or down, etc. Basic knowledge of jsonpath is also important, as there may be questions about it in the exam. You should know how to create YAML manifests from commands, edit them with Vim, and apply them to the cluster.

Of course, you don't need to memorize every flag, but you shouldn't have to look up everything either. I know many flags, but not all of them. For this, you can use the --help flag. For example, if you can't remember the exact format to expose a service via ingress, you can easily look it up with kubectl create ingress --help, so you don't have to start from scratch.

If there isn't a kubectl command to create a resource, you need to know how to quickly find the configuration in the Kubernetes documentation, for example, using the search function. This is especially important for storage classes, persistent volumes, persistent volume claims, and network policies.

Also, when creating files with kubectl or copying code from documentation, give your files meaningful names or use a naming schema to avoid confusion. I named my files like pv12.yaml or po4.yaml, where the first part is the resource type and the number is the question number.

Finally, always copy statements from the questions, such as names, commands, and parameters. This approach is not only quicker but also less error-prone, as the names are often quite random. If you make a typo, you won't get any points.

The CKAD exam focuses on designing, building, and deploying applications, meaning you will use kubectl exclusively and should already have a good understanding of the commands. The CKA exam adds the architecture, setup, and troubleshooting aspects of Kubernetes itself. So, if you have completed the CKAD, the CKA will be easier.

This is especially important for the troubleshooting and configuration questions. You should know which controller is which part of the infrastructure and is responsible for what. This helps to know where to look if some features of Kubernetes like scheduling are not working. If you cannot use kubectl because kube-apiserver is down you need to know how to use crictl and where to look for the logs and the configuration files on the controlplane. KillerCoda does have some nice scenarios there.

The CKA exam helped me greatly understand Kubernetes architecture and how it works beyond its internals, like pods and services. The practical approach is excellent for hands-on experience, unlike multiple-choice certifications. I hope this post helps you, and I wish you the best of luck.