Certified Kubernetes Administrator (CKA) Exam Preparation Guide

Updated for the latest CKA Exam

This guide focuses on the core objectives of the CKA exam. It includes recommended resources, tools, and hands-on labs to help you prepare effectively. Please verify that all resources match the exam's Kubernetes version.

Disclaimer: This is not an exhaustive list, as the exam evolves with K8s rapid development. Please make a pull request if there something wrong, should be added, or updated.

---

Exam Overview

The Certified Kubernetes Administrator (CKA) exam is a performance-based test that requires you to solve multiple tasks on a live Kubernetes cluster. The exam is proctored and lasts for 2 hours. You must score at least 74% to pass the exam.

Exam Curriculum

These are the exam objectives you review and understand in order to pass the test.

• CNCF Exam Curriculum repository

• Workloads and Scheduling – 15%
• Storage – 10%
• Services and Networking – 20%
• Cluster Architecture, Installation, and Configuration – 25%
• Security – 20%
• Troubleshooting – 30%

Exam Prerequisites

• Kubernetes Fundamentals
  • Kubernetes Basics (K8S Docs)
  • Kubernetes Concepts (K8S Docs)
  • Kubernetes in 5 Minutes (Video)

Workloads and Scheduling – 15%

Understand application deployments and how to perform rolling updates and rollbacks

• Kubernetes Basics: Updating Applications (K8S Docs)
• Deployments in Kubernetes (K8S Docs)
• Kubernetes Rollback Deployment (Vendor Guide)
• Update Strategies and Prometheus (GKE)
• Harness Deployment Strategies Overview (Vendor Guide)
• The Gotchas of Zero-Downtime Traffic with Kubernetes - Leigh Capili, Weaveworks

Use ConfigMaps and Secrets to configure applications

• How to Deploy Hashicorp Vault in Kubernetes (Vendor Guide)
• Vault in Kubernetes: Beginner's Tutorial (DevOpsCube)
• Reloader for Dynamic Config Updates (Open Source Tool by Stakater)
• Kubernetes ConfigMap Explained (Qovery Blog)

Configure workload autoscaling

• Kubernetes Autoscaling: Methods and Tips (Vendor Guide)
• Cluster Autoscaler in Kubernetes (K8S Docs)
• Autoscaling LLM Workloads on GPUs in GKE (GKE Guide)
• KEDA: Kubernetes Event-Driven Autoscaler (Open Source Tool)

Understand the primitives used to create robust, self-healing deployments

• Replicasets, Deployments, Statefulsets, Daemonsets

Configure Pod admission and scheduling

• Custom Kube-Scheduler: Why and How
• GopherCon 2016: Building a Custom Kubernetes Scheduler
• 11 Kubernetes Custom Schedulers to Consider

---

Storage – 10%

Implement storage classes and dynamic volume provisioning

• Kubernetes Storage Classes (K8S Docs)
• Dynamic Volume Provisioning Guide (K8S Docs)

Configure volume types, access modes, and reclaim policies

• Volume Modes and Access Modes (K8S Docs)

Manage persistent volumes and persistent volume claims

• Persistent Volumes (PV) and Persistent Volume Claims (PVC) (K8S Docs)

---

Services and Networking – 20%

Understand connectivity between Pods

• Pod Networking Basics (K8S Docs)

Define and enforce Network Policies

• Network Policies (K8S Docs)

Use ClusterIP, NodePort, LoadBalancer service types, and endpoints

• Services in Kubernetes (K8S Docs)

Use the Gateway API to manage Ingress traffic

• Gateway API Overview (Open Source)

Know how to use Ingress controllers and Ingress resources

• Ingress Controllers (K8S Docs)

Understand and use CoreDNS

• CoreDNS Documentation

---

Cluster Architecture, Installation, and Configuration – 25%

Manage role-based access control (RBAC)

• RBAC Documentation

Prepare underlying infrastructure for Kubernetes clusters

• Cluster Setup Guide

Create and manage Kubernetes clusters using kubeadm

• Kubeadm Documentation

Manage the lifecycle of Kubernetes clusters

• Upgrades, backups, and scaling

Implement and configure a highly-available control plane

• Kubernetes HA Topology

Use Helm and Kustomize to install cluster components

• Helm Documentation
• Kustomize Documentation

Understand extension interfaces (CNI, CSI, CRI, etc.)

• Container Networking Interface (CNI)
• Container Storage Interface (CSI)

Understand CRDs, install, and configure operators

• Custom Resource Definitions (CRDs)

---

Troubleshooting – 30%

Troubleshoot clusters and nodes

• Cluster and Node Debugging Guide

Troubleshoot cluster components

• Component Troubleshooting

Monitor cluster and application resource usage

• Resource Monitoring in Kubernetes

Manage and evaluate container output streams

• Logging Architecture

Troubleshoot services and networking

• Networking Debugging

---

Tips and Best Practices

Practice, Practice, Practice! 🏋️‍♂️

Familiarize yourself with the documentation, initially concepts and mostly tasks, kubectl explain command, kubectl cheatsheet, and kubectl commands reference

• Kubectl Cheat Sheet By Cloud Native Islamabad
• Kubectl Commands Reference
• K8s Concepts

• When using kubectl for investigations and troubleshooting utilize the wide output it gives your more details

     $kubectl get pods -o wide  --show-labels  --all-namespaces
     or
     $kubectl get pods -o wide  --show-labels  -A     # -A is quicker than --all-namespaces

• For events and troubleshooting utilize kubectl describe if its pod/resource related and logs if it is application issue related

     $kubectl describe pods <PODID>   # for pod, deployment, other k8s resource issues/events
     $kubectl logs <PODID>            # for container/application issues like crash loops
     

• The '-o yaml' in conjuction with --dry-run=client allows you to create a manifest template from an imperative spec, combined with --edit it allows you to modify the object before creation

kubectl create service clusterip my-svc -o yaml --dry-run=client > /tmp/srv.yaml
kubectl create --edit -f /tmp/srv.yaml

• use kubectl aliases to speed up and reduce typo errors, practice them in your daily work some examples:

alias k='kubectl'
alias kg='kubectl get'
alias kgpo='kubectl get pod'
alias kcpyd='kubectl create pod -o yaml --dry-run=client'
alias ksysgpo='kubectl --namespace=kube-system get pod'

alias kd='kubectl delete'
alias kdf='kubectl delete -f'
## for quick deletes you can add --force --grace-period=0  **Not sure if it is a good idea if you are in a production cluster**
alias krmgf='kubectl delete --grace-period 0 --force'
alias kgsvcoyaml='kubectl get service -o=yaml'
alias kgsvcwn='watch kubectl get service --namespace'
alias kgsvcslwn='watch kubectl get service --show-labels --namespace'

#example usage of aliases
krmgf nginx-8jk71    # kill pod nginx-8jk71 using grace period 0 and force

Books:

• Acing the Certified Kubernetes Administrator Exam
• Kubernetes Up & Running
• The Kubernetes Book
• Kubernetes Best Practices

Webinar & Streams

• Certified Kubernetes Administrator Hands-On Workshop - Part 01
• Certified Kubernetes Administrator Hands-On Workshop - Part 02

Study Resources

• Kubernetes Official Documentation
• CKA Hands-on Lab Exercises By Chad M. Crowell
• Killer.sh CKA Simulator
• Mumshad CKA Course
• NANA’s CKA Playlist