Chapter 1. Exam Details and Resources
This introduction chapter addresses the most pressing questions candidates ask when preparing for the Certified Kubernetes Administrator (CKA) exam. We will discuss the target audience for the certification, the curriculum, and the exam environment, as well as tips and tricks and additional learning resources. If you’re already familiar with the certification program, you can directly jump to any of the chapters covering the technical concepts.
Exam Objectives
Kubernetes clusters need to be installed, configured, and maintained by skilled professionals. That’s the job of a Kubernetes administrator. The CKA certification program verifies a deep understanding of the typical administration tasks encountered on the job, more specifically Kubernetes cluster maintenance, networking, storage solutions, and troubleshooting applications and cluster nodes.
Kubernetes version used during the exam
At the time of writing, the exam is based on Kubernetes 1.23. All content in this book will follow the features, APIs, and command-line support for that specific version. It’s certainly possible that future versions will break backward compatibility. While preparing for the certification, review the Kubernetes release notes and practice with the Kubernetes version used during the exam to avoid unpleasant surprises.
Curriculum
The following overview lists the high-level sections of the CKA and their scoring weight:
-
25%: Cluster Architecture, Installation, and Configuration
-
15%: Workloads and Scheduling
-
20%: Services and Networking
-
10%: Storage
-
30%: Troubleshooting
The CKA curriculum went through a major overhaul in September 2020. One of the reasons why the exam domains have been reorganized and optimized is the new Certified Kubernetes Security Specialist (CKS) certification. For the most part, security-related topics have been moved to the CKS, while the CKA continues to focus on typical administration activities and features.
Note
The outline of the book follows the CKA curriculum to a T. While there might be a more natural, didactical organization structure to learn Kubernetes in general, the curriculum outline will help test takers prepare for the exam by focusing on specific topics. As a result, you will find yourself cross-referencing other chapters of the book depending on your existing knowledge level.
Let’s break down each domain in detail in the next sections.
Cluster Architecture, Installation, and Configuration
This section of the curriculum touches on all things Kubernetes cluster-related. This includes understanding the basic architecture of a Kubernetes clusters such as control plane versus worker nodes, high-availability setups, and the tooling for installing, upgrading, and maintaining a cluster. You will need to demonstrate the process of installing a cluster from scratch, upgrading a cluster version, and backing up/restoring the etcd database. The Cloud Native Computing Foundation (CNCF) also decided to add a somewhat unrelated topic to this section: managing role-based access control (RBAC). RBAC is an important concept every administrator should understand how to set up and apply.
Workloads and Scheduling
Administrators need to have a good grasp of Kubernetes concepts used for operating cloud-native applications. The section “Workloads and Scheduling” addresses this need. You need to be familiar with Deployments, ReplicaSets, and configuration data specified by ConfigMaps and Secrets. When creating a new Pod, the Kubernetes scheduler places the object on an available node. Scheduling rules like node affinity and taints/tolerations control and fine-tune the behavior. For the exam, you are only required to understand the effect of Pod resource limits on scheduling. Furthermore, you need to be familiar with imperative and declarative manifest management, as well as common templating tools like Kustomize, yq, and Helm.
Services and Networking
A cloud-native microservice rarely runs in isolation. In the majority of cases, it needs to interact with other microservices or external systems. Understanding Pod-to-Pod communication, exposing applications outside of the cluster, and configuring cluster networking is extremely important to administrators to ensure a functioning system. In this section of the exam, you need to demonstrate your knowledge of the Kubernetes primitives Service and Ingress.
Storage
This section covers the different types of volumes for reading and writing data. As an administrator, you need to know how to create and configure them. Persistent volumes ensure permanent data persistence even beyond a cluster node restart. You will need to be familiar with the mechanics and demonstrate how to mount a persistent volume to a path in a container. Make sure you understand the differences between static and dynamic binding.
Troubleshooting
Naturally, things can go south in production Kubernetes clusters. Sometimes, the application is misbehaving, becomes unresponsive, or even inaccessible. Other times, the cluster nodes may crash or run into configuration issues. It is of upmost importance to develop effective strategies for troubleshooting those situations so that they can be resolved as quickly as possible. This section of the exam has the highest scoring weight. You will be confronted with typical scenarios that you need to fix by taking appropriate measures.
Involved Kubernetes Primitives
The main purpose of the exam is to test your practical knowledge of Kubernetes primitives. It is to be expected that the exam combines multiple concepts in a single problem. Refer to Figure 1-1 as a rough guide to the applicable Kubernetes resources and their relationships.
Figure 1-1. Kubernetes primitives relevant to the exam
Exam Environment and Tips
To take the CKA exam, you must purchase a voucher as registration. A voucher can be acquired on the CNCF training and certification web page. On occasion, the CNCF offers discounts for the voucher (e.g., around the US holiday Thanksgiving). Those discount offers are often announced on the Twitter account @LF_Training.
With the voucher in hand, you can schedule a time for the exam. On the day of your scheduled test, you’ll be asked to log into the test platform with a URL provided to you by email. You’ll be asked to enable the audio and video feed on your computer to discourage you from cheating. A proctor will oversee your actions via audio/video feed and terminate the session if she thinks you are not following the rules.
Exam attempts
The voucher you purchased grants two attempts to pass the CKA exam. I recommend preparing reasonably well before taking the test on the first attempt. It will give you a fair chance to pass the test and provide you with a good impression of the exam environment and the complexity of the questions. Don’t sweat it if you do not pass the test on the first attempt. You’ve got another free shot.
The CKA has a time limit of two hours. During that time window, you’ll need to solve hands-on problems on a real, predefined Kubernetes cluster. Every question will state the cluster you need to work on. Using a practical approach to gauge a candidate’s skill set is superior to tests with multiple-choice questions as you can translate the knowledge directly on tasks performed on the job.
You are permitted to open an additional browser tab to navigate the official Kubernetes documentation assets. Those pages include https://oreil.ly/w0vib, https://oreil.ly/XLYLj, and https://oreil.ly/1sr3B plus their subdomains. You are allowed to create bookmarks and open them during the exam as long as they fall within the URLs just mentioned.
While having the Kubernetes documentation pages at hand is extremely valuable, make sure you know where to find the relevant information within those pages. In preparation for the test, read all the documentation pages from start to end at least one time. Don’t miss out on the search functionality of the official documentation pages.
Using the documentation efficiently
Using a search term will likely lead you to the right documentation pages quicker than navigating the menu items. Copying and pasting code snippets from the documentation into the console of the exam environment works reasonably well. Sometimes you may have to adjust the YAML indentation manually as the proper formatting may get lost in the process.
I’d highly recommend reading the FAQ for the CKA exam. You will find answers to most of your pressing questions there, including system requirements for your machine, scoring, certification renewal, and retake requirements.
Candidate Skills
The certification assumes that you already have a basic understanding of Kubernetes. You should be familiar with Kubernetes internals, its core concepts, and the command-line tool kubectl. The CNCF offers a free “Introduction to Kubernetes” course for beginners to Kubernetes, as well as training courses on more advanced topics.
The CKA exam assumes that you work in the role of an administrator and that you are confronted with typical maintenance tasks on a day-to-day basis. In addition to the command-line tool kubectl, you will need to be familiar with other tools relevant to operating a Kubernetes cluster. The following points lay out the tooling landscape:
- Kubernetes architecture and concepts
-
The exam may ask you to install a Kubernetes cluster from scratch. Read up on the basics of Kubernetes and its architectural components. Don’t expect to encounter any multiple-choice questions during the exam.
- The
kubectlcommand-line tool -
The
kubectlcommand-line tool is the central tool you will use during the exam to interact with the Kubernetes cluster. Even if you have only a little time to prepare for the exam, it’s essential to practice how to operatekubectl, as well as its commands and their relevant options. You will have no access to the web dashboard UI during the exam. - Kubernetes cluster maintenance tools
-
Installing a Kubernetes cluster from scratch and upgrading the Kubernetes version of an existing cluster is performed using the tool
kubeadm. It’s important to understand its usage and the relevant process to walk through the process. Additionally, you need to have a good understanding of the tooletcdctlincluding its command-line options for backing up and restoring the etcd database. - Other relevant tools
-
Kubernetes objects are represented by YAML or JSON. The content of this book will only use examples in YAML, as it is more commonly used than JSON in the Kubernetes world. You will have to edit YAML during the exam to create a new object declaratively or when modifying the configuration of a live object. Ensure that you have a good handle on basic YAML syntax, data types, and indentation conforming to the specification. How do you edit the YAML definitions, you may ask? From the terminal, of course. The exam terminal environment comes with the tools
viandvimpreinstalled. Practice the keyboard shortcuts for common operations (especially how to exit the editor). The last tool I want to mention is GNU Bash. It’s imperative that you understand the basic syntax and operators of the scripting language. It’s absolutely possible that you may have to read, modify, or even extend a multiline Bash command running in a container. Having a good working knowledge of Linux and the shell command line is going to be helpful when interacting with cluster nodes.
Time Management
Candidates have a time limit of two hours to complete the exam. At a minimum, 66% of the answers to the questions need to be correct. Many of the questions consist of multiple steps. While the Linux Foundation doesn’t provide a breakdown on the scoring, I’d assume that partially correct answers will still score a portion of the points.
When taking the test, you will notice that the given time limit will put you under a lot of pressure. That’s intentional. The Linux Foundation expects Kubernetes practitioners to be able to apply their knowledge to real-world scenarios by finding solutions to problems in a timely fashion.
The CKA exam will present you with a mix of problems. Some are short and easy to solve; others require more context and take more time. Personally, I tried to tackle the easy problems first in order to score as many points as possible without getting stuck on the harder questions. I marked down any questions I could not solve immediately in the notepad functionality integrated in the exam environment. During the second pass, revisit the questions you skipped and try to solve them as well. In the optimal case, you will have been able to work through all problems in the allotted time.
Command-Line Tips and Tricks
Given that the command line is going to be your solidary interface to the Kubernetes cluster, it’s essential that you become extremely familiar with the tools kubectl, kubeadm, etcdctl, and their available options. This section touches on a couple of tips and tricks for making their use more efficient and productive.
Setting a Context and Namespace
The CKA exam environment comes with six Kubernetes clusters already set up for you. Take a look at the instructions for a high-level, technical overview of those clusters. Each of the exam exercises needs to be solved on a designated cluster, as outlined by its description. Furthermore, the instructions will ask you to work in a namespace other than default. You will need to make sure to set the context and namespace as the first course of action before working on a question. The following command sets the context and the namespace as a one-time action:
$ kubectl config set-context <context-of-question> \ --namespace=<namespace-of-question> $ kubectl config use-context <context-of-question>
Using an Alias for kubectl
In the course of the exam, you will have to execute the kubectl command tens or even hundreds of times. You might be an extremely fast keyboard typer, however, there’s no point in fully spelling out the executable over and over again. It is far more efficient to set an alias for the kubectl command. The following alias command maps the letter k to the full kubectl command:
$ alias k=kubectl $ k version
You can repeat the same process for other command-line tools like kubeadm and etcdctl to save even more typing. The exam environment already sets up an alias for the kubectl command.
Using kubectl Command Auto-Completion
Memorizing kubectl commands and command-line options takes a lot of practice. During the exam, you are allowed to configure bash auto-completion. The instructions are available in the Kubernetes documentation in the section “bash auto-completion on Linux”. Make sure you understand the trade-off between the time needed to set up auto-completion versus typing commands and options by hand.
Internalize Resource Short Names
Many of the kubectl commands can be quite lengthy. For example, the command for managing Persistent volume claims is persistentvolumeclaims. Having to spell out the full command can be error-prone and time-consuming. Thankfully, some of the longer commands come with a short-form usage. The command api-resources lists all available commands plus their short names:
$ kubectl api-resources NAME SHORTNAMES APIGROUP NAMESPACED KIND ... persistentvolumeclaims pvc true PersistentVolumeClaim ...
Using pvc instead of persistentvolumeclaims results in a much more concise and expressive command execution, as shown here:
$ kubectl describe pvc my-claim
Deleting Kubernetes Objects
Certain situations require you to delete existing Kubernetes objects. For example, during the exam you may want to start a task from scratch with a clean slate because you made a configuration mistake, or you may want to change the runtime configuration of an object that requires the re-creation of it instead of modifying the live object. Upon execution of the delete command, Kubernetes tries to delete the targeted object gracefully so that there’s minimal impact on the end user. If the object cannot be deleted within the default grace period (30 seconds), the kubelet attempts to forcefully kill the object.
During the CKA exam, end user impact is not a concern. The most important goal is to complete all tasks in the time frame granted to the candidate. Therefore, waiting on an object to be deleted gracefully is a waste of time. You can force an immediate deletion of an object with the command-line option with the --force option. The following command kills the Pod named nginx using a SIGKILL signal:
$ kubectl delete pod nginx --force
Finding Object Information
As an administrator, you are often confronted with a situation that requires you to investigate a failure situation in a Kubernetes cluster. This cluster may already run workloads that consist of a set of different object types. The CKA exam will emulate failure scenarios to test your troubleshooting skills.
Listing objects of a specific type helps identify the root cause of issues; however, you will need to ensure to search for relevant information. You can combine the describe and get commands with the Unix command grep to filter objects by search term. The -C command-line option of the grep command renders contextual configuration before and after the search term.
The following commands show their usage. The first command finds all Pods with the annotation key-value pair author=John Doe plus the surrounding 10 lines. The second command searches the YAML representation of all Pods for their labels including the surrounding five lines of output:
$ kubectl describe pods | grep -C 10 "author=John Doe" $ kubectl get pods -o yaml | grep -C 5 labels:
Discovering Command Options
The Kubernetes documentation is extensive and covers the most important aspects of the ecosystem including the API reference for Kubernetes resources. While the search functionality drastically reduces the time for finding the relevant information by search term, you might have to further browse through the resulting pages.
An alternative route is the help functionality built into kubectl using the command-line option --help. The option renders the details of commands and subcommands including options and examples. The following command demonstrates the use of the --help option for the create command:
$ kubectl create --help Create a resource from a file or from stdin. JSON and YAML formats are accepted. Examples: ... Available Commands: ... Options: ...
Moreover, you can explore available fields for every Kubernetes resource with the explain command. As a parameter, provide the JSONPath of the object you’d like to render details for. The following example lists all fields of a Pod’s spec:
$ kubectl explain pods.spec KIND: Pod VERSION: v1 RESOURCE: spec <Object> DESCRIPTION: ... FIELDS: ...
Practicing and Practice Exams
Hands-on practice is extremely important when it comes to passing the exam. For that purpose, you’ll need a functioning Kubernetes cluster environment. The following options stand out:
-
Find out if your employer already has a Kubernetes cluster set up and will allow you to use it to practice.
-
For practicing the installation or upgrade process of Kubernetes cluster nodes, I found it useful to run one or many virtual machines using Vagrant and VirtualBox. Those tools help with creating an isolated Kubernetes environment that is easy to bootstrap and dispose on-demand. Some of the practice exercises in this book use this setup as the starting point.
-
Installing Kubernetes on your developer machine is an easy and fast way to get set up. The Kubernetes documentation provides various installation options, depending on your operating system. Minikube is specifically useful when it comes to experimenting with more advanced features like Ingress or storage classes.
-
If you’re a subscriber to the O’Reilly Learning Platform, you have unlimited access to scenarios running a Kubernetes environment in Katacoda.
You may also want to try one of the following paid learning and practice resources:
-
The book Certified Kubernetes Application Developer (CKAD) Study Guide (O’Reilly) covers the curriculum of the CKAD certification; however, given the overlap of topics between the CKAD and the CKA, you will find useful information in it.
-
Certified Kubernetes Administrator (CKA) Cert Prep: The Basics is a video-based course on LinkedIn Learning that focuses exclusively on study tips.
-
Killer Shell is a simulator with sample exercises for all Kubernetes certifications.
-
Certified Kubernetes Administrator (CKA) with Practice Tests offers videos on all topics relevant to the exam, as well as an integrated practice environment. You’ll need to purchase a subscription to access the content, but the content is very thorough, well-explained, and hands-on.
-
The CKA practice exam from Study4Exam offers a commercial, web-based test environment to assess your knowledge level.
Summary
The CKA exam verifies your hands-on knowledge of installing, maintaining, upgrading, and troubleshooting a Kubernetes cluster. Furthermore, you are expected to understand Kubernetes resource types typically used for running, exposing, and scaling a cloud-native application in a Kubernetes environment. The exam curriculum groups those topics into categories with different weights. You are faced with a challenging hands-on test that asks you to solve real-world problems in an actual Kubernetes environment. The Linux Foundation does not publish how solutions to particular questions are scored. It’s safe to say that partial solutions will be counted, though.
In this chapter, we discussed everything you need know about the exam to get started. We touched on the exam environment, tips and tricks for time management, tools a candidate needs to be familiar with, and additional learning and practicing resources.
The following chapters align with the exam curriculum so that you can map the content to the learning objectives. At the end of each chapter, you will find sample exercises to practice your knowledge level.
Get Certified Kubernetes Administrator (CKA) Study Guide now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
