Who Is It For
This certification is for Kubernetes administrators, cloud administrators and other IT professionals who manage Kubernetes instances.
About This Certification
CKA was created by The Linux Foundation and the Cloud Native Computing Foundation (CNCF) as a part of their ongoing effort to help develop the Kubernetes ecosystem. The exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes.
What It Demonstrates
A certified K8s administrator has demonstrated the ability to do basic installation as well as configuring and managing production-grade Kubernetes clusters. They will have an understanding of key concepts such as Kubernetes networking, storage, security, maintenance, logging and monitoring, application lifecycle, troubleshooting, API object primitives and the ability to establish basic use-cases for end users.
The Certification focuses on the skills required to be a successful Kubernetes Administrator in industry today. This includes these general domains and their weights on the exam:
| Domains & Competencies | Weight |
| Storage – Understand storage classes, persistent volumes – Understand volume mode, access modes and reclaim policies for volumes – Understand persistent volume claims primitive – Know how to configure applications with persistent storage | 10% |
| Troubleshooting – Evaluate cluster and node logging – Understand how to monitor applications – Manage container stdout & stderr logs – Troubleshoot application failure – Troubleshoot cluster component failure – Troubleshoot networking | 30% |
| Workloads & Scheduling – Understand deployments and how to perform rolling update and rollbacks – Use ConfigMaps and Secrets to configure applications – Know how to scale applications – Understand the primitives used to create robust, self-healing, application deployments – Understand how resource limits can affect Pod scheduling – Awareness of manifest management and common templating tools | 15% |
| Cluster Architecture, Installation & Configuration – Manage role based access control (RBAC) – Use Kubeadm to install a basic cluster – Manage a highly-available Kubernetes cluster – Provision underlying infrastructure to deploy a Kubernetes cluster – Perform a version upgrade on a Kubernetes cluster using Kubeadm – Implement etcd backup and restore | 25% |
| Services & Networking – Understand host networking configuration on the cluster nodes – Understand connectivity between Pods – Understand ClusterIP, NodePort, LoadBalancer service types and endpoints – Know how to use Ingress controllers and Ingress resources – Know how to configure and use CoreDNS – Choose an appropriate container network interface plugin | 20% |
Exam Details & Resources
This exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes.
Candidates have 2 hours to complete the tasks.
Candidates who register for the Certified Kubernetes Administrator (CKA) exam will have 2 attempts (per exam registration) to an exam simulator, provided by Killer.sh.
The exam is based on Kubernetes v1.27
The CKA exam environment will be aligned with the most recent K8s minor version within approximately 4 to 8 weeks of the K8s release date
- Candidate Handbook
- Curriculum Overview
- Exam Tips
- Frequently Asked Questions
- Linux Foundation Global Certification and Confidentiality Agreement
- Verify Certification
- CKA Reseller FAQs
Prerequisites
There are no pre-requisites for this exam.
CHEATSHEET
This cheatsheet with useful commands and information that will be handy to review before taking the exam. This cheatsheet NOT the exam answer , just for your revision and reference ONLY!!!
Core Concepts
View resources in namespace dev:
kubectl get pods -n dev
View all pods in all namespaces:
kubectl get pods -A
View all resources in all namespaces:
kubectl get all -A
Generate a pod yaml file with nginx image and label env=prod:
kubectl run nginx --image=nginx --labels=env=pro --dry-run=client -o yaml > nginx_pod.yaml
Delete a pod nginx fast:
kubectl delete pod ngin --grace-period 0 --force
Generate Deployment yaml file:
kubectl create deploy --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml
Access a service test-service in a different namespace dev:
test-service.dev
Create a service for a pod valid-pod, which serves on port 444 with the name frontend:
kubectl expose pod valid-pod --port=444 --name=frontend
Recreate the contents of a yaml file:
kubectl replace --force -f nginx.yaml
Edit details of a deployment nginx:
kubectl edit deploy nginx
Set image of a deployment nginx:
kubectl set image deploy nginx nginx=nginx:1.18
Scale deployment nginx to 4 replicas and record the action:
kubectl scale deploy nginx --repliacs=4 --record
Get events in the current namespace:
kubectl get events
Scheduling
Get pods with their labels:
kubectl get pods --show-labels
Get the pods that are labeled env=dev:
kubectl get pods -l env=dev
Get taints of node node01:
kubectl describe node node01 | grep -i Taints:
Label node node01 with label size=small:
kubectl label nodes node01 size=small
Default static pods path:
/etc/kubernetes/manifests
Check pod nginx logs:
kubectl logs nginx
Check pod logs with multiple containers:
kubectl logs <pod_name> -c <container_name>
Monitoring
Check node resources usage:
kubectl top node
Check pod and their containers resource usage:
kubectl top pod --containers=true
Application Lifecycle Management
Check rollout status of deployment app:
kubectl rollout status deployment/app
Check rollout history of deployment app:
kubectl rollout history deployment/app
Undo rollout:
kubectl rollout undo deployment/app
Create configmap app-config with env=dev:
kubectl create configmap app-config --from-literal=env=dev
Create secret app-secret with pass=123:
kubectl create secret generic app-secret --from-literal=pass=123
Cluster Maintenance
Drain node node01 of all workloads:
kubectl drain node01
Make the node schedulable again:
kubectl uncordon node01
Upgrade cluster to 1.18 with kubeadm:
kubeadm upgrade plan
apt-get upgrade -y kubeadm=1.18.0–00
kubeadm upgrade apply v1.18.0
apt-get upgrade -y kubelet=1.18.0–00
systemctl restart kubelet
Backup etcd:
export ETCDCTL_API=3
etcdctl \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /tmp/etcd-backup.db
Restore etcd:
ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --data-dir /var/lib/etcd-backup
After edit /etc/kubernetes/manifests/etcd.yaml and change /var/lib/etcd to /var/lib/etcd-backup.
Security
Create service account sa_1:
kubectl create serviceaccount sa_1
Check kube-apiserver certificate details:
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout
Approve certificate singing request for user john:
kubectl certificate approve john
Check the current kubeconfig file:
kubectl config view
Check current context:
kubectl config current-context
Use context dev-user@dev:
kubectl config use-context prod-user@production
Validate if user john can create deployments:
kubectl auth can-i create deployments --as john
Create role dev to be able to create secrets:
kubectl create role dev --verb=create --resource=secret
Bind the role dev to user john:
kubectl create rolebinding dev-john --role dev --user john
Check namespaced resources:
kubectl api-resources --namespaced=true
Troubleshooting
View all the kube-system related pods:
kubectl get pods -n kube-system
Check if all nodes are in ready state:
kubectl get nodes
Check memory, cpu and disk usage on node:
df -h
top
Check status of kubelet service on node:
systemctl status kubelet
Check kubelet service logs:
sudo journalctl -u kubelet
View kubelet service details:
ps -aux | grep kubelet
Check cluster info:
kubectl cluster-info
Gather info
Find pod CIDR:
kubectl describe node | less -p PodCIDR
Get pods in all namespaces sorted by creation timestamp:
kubectl get pod -A --sort-by=.metadata.creationTimestamp
Find the service CIDR of node-master:
ssh node0master
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep range
Find which CNI plugin is used on node-master:
ls /etc/cni/net.d/
Find events ordered by creation timestamp:
kubectl get events -A --sort-by=.metadata.creationTimestamp
Find internal IP of all nodes:
kubectl get nodes -o jsonpath=’{.items[*].status.addresses[?(@.type==”InternalIP”)].address}’
