Exam Voucher (Kubernetes Related)

[CKA EXAM Voucher] – Certified Kubernetes Administrator

Current Status
Not Enrolled
Price
HKD2400
Get Started
or

Exam details

After you paid , you will received the exam voucher for CKA within 5 days. Please let us know by email / phone if you have any questions or need additional information .

The online exam consists of a set of performance-based items (problems) to be solved in a command line and candidates have 2 hours to complete the tasks.

The Certification focuses on the skills required to be a successful Kubernetes Administrator in industry today. This includes these general domains and their weights on the exam:

DomainWeight
Cluster Architecture, Installation & Configuration25%
Workloads & Scheduling15%
Services & Networking20%
Storage10%
Troubleshooting30%

Quarterly exam updates are planned to match Kubernetes releases. Please see the FAQ for the current exam environment version.

Exam resources

CHEATSHEET

This cheatsheet with useful commands and information that will be handy to review before taking the exam. This cheatsheet NOT the exam answer , just for your revision and reference ONLY!!!

Core Concepts

View resources in namespace dev:

kubectl get pods -n dev

View all pods in all namespaces:

kubectl get pods -A

View all resources in all namespaces:

kubectl get all -A

Generate a pod yaml file with nginx image and label env=prod:

kubectl run nginx --image=nginx --labels=env=pro --dry-run=client -o yaml > nginx_pod.yaml

Delete a pod nginx fast:

kubectl delete pod ngin --grace-period 0 --force

Generate Deployment yaml file:

kubectl create deploy --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml

Access a service test-service in a different namespace dev:

test-service.dev

Create a service for a pod valid-pod, which serves on port 444 with the name frontend:

kubectl expose pod valid-pod --port=444 --name=frontend

Recreate the contents of a yaml file:

kubectl replace --force -f nginx.yaml

Edit details of a deployment nginx:

kubectl edit deploy nginx

Set image of a deployment nginx:

kubectl set image deploy nginx nginx=nginx:1.18

Scale deployment nginx to 4 replicas and record the action:

kubectl scale deploy nginx --repliacs=4 --record

Get events in the current namespace:

kubectl get events

Scheduling

Get pods with their labels:

kubectl get pods --show-labels

Get the pods that are labeled env=dev:

kubectl get pods -l env=dev

Get taints of node node01:

kubectl describe node node01 | grep -i Taints:

Label node node01 with label size=small:

kubectl label nodes node01 size=small

Default static pods path:

/etc/kubernetes/manifests

Check pod nginx logs:

kubectl logs nginx

Check pod logs with multiple containers:

kubectl logs <pod_name> -c <container_name>

Monitoring

Check node resources usage:

kubectl top node

Check pod and their containers resource usage:

kubectl top pod --containers=true

Application Lifecycle Management

Check rollout status of deployment app:

kubectl rollout status deployment/app

Check rollout history of deployment app:

kubectl rollout history deployment/app

Undo rollout:

kubectl rollout undo deployment/app

Create configmap app-config with env=dev:

kubectl create configmap app-config --from-literal=env=dev

Create secret app-secret with pass=123:

kubectl create secret generic app-secret --from-literal=pass=123

Cluster Maintenance

Drain node node01 of all workloads:

kubectl drain node01

Make the node schedulable again:

kubectl uncordon node01

Upgrade cluster to 1.18 with kubeadm:

kubeadm upgrade plan
apt-get upgrade -y kubeadm=1.18.0–00
kubeadm upgrade apply v1.18.0
apt-get upgrade -y kubelet=1.18.0–00
systemctl restart kubelet

Backup etcd:

export ETCDCTL_API=3
etcdctl \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /tmp/etcd-backup.db

Restore etcd:

ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --data-dir /var/lib/etcd-backup

After edit /etc/kubernetes/manifests/etcd.yaml and change /var/lib/etcd to /var/lib/etcd-backup.

Security

Create service account sa_1:

kubectl create serviceaccount sa_1

Check kube-apiserver certificate details:

openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout

Approve certificate singing request for user john:

kubectl certificate approve john

Check the current kubeconfig file:

kubectl config view

Check current context:

kubectl config current-context

Use context dev-user@dev:

kubectl config use-context prod-user@production

Validate if user john can create deployments:

kubectl auth can-i create deployments --as john

Create role dev to be able to create secrets:

kubectl create role dev --verb=create --resource=secret

Bind the role dev to user john:

kubectl create rolebinding dev-john --role dev --user john

Check namespaced resources:

kubectl api-resources --namespaced=true

Troubleshooting

View all the kube-system related pods:

kubectl get pods -n kube-system

Check if all nodes are in ready state:

kubectl get nodes

Check memory, cpu and disk usage on node:

df -h
top

Check status of kubelet service on node:

systemctl status kubelet

Check kubelet service logs:

sudo journalctl -u kubelet

View kubelet service details:

ps -aux | grep kubelet

Check cluster info:

kubectl cluster-info

Gather info

Find pod CIDR:

kubectl describe node | less -p PodCIDR

Get pods in all namespaces sorted by creation timestamp:

kubectl get pod -A --sort-by=.metadata.creationTimestamp

Find the service CIDR of node-master:

ssh node0master
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep range

Find which CNI plugin is used on node-master:

ls /etc/cni/net.d/

Find events ordered by creation timestamp:

kubectl get events -A --sort-by=.metadata.creationTimestamp

Find internal IP of all nodes:

kubectl get nodes -o jsonpath=’{.items[*].status.addresses[?(@.type==”InternalIP”)].address}’

Course Content