Exam details
After you paid , you will received the exam voucher for CKA within 5 days. Please let us know by email / phone if you have any questions or need additional information .
The online exam consists of a set of performance-based items (problems) to be solved in a command line and candidates have 2 hours to complete the tasks.
The Certification focuses on the skills required to be a successful Kubernetes Administrator in industry today. This includes these general domains and their weights on the exam:
| Domain | Weight |
| Cluster Architecture, Installation & Configuration | 25% |
| Workloads & Scheduling | 15% |
| Services & Networking | 20% |
| Storage | 10% |
| Troubleshooting | 30% |
Quarterly exam updates are planned to match Kubernetes releases. Please see the FAQ for the current exam environment version.
Exam resources
- Candidate Handbook
- Curriculum Overview
- Exam Tips
- Frequently Asked Questions
- Certification and Confidentiality Agreement
- Verify Certification
CHEATSHEET
This cheatsheet with useful commands and information that will be handy to review before taking the exam. This cheatsheet NOT the exam answer , just for your revision and reference ONLY!!!
Core Concepts
View resources in namespace dev:
kubectl get pods -n dev
View all pods in all namespaces:
kubectl get pods -A
View all resources in all namespaces:
kubectl get all -A
Generate a pod yaml file with nginx image and label env=prod:
kubectl run nginx --image=nginx --labels=env=pro --dry-run=client -o yaml > nginx_pod.yaml
Delete a pod nginx fast:
kubectl delete pod ngin --grace-period 0 --force
Generate Deployment yaml file:
kubectl create deploy --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml
Access a service test-service in a different namespace dev:
test-service.dev
Create a service for a pod valid-pod, which serves on port 444 with the name frontend:
kubectl expose pod valid-pod --port=444 --name=frontend
Recreate the contents of a yaml file:
kubectl replace --force -f nginx.yaml
Edit details of a deployment nginx:
kubectl edit deploy nginx
Set image of a deployment nginx:
kubectl set image deploy nginx nginx=nginx:1.18
Scale deployment nginx to 4 replicas and record the action:
kubectl scale deploy nginx --repliacs=4 --record
Get events in the current namespace:
kubectl get events
Scheduling
Get pods with their labels:
kubectl get pods --show-labels
Get the pods that are labeled env=dev:
kubectl get pods -l env=dev
Get taints of node node01:
kubectl describe node node01 | grep -i Taints:
Label node node01 with label size=small:
kubectl label nodes node01 size=small
Default static pods path:
/etc/kubernetes/manifests
Check pod nginx logs:
kubectl logs nginx
Check pod logs with multiple containers:
kubectl logs <pod_name> -c <container_name>
Monitoring
Check node resources usage:
kubectl top node
Check pod and their containers resource usage:
kubectl top pod --containers=true
Application Lifecycle Management
Check rollout status of deployment app:
kubectl rollout status deployment/app
Check rollout history of deployment app:
kubectl rollout history deployment/app
Undo rollout:
kubectl rollout undo deployment/app
Create configmap app-config with env=dev:
kubectl create configmap app-config --from-literal=env=dev
Create secret app-secret with pass=123:
kubectl create secret generic app-secret --from-literal=pass=123
Cluster Maintenance
Drain node node01 of all workloads:
kubectl drain node01
Make the node schedulable again:
kubectl uncordon node01
Upgrade cluster to 1.18 with kubeadm:
kubeadm upgrade plan
apt-get upgrade -y kubeadm=1.18.0–00
kubeadm upgrade apply v1.18.0
apt-get upgrade -y kubelet=1.18.0–00
systemctl restart kubelet
Backup etcd:
export ETCDCTL_API=3
etcdctl \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /tmp/etcd-backup.db
Restore etcd:
ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --data-dir /var/lib/etcd-backup
After edit /etc/kubernetes/manifests/etcd.yaml and change /var/lib/etcd to /var/lib/etcd-backup.
Security
Create service account sa_1:
kubectl create serviceaccount sa_1
Check kube-apiserver certificate details:
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout
Approve certificate singing request for user john:
kubectl certificate approve john
Check the current kubeconfig file:
kubectl config view
Check current context:
kubectl config current-context
Use context dev-user@dev:
kubectl config use-context prod-user@production
Validate if user john can create deployments:
kubectl auth can-i create deployments --as john
Create role dev to be able to create secrets:
kubectl create role dev --verb=create --resource=secret
Bind the role dev to user john:
kubectl create rolebinding dev-john --role dev --user john
Check namespaced resources:
kubectl api-resources --namespaced=true
Troubleshooting
View all the kube-system related pods:
kubectl get pods -n kube-system
Check if all nodes are in ready state:
kubectl get nodes
Check memory, cpu and disk usage on node:
df -h
top
Check status of kubelet service on node:
systemctl status kubelet
Check kubelet service logs:
sudo journalctl -u kubelet
View kubelet service details:
ps -aux | grep kubelet
Check cluster info:
kubectl cluster-info
Gather info
Find pod CIDR:
kubectl describe node | less -p PodCIDR
Get pods in all namespaces sorted by creation timestamp:
kubectl get pod -A --sort-by=.metadata.creationTimestamp
Find the service CIDR of node-master:
ssh node0master
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep range
Find which CNI plugin is used on node-master:
ls /etc/cni/net.d/
Find events ordered by creation timestamp:
kubectl get events -A --sort-by=.metadata.creationTimestamp
Find internal IP of all nodes:
kubectl get nodes -o jsonpath=’{.items[*].status.addresses[?(@.type==”InternalIP”)].address}’
