Exam Voucher (Kubernetes Related)

[CKA EXAM Voucher] – Certified Kubernetes Administrator

Current Status
Not Enrolled
Price
HK$3500
Get Started

Who Is It For

This certification is for Kubernetes administrators, cloud administrators and other IT professionals who manage Kubernetes instances.

About This Certification

CKA was created by The Linux Foundation and the Cloud Native Computing Foundation (CNCF) as a part of their ongoing effort to help develop the Kubernetes ecosystem. The exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes.

What It Demonstrates

A certified K8s administrator has demonstrated the ability to do basic installation as well as configuring and managing production-grade Kubernetes clusters. They will have an understanding of key concepts such as Kubernetes networking, storage, security, maintenance, logging and monitoring, application lifecycle, troubleshooting, API object primitives and the ability to establish basic use-cases for end users.

The Certification focuses on the skills required to be a successful Kubernetes Administrator in industry today. This includes these general domains and their weights on the exam:

Domains & CompetenciesWeight
Storage
– Understand storage classes, persistent volumes
– Understand volume mode, access modes and reclaim policies for volumes
– Understand persistent volume claims primitive
– Know how to configure applications with persistent storage
10%
Troubleshooting
– Evaluate cluster and node logging
– Understand how to monitor applications
– Manage container stdout & stderr logs
– Troubleshoot application failure
– Troubleshoot cluster component failure
– Troubleshoot networking
30%
Workloads & Scheduling
– Understand deployments and how to perform rolling update and rollbacks
– Use ConfigMaps and Secrets to configure applications
– Know how to scale applications
– Understand the primitives used to create robust, self-healing, application deployments
– Understand how resource limits can affect Pod scheduling
– Awareness of manifest management and common templating tools
15%
Cluster Architecture, Installation & Configuration
– Manage role based access control (RBAC)
– Use Kubeadm to install a basic cluster
– Manage a highly-available Kubernetes cluster
– Provision underlying infrastructure to deploy a Kubernetes cluster
– Perform a version upgrade on a Kubernetes cluster using Kubeadm
– Implement etcd backup and restore
25%
Services & Networking
– Understand host networking configuration on the cluster nodes
– Understand connectivity between Pods
– Understand ClusterIP, NodePort, LoadBalancer service types and endpoints
– Know how to use Ingress controllers and Ingress resources
– Know how to configure and use CoreDNS
– Choose an appropriate container network interface plugin
20%

Exam Details & Resources

This exam is an online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes.

Candidates have 2 hours to complete the tasks.

Candidates who register for the Certified Kubernetes Administrator (CKA) exam will have 2 attempts (per exam registration) to an exam simulator, provided by Killer.sh.  

The exam is based on Kubernetes v1.27
The CKA exam environment will be aligned with the most recent K8s minor version within approximately 4 to 8 weeks of the K8s release date

Prerequisites

There are no pre-requisites for this exam.

CHEATSHEET

This cheatsheet with useful commands and information that will be handy to review before taking the exam. This cheatsheet NOT the exam answer , just for your revision and reference ONLY!!!

Core Concepts

View resources in namespace dev:

kubectl get pods -n dev

View all pods in all namespaces:

kubectl get pods -A

View all resources in all namespaces:

kubectl get all -A

Generate a pod yaml file with nginx image and label env=prod:

kubectl run nginx --image=nginx --labels=env=pro --dry-run=client -o yaml > nginx_pod.yaml

Delete a pod nginx fast:

kubectl delete pod ngin --grace-period 0 --force

Generate Deployment yaml file:

kubectl create deploy --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml

Access a service test-service in a different namespace dev:

test-service.dev

Create a service for a pod valid-pod, which serves on port 444 with the name frontend:

kubectl expose pod valid-pod --port=444 --name=frontend

Recreate the contents of a yaml file:

kubectl replace --force -f nginx.yaml

Edit details of a deployment nginx:

kubectl edit deploy nginx

Set image of a deployment nginx:

kubectl set image deploy nginx nginx=nginx:1.18

Scale deployment nginx to 4 replicas and record the action:

kubectl scale deploy nginx --repliacs=4 --record

Get events in the current namespace:

kubectl get events

Scheduling

Get pods with their labels:

kubectl get pods --show-labels

Get the pods that are labeled env=dev:

kubectl get pods -l env=dev

Get taints of node node01:

kubectl describe node node01 | grep -i Taints:

Label node node01 with label size=small:

kubectl label nodes node01 size=small

Default static pods path:

/etc/kubernetes/manifests

Check pod nginx logs:

kubectl logs nginx

Check pod logs with multiple containers:

kubectl logs <pod_name> -c <container_name>

Monitoring

Check node resources usage:

kubectl top node

Check pod and their containers resource usage:

kubectl top pod --containers=true

Application Lifecycle Management

Check rollout status of deployment app:

kubectl rollout status deployment/app

Check rollout history of deployment app:

kubectl rollout history deployment/app

Undo rollout:

kubectl rollout undo deployment/app

Create configmap app-config with env=dev:

kubectl create configmap app-config --from-literal=env=dev

Create secret app-secret with pass=123:

kubectl create secret generic app-secret --from-literal=pass=123

Cluster Maintenance

Drain node node01 of all workloads:

kubectl drain node01

Make the node schedulable again:

kubectl uncordon node01

Upgrade cluster to 1.18 with kubeadm:

kubeadm upgrade plan
apt-get upgrade -y kubeadm=1.18.0–00
kubeadm upgrade apply v1.18.0
apt-get upgrade -y kubelet=1.18.0–00
systemctl restart kubelet

Backup etcd:

export ETCDCTL_API=3
etcdctl \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /tmp/etcd-backup.db

Restore etcd:

ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --data-dir /var/lib/etcd-backup

After edit /etc/kubernetes/manifests/etcd.yaml and change /var/lib/etcd to /var/lib/etcd-backup.

Security

Create service account sa_1:

kubectl create serviceaccount sa_1

Check kube-apiserver certificate details:

openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout

Approve certificate singing request for user john:

kubectl certificate approve john

Check the current kubeconfig file:

kubectl config view

Check current context:

kubectl config current-context

Use context dev-user@dev:

kubectl config use-context prod-user@production

Validate if user john can create deployments:

kubectl auth can-i create deployments --as john

Create role dev to be able to create secrets:

kubectl create role dev --verb=create --resource=secret

Bind the role dev to user john:

kubectl create rolebinding dev-john --role dev --user john

Check namespaced resources:

kubectl api-resources --namespaced=true

Troubleshooting

View all the kube-system related pods:

kubectl get pods -n kube-system

Check if all nodes are in ready state:

kubectl get nodes

Check memory, cpu and disk usage on node:

df -h
top

Check status of kubelet service on node:

systemctl status kubelet

Check kubelet service logs:

sudo journalctl -u kubelet

View kubelet service details:

ps -aux | grep kubelet

Check cluster info:

kubectl cluster-info

Gather info

Find pod CIDR:

kubectl describe node | less -p PodCIDR

Get pods in all namespaces sorted by creation timestamp:

kubectl get pod -A --sort-by=.metadata.creationTimestamp

Find the service CIDR of node-master:

ssh node0master
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep range

Find which CNI plugin is used on node-master:

ls /etc/cni/net.d/

Find events ordered by creation timestamp:

kubectl get events -A --sort-by=.metadata.creationTimestamp

Find internal IP of all nodes:

kubectl get nodes -o jsonpath=’{.items[*].status.addresses[?(@.type==”InternalIP”)].address}’

Course Content