The Ultimate Guide to Certified Kubernetes Administrator (CKA) Exam

Introduction: Why Get a CKA Certification?

On account of its feature-rich ecosystem, Kubernetes continues to be the flag-bearer of container orchestration. As per a recent survey, the platform is already used by over 74% of IT companies using containerized workloads in production. This rightly supports the fact that there is a growing demand of developers and administrators who possess the right skills to operate and manage the complex Kubernetes ecosystem.

The Certified Kubernetes Administrator (CKA) exam certifies for the knowledge and skills necessary to perform administrative duties on Kubernetes clusters. As Kubernetes is one of the most popular open-source platforms for managing container-based applications, getting a CKA certification is getting equally popular to prove your expertise. 

The Linux Foundation and the Cloud Native Foundation collaborated to create the CKA program with the objective to grow the Kubernetes ecosystem by establishing credibility for Kubernetes administrators. The CKA exam is proctored online, and is performance-based, testing your familiarity in undertaking critical tasks while running Kubernetes. 

This certification will certify you for your knowledge on how to install, configure and manage production-grade Kubernetes clusters. Some of the concepts you will cover during the certification program include:

• Networking
• Storage
• Security
• Maintenance
• Logging and Monitoring
• Application Lifecycle Management
• API Object Primitives
• Troubleshooting
• Establishing Use Cases for End-Users

This program is, therefore, suitable for Cloud Administrators, Kubernetes Administrators, and any IT administrators responsible for managing Kubernetes-based clusters. Besides establishing your credibility, earning a CKA certification helps improve your value in the job market.

This tutorial series takes you through the CKA program through guided classes, lab sessions, practice questions, and mock exams to get you ready for the exam.

Curriculum Covered in KodeKloud’s CKA Preparation Course

Course Introduction

In this tutorial series, you will cover the 5 subject areas of Kubernetes knowledge through a set of classes covering core Kubernetes concepts. The 5 domains and their respective percentage weights in the exam are: Storage (10%), Troubleshooting (30%), Workloads and Scheduling (15%), Cluster Architecture, Installation & Configuration (25%), and Services & Networking (20%).

The lectures in this course make use of animations, illustrations, and analogies to simplify complex Kubernetes concepts. At the end of each lesson, you will get quizzes to test your grasp of the concepts. There is also a dedicated slack channel connecting you to experts and other students for discussions and problem-solving. 

Since the Kubernetes exam is hands-on, you should take advantage of the practice tests and virtual environment to sharpen your skills. To get the most out of this course, you may need some prior basic knowledge of Docker, Kubernetes, YAML, and scripting in a virtual box. In the initial lectures, you will use pre-built clusters to familiarize yourself with the core concepts of running Kubernetes. Following that, you will learn to create, run and manage your own clusters after developing a firm grasp of Kubernetes administration. 

Core Concepts

In this section, you will explore some high-level Kubernetes constructs such as Cluster Architecture, basic API Primitives, network primitives, and Kubernetes Services. Some of the concepts covered in this section are:

• Cluster Architecture
• ETCD
• Kube API Server
• Kube Controller Manager
• Kube Scheduler
• Kubelet 
• Kube Proxy
• PODs
• ReplicaSets
• Deployments
• Namespaces
• Services 
  • ClusterIP
  • LoadBalancer

You will perform practice tests for each of these topics, strengthening your grasp of the concepts. 

Scheduling

In Kubernetes, we use Scheduling to assign Pods to Nods that can run kubelet. Schedulers watch for newly created PODs and assign the most suitable node to run, using a decision-making, process-based scheduling principle. Along with creating a schedule, this class explores the various options you can use to customize and configure your scheduler. The concepts explained in this class include: 

• Manual Scheduling
• Labels and Selectors
• Taints and Tolerations
• Node Selectors
• Resource Limits
• DaemonSets
• Static PODs
• Multiple Schedulers
• Configuring a Kubernetes Scheduler

Logging and Monitoring

It is important to understand the core concepts of your framework so that you can easily monitor cluster components and debug PODs. There are plenty of options in Kubernetes that can handle monitoring and logging tasks. To do so, Kubernetes offers different monitoring mechanisms on node-level, cluster-level, and application-level. 

In this section of the course, you will be introduced to the various options available for log inspection and monitoring of Kubernetes applications through the following two broad topics:

• Monitoring Cluster Components.
• Managing Application logs.

Application Lifecycle Management

Containerized workloads differ from virtual machines and traditional applications since they run in distributed clusters, with each container performing a specific role. This introduces some complexities when it comes to managing the lifecycle of an application. Building containers also involves layering several base images, which as a result, introduces dependencies that require management. 

This section of the class will guide you through the various Kubernetes solutions for lifecycle management including:

• Rolling Updates and Rollbacks
• Docker Commands and Arguments
• Kubernetes Commands and Arguments
• Configuring Environment Variables
• Configuring ConfigMaps
• Secrets
• Multi-Container PODs
• Self-healing applications

By the end of this class, you will develop an understanding of how managing the application lifecycle is an important aspect of Kubernetes container orchestration.

Cluster Maintenance

As Kubernetes applications are hosted in a highly distributed environment, it is important to understand how you can effectively manage clusters on a Hybrid Cloud. In this section, you will learn how to effectively upgrade a cluster, an operating system, and the methods used for data backup and restoration. You will also attend practical laboratories where you will upgrade a cluster with an application running on it. 

Some of the topics you will cover in this section include:

• OS Upgrades
• Kubernetes Software Versions
• Cluster Upgrades
• Backup and Restore Methods

By the end of this part, you will also simulate a Disaster Recovery scenario using a backed-up Kubernetes cluster, restoring the application back to its previous state.  

Security

Kubernetes security practices help you control access to cluster resources, by enforcing rules governing communication with the Kubernetes API. In this lesson, you will uncover some of the best practices that help protect Kubernetes components from getting compromised. Additionally, you will also cover TLS certificates and authentication in detail, as this forms the basis of security enforcement in a Kubernetes cluster. 

Some of the topics within this lesson include:

• Kubernetes Security Primitives
• Authentication
• TLS
  • Introduction
  • Basics
  • TLS in Kubernetes
  • Certificate Creation in Kubernetes
• KubeConfig
• API Groups
• Authorization
• Role Based Access Controls
• Cluster Roles

Security is one of the most critical aspects of managing cloud-native applications in Kubernetes. The concepts in this section should be studied extensively, taking advantage of practice tests and labs to develop a firm grasp of securing Kubernetes clusters. 

Storage

The ephemeral nature of containers introduces a few complexities to storage management in Kubernetes. Kubernetes offers several built-in solutions to manage storage. These include Persistent Volume Claims, Persistent Volumes, StatefulSets and Storage Classes. In this lecture series, you will learn how Kubernetes control plane elements communicate with physical storage. 

Storage concepts explored in this section include:

• Docker Storage
• Volume Driver Plugins in Docker
• Container Storage Interface
• Volumes
• Persistent Volumes
• Persistent Volume Claims (PVCs)
• Using PVCs in PODs
• Storage Class

With a firm understanding of the above storage concepts, you will be able to handle cluster storage tasks in Kubernetes’ highly dynamic environment.

Networking

As you gain familiarity with Kubernetes clusters, it is important to understand how they communicate within a Kubernetes network. This section explores the various constructs and components of Kubernetes’ flat network structure. Without hands-on experience, Kubernetes networks present a challenge to set up. As this series takes you through a number of networking fundamentals, by the end of it, you should develop an understanding of how to deal with practical issues on Kubernetes networking. 

Some concepts to be explored in this section include:

• Networking Prerequisites
  • Switching, Routing, and Gateways
  • DNS 
  • CoreDNS
  • Network Namespaces
  • Docker Networking
  • CNI
• Cluster Networking
• Pod Networking
• CNI in Kubernetes
• CNI Weave
• ipam Weave
• Service Networking
• DNS in Kubernetes
• CoreDNS in Kubernetes
• Ingress

It should be noted that Kubernetes networking features are different and not found in traditional networking. It is strongly recommended to follow the concepts of this lesson thoroughly to avoid vulnerabilities that arise due to misconfiguration.

Designing & Installing Kubernetes Clusters

As you begin creating Kubernetes clusters, there are a few considerations to be made. In this part of the lecture series, you will learn about the questions you need to ask yourself as you create your cluster. Some of the considerations will include the purpose of the application, whether it will be hosted on-premises or in the cloud, and the workloads to be handled. Each of these considerations influences the choice of computing resources and cluster size to handle the application. Some topics to be covered in this section are:

• Designing a Kubernetes Cluster
• Choosing Kubernetes Infrastructure
• Configuring High Availability
• ETCD in High Availability

By the end of this chapter, you should develop a clear understanding of why we use different installation options for various use-cases.

Installing Kubernetes Using kubeadm

Setting up Kubernetes clusters the hard way involves plenty of operations with dependencies that require ultimate effort and attention. kubeadm lets you create a minimum viable cluster with all the required components in a single command. This command bootstraps your application, making it an excellent building block for large application ecosystems. kubeadm integrates easily with provisioning systems, allowing you to easily deploy your application in the cloud or on-premises. 

Some of the topics covered in this section include:

• Introduction to Deployment with kubeadm
• Provisioning VMs with Vagrant
• Deploying a Kubernetes Cluster with kubeadm
• Installing a Kubernetes Cluster with kubeadm

Troubleshooting

Since applications may not always behave as expected, Kubernetes offers various options for checking the health and status of your clusters. In this section, you will carry out hands-on practicals to try and identify issues with broken Kubernetes clusters. The topics undertaken in this section include:

• Application Failure
• Control Plane Failure
• Worker Node Failure
• Network Troubleshooting

While troubleshooting Kubernetes issues can be a little overwhelming, with the knowledge gained in this section, you can practically debug your Kubernetes clusters to ensure efficiency.

Other Topics

JSON Path

Kubernetes objects are created using a JSON file format. With JSON expressions, the Kubernetes control plane elements can filter and access specific fields in the objects, and format the output. As a result, it is strongly recommended that you get a firm understanding of JSON notations to help you understand various resource types in Kubernetes, and how to connect to various API resources within your Kubernetes cluster. The prerequisite class covers everything you need to know about JSON object notation, API references, and object schema. By the end of this part, you should be able to get, post, create and delete Kubernetes objects in your cluster.

Advanced Kubectl Commands 

This lecture discusses how you can use the JSON path to perform advanced tasks using kubectl commands. You can then easily use the kubectl utility with the JSON path to inspect cluster elements. You will develop an understanding of various kubectl functionalities such as Custom Columns, loops-Range, and the Sort functionality. You will go through various examples and tests that will get you acquainted with advanced kubectl commands and using JSON path expressions to create and manage Kubernetes cluster objects.

Exam Preparation

Certification Format

The CKA exam tests on skills of a successful Kubernetes administrator in today’s high velocity IT environments. This is a practical lab that focuses on cluster operations and troubleshooting. The exam costs $375 and includes one free retake. It consists of 15-20 tasks to be solved in a CLI interface. The passing score for the CKA exam is currently 66%. The exam is taken online through a proctor. 

While taking the test every candidate should have access to a computer with:

• Chrome or a Chromium Browser with third-party cookies turned on.
• You don’t have to install any virtual machines on your system
• Reliable internet access with minimal interruptions
• A working microphone
• A moveable webcam

As you prepare for your exam, you should also pick an ideal location. Your work area should be clutter-free, rid of paper, electronic devices, writing implements, and other objects, both on top and below your working surface. You also need clear walls, although decor and wall paintings are acceptable. The work area should also have adequate lighting so the exam proctor can clearly see your face, hands, and the work area. You will also need to be in a private space free of interruptions. 

Once your proctor releases the exam, you have three hours to complete it. You can request breaks, but the timer does not pause. After registering for your exam on the official site, you will check in on exam day with a confirmation email link you got during registration. You are allowed at most 15 minutes past your exam starting time to check in. 

The exam consists of a questions panel on the left and an Ubuntu shell terminal where you will complete the tasks. If you get stuck on a particular task, you can skip it and return later. This will help you make the most of your exam time. Once you have completed the exam, you will have to wait up to 36 hours for your results.  

The test instance consists of 6 clusters with varying numbers of containers. Every task you undertake must be completed within a specified cluster. As you begin each task, the exam environment will provide you with a command to ensure you are in the correct cluster. These clusters are grouped so all questions on one cluster appear consecutively. This reduces the need to minimize and switch tabs on a browser. The exam environment is also configured to run the latest Kubernetes version, typically used within 4 to 8 weeks of the version release.

Study Plan

Since this is a hands-on exam that tests your practical skills, you will need plenty of practice before signing up for the certification. To work on Kubernetes tasks, you can have the k8s environment installed locally, hosted on a cloud platform, or use an online playground for practice. Some excellent resources for deploying test Kubernetes clusters include:

• The Katakoda online platform
• A local testing and deploying a solution like Minikube
• Public cloud platforms for multi-cluster operations such as Google Kubernetes Engine (GKE), Azure Kubernetes Service (AKS), or Amazon’s Elastic Kubernetes Service (EKS). 
• Kubernetes the Hard Way by Kelsey Hightower

With these environments, you can easily simulate cluster management scenarios, gaining crucial knowledge on how to troubleshoot and manage applications in the cluster. You should also plan to create a consistent and flexible schedule to help you study effectively without exhausting yourself. 

While you do so it is strongly recommended to use a scheduled study guide like KodeKloud’s CKA preparation exam, to plan and guide your study program. This course includes theory classes, guided labs, mock scenarios, and practice tests that touch the right aspects while ensuring you gain significant practical expertise.

Study Schedule

The CKA exam breaks down the Kubernetes syllabus into 10 functional domains, each with varying score weights and study time requirements. The table below breaks down the percentage weights and estimated study time for each section: 

Domain	% Weightage	Total Study Time	Days @ 2 Hrs/day	Days @ 4 Hrs/day	Days @ 6 Hrs/day
Application Lifecycle Management	8	18	9	5	3
Installation, Configuration and Validation	12	30	15	8	5
Core Concepts	19	18	9	5	3
Networking	11	30	15	8	5
Scheduling	5	18	9	5	3
Security	12	18	9	5	3
Cluster Maintenance	11	18	9	5	3
Logging/Monitoring	7	10	5	3	2
Storage	7	10	5	3	2
Troubleshooting	10	18	9	5	3
Total	100	188	3 – 4 Months	2 – 3 Months	1 – 2 Months

Sample Tasks 

1. Create a new Deployment with the below attributes using your own deployment definition file.

Name: httpd-frontend;
Replicas: 3;
Image: httpd:2.4-alpine

The manifest file deployment-definition-httpd.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: httpd-frontend
spec:
  replicas: 3
  selector:
    matchLabels:
      name: httpd-frontend
  template:
    metadata:
      labels:
        name: httpd-frontend
    spec:
      containers:
      - name: httpd-frontend
        image: httpd:2.4-alpine

Then run $ $kubectl create -f deployment-definition-httpd.yaml

2. Create a new service to access the web application using the service-definition-1.yaml file

Name: webapp-service
Type: NodePort
targetPort: 8080
port: 8080
nodePort: 30080
selector: simple-webapp

The manifest file service-definition.yaml

apiVersion: v1
kind: Service
metadata:
  name: webapp-service
spec:
  type: NodePort
  ports:
    - targetPort: 8080
      port: 8080
      nodePort: 30080
  selector:
    name: simple-webapp

Then run $kubectl apply -f service-definition.yaml

3. Manually schedule the pod Nginx on node01.

PODName: nginx
Image: nginx

The manifest file pod-definition.yaml

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  nodeName: node01
  containers:
  -  image: nginx
     name: nginx

Then run $kubectl apply -f pod-definition.yaml

4. Create a pod with the ubuntu image to run a container to sleep for 5000 seconds.

Pod Name: ubuntu-sleeper
Command: sleep 5000

The manifest file ubuntu-sleeper.yaml

apiVersion: v1 
kind: Pod 
metadata:
  name: ubuntu-sleeper
spec:
  containers:
  - name: ubuntu
    image: ubuntu
    command:
      - "sleep"
      - "5000"

Then run $kubectl apply -f ubuntu-sleeper.yaml

5. Create a multi-container pod with 2 containers. Use the spec given below.

If the pod goes into the crashloopbackoff then add sleep 1000 in the lemon container.

PODName: yellow
Container 1 Name: lemon
Container 1 Image: busybox
Container 2 Name: gold
Container 2 Image: redis

The manifest file multi-container.yaml

apiVersion: v1
kind: Pod
metadata:
  name: yellow
spec:
  containers:
  - name: lemon
    image: busybox
    command:
      - sleep
      - "1000"

  - name: gold
    image: redis

Then run $kubectl apply -f multi-container.yaml

Lightning Labs

Considered one of the most popular features of KodeKloud’s courses, Lightning Labs takes you through a practical exam session. It helps you practice the skills you have learned hands-on by having you solve complex Kubernetes tasks in a limited period of time. You get 60 minutes to complete the labs, and require 80% correct answers to pass, thus helping you measure your readiness for the CKA exam. It is highly recommended to make use of KodeKloud’s Lightning Labs to check your understanding of most Kubernetes commands while practicing time management as you prepare for the CKA certification test.

Mock Exams 

The CKA preparation class includes 3 sets of mock exams that give you the feel of a real exam. You can use these exams to check your ability to handle administrative Kubernetes tasks in various scenarios. You can also easily validate your solutions, manage your examination times and examine any errors you may have made while working on cluster tasks. The exams also come with solutions that serve as reminders for those sections you have not fully grasped.

Closing Thoughts

The KodeKloud CKA preparation course offers a guided, structured way to prepare for the Certified Kubernetes Administrator exam. With KodeKloud’s unique classes, practical labs, and mock exams, you will find it easy to grasp complex concepts on the management of Kubernetes clusters. The value you gain from taking this course is immeasurable, as you gain essential insights into the fundamentals that run containers and cloud-hosted applications. Take a quick preview of KodeKloud’s unique learning videos today – no login required.