This guide is part of the Complete CKA Certification Course.
If you are planning to use this repo for reference, please hit the star. Thanks!
The Certified Kubernetes Administrator (CKA) exam has a duration of 2 hours. To pass the exam, candidates need to achieve a score of at least 66%. The exam will be on Kubernetes version 1.31. Once the certificate is earned, the CKA certification remains valid for 2 years. The cost to take the exam is $395 USD.
Important Note: The CKA exam is updating after January 15, 2025, with new topics and a focus on real-world Kubernetes skills like Gateway API, Helm, Kustomize, CRDs & Operators. This guide is based on the new CKA syllabus. You can read more about the exam changes here CKA Exam Changes
CKA Price Update: The CKA exam price will increase to $435 in January 2025. Take advantage of the current Cyber Monday discount and complete the exam within 12 months to maximize your savings.
To save on CKA exam registration, use the following coupon code.
Coupon: Use code CYBER24CCTECHIES at kube.promo/cka
Use code CYBER24BUNDLECT to save 65% on folowing bundles.
- KCNA + KCSA + CKA + CKAD + CKS (65% - $1087 Savings): kube.promo/kubestronaut
- CKA + CKAD + CKS Exam bundle (63% - $747 Savings): kube.promo/k8s-bundle
- CKA + CKS Bundle (63% - $500 Savings) kube.promo/bundle
Note: If you want to give the CKA exam before the syllabus change on November 25th, dont delay booking your CKA Exam. If you're planning to take the Certified Kubernetes Administrator (CKA) exam, be aware that the syllabus is changing soon. Plan and book your exam as early as possible to avoid last-minute slot issues.
-
Cluster Architecture, Installation & Configuration (25%)
- Manage role based access control (RBAC)
- Prepare underlying infrastructure for installing a Kubernetes cluster
- Create and manage Kubernetes clusters using kubeadm
- Manage the lifecycle of Kubernetes clusters
- Use Helm and Kustomize to install cluster components
- Understand extension interfaces (CNI, CSI, CRI, etc.)
- Understand CRDs, install and configure operators
-
- Understand deployments and how to perform rolling update and rollbacks
- Use ConfigMaps and Secrets to configure applications
- Configure workload autoscaling
- Understand the primitives used to create robust, self-healing, application deployments
- Configure Pod admission and scheduling (limits, node affinity, etc.)
CKA Certification Exam has the following key domains:
Following are the subtopics under Cluster Architecture, Installation & Configuration
RBAC | Service Accounts | Roles & ClusterRoles : Understand the difference between Roles (namespace level) and ClusterRoles (cluster level).
# Create a service account
k create sa <sa-name> -n <namespace>
# Create a role
k create role <role-name> --verb=<verbs> --resource=<resources> -n <namespace>
# Create rolebinding
k create rolebinding <binding-name> --role=<role-name> --user=<username> -n <namespace>
# Create a clusterrole
k create clusterrole <clusterrole-name> --verb=<verbs> --resource=<resources>
# Create clusterrolebinding
k create clusterrolebinding <binding-name> --clusterrole=<clusterrole-name> --user=<username>
# Check RBAC authorization
k auth can-i <verb> <resource> --as=<username>
Setup Virtual Machines : Ensure that each virtual machine (VM) meets the minimum system requirements for setting up a Kubernetes cluster.
Kubeadm Cluster Prerequisites : Ensure that all VMs can communicate with each other, as Kubernetes requires all nodes to have unrestricted communication for pod-to-pod networking.
Provision underlying infrastructure to deploy a Kubernetes cluster : Tools like VirtualBox, VMware, or KVM can be used to set up virtual machines locally and for cloud environments, consider providers like AWS, GCP, or Azure for flexibility and scalability.
Cluster Setup : kubeadm is a tool used for easy cluster bootstrap, be familiar with creating a cluster control plane node and adding worker nodes.
# Set Up kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
Perform Cluster Version upgrade Using Kubeadm : Managing the lifecycle involves upgrading clusters, managing control plane nodes, and ensuring consistency across versions.
Helm : Helm makes it easier to package and deploy Kubernetes applications. Practice installing, upgrading, and uninstalling releases.
# Install a helm chart
helm install <release-name> <chart-name>
# List helm releases
helm list
# Upgrade a helm release
helm upgrade <release-name> <chart-name>
# Search for a chart
helm search repo <chart-name>
# Install helm chart
helm install <release-name> <chart-name>
# Uninstall a helm release
helm uninstall <release-name>
Kustomize : Start by creating a directory containing all the Kubernetes manifests you want to manage with Kustomize.
# Example directory structure
example-app/
├── deployment.yaml
├── service.yaml
└── kustomization.yaml
# Use Kustomize to apply resources
k apply -k kustomization.yaml
Container Runtime Interface (CRI) : Kubernetes uses the CRI to communicate with container runtimes.
# Check container runtime
crictl info
# List all containers
crictl ps
# View specific container details
crictl inspect <container-id>
# View container logs
crictl logs <container-id>
Network Plugin : Kubernetes uses network plugins (CNI) to manage pod networking, get a good understanding of popular plugins like Calico, Flannel, and Weave Net, and understand the role of CNIs in providing network connectivity, security policies, and IPAM.
# List installed CNI plugins
ls /etc/cni/net.d/
Container Storage Interface (CSI) for Kubernetes GA : The CSIs is a standardized mechanism that allows storage providers to provide persistent storage support for Kubernetes.
# List CSI drivers
k get csidrivers
Custom Resources : CRDs allows you to extend Kubernetes APIs to create new kinds of Kubernetes objects beyond the built-in ones.
# List CRDs
k get crd
# Describe a CRD
k describe crd <crd-name>
# Delete a CRD
k delete <resource-name> <name>
Operator pattern : The Operator pattern allows you to automate the lifecycle of applications running on Kubernetes by packaging operational knowledge into Kubernetes-native applications.
Following are the subtopics under Workloads & Scheduling
Deployments : Understand the use of --record for version history, which is crucial for rollbacks.
# Create deployment with 3 replicas
k create deploy <deployment-name> --image=<image-name> --replicas=3
# Create deployment manifest file
k create deploy <deployment-name> --image <image-name> --replicas=3 --dry-run=client -o yaml > deploy.yaml
# List deployment
k get deploy
# Check replicaSet
k get rs
# Describe the deployment
k describe deploy <deployment-name>
# Scale deployment replicas
k scale deploy <deployment-name> --replicas=2
# View Deployments Manifest file
k get deploy <deployment-name> -o yaml
# Update container image in a deployment
k set image deploy <deployment-name> nginx=<image-name> --record
# Rollback to previous deployment version
k rollout undo deploy <deployment-name>
# View deployment rollout history
k rollout history deploy <deployment-name>
# Rollback to a specific revision
k rollout undo deploy <deployment-name> --to-revision=1
# Pause deployment rollout
k rollout pause deploy <deployment-name>
# Resume deployment rollout
k rollout resume deploy <deployment-name>
# Rollout & restart a deployment
k rollout restart deploy <deployment-name>
# Delete deployment
k delete deploy <deployment-name>
ConfigMaps : Use ConfigMaps to separate environment-specific configurations from the container image.
# Create configmap
k create cm <configmap-name>
# Edit the configmap
k edit cm <configmap-name>
# Create configmap manifest file
k create cm <configmap-name> --dry-run=client -o yaml > cm.yaml
# Create configmap from literal values
k create cm <configmap-name> --from-literal=<key1>=<value1> --from-literal=<key2>=<value2>
# Create configmap from a file
k create cm <configmap-name> --from-file=<file-name>
Secrets : Remember that Secrets are base64-encoded and not encrypted and they are for storing sensitive data.
# Create generic secret from literal values
k create secret generic <secret-name> --from-literal=<key1>=<value1> --from-literal=<key2>=<value2>
# Create TLS secret from certificate files
k create secret tls <secret-name> --cert=tls.crt --key=tls.key
Autoscaling Workloads : Practice setting up Horizontal Pod Autoscaler (HPA).
# Using autoscaling
k autoscale deploy <deployment-name> --min=2 --max=5
Configure Liveness, Readiness and Startup Probes : Using liveness and readiness probes in your deployment ensure that your applications are self-healing and automatically recover from failures.
# Startup probe
startupProbe:
httpGet:
path: /startup
port: 8080
failureThreshold: 30
periodSeconds: 10
# Liveness probe
livenessProbe:
httpGet:
path: /healthz
port: 8080
initialDelaySeconds: 15
failureThreshold: 1
periodSeconds: 10
# Readiness probe
readinessProbe:
httpGet:
path: /ready
port: 8080
failureThreshold: 30
periodSeconds: 10
Pods : Always remember that a Pod may contain one or more containers, and they share storage/network resources, making communication between containers in the same Pod fast and efficient.
# Create a Pod
k run <pod-name> --image=<image-name> --restart=Never
# Create a temporary interactive pod
k run -it <pod-name> --image=<image-name> --rm --restart=Never -- sh
# Delete pod immediately
k delete po <pod-name> --grace-period 0 --force
# Pod resource limits
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"
Static Pods : To create a static pod, place the manifest in /etc/kubernetes/manifests on the desired node.
# Static pod manifest path
/etc/kubernetes/manifests
Labels and Selectors : When using selectors, you can filter Kubernetes resources by these labels to perform operations like scaling or applying configuration changes.
# Add a label to a pod
k label pod <pod-name> <label-key>=<label-value>
# List pods with their labels
k get po --show-labels
# List pods with specific label
k get po --selector <label-key>=<label-value>
# Remove a label from a pod
k label po <pod-name> <label-key>-
Taints and Tolerations : Use taints on critical nodes like control plane nodes or nodes to prevent general-purpose workloads from being scheduled on them.
# Check taints on nodes
k describe no <node-name> | egrep "Name:|Taints:"
# Taint a node
k taint nodes <node-name> <key>=<value>:<effect>
# Add toleration to a pod
tolerations:
- key: <key>
operator: <operator>
value: <value>
effect: <effect>
tolerationSeconds: <in seconds>
# Remove taint from a node
k taint no <node-name> <key>=<value>-
Node Name & Node Selector : Node Selectors are used to schedule pods onto specific nodes by using labels on the nodes.
# Label a node
k label no <pod-name> <label-key>=<label-value>
# Use node selector on pod
nodeSelector:
<label-key>: <label-value>
# Remove labels from a node
k label no <pod-name> <label-key>-
Node Affinity : Use node affinity to control the placement of your pods, ensuring that workloads are distributed efficiently across nodes as per there requirements.
# Example Node affinity
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: <label-key>
operator: In
values:
- <label-value>
Admission Controllers Reference : Use admission controllers to enforce policies such as resource quotas, pod security policies, and image validation.
Following are the subtopics under Storage
Storage Classes : Understand the difference between default storage class and other classes
# Example storage class manifest file
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete
# List storageclasses
k get sc
# Describe storageclass
k describe sc <storageclass-name>
Dynamic Volume Provisioning : Understand which type of persistent storage is supported (like AWS EBS, GCE Persistent Disks) and practice using them.
Volumes : Understand which type of persistent storage is supported (like AWS EBS, GCE Persistent Disks) and practice using them.
Persistent Volumes : Remember to know the different reclaim policies: Retain, Delete, and Recycle. Understand access modes like ReadWriteOnce, ReadOnlyMany.
# List persistentvolume
k get pv
# Describe persistentvolume
k describe pv <persistentvolume-name>
# Delete persistentvolume
k delete pv <persistentvolume-name>
# List persistentvolumeclaim
k get pvc
# Describe persistentvolumeclaim
k describe pvc <persistentvolumeclaim-name>
# Delete persistentvolumeclaim
k delete pvc <persistentvolumeclaim-name>
Configure a Pod to Use a PersistentVolume for Storage : Practice creating a pod with persistent storage defined in a YAML manifest. Ensure familiarity with both bindings and mounting.
# Example volume bindings and mounting
volumeMounts:
- name: mysql-storage
mountPath: /var/lib/mysql
volumes:
- name: mysql-storage
persistentVolumeClaim:
claimName: mysql-pvc
Following are the subtopics under Services & Networking
Cluster Configurations : Use kubectl exec to test network connectivity between pods.
# Execute shell in a pod
k exec -it <pod-name> -- /bin/sh
# Execute shell in a specific container within a pod
k exec -it <pod-name> -c webserver -- sh
# Get pod IP addresses
k get po -o wide
# Check pod-to-pod connectivity
k exec <pod-name> -- curl <target-service-ip>:<port>
# Check network interfaces inside a pod
k exec <pod-name> -- ifconfig
Network Policies : Practice setting up network policies to restrict traffic flow between pods.
# List network policies
k get netpol
# Description network policies
k describe netpol <policy-name>
Service : Practice exposing deployments using all types of services: ClusterIP, NodePort, and LoadBalancer.
# Expose deployment as a service
k expose deploy <deployment-name> --name=<service-name> --port=<port> --target-port=<container-port> --type=<service-type>
# List services
k get svc
# List service endpoints
k get ep
Gateway API : The Gateway API provides more flexibility and extensibility compared to traditional Ingress. Use it when you need advanced traffic routing, such as assigning multiple gateways with different capabilities to different services.
Ingress : Practice creating Ingress resources with different rules to route traffic to services based on hostnames and paths, you can also define multiple services under a single Ingress resource by utilizing both path-based and host-based rules.
# Example manifest file to create ingress object
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx-example
rules:
- http:
paths:
- path: /examplepath
pathType: Prefix
backend:
service:
name: example
port:
number: 80
# List all ingress resources
k get ing
# Describe an ingress resource
k describe ing <ingress-name>
CoreDNS : CoreDNS is used for service discovery within the Kubernetes cluster. Familiarize yourself with modifying the Corefile configuration to add custom DNS behaviors like forwarding queries for specific domains outside the cluster.
# Get CoreDNS ConfigMap in the kube-system namespace
k get cm coredns -n kube-system
# Edit CoreDNS ConfigMap for custom DNS configurations
k edit cm coredns -n kube-system
# Get logs of CoreDNS pods
k logs -n kube-system -l k8s-app=kube-dns
Following are the subtopics under Troubleshooting
Troubleshooting Clusters : When draining a node, use --ignore-daemonsets to safely move workloads that can be moved while ignoring daemonsets.
# List all available nodes
k get no
# Describe nodes
k describe no <node-name>
# Drain a node
k drain <node-name> --ignore-daemonsets
# Cordon/uncordon a node
k cordon <node-name>
k uncordon <node-name>
Troubleshooting kubectl : Make sure your kubectl is configured to connect to the correct cluster context.
Troubleshooting kubeadm : Monitor control plane components such as API server, etcd, controller-manager for potential issues during the cluster lifecycle and make sure proper certificate expiration and connectivity between components.
# Cluster components manifest file location
/etc/kubernetes/manifests
# Check kubectl configuration
k config view
# Get logs of kubectl
journalctl -u kubelet
# Check status of kubectl
k get --raw /healthz
# Check status of API server
k get componentstatuses
Metrics Server : Use kubectl top to monitor resource utilization.
# Get no cpu and memory usage
k top no
# Sort pods based on cpu utilization
k top po --sort-by=cpu
# Sort pods based on memory usage
k top po --sort-by=memory
# Get pod cpu and memory usage
k top pod
Logging Architecture : Logs are vital for understanding what's happening inside containers. Use kubectl logs to access logs from running containers.
# Get logs of a pod
k logs <pod-name>
# Get logs of a multi container pod
k logs <pod-name> -c <container-name>
# Get live logs of a pod
k logs <pod-name> -f
Debugging a ReplicaSet | Debug a Deployment : Practice using the describe and logs commands to inspect failed services or pods.
# Describe a pod
k describe pod <pod-name>
# Describe a service
k describe svc <service-name>
# Check recent events in the cluster
k get events
The kubectl
command-line tool is your gateway to interacting with Kubernetes clusters. In the CKA exam, efficiency and accuracy are key, and mastering kubectl
can save you valuable time. Below, I’ll share some kubectl
tips, tricks, and commands that you can use to navigate through the tasks more easily.
Typing kubectl
repeatedly can be a bit time-consuming. You can set up an alias to save time:
alias k="kubectl"
With this, you can just use k
instead of typing kubectl
. For example:
k get pods
The -o
flag allows you to format the output in different ways. This is particularly helpful when you need specific details:
- Get pod details in YAML format:
kubectl get pod my-pod -o yaml
- Get only the names of all pods:
kubectl get pods -o name
- Get pod details in JSON format (handy if you need to extract specific data):
kubectl get pod my-pod -o json
You may need to edit resources during the exam. Instead of recreating a resource, you can edit it directly:
kubectl edit deployment my-deployment
This command opens the resource configuration in your default text editor, where you can make changes on the fly.
The --dry-run
flag is great for checking what a command will do before actually applying it. This is helpful in avoiding mistakes:
-
Test creating a pod without actually creating it:
kubectl run nginx --image=nginx --dry-run=client -o yaml
This command will output the YAML configuration for the pod without deploying it, which you can redirect to a file if needed.
You can generate basic YAML files with kubectl
and redirect the output to a file for further modifications:
- Generate a deployment YAML:
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > nginx-deployment.yaml
The kubectl describe
command is useful when debugging issues, as it provides detailed information about resources:
kubectl describe pod my-pod
This command can help you find events or errors associated with a pod, such as crash loops or insufficient resources.
Label selectors allow you to filter resources easily. This is helpful for working with groups of resources:
-
Get all pods with a specific label:
kubectl get pods -l app=nginx
-
Delete resources with a specific label:
kubectl delete pods -l env=testing
kubectl
has built-in shortcuts for common resource types, which can save you typing:
po
for podskubectl get po
deploy
for deploymentskubectl get deploy
svc
for serviceskubectl get svc
If you’re unsure about the structure of a resource, kubectl explain
can be your best friend:
kubectl explain pod.spec.containers
This command will provide you with detailed information about what each field does, which is helpful when writing YAML files.
Switching between different namespaces and contexts can be common in the exam:
-
Set a default namespace to avoid typing
-n
every time:kubectl config set-context --current --namespace=my-namespace
-
View the current context:
kubectl config current-context
Imperative commands are great for making quick changes without writing YAML files:
- Scale a deployment:
kubectl scale deployment nginx --replicas=3
- Expose a deployment as a service:
kubectl expose deployment nginx --port=80 --target-port=8080 --type=NodePort
The more comfortable you are with kubectl
, the easier the exam will be. Set up a small Kubernetes cluster using tools like Minikube or Kind and practice these commands until they become second nature.
Good luck with your CKA exam preparation! Remember, speed and accuracy come with consistent practice.