Skip to content

This comprehensive repo equips aspiring Kubernetes administrators with all the knowledge and resources to ace the CKA exam on the first try. Includes in-depth explanations, hands-on labs, and valuable study materials. Pass the CKA and unlock your Kubernetes potential today!

License

Notifications You must be signed in to change notification settings

MoranDevops/cka-certification-guide

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 
 

Repository files navigation

Ultimate Certified Kubernetes Administrator (CKA) Exam Preparation Guide - V1.31 (2024)

This guide is part of the Complete CKA Certification Course.

Hit the Star! ⭐

If you are planning to use this repo for reference, please hit the star. Thanks!

CKA Exam Overview

The Certified Kubernetes Administrator (CKA) exam has a duration of 2 hours. To pass the exam, candidates need to achieve a score of at least 66%. The exam will be on Kubernetes version 1.31. Once the certificate is earned, the CKA certification remains valid for 2 years. The cost to take the exam is $395 USD.

Important Note: The CKA exam is updating after January 15, 2025, with new topics and a focus on real-world Kubernetes skills like Gateway API, Helm, Kustomize, CRDs & Operators. This guide is based on the new CKA syllabus. You can read more about the exam changes here CKA Exam Changes

CKA Exam Coupon (50% OFF Cyber Monday Discount)

CKA Price Update: The CKA exam price will increase to $435 in January 2025. Take advantage of the current Cyber Monday discount and complete the exam within 12 months to maximize your savings.

To save on CKA exam registration, use the following coupon code.

Coupon: Use code CYBER24CCTECHIES at kube.promo/cka

Use code CYBER24BUNDLECT to save 65% on folowing bundles.

Note: If you want to give the CKA exam before the syllabus change on November 25th, dont delay booking your CKA Exam. If you're planning to take the Certified Kubernetes Administrator (CKA) exam, be aware that the syllabus is changing soon. Plan and book your exam as early as possible to avoid last-minute slot issues.

Table of Contents

  1. Cluster Architecture, Installation & Configuration (25%)

  2. Workloads & Scheduling (15%)

  3. Storage (10%)

  4. Services & Networking (20%)

  5. Troubleshooting (30%)

CKA Exam Detailed Study Guide & References

CKA Certification Exam has the following key domains:

1. Cluster Architecture, Installation & Configuration (25%)

Following are the subtopics under Cluster Architecture, Installation & Configuration

Manage role based access control (RBAC).

RBAC | Service Accounts | Roles & ClusterRoles : Understand the difference between Roles (namespace level) and ClusterRoles (cluster level).

# Create a service account
k create sa <sa-name> -n <namespace>

# Create a role
k create role <role-name> --verb=<verbs> --resource=<resources> -n <namespace>

# Create rolebinding
k create rolebinding <binding-name> --role=<role-name> --user=<username> -n <namespace>

# Create a clusterrole
k create clusterrole <clusterrole-name> --verb=<verbs> --resource=<resources>

# Create clusterrolebinding
k create clusterrolebinding <binding-name> --clusterrole=<clusterrole-name> --user=<username>

# Check RBAC authorization
k auth can-i <verb> <resource> --as=<username>

Prepare underlying infrastructure for installing a Kubernetes cluster.

Setup Virtual Machines : Ensure that each virtual machine (VM) meets the minimum system requirements for setting up a Kubernetes cluster.

Kubeadm Cluster Prerequisites : Ensure that all VMs can communicate with each other, as Kubernetes requires all nodes to have unrestricted communication for pod-to-pod networking.

Provision underlying infrastructure to deploy a Kubernetes cluster : Tools like VirtualBox, VMware, or KVM can be used to set up virtual machines locally and for cloud environments, consider providers like AWS, GCP, or Azure for flexibility and scalability.

Create and manage Kubernetes clusters using kubeadm.

Cluster Setup : kubeadm is a tool used for easy cluster bootstrap, be familiar with creating a cluster control plane node and adding worker nodes.

# Set Up kubeconfig
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

Manage the lifecycle of Kubernetes clusters.

Perform Cluster Version upgrade Using Kubeadm : Managing the lifecycle involves upgrading clusters, managing control plane nodes, and ensuring consistency across versions.

Use Helm and Kustomize to install cluster components.

Helm : Helm makes it easier to package and deploy Kubernetes applications. Practice installing, upgrading, and uninstalling releases.

# Install a helm chart
helm install <release-name> <chart-name>

# List helm releases
helm list

# Upgrade a helm release
helm upgrade <release-name> <chart-name>

# Search for a chart
helm search repo <chart-name>

# Install helm chart
helm install <release-name> <chart-name>

# Uninstall a helm release
helm uninstall <release-name>

Kustomize : Start by creating a directory containing all the Kubernetes manifests you want to manage with Kustomize.

# Example directory structure
example-app/
  ├── deployment.yaml
  ├── service.yaml
  └── kustomization.yaml

# Use Kustomize to apply resources
k apply -k kustomization.yaml

Understand extension interfaces (CNI, CSI, CRI, etc.).

Container Runtime Interface (CRI) : Kubernetes uses the CRI to communicate with container runtimes.

# Check container runtime
crictl info

# List all containers
crictl ps

# View specific container details
crictl inspect <container-id>

# View container logs
crictl logs <container-id>

Network Plugin : Kubernetes uses network plugins (CNI) to manage pod networking, get a good understanding of popular plugins like Calico, Flannel, and Weave Net, and understand the role of CNIs in providing network connectivity, security policies, and IPAM.

# List installed CNI plugins
ls /etc/cni/net.d/

Container Storage Interface (CSI) for Kubernetes GA : The CSIs is a standardized mechanism that allows storage providers to provide persistent storage support for Kubernetes.

# List CSI drivers
k get csidrivers

Understand CRDs, install and configure operators.

Custom Resources : CRDs allows you to extend Kubernetes APIs to create new kinds of Kubernetes objects beyond the built-in ones.

# List CRDs
k get crd

# Describe a CRD
k describe crd <crd-name>

# Delete a CRD
k delete <resource-name> <name>

Operator pattern : The Operator pattern allows you to automate the lifecycle of applications running on Kubernetes by packaging operational knowledge into Kubernetes-native applications.

2. Workloads & Scheduling (15%)

Following are the subtopics under Workloads & Scheduling

Understand deployments and how to perform rolling update and rollbacks.

Deployments : Understand the use of --record for version history, which is crucial for rollbacks.

# Create deployment with 3 replicas
k create deploy <deployment-name> --image=<image-name> --replicas=3

# Create deployment manifest file
k create deploy <deployment-name> --image <image-name> --replicas=3  --dry-run=client -o yaml > deploy.yaml

# List deployment
k get deploy

# Check replicaSet
k get rs

# Describe the deployment
k describe deploy <deployment-name>

# Scale deployment replicas
k scale deploy <deployment-name> --replicas=2

# View Deployments Manifest file
k get deploy <deployment-name> -o yaml

# Update container image in a deployment
k set image deploy <deployment-name> nginx=<image-name> --record

# Rollback to previous deployment version
k rollout undo deploy <deployment-name>

# View deployment rollout history
k rollout history deploy <deployment-name>

# Rollback to a specific revision
k rollout undo deploy <deployment-name> --to-revision=1

# Pause deployment rollout
k rollout pause deploy <deployment-name>

# Resume deployment rollout
k rollout resume deploy <deployment-name>

# Rollout & restart a deployment
k rollout restart deploy <deployment-name>

# Delete deployment
k delete deploy <deployment-name>

Use ConfigMaps and Secrets to configure applications.

ConfigMaps : Use ConfigMaps to separate environment-specific configurations from the container image.

# Create configmap
k create cm <configmap-name>

# Edit the configmap
k edit cm <configmap-name>

# Create configmap manifest file
k create cm <configmap-name> --dry-run=client -o yaml > cm.yaml

# Create configmap from literal values
k create cm <configmap-name> --from-literal=<key1>=<value1> --from-literal=<key2>=<value2>

# Create configmap from a file
k create cm <configmap-name> --from-file=<file-name>

Secrets : Remember that Secrets are base64-encoded and not encrypted and they are for storing sensitive data.

# Create generic secret from literal values
k create secret generic <secret-name> --from-literal=<key1>=<value1> --from-literal=<key2>=<value2>

# Create TLS secret from certificate files
k create secret tls <secret-name> --cert=tls.crt --key=tls.key

Configure workload autoscaling.

Autoscaling Workloads : Practice setting up Horizontal Pod Autoscaler (HPA).

# Using autoscaling
k autoscale deploy <deployment-name> --min=2 --max=5

Understand the primitives used to create robust, self-healing, application deployments.

Configure Liveness, Readiness and Startup Probes : Using liveness and readiness probes in your deployment ensure that your applications are self-healing and automatically recover from failures.

# Startup probe
startupProbe:
    httpGet:
    path: /startup
    port: 8080
    failureThreshold: 30
    periodSeconds: 10

# Liveness probe
livenessProbe:
    httpGet:
    path: /healthz
    port: 8080
    initialDelaySeconds: 15
    failureThreshold: 1
    periodSeconds: 10

# Readiness probe
readinessProbe:
    httpGet:
    path: /ready
    port: 8080
    failureThreshold: 30
    periodSeconds: 10

Configure Pod admission and scheduling (limits, node affinity, etc.).

Pods : Always remember that a Pod may contain one or more containers, and they share storage/network resources, making communication between containers in the same Pod fast and efficient.

# Create a Pod
k run <pod-name> --image=<image-name> --restart=Never

# Create a temporary interactive pod
k run -it <pod-name> --image=<image-name> --rm --restart=Never -- sh

# Delete pod immediately
k delete po <pod-name> --grace-period 0 --force

# Pod resource limits
resources:
    requests:
    memory: "64Mi"
    cpu: "250m"
    limits:
    memory: "128Mi"
    cpu: "500m"

Static Pods : To create a static pod, place the manifest in /etc/kubernetes/manifests on the desired node.

# Static pod manifest path
/etc/kubernetes/manifests

Labels and Selectors : When using selectors, you can filter Kubernetes resources by these labels to perform operations like scaling or applying configuration changes.

# Add a label to a pod
k label pod <pod-name> <label-key>=<label-value>

# List pods with their labels
k get po --show-labels

# List pods with specific label
k get po --selector <label-key>=<label-value>

# Remove a label from a pod
k label po <pod-name> <label-key>-

Taints and Tolerations : Use taints on critical nodes like control plane nodes or nodes to prevent general-purpose workloads from being scheduled on them.

# Check taints on nodes
k describe no <node-name> | egrep "Name:|Taints:"

# Taint a node
k taint nodes <node-name> <key>=<value>:<effect>

# Add toleration to a pod
tolerations:
- key: <key>
  operator: <operator>
  value: <value>
  effect: <effect>
  tolerationSeconds: <in seconds>

# Remove taint from a node
k taint no <node-name> <key>=<value>-

Node Name & Node Selector : Node Selectors are used to schedule pods onto specific nodes by using labels on the nodes.

# Label a node
k label no <pod-name> <label-key>=<label-value>

# Use node selector on pod
nodeSelector:
  <label-key>: <label-value>

# Remove labels from a node
k label no <pod-name> <label-key>-

Node Affinity : Use node affinity to control the placement of your pods, ensuring that workloads are distributed efficiently across nodes as per there requirements.

# Example Node affinity
affinity:
nodeAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
    nodeSelectorTerms:
    - matchExpressions:
        - key: <label-key>
        operator: In
        values:
        - <label-value>

Admission Controllers Reference : Use admission controllers to enforce policies such as resource quotas, pod security policies, and image validation.

3. Storage (10%)

Following are the subtopics under Storage

Implement storage classes and dynamic volume provisioning.

Storage Classes : Understand the difference between default storage class and other classes

# Example storage class manifest file
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: local-storage
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
reclaimPolicy: Delete

# List storageclasses
k get sc

# Describe storageclass
k describe sc <storageclass-name>

Dynamic Volume Provisioning : Understand which type of persistent storage is supported (like AWS EBS, GCE Persistent Disks) and practice using them.

Configure volume types, access modes and reclaim policies.

Volumes : Understand which type of persistent storage is supported (like AWS EBS, GCE Persistent Disks) and practice using them.

Persistent Volumes : Remember to know the different reclaim policies: Retain, Delete, and Recycle. Understand access modes like ReadWriteOnce, ReadOnlyMany.

# List persistentvolume
k get pv

# Describe persistentvolume
k describe pv <persistentvolume-name>

# Delete persistentvolume
k delete pv <persistentvolume-name>

# List persistentvolumeclaim
k get pvc

# Describe persistentvolumeclaim
k describe pvc <persistentvolumeclaim-name>

# Delete persistentvolumeclaim
k delete pvc <persistentvolumeclaim-name>

Manage persistent volumes and persistent volume claims.

Configure a Pod to Use a PersistentVolume for Storage : Practice creating a pod with persistent storage defined in a YAML manifest. Ensure familiarity with both bindings and mounting.

# Example volume bindings and mounting
volumeMounts:
- name: mysql-storage
  mountPath: /var/lib/mysql
volumes:
- name: mysql-storage
persistentVolumeClaim:
  claimName: mysql-pvc

4. Services & Networking (20%)

Following are the subtopics under Services & Networking

Understand connectivity between Pods.

Cluster Configurations : Use kubectl exec to test network connectivity between pods.

# Execute shell in a pod
k exec -it <pod-name> -- /bin/sh

# Execute shell in a specific container within a pod
k exec -it <pod-name> -c webserver -- sh

# Get pod IP addresses
k get po -o wide

# Check pod-to-pod connectivity
k exec <pod-name> -- curl <target-service-ip>:<port>

# Check network interfaces inside a pod
k exec <pod-name> -- ifconfig

Define and enforce Network Policies.

Network Policies : Practice setting up network policies to restrict traffic flow between pods.

# List network policies
k get netpol

# Description network policies
k describe netpol <policy-name>

Use ClusterIP, NodePort, LoadBalancer service types and endpoints.

Service : Practice exposing deployments using all types of services: ClusterIP, NodePort, and LoadBalancer.

# Expose deployment as a service
k expose deploy <deployment-name> --name=<service-name> --port=<port> --target-port=<container-port> --type=<service-type>

# List services
k get svc

# List service endpoints
k get ep

Use the Gateway API to manage Ingress traffic.

Gateway API : The Gateway API provides more flexibility and extensibility compared to traditional Ingress. Use it when you need advanced traffic routing, such as assigning multiple gateways with different capabilities to different services.

Know how to use Ingress controllers and Ingress resources.

Ingress : Practice creating Ingress resources with different rules to route traffic to services based on hostnames and paths, you can also define multiple services under a single Ingress resource by utilizing both path-based and host-based rules.

# Example manifest file to create ingress object
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: example-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx-example
  rules:
  - http:
      paths:
      - path: /examplepath
        pathType: Prefix
        backend:
          service:
            name: example
            port:
              number: 80

# List all ingress resources
k get ing

# Describe an ingress resource
k describe ing <ingress-name>

Understand and use CoreDNS.

CoreDNS : CoreDNS is used for service discovery within the Kubernetes cluster. Familiarize yourself with modifying the Corefile configuration to add custom DNS behaviors like forwarding queries for specific domains outside the cluster.

# Get CoreDNS ConfigMap in the kube-system namespace
k get cm coredns -n kube-system

# Edit CoreDNS ConfigMap for custom DNS configurations
k edit cm coredns -n kube-system

# Get logs of CoreDNS pods
k logs -n kube-system -l k8s-app=kube-dns

5. Troubleshooting (30%)

Following are the subtopics under Troubleshooting

Troubleshoot clusters and nodes.

Troubleshooting Clusters : When draining a node, use --ignore-daemonsets to safely move workloads that can be moved while ignoring daemonsets.

# List all available nodes
k get no

# Describe nodes
k describe no <node-name>

# Drain a node
k drain <node-name> --ignore-daemonsets

# Cordon/uncordon a node
k cordon <node-name>
k uncordon <node-name>

Troubleshoot cluster components.

Troubleshooting kubectl : Make sure your kubectl is configured to connect to the correct cluster context.

Troubleshooting kubeadm : Monitor control plane components such as API server, etcd, controller-manager for potential issues during the cluster lifecycle and make sure proper certificate expiration and connectivity between components.

# Cluster components manifest file location
/etc/kubernetes/manifests

# Check kubectl configuration
k config view

# Get logs of kubectl
journalctl -u kubelet

# Check status of kubectl
k get --raw /healthz

# Check status of API server
k get componentstatuses

Monitor cluster and application resource usage.

Metrics Server : Use kubectl top to monitor resource utilization.

# Get no cpu and memory usage
k top no

# Sort pods based on cpu utilization
k top po --sort-by=cpu

# Sort pods based on memory usage
k top po --sort-by=memory

# Get pod cpu and memory usage
k top pod

Manage and evaluate container output streams.

Logging Architecture : Logs are vital for understanding what's happening inside containers. Use kubectl logs to access logs from running containers.

# Get logs of a pod
k logs <pod-name>

# Get logs of a multi container pod
k logs <pod-name> -c <container-name>

# Get live logs of a pod
k logs <pod-name> -f

Troubleshoot services and networking.

Debugging a ReplicaSet | Debug a Deployment : Practice using the describe and logs commands to inspect failed services or pods.

# Describe a pod
k describe pod <pod-name> 

# Describe a service
k describe svc <service-name>

# Check recent events in the cluster
k get events

Kubectl Tips for CKA Exam

The kubectl command-line tool is your gateway to interacting with Kubernetes clusters. In the CKA exam, efficiency and accuracy are key, and mastering kubectl can save you valuable time. Below, I’ll share some kubectl tips, tricks, and commands that you can use to navigate through the tasks more easily.

1. Use Aliases for Speed

Typing kubectl repeatedly can be a bit time-consuming. You can set up an alias to save time:

alias k="kubectl"

With this, you can just use k instead of typing kubectl. For example:

k get pods

2. Use -o for Output Customization

The -o flag allows you to format the output in different ways. This is particularly helpful when you need specific details:

  • Get pod details in YAML format:
    kubectl get pod my-pod -o yaml
  • Get only the names of all pods:
    kubectl get pods -o name
  • Get pod details in JSON format (handy if you need to extract specific data):
    kubectl get pod my-pod -o json

3. Quickly Edit Resources

You may need to edit resources during the exam. Instead of recreating a resource, you can edit it directly:

kubectl edit deployment my-deployment

This command opens the resource configuration in your default text editor, where you can make changes on the fly.

4. Use --dry-run for Testing

The --dry-run flag is great for checking what a command will do before actually applying it. This is helpful in avoiding mistakes:

  • Test creating a pod without actually creating it:

    kubectl run nginx --image=nginx --dry-run=client -o yaml

    This command will output the YAML configuration for the pod without deploying it, which you can redirect to a file if needed.

5. Generators for Quick YAML Files

You can generate basic YAML files with kubectl and redirect the output to a file for further modifications:

  • Generate a deployment YAML:
    kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > nginx-deployment.yaml

6. Describe for Detailed Debugging

The kubectl describe command is useful when debugging issues, as it provides detailed information about resources:

kubectl describe pod my-pod

This command can help you find events or errors associated with a pod, such as crash loops or insufficient resources.

7. Use -l for Label Selection

Label selectors allow you to filter resources easily. This is helpful for working with groups of resources:

  • Get all pods with a specific label:

    kubectl get pods -l app=nginx
  • Delete resources with a specific label:

    kubectl delete pods -l env=testing

8. Shortcuts for Common Operations

kubectl has built-in shortcuts for common resource types, which can save you typing:

  • po for pods
    kubectl get po
  • deploy for deployments
    kubectl get deploy
  • svc for services
    kubectl get svc

9. Use kubectl explain to Understand Resource Definitions

If you’re unsure about the structure of a resource, kubectl explain can be your best friend:

kubectl explain pod.spec.containers

This command will provide you with detailed information about what each field does, which is helpful when writing YAML files.

10. Context and Namespace Management

Switching between different namespaces and contexts can be common in the exam:

  • Set a default namespace to avoid typing -n every time:

    kubectl config set-context --current --namespace=my-namespace
  • View the current context:

    kubectl config current-context

11. Imperative Commands for Quick Changes

Imperative commands are great for making quick changes without writing YAML files:

  • Scale a deployment:
    kubectl scale deployment nginx --replicas=3
  • Expose a deployment as a service:
    kubectl expose deployment nginx --port=80 --target-port=8080 --type=NodePort

Final Tip: Practice, Practice, Practice

The more comfortable you are with kubectl, the easier the exam will be. Set up a small Kubernetes cluster using tools like Minikube or Kind and practice these commands until they become second nature.

Good luck with your CKA exam preparation! Remember, speed and accuracy come with consistent practice.

About

This comprehensive repo equips aspiring Kubernetes administrators with all the knowledge and resources to ace the CKA exam on the first try. Includes in-depth explanations, hands-on labs, and valuable study materials. Pass the CKA and unlock your Kubernetes potential today!

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published