Skip to main content

CKA Exam; May 2024: My take on it and cheat sheet

So, I finally got the little green tick of having CKA certification in my certification list. I put off this exam for so long that it seriously became not funny anymore. The internet has quite literally way more than 1000 posts on this topic. But what harm would one more post cause? So here's mine. I will write it from my perspective.

I am writing this post just in case if anyone benefits from it, as I predict there could be many on the same boat as me.



Background:

Kubernetes, modern application architecture, DevSecOps etc are not new territory for me. In fact, I think I am fairly versed in K8s and related tech stack. But due my own imposter syndrome I have been putting off sitting the CKA exam. However, last week I thought about the CKA as "just another approval for my skills" and got the nudge to sit the exam. 

Here's what I did till the day I sat for the exam. (Everybody is different but the below worked for me the best)


The preparation:

As I have been working with K8s for sometime and I did not need to learn it from scratch. So I went ahead and bought it from CNCF and booked the exam 5 days out. Now that I have a target date I commenced working towards it. Here're the strategy I followed:


Hands on:

I think one of reasons why my imposter syndrome was preventing me from taking the exam was that the format is hands on (as opposed to multiple choices). But the good news was that it was also open book (meaning I have access to the documentation). So the strategy needed to be slightly different.

I practiced a lot:

I did not buy any course but I practiced a lot (I think) for 4 days (approx 2-3 hours a day, early mornings and late evenings).  There are 1000s of free good practice materials (they are almost the same) on the internet. I will drop a few here for starter that I used:

Important: With the purchase of the CKA exam it gives 2 sessions of killer.sh mock sessions (both containing the same questions). They are assumed to be much harder than the exam itself. I attempted the first mock session on my prep day 2 and quickly realised that I failed because of my poor time management. So I practiced with the other ones (mentioned above) using google timer and attempted the 2nd mock session twice (each mock session is valid for 36hours and can be restarted unlimited times). This time I completed it just in time. This gave me confident that I would do ok in the exam with time.

I memorised some basic commands:

Since the exam is for a fixed time (120mins; meaning, 120mins ÷ 17questions = 7 mins per question) and there are some questions I anticipated to get stuck on, the strategy was to complete the ones I would be confident about super fast. That meant memorising (through practice ofcouse) few Kubectl imperative commands:

k run <pod name> --image=<image name> --labels="key1=value1,key2=value2" [--oyaml --dry-run=client > pod.yaml] [--command -- sh -c "sleep 1d"]

k exec -i <podname> -- sh -c "cat /var/logs/log.txt"

#Note: I predict that in the exam it will most likely be multi-container and through this command 
there's no way to create multi-container deployment. 
That means saving the yaml with 1 container and adding the adding the additional containers.
k create deploy <deploy name> --image=<image name> --replicas=<count> [--oyaml --dry-run=client > pod.yaml]

k expose deploy/pod <object name> --name=<name of the svc> --port=80 [--target-port=8080] [--type=NodePort/ClusterIP]

k create role or clusterrole <name> --verb=<create,delete,list etc> --resource=<pod,deploy,secret etc>

k create rolebinding or clusterrolebinding <name> --role/clusterrole=<role or clusterrole name> --serviceaccount=<namespace>:<SA name>
# to verify the above:
k auth can-i create deploy --as=system:serviceaccount:<namespace>:<sa name>

k scale deploy/replicaset/statefulset <name of object> --replicas=<desired count>

k rollout history/restart/undo deploy/pod <object name> # rollback a deployment etc

k set image deploy/pod <object name> <existing container name>=<new image name> --record


#sortby ASC order
k get pods -A --sort-by=.metadata.creationTimestamp --no-headers| tac

### Check certificate validity
openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/server.crt

### Check etcd snapshot status
ETCDCTL_API=3 etcdctl snapshot status /etc/etcd-snapshot.db


### Check kubeproxy running
crictl ps | grep kube-proxy
crictl logs 27b6a18c0f89c

### Check kube-proxy is creating iptables rules for a given svc
ssh cluster1-controlplane1 iptables-save | grep p2-service


### Change the Service CIDR to 11.96.0.0/12 for the cluster.
vim /etc/kubernetes/manifests/kube-apiserver.yaml
check for restart --- kubectl -n kube-system get pod | grep api


### CNI conf location
/etc/cni/net.d


### kill container running on kube-proxy on node01
ssh node01
crictl ps | grep kube-proxy
crictl stop 28of363745
crictl rm 28of363745


### write the names of all namespaces resources
k api-resources namespaced=true -o name


### count line numbers
k get roles -n project-c14 | wc -l

### troubleshoot kubelet
journalctl -u kubelet



### get version info to install (eg: kubeadm, kubelet, etc)
apt show kubectl -a | grep 1.29



### join node with cluster

- get into controlplane --- ssh cluster3-controlplane1
- then print join command: kubeadm token create --print-join-command # no need to memorise this command find it in doco.



Important: Practice to validate the completed task. 

The vim editor:

Everybody has used some level of vim editor. I am sure we all have some sort of love and hate relationship with it. But in CKA there're no good alternative (now a days comes with nano but it is basic nano). You get what they give you. So I familiarised myself with few basic vim stuffs like:
  • 'i' to start editing
  • 'i' + right click paste to paste from clipboard
  • 'v' to mark texts (that I need to do something with)
  • 'x' to cut the marked text (i mainly used this method to delete stuff quickly from the copied yaml from doco).
  • 'y' to copy the marked text
  • 'shift + p' to paste the text (copied via the above).
  • 'shift + >' to indent left
  • 'shift + <' to indent right

The documentation:

Now, this is super critical. This is why I practiced a lot. The strategy is not to memorise everything but to know how to find it and copy paste in https://kubernetes.io/docs/home/. I practiced a lot to search in the documentation using the search field during my practice sessions and familiarised my self with what search term brings what documentation page and what section/yaml to copy paste (and modify) from the documentation to answer to tasks. It is a big part of the time management during exam and hence the importance of faimiliarising with searching, finding (from the K8s doco) and modifying as fast as possible. 
Some objects I frequently visited during my prep time (and proven to be also similar during exam) are:
  • PV, PVC and using then in Pod (search term: Pod PersistentVolume)
  • NetworkPolicy
  • EtcdCTL (search term: etcdctl snapshot and find a sample command in the middle of the page)
  • Taint and Tolerations (search term: pod toleration)
  • Pod Resource utilisation
  • Sidecar (search term: Sidecar container)
You see, not many. 
Important: Sometimes the needed page is not ranked as the 1st one. That's the type of insight I got from practicing searching in the k8s documentation. 

Getting familiarity with few uncommon things:

So, even though I claimed that I am versed in K8s there are few things that I needed to know (re-learn) for the exam specifically, as I do not come across these topics everyday. They are:
  • NetworkPolicy
  • Taint (how to taint and untaint, schedule a pod/deploy on a tainted node/controlplane etc)
  • EtcdCTL (taking backup and restore, validate a backup) ## This is very important.
  • Kubeadm (upgrading a kubeadm cluster) ## this is very important
However, I did not do any course for it. I just learned it through practice.
Important: Practice to validate the completed task. 

The 120 mins of the exam:

  • Launch the exam 15 mins before the time. It is online proctored and needs few validation/checks etc such as taking a photo with id/diver's license, the proctor person with ask to pan the camera/latptop webcam to check the desk, exam area etc. I cleaned my desk completely and I only had my laptop and powerchord on the desk. No mobile phones, no paper etc are allowed. I also used my personal laptop to avoid any potential firewall/remote session block from work laptop. 
  • There's no weights mentioned against questions anymore. But I still felt there were some questions (such as multi-faceted questions, questions related to etcd, kubeadm, network policy, role/sa etc) carried more weights.
  • I got 17 questions in the exam. The guide suggested 15 - 20 questions.
  • I did not revise or do anything before the exam (my exam was in the morning). I willed that I am confident. I had breakfast and coffee. Coffee is super important because the exam is for 120 mins (OMG!! what??!!).
  • Because of my above mentioned strategies I completed most of the questions very fast (in about 80 mins). I flagged few for further validation which I did after that 80mins.
  • I flagged and skipped the hard ones/or the ones I wasnt confident about just by reading at a glance (I flagged about 3 questions) which I attempted after that 80 mins. This was so that I avoid wasting time behind one question by getting stuck on it. 
  • It is also important to mention that since the exam is hands on and task based it is very easy (at least for my personality) to get bogged down into 1 specific things and waste time on it. But that 1 specific thing in that multi-faceted question may only carry 1 insignificant point or no points at all. That's why I skipped whenever I felt like I needed to validate more deeply or I am not super confident. And tackled them after I completed majority of the questions. This took off a lot of pressure during the 120 mins. 


Final words:

I felt, the exam was easy (I probably practiced a much harder questions the days (4) before). 
I also felt that many youtubers (not to discourage them; but purely my bias opinion), in the internet, presented the CKA to be a lot harder than the difficulty level it actually is (which probably contributed to my imposter syndrome).

That's it. 

Comments

Post a Comment

Popular posts from this blog

Do you even Kubernetes ? - in private cloud

Kubernetes (“koo-burr-NET-eez”) /κυβερνήτης/ - Can be used as noun or verb. Noun "helmsman" or "pilot" or "Orchestrator". We use Kubernetes to achieve resiliency for our application. Verb Perform the act of doing Kubernetes. When done using TKG it is easy but can be super hard if the right tool is not used. Do you even Kubernetes? If I were to survey about how many people in IT industry (regardless of role) knows or at least heard about Kubernetes I would be very surprised if the percentage came out any less than at least 80%. I am curious though, How many people have actually deployed on Kubernetes? How many people have created a Kubernetes cluster? How? The answer could go either way of "Yeah, it's easy" OR "Dude!! it's hard". This is because, in my opinion, it all depends on choosing the right toolset that are fit for purpose. In this post I will create a Kubernetes cluster and deploy a microservice application End-To-End, th...
1 comment
Read more

Deciphering the hype of Service Mesh

Service Mesh is not a new topic anymore. Most of us in the industry are already familiar with it. There are also tons of article in the internet about its why and how. In my opinion, it has a significant influence on the application architecture. Here's a DevSecOps humor to start the discussion (and it will make sense as you read along).  This is part 1 of my 3 parts blog posts on Service Mesh. Part 1:   Deciphering the hype of Service Mesh Part 2:   Understanding The Ingress and The Mesh components of Service Mesh. Part 3:  Understanding the observability component of Service Mesh (TBD).  In this post, I am going approach Service Mesh from an application architecture point of view. I will also score some of its basic features on a scale of 1 to 5, where 1 being the least important to me and 5 being the most important.  Table of contents: Common Q&As Features mTLS Service Discovery Meshing Ingress, Gateways etc Telemetries Enterprise products and offeri...
Read more

Openshift-Powered Homelab | Why, What, How

I wanted to build a Homelab for some time but it was taking a backseat as I always had access to cloud environments (eg: cloud accounts, VMware DC etc) and the use cases I was focusing on didn't really warrant for one. But lately, some new developments and opportunities in the industry triggered the need to explore use cases in a bare-metal server environment, ultimately leading to the built of my own homelab, called MetalSNO. In this post, I will discuss some of my key reasons for building a homelab, the goals I set for it, and the process I followed to building one from scratch. I'll conclude with some reflections on whether it was truly worth it and what I plan to do with it going forward. Compelling reasons (The Why ) My uses cases for a homelab weren't about hosting plex server, home automation etc (I have them on Raspberry PIs for some years now). My Homelab is really about exploring technologies and concepts that are on par with industry trend. Below are some of the ...
Post a Comment
Read more

The story of a Hack Job

"So, you have hacked it" -- Few days ago one of the guys at work passed me this comment on a random discussion about something I built. I paused for a moment and pondered: Do I reply defending how that's not a hack. OR Do I just not bother I picked the second option for 2 reasons: It was late. It probably isn't worth defending the "hack vs" topic as the comment passed was out of context. So I chose the next best action and replied "Yep, sure did and it is working great.". I felt like Batman in the moment. In this post I will rant about the knowledge gap around hacking and then describe about one of the components of my home automation project (really, this is the main reason for this post) and use that as an example how hacking is cool and does not always mean bad. But first lets align on my definition of hacking: People use this term in good and bad, both ways. For example: "He/she did a hack job" -- Yeah, that probably...
Post a Comment
Read more

Story of a Java application in the cloud on Heroku

Starting with a monolith application is not really uncommon. But when the demand arises it is important to have a plan or path to go distributed either a Big Bang change or phased approach. I took the phased approach and the phases sort of happened naturally (without even knowing the right technical terms, BUT the concept and vision was clear). I will try to tell the story in this post. Although I will use "sample app" and the tutorials I prepared for this is a "sample app", I have faced the scenarios in real life few years ago and learned a thing or two. I am using Heroku for this "sample app" but this can also be implemented in AWS or Azure. I am sure there's always a better way of doing it, but this is how I have approached it.   Firstly, let's set some functional specification for our "sample app": The app will take request from the user (there's no restriction on how many users can request the app in a given second.) via browser....
Post a Comment
Read more

Reimagining Logs: Building AI powered Conversational Observability System

It is mid-2025 and the cogs of AI are at full speed. So we (I and Mobin) decided to do our own AI project. We called it "IntelliLogs".  IntelliLogs at a glance: Demo:  https://www.youtube.com/watch?v=OXMlORwyMQk In this post I will describe why we did what we did, what is it that we did and how we did it. I will share my personal experience. I am hoping this will, at least, be an interesting read. Table of contents: Why IntelliLogs What is IntelliLogs How IntelliLogs was developed Future of IntelliLogs Conclusion References Why IntelliLogs: Personal motivation 💪 to this were: Explore and experience what does an AI app look like from an architectural and engineering perspective Explore the realm of Huge LLMs (eg: GPT-4.1-170B,  Gemini Pro etc) vs small LLMs (eg: granite-7b, gemma-4b) Explore the possibilities of model tuning / making a model without being a data scientist. How easy or hard it is, what tools available etc. We also wanted to tackle a "not too far from ...
Post a Comment
Read more