Skip to main content

CKA Exam; May 2024: My take on it and cheat sheet

So, I finally got the little green tick of having CKA certification in my certification list. I put off this exam for so long that it seriously became not funny anymore. The internet has quite literally way more than 1000 posts on this topic. But what harm would one more post cause? So here's mine. I will write it from my perspective.

I am writing this post just in case if anyone benefits from it, as I predict there could be many on the same boat as me.



Background:

Kubernetes, modern application architecture, DevSecOps etc are not new territory for me. In fact, I think I am fairly versed in K8s and related tech stack. But due my own imposter syndrome I have been putting off sitting the CKA exam. However, last week I thought about the CKA as "just another approval for my skills" and got the nudge to sit the exam. 

Here's what I did till the day I sat for the exam. (Everybody is different but the below worked for me the best)


The preparation:

As I have been working with K8s for sometime and I did not need to learn it from scratch. So I went ahead and bought it from CNCF and booked the exam 5 days out. Now that I have a target date I commenced working towards it. Here're the strategy I followed:


Hands on:

I think one of reasons why my imposter syndrome was preventing me from taking the exam was that the format is hands on (as opposed to multiple choices). But the good news was that it was also open book (meaning I have access to the documentation). So the strategy needed to be slightly different.

I practiced a lot:

I did not buy any course but I practiced a lot (I think) for 4 days (approx 2-3 hours a day, early mornings and late evenings).  There are 1000s of free good practice materials (they are almost the same) on the internet. I will drop a few here for starter that I used:

Important: With the purchase of the CKA exam it gives 2 sessions of killer.sh mock sessions (both containing the same questions). They are assumed to be much harder than the exam itself. I attempted the first mock session on my prep day 2 and quickly realised that I failed because of my poor time management. So I practiced with the other ones (mentioned above) using google timer and attempted the 2nd mock session twice (each mock session is valid for 36hours and can be restarted unlimited times). This time I completed it just in time. This gave me confident that I would do ok in the exam with time.

I memorised some basic commands:

Since the exam is for a fixed time (120mins; meaning, 120mins ÷ 17questions = 7 mins per question) and there are some questions I anticipated to get stuck on, the strategy was to complete the ones I would be confident about super fast. That meant memorising (through practice ofcouse) few Kubectl imperative commands:

k run <pod name> --image=<image name> --labels="key1=value1,key2=value2" [--oyaml --dry-run=client > pod.yaml] [--command -- sh -c "sleep 1d"]

k exec -i <podname> -- sh -c "cat /var/logs/log.txt"

#Note: I predict that in the exam it will most likely be multi-container and through this command 
there's no way to create multi-container deployment. 
That means saving the yaml with 1 container and adding the adding the additional containers.
k create deploy <deploy name> --image=<image name> --replicas=<count> [--oyaml --dry-run=client > pod.yaml]

k expose deploy/pod <object name> --name=<name of the svc> --port=80 [--target-port=8080] [--type=NodePort/ClusterIP]

k create role or clusterrole <name> --verb=<create,delete,list etc> --resource=<pod,deploy,secret etc>

k create rolebinding or clusterrolebinding <name> --role/clusterrole=<role or clusterrole name> --serviceaccount=<namespace>:<SA name>
# to verify the above:
k auth can-i create deploy --as=system:serviceaccount:<namespace>:<sa name>

k scale deploy/replicaset/statefulset <name of object> --replicas=<desired count>

k rollout history/restart/undo deploy/pod <object name> # rollback a deployment etc

k set image deploy/pod <object name> <existing container name>=<new image name> --record


#sortby ASC order
k get pods -A --sort-by=.metadata.creationTimestamp --no-headers| tac

### Check certificate validity
openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/server.crt

### Check etcd snapshot status
ETCDCTL_API=3 etcdctl snapshot status /etc/etcd-snapshot.db


### Check kubeproxy running
crictl ps | grep kube-proxy
crictl logs 27b6a18c0f89c

### Check kube-proxy is creating iptables rules for a given svc
ssh cluster1-controlplane1 iptables-save | grep p2-service


### Change the Service CIDR to 11.96.0.0/12 for the cluster.
vim /etc/kubernetes/manifests/kube-apiserver.yaml
check for restart --- kubectl -n kube-system get pod | grep api


### CNI conf location
/etc/cni/net.d


### kill container running on kube-proxy on node01
ssh node01
crictl ps | grep kube-proxy
crictl stop 28of363745
crictl rm 28of363745


### write the names of all namespaces resources
k api-resources namespaced=true -o name


### count line numbers
k get roles -n project-c14 | wc -l

### troubleshoot kubelet
journalctl -u kubelet



### get version info to install (eg: kubeadm, kubelet, etc)
apt show kubectl -a | grep 1.29



### join node with cluster

- get into controlplane --- ssh cluster3-controlplane1
- then print join command: kubeadm token create --print-join-command # no need to memorise this command find it in doco.



Important: Practice to validate the completed task. 

The vim editor:

Everybody has used some level of vim editor. I am sure we all have some sort of love and hate relationship with it. But in CKA there're no good alternative (now a days comes with nano but it is basic nano). You get what they give you. So I familiarised myself with few basic vim stuffs like:
  • 'i' to start editing
  • 'i' + right click paste to paste from clipboard
  • 'v' to mark texts (that I need to do something with)
  • 'x' to cut the marked text (i mainly used this method to delete stuff quickly from the copied yaml from doco).
  • 'y' to copy the marked text
  • 'shift + p' to paste the text (copied via the above).
  • 'shift + >' to indent left
  • 'shift + <' to indent right

The documentation:

Now, this is super critical. This is why I practiced a lot. The strategy is not to memorise everything but to know how to find it and copy paste in https://kubernetes.io/docs/home/. I practiced a lot to search in the documentation using the search field during my practice sessions and familiarised my self with what search term brings what documentation page and what section/yaml to copy paste (and modify) from the documentation to answer to tasks. It is a big part of the time management during exam and hence the importance of faimiliarising with searching, finding (from the K8s doco) and modifying as fast as possible. 
Some objects I frequently visited during my prep time (and proven to be also similar during exam) are:
  • PV, PVC and using then in Pod (search term: Pod PersistentVolume)
  • NetworkPolicy
  • EtcdCTL (search term: etcdctl snapshot and find a sample command in the middle of the page)
  • Taint and Tolerations (search term: pod toleration)
  • Pod Resource utilisation
  • Sidecar (search term: Sidecar container)
You see, not many. 
Important: Sometimes the needed page is not ranked as the 1st one. That's the type of insight I got from practicing searching in the k8s documentation. 

Getting familiarity with few uncommon things:

So, even though I claimed that I am versed in K8s there are few things that I needed to know (re-learn) for the exam specifically, as I do not come across these topics everyday. They are:
  • NetworkPolicy
  • Taint (how to taint and untaint, schedule a pod/deploy on a tainted node/controlplane etc)
  • EtcdCTL (taking backup and restore, validate a backup) ## This is very important.
  • Kubeadm (upgrading a kubeadm cluster) ## this is very important
However, I did not do any course for it. I just learned it through practice.
Important: Practice to validate the completed task. 

The 120 mins of the exam:

  • Launch the exam 15 mins before the time. It is online proctored and needs few validation/checks etc such as taking a photo with id/diver's license, the proctor person with ask to pan the camera/latptop webcam to check the desk, exam area etc. I cleaned my desk completely and I only had my laptop and powerchord on the desk. No mobile phones, no paper etc are allowed. I also used my personal laptop to avoid any potential firewall/remote session block from work laptop. 
  • There's no weights mentioned against questions anymore. But I still felt there were some questions (such as multi-faceted questions, questions related to etcd, kubeadm, network policy, role/sa etc) carried more weights.
  • I got 17 questions in the exam. The guide suggested 15 - 20 questions.
  • I did not revise or do anything before the exam (my exam was in the morning). I willed that I am confident. I had breakfast and coffee. Coffee is super important because the exam is for 120 mins (OMG!! what??!!).
  • Because of my above mentioned strategies I completed most of the questions very fast (in about 80 mins). I flagged few for further validation which I did after that 80mins.
  • I flagged and skipped the hard ones/or the ones I wasnt confident about just by reading at a glance (I flagged about 3 questions) which I attempted after that 80 mins. This was so that I avoid wasting time behind one question by getting stuck on it. 
  • It is also important to mention that since the exam is hands on and task based it is very easy (at least for my personality) to get bogged down into 1 specific things and waste time on it. But that 1 specific thing in that multi-faceted question may only carry 1 insignificant point or no points at all. That's why I skipped whenever I felt like I needed to validate more deeply or I am not super confident. And tackled them after I completed majority of the questions. This took off a lot of pressure during the 120 mins. 


Final words:

I felt, the exam was easy (I probably practiced a much harder questions the days (4) before). 
I also felt that many youtubers (not to discourage them; but purely my bias opinion), in the internet, presented the CKA to be a lot harder than the difficulty level it actually is (which probably contributed to my imposter syndrome).

That's it. 

Comments

Post a Comment

Popular posts from this blog

Understanding The Ingress and The Mesh components of Service Mesh

I wrote about the key concepts about service mesh and how to evaluate the requirements for a service mesh in my previous post here:  Deciphering the hype of Service Mesh . This post is a follow up from there covering the technical aspects. Part 1:   Deciphering the hype of Service Mesh Part 2:   Understanding The Ingress and The Mesh components of Service Mesh. Part 3: Uderstanding the observability component of Service Mesh (TBD in another post).  Almost all popular service mesh technologies/tools (eg: Istio, LinkerD) have both ingress and mesh capabilities. Conceptually, I see them as 2 mutually exclusive domain (integrated nicely by the underlying tool). Understanding  the ingress  and  the mesh  components individually, such as what they offer, what I can do with them etc, was the basic building block to my understanding of service mesh technology as a whole. This is arguably the most mis-represented topic in the internet. So, I thought,...
Read more

Openshift-Powered Homelab | Why, What, How

I wanted to build a Homelab for some time but it was taking a backseat as I always had access to cloud environments (eg: cloud accounts, VMware DC etc) and the use cases I was focusing on didn't really warrant for one. But lately, some new developments and opportunities in the industry triggered the need to explore use cases in a bare-metal server environment, ultimately leading to the built of my own homelab, called MetalSNO. In this post, I will discuss some of my key reasons for building a homelab, the goals I set for it, and the process I followed to building one from scratch. I'll conclude with some reflections on whether it was truly worth it and what I plan to do with it going forward. Compelling reasons (The Why ) My uses cases for a homelab weren't about hosting plex server, home automation etc (I have them on Raspberry PIs for some years now). My Homelab is really about exploring technologies and concepts that are on par with industry trend. Below are some of the ...
Post a Comment
Read more

The story of a Hack Job

"So, you have hacked it" -- Few days ago one of the guys at work passed me this comment on a random discussion about something I built. I paused for a moment and pondered: Do I reply defending how that's not a hack. OR Do I just not bother I picked the second option for 2 reasons: It was late. It probably isn't worth defending the "hack vs" topic as the comment passed was out of context. So I chose the next best action and replied "Yep, sure did and it is working great.". I felt like Batman in the moment. In this post I will rant about the knowledge gap around hacking and then describe about one of the components of my home automation project (really, this is the main reason for this post) and use that as an example how hacking is cool and does not always mean bad. But first lets align on my definition of hacking: People use this term in good and bad, both ways. For example: "He/she did a hack job" -- Yeah, that probably...
Post a Comment
Read more

Hall of justice - Authorisation Greeting System

Ever since I watched the Young Justice EP-1 the security system of the Hall Of Justice and Mount Justice wow-ed me. After all it was built by Batman. You see similar AI driven voice guided system in pretty much in all sci-fi series these days. I always dreamed of having something similar of my own. Well, now I have it (sort of). Although we not quite in the flying cars era yet (disappointment) but IOT powered locks are somewhat normal these days. The adoption rate is great.  Some background: What is this Hall Of Justice Authorisation system? This is the security system that Batman built for Hall Of Justice. The movies haven't shown it yet but there're several scenes in the animated series and comic books. Basically, it is a AI powered voice guided intelligent security system that scans bio signatures (like retina, body dimensions, temperature, heart rate) through a scanning device and identifies which member of the justice league it is, logs entry then gr...
Post a Comment
Read more

Smart wifi controlled irrigation system using Sonoff and Home Assistant on Raspberry Pi - Part 1

If you have a backyard just for the sake of having one or it came with the house and you hate watering your garden or lawn/backyard then you have come to the right place. I genuinely believe that it is a waste of my valuable time. I would rather watch bachelorette on TV than go outside, turn on tap, hold garden hose in hand to water. Too much work!! Luckily, we have things like sprinkler system, soaker etc which makes things a bit easy. But you still have to get off that comfy couch and turn on tap (then turn off if there's no tap timer in place). ** Skip to the youtube video part if reading is not your thing   When I first moved into my house at first it was exciting to get a backyard (decent size), but soon that turned on annoyance when it came down maintaining it, specially the watering part. I laid bunch sprinklers and soaker through out the yard and bought tap timer but I still needed to routinely turn on the tap timer. Eventually few days ago I had enough of this rub...
Post a Comment
Read more