Skip to main content

CKA Exam; May 2024: My take on it and cheat sheet

So, I finally got the little green tick of having CKA certification in my certification list. I put off this exam for so long that it seriously became not funny anymore. The internet has quite literally way more than 1000 posts on this topic. But what harm would one more post cause? So here's mine. I will write it from my perspective.

I am writing this post just in case if anyone benefits from it, as I predict there could be many on the same boat as me.



Background:

Kubernetes, modern application architecture, DevSecOps etc are not new territory for me. In fact, I think I am fairly versed in K8s and related tech stack. But due my own imposter syndrome I have been putting off sitting the CKA exam. However, last week I thought about the CKA as "just another approval for my skills" and got the nudge to sit the exam. 

Here's what I did till the day I sat for the exam. (Everybody is different but the below worked for me the best)


The preparation:

As I have been working with K8s for sometime and I did not need to learn it from scratch. So I went ahead and bought it from CNCF and booked the exam 5 days out. Now that I have a target date I commenced working towards it. Here're the strategy I followed:


Hands on:

I think one of reasons why my imposter syndrome was preventing me from taking the exam was that the format is hands on (as opposed to multiple choices). But the good news was that it was also open book (meaning I have access to the documentation). So the strategy needed to be slightly different.

I practiced a lot:

I did not buy any course but I practiced a lot (I think) for 4 days (approx 2-3 hours a day, early mornings and late evenings).  There are 1000s of free good practice materials (they are almost the same) on the internet. I will drop a few here for starter that I used:

Important: With the purchase of the CKA exam it gives 2 sessions of killer.sh mock sessions (both containing the same questions). They are assumed to be much harder than the exam itself. I attempted the first mock session on my prep day 2 and quickly realised that I failed because of my poor time management. So I practiced with the other ones (mentioned above) using google timer and attempted the 2nd mock session twice (each mock session is valid for 36hours and can be restarted unlimited times). This time I completed it just in time. This gave me confident that I would do ok in the exam with time.

I memorised some basic commands:

Since the exam is for a fixed time (120mins; meaning, 120mins ÷ 17questions = 7 mins per question) and there are some questions I anticipated to get stuck on, the strategy was to complete the ones I would be confident about super fast. That meant memorising (through practice ofcouse) few Kubectl imperative commands:

k run <pod name> --image=<image name> --labels="key1=value1,key2=value2" [--oyaml --dry-run=client > pod.yaml] [--command -- sh -c "sleep 1d"]

k exec -i <podname> -- sh -c "cat /var/logs/log.txt"

#Note: I predict that in the exam it will most likely be multi-container and through this command 
there's no way to create multi-container deployment. 
That means saving the yaml with 1 container and adding the adding the additional containers.
k create deploy <deploy name> --image=<image name> --replicas=<count> [--oyaml --dry-run=client > pod.yaml]

k expose deploy/pod <object name> --name=<name of the svc> --port=80 [--target-port=8080] [--type=NodePort/ClusterIP]

k create role or clusterrole <name> --verb=<create,delete,list etc> --resource=<pod,deploy,secret etc>

k create rolebinding or clusterrolebinding <name> --role/clusterrole=<role or clusterrole name> --serviceaccount=<namespace>:<SA name>
# to verify the above:
k auth can-i create deploy --as=system:serviceaccount:<namespace>:<sa name>

k scale deploy/replicaset/statefulset <name of object> --replicas=<desired count>

k rollout history/restart/undo deploy/pod <object name> # rollback a deployment etc

k set image deploy/pod <object name> <existing container name>=<new image name> --record


#sortby ASC order
k get pods -A --sort-by=.metadata.creationTimestamp --no-headers| tac

### Check certificate validity
openssl x509  -noout -text -in /etc/kubernetes/pki/etcd/server.crt

### Check etcd snapshot status
ETCDCTL_API=3 etcdctl snapshot status /etc/etcd-snapshot.db


### Check kubeproxy running
crictl ps | grep kube-proxy
crictl logs 27b6a18c0f89c

### Check kube-proxy is creating iptables rules for a given svc
ssh cluster1-controlplane1 iptables-save | grep p2-service


### Change the Service CIDR to 11.96.0.0/12 for the cluster.
vim /etc/kubernetes/manifests/kube-apiserver.yaml
check for restart --- kubectl -n kube-system get pod | grep api


### CNI conf location
/etc/cni/net.d


### kill container running on kube-proxy on node01
ssh node01
crictl ps | grep kube-proxy
crictl stop 28of363745
crictl rm 28of363745
### write the names of all namespaces resources k api-resources namespaced=true -o name ### count line numbers k get roles -n project-c14 | wc -l ### troubleshoot kubelet journalctl -u kubelet ### get version info to install (eg: kubeadm, kubelet, etc) apt show kubectl -a | grep 1.29 ### join node with cluster - get into controlplane --- ssh cluster3-controlplane1 - then print join command: kubeadm token create --print-join-command # no need to memorise this command find it in doco.



Important: Practice to validate the completed task. 

The vim editor:

Everybody has used some level of vim editor. I am sure we all have some sort of love and hate relationship with it. But in CKA there're no good alternative (now a days comes with nano but it is basic nano). You get what they give you. So I familiarised myself with few basic vim stuffs like:
  • 'i' to start editing
  • 'i' + right click paste to paste from clipboard
  • 'v' to mark texts (that I need to do something with)
  • 'x' to cut the marked text (i mainly used this method to delete stuff quickly from the copied yaml from doco).
  • 'y' to copy the marked text
  • 'shift + p' to paste the text (copied via the above).
  • 'shift + >' to indent left
  • 'shift + <' to indent right

The documentation:

Now, this is super critical. This is why I practiced a lot. The strategy is not to memorise everything but to know how to find it and copy paste in https://kubernetes.io/docs/home/. I practiced a lot to search in the documentation using the search field during my practice sessions and familiarised my self with what search term brings what documentation page and what section/yaml to copy paste (and modify) from the documentation to answer to tasks. It is a big part of the time management during exam and hence the importance of faimiliarising with searching, finding (from the K8s doco) and modifying as fast as possible. 
Some objects I frequently visited during my prep time (and proven to be also similar during exam) are:
  • PV, PVC and using then in Pod (search term: Pod PersistentVolume)
  • NetworkPolicy
  • EtcdCTL (search term: etcdctl snapshot and find a sample command in the middle of the page)
  • Taint and Tolerations (search term: pod toleration)
  • Pod Resource utilisation
  • Sidecar (search term: Sidecar container)
You see, not many. 
Important: Sometimes the needed page is not ranked as the 1st one. That's the type of insight I got from practicing searching in the k8s documentation. 

Getting familiarity with few uncommon things:

So, even though I claimed that I am versed in K8s there are few things that I needed to know (re-learn) for the exam specifically, as I do not come across these topics everyday. They are:
  • NetworkPolicy
  • Taint (how to taint and untaint, schedule a pod/deploy on a tainted node/controlplane etc)
  • EtcdCTL (taking backup and restore, validate a backup) ## This is very important.
  • Kubeadm (upgrading a kubeadm cluster) ## this is very important
However, I did not do any course for it. I just learned it through practice.
Important: Practice to validate the completed task. 

The 120 mins of the exam:

  • Launch the exam 15 mins before the time. It is online proctored and needs few validation/checks etc such as taking a photo with id/diver's license, the proctor person with ask to pan the camera/latptop webcam to check the desk, exam area etc. I cleaned my desk completely and I only had my laptop and powerchord on the desk. No mobile phones, no paper etc are allowed. I also used my personal laptop to avoid any potential firewall/remote session block from work laptop. 
  • There's no weights mentioned against questions anymore. But I still felt there were some questions (such as multi-faceted questions, questions related to etcd, kubeadm, network policy, role/sa etc) carried more weights.
  • I got 17 questions in the exam. The guide suggested 15 - 20 questions.
  • I did not revise or do anything before the exam (my exam was in the morning). I willed that I am confident. I had breakfast and coffee. Coffee is super important because the exam is for 120 mins (OMG!! what??!!).
  • Because of my above mentioned strategies I completed most of the questions very fast (in about 80 mins). I flagged few for further validation which I did after that 80mins.
  • I flagged and skipped the hard ones/or the ones I wasnt confident about just by reading at a glance (I flagged about 3 questions) which I attempted after that 80 mins. This was so that I avoid wasting time behind one question by getting stuck on it. 
  • It is also important to mention that since the exam is hands on and task based it is very easy (at least for my personality) to get bogged down into 1 specific things and waste time on it. But that 1 specific thing in that multi-faceted question may only carry 1 insignificant point or no points at all. That's why I skipped whenever I felt like I needed to validate more deeply or I am not super confident. And tackled them after I completed majority of the questions. This took off a lot of pressure during the 120 mins. 


Final words:

I felt, the exam was easy (I probably practiced a much harder questions the days (4) before). 
I also felt that many youtubers (not to discourage them; but purely my bias opinion), in the internet, presented the CKA to be a lot harder than the difficulty level it actually is (which probably contributed to my imposter syndrome).

That's it. 

Comments

Popular posts from this blog

Reimagining Logs: Building AI powered Conversational Observability System

It is mid-2025 and the cogs of AI are at full speed. So we (I and Mobin) decided to do our own AI project. We called it "IntelliLogs".  IntelliLogs at a glance: Demo:  https://www.youtube.com/watch?v=OXMlORwyMQk In this post I will describe why we did what we did, what is it that we did and how we did it. I will share my personal experience. I am hoping this will, at least, be an interesting read. Table of contents: Why IntelliLogs What is IntelliLogs How IntelliLogs was developed Future of IntelliLogs Conclusion References Why IntelliLogs: Personal motivation ðŸ’ª to this were: Explore and experience what does an AI app look like from an architectural and engineering perspective Explore the realm of Huge LLMs (eg: GPT-4.1-170B,  Gemini Pro etc) vs small LLMs (eg: granite-7b, gemma-4b) Explore the possibilities of model tuning / making a model without being a data scientist. How easy or hard it is, what tools available etc. We also wanted to tackle a "not too far from ...

Openshift-Powered Homelab | Why, What, How

I wanted to build a Homelab for some time but it was taking a backseat as I always had access to cloud environments (eg: cloud accounts, VMware DC etc) and the use cases I was focusing on didn't really warrant for one. But lately, some new developments and opportunities in the industry triggered the need to explore use cases in a bare-metal server environment, ultimately leading to the built of my own homelab, called MetalSNO. In this post, I will discuss some of my key reasons for building a homelab, the goals I set for it, and the process I followed to building one from scratch. I'll conclude with some reflections on whether it was truly worth it and what I plan to do with it going forward. Compelling reasons (The Why ) My uses cases for a homelab weren't about hosting plex server, home automation etc (I have them on Raspberry PIs for some years now). My Homelab is really about exploring technologies and concepts that are on par with industry trend. Below are some of the ...

Understanding The Ingress and The Mesh components of Service Mesh

I wrote about the key concepts about service mesh and how to evaluate the requirements for a service mesh in my previous post here:  Deciphering the hype of Service Mesh . This post is a follow up from there covering the technical aspects. Part 1:   Deciphering the hype of Service Mesh Part 2:   Understanding The Ingress and The Mesh components of Service Mesh. Part 3: Uderstanding the observability component of Service Mesh (TBD in another post).  Almost all popular service mesh technologies/tools (eg: Istio, LinkerD) have both ingress and mesh capabilities. Conceptually, I see them as 2 mutually exclusive domain (integrated nicely by the underlying tool). Understanding  the ingress  and  the mesh  components individually, such as what they offer, what I can do with them etc, was the basic building block to my understanding of service mesh technology as a whole. This is arguably the most mis-represented topic in the internet. So, I thought,...

Exception Handling With Exception Policy

This is how I would think of an application at the very basic level: Now this works great. But one thing that is missing in this picture is Exception Handling . In many cases we pay very less attention to it and take it as "we'll cross that bridge when it'll come to that". We can get away with this as in many application as exceptions does not stop it from being in the state "is the application working" as long as we code it carefully and at the very least handling the exceptions in code blocks. This works. But we end up having try catch and if else everywhere and often with messy or no direction to what type of exception is to be handled where and how. Nonetheless, when it comes down an enhancement that depends upon different types exceptions, we will end up writing/modifying code every where, resulting in even messier code. I'm sure no one wants that. Even, in scenarios, a custom handler is not the answer either. Cause this w...