CKA - Certified Kubernetes Administrator¶
The Certified Kubernetes Administrator (CKA) exam certifies that candidates have the skills, knowledge, and competency to perform the responsibilities of Kubernetes administrators.
Exam Overview¶
| Detail | Information |
|---|---|
| Exam Format | Performance-based (hands-on) |
| Number of Questions | 15-20 |
| Duration | 2 hours |
| Passing Score | 66% |
| Certification Validity | 3 years |
| Cost | $395 USD |
| Retake Policy | 1 free retake |
| Kubernetes Version | 1.30 |
Exam Domains & Weights¶
| Domain | Weight |
|---|---|
| Cluster Architecture, Installation & Configuration | 25% |
| Workloads & Scheduling | 15% |
| Services & Networking | 20% |
| Storage | 10% |
| Troubleshooting | 30% |
Prerequisites¶
- Strong Linux command line skills
- Understanding of Kubernetes architecture
- Experience with containerization (Docker)
- Basic networking knowledge
Study Resources¶
Official Resources¶
Recommended Courses¶
Practice Resources¶
- Killercoda CKA Scenarios ⭐ Highly Recommended
- killer.sh CKA Simulator - Included with exam registration
- Kubernetes Playground
Quick Navigation¶
- 01 - Cluster Architecture, Installation & Configuration
- 02 - Workloads & Scheduling
- 03 - Services & Networking
- 04 - Storage
- 05 - Troubleshooting
- Sample Practice Questions
Exam Environment¶
The CKA exam provides:
- Access to multiple Kubernetes clusters
kubectlwith auto-completion enabled- Access to Kubernetes documentation (kubernetes.io)
- A Linux terminal environment
- Root access via
sudo
Allowed Resources During Exam¶
Exam Tips¶
- Master cluster administration - Know how to bootstrap clusters with kubeadm
- Practice troubleshooting - 30% of the exam focuses on this
- Know etcd backup/restore - Critical for cluster recovery
- Understand RBAC - Role, ClusterRole, RoleBinding, ClusterRoleBinding
- Practice certificate management - TLS certificates for cluster components
- Use aliases - Set up
alias k=kubectland enable auto-completion - Bookmark important docs - Prepare bookmarks for quick access
- Practice on Killercoda - Free hands-on scenarios
Useful kubectl Commands¶
# Set alias
alias k=kubectl
# Enable auto-completion
source <(kubectl completion bash)
complete -o default -F __start_kubectl k
# Cluster info
kubectl cluster-info
kubectl get nodes -o wide
kubectl get componentstatuses
# Context management
kubectl config get-contexts
kubectl config use-context <context-name>
kubectl config set-context --current --namespace=<namespace>
# Resource management
kubectl api-resources
kubectl explain pod.spec.containers
# Quick operations
kubectl run nginx --image=nginx --dry-run=client -o yaml
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml
kubectl expose deployment nginx --port=80 --type=NodePort
# Troubleshooting
kubectl describe node <node-name>
kubectl logs <pod-name> -c <container-name>
kubectl exec -it <pod-name> -- /bin/sh
kubectl top nodes
kubectl top pods
Cluster Administration Commands¶
# Kubeadm commands
kubeadm init --pod-network-cidr=10.244.0.0/16
kubeadm join <master-ip>:6443 --token <token> --discovery-token-ca-cert-hash <hash>
kubeadm token create --print-join-command
# Certificate management
kubeadm certs check-expiration
kubeadm certs renew all
# etcd backup
ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key
# etcd restore
ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-snapshot.db \
--data-dir=/var/lib/etcd-restore
# Node maintenance
kubectl drain <node-name> --ignore-daemonsets --delete-emptydir-data
kubectl cordon <node-name>
kubectl uncordon <node-name>
# Upgrade cluster
kubeadm upgrade plan
kubeadm upgrade apply v1.30.0