CKA — Exam Experience and thoughts
Thought of writing this blog about my learning and exam experience with the Certified Kubernetes Administrator exam.
I myself cleared the CKA Certification in second attempt so I feel , I can share more experience than anyone else on how to crack and what sort of things need to keep in mind before you start the exam.
Also got a couple of messages from my friends/colleague asking about the subject and the way to crack CKA exam.
My ultimate goal was to learn Kubernetes in depths. However certification is not the only way to acquire the knowledge on technology rather I would say it is nice way to test your knowledge on this niche technology like Kubernetes.
The subject require enough patience and time to learn and acquire knowledge as it is quite tough, and the exam is even tougher. But, once can easily conquer both by doing Practice, Practice and Practice. The exam is all practical and there a no theoretical MCQ’s.
Preparations:
1. My primary source of learning was Udemy. All thanks to its talented author — Mumshad
2. Kubernetes.io à official Kubernetes docs.
Exam Tips:
1. Go through the entire CKA course on udemy.com until you got confidence. The more you practice, the more accuracy, speed and clearer concepts you will have.
2. Practice yaml thoroughly. Because in exam, if you land up with a syntax error or anything of this sort. You should be able to fix the yaml quickly and move ahead. ( you can directly copy and paste the required things from official documentation)
3. Practice using vim or vi editor.
4. While practicing use base auto-completion and alias setup :
source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.
echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.alias k=kubectl
complete -F __start_kubectl khttps://kubernetes.io/docs/reference/kubectl/cheatsheet/
5. In Exam alias and bash-auto completion is already set , So you do not require to do it manually.
6. Make personal notes while learning through the concepts — These are very good for last minute revision of concepts.
7. Its very important to make habit of using the official kubernetes docs — make this as your best friend, as this will help you in the exam — Yes! CKA is an open-book exam and you are allowed to refer to official documentations only (Kubernetes.io, github.com/Kubernetes). You should be well versed with the documentation and should know where the required information is located.
8. Practice imperative commands as much as you can and these should be at your fingertips. Use imperative commands as much as possible, as you can execute and move really fast to next question.
9. Once you complete the entire course, then you can practice exam like questions (actually tougher than exam) on the CKA simulator — killer.sh website. You get 2 free attempts on killer.sh, if you have purchased the voucher from Linux foundations site.
10. There are nice set of demo exam under udemy.com courses, my advice is to practice those mock-exam and lighting lab as much as you can.
11. Practice viewing, finding resources using jsonpath and custom-columns.
Exam: #kubectl get node -o json
12. The exam is fully practical exam and there are no objective questions.
13. Live monitored by a human (proctor) at the other end. You cannot see him/her. But, can chat!
14. You can take breaks in the middle — But, the timer doesn’t stop for that excuse.
15. You are allowed to use an extended monitor and this is very important as you could open the Kubernetes document on one screen and exam panel on the other.
16. Exam is of 2 Hours — Sounds a lot! But, it isn’t. At least I was not able to complete all question. The question were from all over the subject and in varying depths. Hence, we cannot say that this is a important topic and that is not.
17. If you fail don’t worry, you get one retake for Free.
18. I had total 17 questions in exam. The questions are called as Tasks actually in the exam and each of the task will have one or more questions.
19. There is context giving beginning of the each question , you need to copy and paste that in the terminal before you start writing the solution.
Sample Question: Writing based on my memory
Q1.
a) Create a new Clusterrole name deployment-clusterrole, which only allows to create the following resources types deployment,statefulSet,Daemonset.
b) Create a new Serviceaccount named sds-tocken in the existing namespace app-team1.
c) bind the new clusterrole deplyment-clusterrole to the new service account cicd-tocken limited to the namespace tett-teet1.
Ans: $kubectl create clusterrole deployment-clusterrole — verb=create — resource=Deployment,StatefulSet,DaemonSet
$kubectl create sa sds-tocken — namespace=tett-teet1
$kubectl create clusterrolebinding deployment-bind — clusterrole=deployment-clusterrole — serviceaccount=tett-teet1:sds-tocken
Q2.
Set a node named node01 as unavailale and reschedule all the pods running on it.
Ans: $kubectl cordon node01
$kubectl drain node01 — ignore-daemonsets — force — delete-local-data
$kubectl get nodes
$kubectl describe node node01
Q3.
Create a new network policy named allow-port-from-namespace-test that allows pods in the existing namespace my-app-001 to connect to port 8000 of other pods in the same namespace.
Ensure that the new NetworkPolicy
. does not allow access to pods not listening on port 8000
. does not allow access from Pods not in namespace my-app-001
Ans:
Referance link: https://kubernetes.io/docs/concepts/services-networking/network-policies/
vim netpolicy.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-port-from-namespace-test
namespace: my-app >>>> Policy apply to this namespace
spec:
podSelector: {} All pods under this namespace = my-app-001
policyTypes:
— Ingress >> specify policy apply on incoming traffic to all pods under my-app namespace
ingress:
— from: >>> specify source of trafiic
— namespaceSelector: >>.. traffic from this namespace
matchLabels:
project: my-app
ports: >>> traffic destinated for port 8000
— protocol: TCP
port: 8000
kubectl create -f netpolicy.yaml
Q4.
Reconfigure the existing deployment front-end-ttt and add a port specification named http exposing port 80/tcp of the existing container nginx
create a new service named front-end-svc exposing the container port http.
Configure the service also expose the individual pods via a NodePort on the nodes on which they are scheduled.
Ans: kubectl get deployment.apps
kubectl edit deployment.apps front-end-ttt
Go to container spec > add the following under the name: nginx
containers:
— image: nginx:1.14.2
name: nginx
ports:
— containerPort: 80
name: “http”
protocol: TCP
:wq for save and exit
kubectl describe deployment.apps front-end-ttt
kubectl get svc
kubectl expose deployment front-end-ttt — name=front-end-ttt-svc — port=80 — type-NodePort — protocol=TCP
Q5.
Create a new nginx Ingress resource as follows: — — use the link of ingress — completed.
.Name: ns-oop
.Namespace: name-internal
.Exposing service service kkon path /kk using service port 5679
Availablity of sevice can be checked by curl -kL <IN Terminal_IP>/hello
Reff URL: https://kubernetes.io/docs/concepts/services-networking/ingress/
Q6.
Check to see how many nodes are ready (not including nodes tainted NoSchedule) and write the number to
/opt/kkk/kkk.txtAns: $kubectl get nodes | grep Ready | grep -v NotReady | grep -v NoSchedule | wc -l > /opt/kkk/kkk.txt
Q7.
A kubernetes worker node, named node01 is in state NotReady. Investigate why this is the case, and perform any appropriate steps to bring the node to a Ready state, ensureing that any changes are made permanent.
You can assume elevated privileages sudo -i
Ans: ssh to node01
$systemctl enable kubelet or systemctl enable — now kubelet
$systemctl restart kubelet
$systemctl status kubelet
Note: Above questions are based on my learning and reference from friends those who already appeared for the exam.
Happy reading and Good luck for those who all are planning to take the challenge. :)
