Skip to content

Certification Prep: CKA — Certified Kubernetes Administrator

Metadata

Field Value
Issuer CNCF (Cloud Native Computing Foundation)
Exam Code CKA
Format Performance-based (live cluster tasks)
Duration 2 hours
Passing Score 66%
Cost $395 USD
Retake Policy One free retake included
Kubernetes Version Current stable (check CNCF site)
Wiki Coverage ~85%

Exam Domains & Wiki Mapping

Cluster Architecture, Installation & Configuration (25%)

Objective Topic Pack Coverage
Manage role-based access control (RBAC) k8s-rbac ✅ Full
Use kubeadm to install a basic cluster k8s-ops ✅ Full
Manage a highly-available Kubernetes cluster k8s-ops, etcd ✅ Full
Provision underlying infrastructure to deploy a cluster cloud-deep-dive ⚠️ Partial
Perform a version upgrade on a cluster using kubeadm k8s-ops, k8s-node-lifecycle ✅ Full
Implement etcd backup and restore etcd, backup-restore ✅ Full
Manage certificate rotation and TLS bootstrapping tls-pki, cert-manager ⚠️ Partial
Understand CRI and container runtimes containers-deep-dive, docker ✅ Full

Workloads & Scheduling (15%)

Objective Topic Pack Coverage
Understand deployments and rolling updates k8s-ops ✅ Full
Use ConfigMaps and Secrets to configure apps k8s-ops, secrets-management ✅ Full
Configure resource limits and requests k8s-pods-and-scheduling ✅ Full
Understand how resource quotas work k8s-pods-and-scheduling, multi-tenancy ✅ Full
Configure scheduler profiles and affinity k8s-pods-and-scheduling ✅ Full
Manage DaemonSets, StatefulSets, Jobs, CronJobs k8s-ops ✅ Full
Understand manifest management with Kustomize kustomize ✅ Full

Services & Networking (20%)

Objective Topic Pack Coverage
Understand host networking configuration k8s-networking, networking ✅ Full
Understand ClusterIP, NodePort, LoadBalancer k8s-services-and-ingress ✅ Full
Understand connectivity between Pods k8s-networking ✅ Full
Configure and use CoreDNS dns-ops, k8s-networking ✅ Full
Understand and use NetworkPolicies k8s-networking, policy-engines ✅ Full
Use Ingress controllers and Ingress resources k8s-services-and-ingress ✅ Full
Configure CNI plugins (Calico, Cilium, Flannel) cilium, k8s-networking ⚠️ Partial

Storage (10%)

Objective Topic Pack Coverage
Understand storage classes, PVs, PVCs k8s-storage ✅ Full
Understand volume mode, access modes, reclaim policies k8s-storage ✅ Full
Configure applications with persistent storage k8s-storage ✅ Full
Know how to expand PVCs k8s-storage ✅ Full
Understand CSI drivers k8s-storage ⚠️ Partial
Understand ephemeral volumes k8s-storage ✅ Full

Troubleshooting (30%)

Objective Topic Pack Coverage
Evaluate cluster and node logging k8s-debugging-playbook, linux-logging ✅ Full
Understand how to monitor applications monitoring-fundamentals, k8s-ops (Probes) ✅ Full
Troubleshoot application failures k8s-debugging-playbook, crashloopbackoff ✅ Full
Troubleshoot cluster component failures k8s-debugging-playbook, etcd ✅ Full
Troubleshoot networking issues networking-troubleshooting, k8s-networking ✅ Full
Fix broken nodes (kubelet, certs, runtime) k8s-node-lifecycle, k8s-debugging-playbook ✅ Full
Debug OOMKilled and resource pressure oomkilled, linux-memory-management ✅ Full

Study Plan

Phase 1: Foundations (Weeks 1–2)

Goal: Solid understanding of core Kubernetes architecture and daily operations.

  • Week 1: Cluster architecture and components
  • Read: k8s-ops — control plane, kubelet, kube-proxy, etcd
  • Read: etcd — backup, restore, cluster health
  • Read: containers-deep-dive — CRI, runtimes
  • Practice: Stand up a cluster with kubeadm, inspect all control plane components

  • Practice: Back up and restore etcd, verify cluster state after restore

  • Week 2: Workloads, scheduling, and storage

  • Read: k8s-pods-and-scheduling — affinity, taints, tolerations, resource quotas
  • Read: k8s-storage — PVs, PVCs, StorageClasses, CSI
  • Read: kustomize — overlays, patches
  • Practice: Deploy apps with resource limits, quotas, PVCs
  • Practice: Cordon, drain, uncordon nodes; observe pod rescheduling

Phase 2: Deep Dive (Weeks 3–4)

Goal: Confident with networking, security, and troubleshooting workflows.

  • Week 3: Networking and services
  • Read: k8s-networking — CNI model, pod-to-pod, pod-to-service
  • Read: k8s-services-and-ingress — ClusterIP, NodePort, LB, Ingress
  • Read: dns-ops — CoreDNS troubleshooting
  • Read: cilium — CNI deep dive
  • Practice: Create NetworkPolicies, test pod isolation

  • Practice: Debug DNS resolution failures in a cluster

  • Week 4: RBAC, troubleshooting, and cluster operations

  • Read: k8s-rbac — Roles, ClusterRoles, bindings, service accounts
  • Read: k8s-debugging-playbook — systematic troubleshooting
  • Read: crashloopbackoff, oomkilled — common failure modes
  • Read: k8s-node-lifecycle — node troubleshooting
  • Practice: Break things on purpose, then fix them under time pressure
  • Practice: Troubleshoot kubelet failures, expired certs, misconfigured RBAC

Phase 3: Exam Simulation (Week 5)

Goal: Build speed and confidence under exam-like conditions.

  • Take full-length practice exams (killer.sh included with registration)
  • Time yourself: aim for 7 minutes per task average (17 tasks in 120 min)
  • Review mistakes and map them back to weak domains
  • Rebuild kubectl muscle memory: create resources imperatively, debug with logs/describe/exec
  • Practice etcd backup/restore under time pressure — this is a guaranteed topic

Gap Analysis

Gap Exam Weight Recommended External Resource
Kubeadm cluster provisioning on bare metal Medium (within 25%) Kubernetes the Hard Way (Kelsey Hightower)
CNI plugin comparison (Calico vs Flannel internals) Low (within 20%) CNI specification docs, Calico/Flannel official docs
CSI driver internals and custom provisioners Low (within 10%) Kubernetes CSI developer docs
Certificate rotation deep mechanics Low (within 25%) kubeadm certs documentation

Exam-Day Strategy

Environment Setup (First 2 Minutes)

# Set up aliases immediately
alias k=kubectl
alias kn='kubectl config set-context --current --namespace'
export do='--dry-run=client -o yaml'

# Confirm cluster access
kubectl get nodes
kubectl config get-contexts

Time Management

  • 17 tasks in 120 minutes = ~7 min per task average
  • Flag questions worth 2–4% and skip if stuck after 3 minutes
  • High-weight tasks (7–8%) deserve up to 10 minutes
  • Save 10 minutes at the end for review of flagged items

Question Triage

  1. Read the full question before touching the terminal
  2. Note the namespace and context — switching context is required per question
  3. Identify if the task is "create," "fix," or "verify"
  4. For "create" tasks: use kubectl create or kubectl run imperatively first, then edit YAML
  5. For "fix" tasks: check events, logs, describe output in that order

Bookmarks to Prepare

  • kubernetes.io/docs — the only allowed reference
  • Bookmark: kubectl cheat sheet, PV/PVC docs, NetworkPolicy docs, RBAC docs, kubeadm upgrade docs
  • Practice navigating the docs under time pressure — searching is faster than browsing

Common Traps

  • Forgetting to switch context/namespace per question
  • Creating resources in the default namespace instead of the specified one
  • YAML indentation errors — use kubectl create --dry-run=client -o yaml to generate base manifests
  • Not verifying your answer: always kubectl get or kubectl describe after creating
  • Spending too long on a low-weight question

If You're Stuck

  • Use kubectl explain <resource> for field reference
  • Check kubectl api-resources if you forget a resource name
  • Generate YAML imperatively and edit: kubectl run/create/expose --dry-run=client -o yaml > file.yaml
  • Skip and flag — come back with fresh eyes

Cross-References