Certified Kubernetes Administrator
Introduction
The Linux foundation provides quite a few certifications and some of the most looked after in 2020 are related to Kubernetes. To this date there are 3 of them:
- Certified Kubernetes Developer (CKAD)
- Certified Kubernetes Administrator (CKA)
- Certified Kubernetes Security Specialist (CKS)
The Administrator certification focuses on tasks related to maintaining, restoring, scaling and re-configuring clusters, whereas the Developer certification looks into patterns, basic pod configuration, and applications themselves. There is some overlap between the two and selecting one or the other depends completely on your learning goals.
Why should you become a CKA ?
As with any other revolutionary tool (remember Docker) there are lot of changes in the early years, this is natural as specification improves and features evolve. Kubernetes falls in this category, even if you think you are a competent practititioner is just a matter of time for your knowledge to need a brush up. The exam version released in 2020 does exactly that:
- Gives you knowledge update that that will probably last for the next few years, as we reached a stable point and core features have matured.
- Provides with you more confidence when dealing with maintenance operations and upgrades and introduces you to new syntax (e.g., generators), tools (e.g., kustomize), and best practices.
- Reignites your curiosity by going deep and wide into operations and gives you another perspective of the CNCF ecosystem which can be daunting to navigate.
- Achievement and accreditation are always important if you are actively looking for career advancement opportunities.
- Opens the door to become a certified security specialist when the exam becomes available.
My study plan
The exam has been broken into 5 competencies: Storage (10%), Troubleshooting (30%), Workloads & Scheduling (15%), Cluster Architecture, Installation & Configuration (25%), Services & Networking (20%).
Security related topics like RBAC, secrets, etc. have been moved to the CKS but i think is still a good idea to study them at this point given that some topics are tightly related or very similar, for example secrets and configmaps.
Schedule
I gave myself 3 weeks to prepare the exam. Have in mind that I had been using Kubernetes for about 2 years so you might require more or less depending on where you are.
- Week 1: Review of basic kubernetes concepts, understand the mechanics of the exam, get fast at using
kubectl, multi-container pods, static pods, replica/daemon sets, deployments, configmaps, debugging commands (e.g.,kubectl logs), and volumes (pv, pvc). - Week 2: Administrative tasks such as upgrade process, backing/restoring up etcd, network add-ons, and cluster level troubleshooting.
- Week 3: Networking and services, policies, ingress, and network-level troubleshooting. Role based access, metrics and self-healing clusters.
Added a few more days to go through some labs and exercises. See resources below for details on this.
Resources
If you are coming from little experience on the topic it will be wise to invest in either KodeKloud or LinuxAcademy (acloud.guru) preparation courses. There is quite a bit of theory on both which is important but at the end of the day this is a practical examination and you must become good at completeting tasks on the command line.
Recommended courses: LinuxAcademy (Acloud.guru), KodeKloud, Bret Fisher's Kubernetes Mastery✨ – (Update: Acloud.guru has relased a 2020 version of the CKA preparation course)
Labs: Some of the courses above come with practical modules which complement the curriculum nicely. I found a few other hands-on practice resources worth mentioning:
- https://killer.sh/cka
- https://github.com/walidshaari/Kubernetes-Certified-Administrator
- https://github.com/alijahnas/CKA-practice-exercises
If you don't have an environment to practice, there are plenty of options such as katacoda or k8s playground. I personally suggest spinning a GCP cluster as it is convenient and doesn't cost much. If you want to run your environment locally, minikube or kind are excellent too.
For details about the exam and what to expect check the official handbook
My tips
Before the exam:
1. Take sufficient notes as this will help reinforce the basic concepts. In any case the exam requires you to become fast on the command line (not theory) so aim for precision and speed.
2. Take a few simulations, not too many, they cost money and they are pretty similar to each other. Master the basics, learn how to read a task, and execute fast.
3. Prepare your exam environment, use aliases (see below) and get used to work on a task using the documentation on a separate tab. You need to know where things such as a configmap template yaml or jsonpath example commands are (use bookmarks during the exam if you must).
4. Practice on a web terminal: In case you haven't done so before, this way things such as network lag won't throw you off later on.
On the exam day:
1. Use aliases as suggested here and come up with your own. I usually type kubeclt instead of kubectl and I've seen many make several similar typos, Adding alias k=kubectl is a good idea. This is my list:
alias k=kubectl
alias kg="kubectl get -o wide --show-labels"
alias kc="kubectl create -o yaml --dry-run=client"
alias ka="kubectl apply -f "
complete -F __start_kubectl kThese commands increase your speed, but may cost you in accuracy if used blindly, I suggest the following procedure:
i. Use kg to understand the current state of the objects, pods, deployments services or simply do kg all
ii. Issue an imperative command and print it to console using kc so for example: kc deploy myapp --image=nginx gets you a quick view of the specification, from there you can either export it to a file (> myapp.yaml) for further processing or apply the spec:
kc deploy myapp --image=busybox --command -- sleep 9999 > myapp.yaml
kc deploy myapp --image=nginx | ka -
iii. Verify that the changes have been applied, using rollout status or just kg po -w as it will follow up status changes for pods (in the default namespace).
Combine kg with all shorthand resource identifiers and selectors:
kg pod -A # --all-namespaces
kg po,svc,ep,pv,pvc -n kube-system
kg pv -l app=db
kg po --sort-by=.metadata.namek run is a little less expressive in the latest version and yet will allow you to assemble a template very quickly
# create a quick template for deployments or pods, e.g.,
k run my-pod --image=busybox --command -- sleep 9999Use kc on these resources:
clusterrole, clusterrolebinding, configmap, deployment, job, namespace, poddisruptionbudget, priorityclass, quota, role, rolebinding, secret, service, serviceaccount
kc deploy my-deploy --image=nginx
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: my-deploy
name: my-deploy
spec:
replicas: 1
selector:
matchLabels:
app: my-deploy
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: my-deploy
spec:
containers:
- image: nginx
name: nginx
resources: {}
status: {}
# use scale or modify the template before applying
kubectl scale deploy/my-deploy --replicas=22. Use resource shortnames:
+-------------+-----------------------------+
| Short name | Full name |
+-------------+-----------------------------+
| csr | certificatesigningrequests |
| cs | componentstatuses |
| cm | configmaps |
| ds | daemonsets |
| deploy | deployments |
| ep | endpoints |
| ev | events |
| hpa | horizontalpodautoscalers |
| ing | ingresses |
| limits | limitranges |
| ns | namespaces |
| no | nodes |
| pvc | persistentvolumeclaims |
| pv | persistentvolumes |
| po | pods |
| pdb | poddisruptionbudgets |
| psp | podsecuritypolicies |
| rs | replicasets |
| rc | replicationcontrollers |
| quota | resourcequotas |
| sa | serviceaccounts |
| svc | services |
+-------------+-----------------------------+
Find them all in the official docs here.
3. Make VIM work for you
In many cases you will need to modify some yaml and VIM can be an advantage if you know how to configure it.
Make sure to auto generate your templates with this combo as much as you cankc deploy .... > app.yaml
Then use VIM to tweak your yaml. An easy way to achieve this is by adding the following line to your ~/.vimrc file:
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtabTabs will be converted into 2 spaces, very useful when copying and pasting from the documentation (or use :set paste inside VIM). I also find useful to use :set retab when I've copied tabs by mistake.
Another trick that I find useful is to copy to clipboard a yaml sample from the documentation and then:
cat >> pod.yaml
<paste pod definition here>
return
ctrl + c
then proceed to tweak the file to solve the task.
4. Use kubernetes.io search in your browser
The search tool can be used as intended to find specific pages in the documentation, another way to use it is to by looking at the results page excerpts.
For example, if you are forgetting a port, a URL and know of a search that may yield results, you should be able to peek at the results and find what you need. See this example:
https://kubernetes.io/search/?q=etcdctl
The results will display an excerpt with the command required to save snapshots via etcdctl and its parameters without even have to click on the results.
Additional resources
- The Official FAQ is concise and clears up most questions: https://docs.linuxfoundation.org/tc-docs/certification/faq-cka-ckad-cks
- A good rundown of the mechanics around the exam and what to expect on the day:
- More tips from a seasoned practitioner:
Good luck with your exam! 🍀
