Prepping for the CKA

As I said in a recent blog post I was planning on taking the CKA. I felt like it was a good way to demonstrate my kubernetes skills given that I don't have a lot of professional history with it. Well, I'm happy to say that yesterday I took my first whack at it and I passed the exam, I'm now a Certified Kubernetes Administrator! Here's a few exam prep tips for anyone interested in taking the exam.

Study materials

For studying I started with Kubernetes The Hard Way. For the CKA this is completely unnecessary. However, it was a great introduction into how kubernetes works and I'd recommend it for anyone who uses kubernetes and wants to know more about how it works under the hood. Also, Kelsey Hightower has graciously spent some of his retirement updating the repository to the latest and greatest as of a few months ago.

I then purchased a bundle from The Linux Foundation that included Kubernetes Fundamentals (LFS258), 2 practice sessions from killer.sh, and the CKA exam itself. I'd recommend looking at their bundles if you are looking to obtain multiple certs or want additional learning materials and want to save some money. You should also search the internet for discount coupons for these bundles as they are abundant.

I would not recommend the Kubernetes Fundamentals course for the CKA unless you are a complete beginner. It was pretty slow-paced and didn't really cover much that I didn't already know from my experience using Kubernetes at work for the last 1-2 years.

I would recommend the practice sessions from killer.sh, they were really helpful in a few ways:

1. The test they provide as part of the practice sessions are basically the same as the actual CKA test only harder. I'll admit that when I took the practice test I spent probably 6-8 hours or so on it to get to 100% which had me a bit worried since the actual test is only 2 hours. However, I completed the actual exam with time to spare. The prep questions are much harder and time consuming than the actual test, especially if you dive into each one to make sure you fully understand it.

2. Their questions are the same format as the CKA test and use a very similar environment. This is important as the first half of me struggling with the practice session was getting used to the remote desktop environment they force you to use when taking the test. If you go in blind to the CKA without familiarizing yourself with that kind of environment then you'll probably struggle. For instance, I use k9s liberally when managing my own kubernetes clusters. While taking the CKA, the tools you'll have access to will be very limited. You'll be expected to know kubectl very well.

3. The practice test also comes with an answers guide at the end that is quite detailed. For me, this was a much more effective way of learning if you're trying to ramp up for the CKA quickly.

Running a cluster

I would recommend setting up your own cluster to practice on. Not only is it useful in prepping for the CKA, anyone who is doing any amount of regular work with kubernetes will want a playground to try things out and play with the various tools in the ecosystem.

I ended up building a Raspberry Pi cluster and would recommend it for anyone interested in learning more about bare-metal clusters and who is interested in doing the sysadmin and networking side of managing a cluster as well.

My cluster consists of four Raspberry Pi 4 Model B's running Debian Bookworm and a Protectli Vault FW4B running Ubuntu and acting as a router and load balancer to my cluster's private subnet. This is probably the bare minimum you would need to replicate the kind of environment you would most likely come across in a production environment (3 nodes acting as highly-available control plane and etcd backend, 1 worker node, and an external load balancer plus router/firewall which can also act as bastion node to the cluster).

Some caveats to this setup:

1. The Raspberry Pi's running default Debian Bookworm can't run Cilium CNI without some tweaks to the OS. Fixing this will require compiling a custom linux kernel. More details here.

2. If you plan to use this Raspberry Pi cluster for doing the The Linux Foundation's Kubernetes Fundamentals (LFS258) course you will run into occasional issues because some container images they use as part of the lessons will not have support for the arm64 platform.

Your other option is to setup a cloud kubernetes cluster. This is probably ideal if you plan on mostly working in the cloud or if you plan on doing the Kubernetes Fundamentals (LFS258) course and want to use non-arm64 platform images. The caveats to this setup are:

1. It can get pretty expensive if you setup a cloud cluster and leave it sitting for any amount of time. To get around this I was spinning up a temporary cluster on GCP using terraform and kubespray which I would destroy at the end of the day when I was done doing course work. I generalized the tools and scripts I was using and documented it here if you would like to use it and go this route. There are also these contrib terraform scripts in the kubespray repo if you want to run on a different platform or try their GCP implementation.

2. In my CKA setup scripts above I use kubespray to install Kubernetes on the cloud cluster. The CKA will expect you to understand and will have questions related to using kubeadm. While kubespray uses kubeadm behind the scenes to setup and join the cluster nodes you will not learn how to use kubeadm by using kubespray so you might plan to just provision the base nodes and manually use kubeadm to install kubernetes at least once when setting up your cluster. They will also expect you to manage parts of your etcd backend using etcdctl.

A few tips for the CKA

1. Get used to creating Pods, Deployments, Services, etc using kubectl commands instead of writing manifests from scratch. e.g. kubectl run, kubectl create deploy, kubectl expose and so on. While I usually prefer creating a manifest file myself it is time consuming and prone to syntax errors.

2. If you need a manifest (which you will sometimes) you can create a yaml base by using one of the kubectl commands above and output the results to a yaml to a file using --dry-run=client -o yaml. For example, to make a pod:

kubectl run nginx --image=nginx --dry-run=client -o yaml > pod-nginx.yaml

3. Get used to poking around the kubectl help output with -h. You can use this flag at any level to get information on how to do very specific things. e.g. kubectl create deploy -h | less

4. Be comfortable with vim. You don't need to be a vim ninja but you will be editing manifest files frequently in a terminal as well as writing your answers in files and you don't want to be putzing around trying to figure out what's wrong with vim while the clock is ticking.

5. If you can, learn how to use tmux. The test will be taken on a remote desktop session with a single monitor. This will feel pretty foreign to people who are used to using multiple monitors for the last decade. For instance, trying to view the kubectl -h ouput while at the same time writing the commands into a vim session will be difficult if you're trying to drag multiple windows around in this tiny and laggy (actually it wasn't that bad, but you can feel it) remote desktop session. Even a a two-pane tmux session will be extremely helpful. It's also useful for copying and pasting within the terminal (the testing environment has a ctrl-c, ctrl-v gotcha you should be aware of).

6. Be familiar with using kubernetes.io for documentation. However, you won't need it very often during the test if you familiarize yourself with the basic concepts and know how to use kubectl with its built-in documentation. You probably won't want to use it either as it can be quite verbose and often references topics that are not useful to the test problem at hand. At best you'll just be using it to copy/paste a few example manifests and hopefully not reading it to understand how something works (do that before the test).

Where to go from here

If at this point you've finished the CKA and haven't done Kubernetes The Hard Way I'd recommend giving it a go. There's also other kubernetes certifications you might be interested in: the Certified Kubernetes Application Developer (CKAD) and the Certified Kubernetes Security Specialist (CKS). From what I have heard the CKAD is just a simpler version of the CKA so unless you require it for some specific purpose there is no real reason to get it at this point. The CKS could be interesting if you're working more in the networking field and with cyber security. It has a completely separate set of curriculum it covers so if you're interested in going even further it might be worth looking into it. If that's the case I'd recommend getting a bundle that includes both the CKA and the CKS.

And with that farewell and good luck!