Best Tips and tricks before passing CKA Exam

What is the CKA Certification ?

The CKA Certification will validate your knowledge as a sysadmin or devops to create, manage and troubleshoot a Kubernetes Cluster.

It’s a great skill to have and as the exam is 100% lab and practice, it will test your skill in a real life scenario.

Be prepared for the exam, the exam is not so tough ( but not easy neither ) but you will need to be well prepared and used with kubeadm and kubectl command ( and Linux + vim + yaml).

Is the CKA worth it?

Kubernetes is everywhere in the IT industry and specially if you are in a Devops or SRE position.

As the CKA is hands on and quite tough, it is recognize in IT industry as a trust of skills and can be very valuable.

Moreover, if you like command line like me, and you like linux, the CKA is just very fun to pass and required you to learn to work fast and efficiently.

What is the Curriculum to know

The curriculum for CKA is changing after each version, you can have a look on The latest CKA curriculum to know what is the current curriculum. This article will cover the exam for the version of Kubernetes 1.21.

At this time, the CKA will evaluate your knowledge to deploy and manage any resources (pod, deployment, network policy, RBAC role and rolebinding, service, …) and manage a kubernetes cluster ( Upgrade of a cluster, Backup and restore, Troubleshooting).

The biggest part of the exam is related about troubleshooting a cluster.

Tips to pass the exam

I will give you few tips and trick to be more efficient and fast during your exam.

Before my exam, I was worried to do not have enough time to pass my exam and I was looking for all the best techniques to be fast and efficient.

Using all these tips, I’ve managed to finished my exam in one hour and have time to verify all my answers during the next hour.

Flag Questions and pass them if needed

Don’t waste your time on questions you are not confident.

Flag them and return to them later.

Even if you are confident in the subject but your are stuck, don’t spend more than 5 minutes on the question.

You have only 120 minutes for 16-17 questions, thus you will have between 7-8 minutes by questions.

Managing his time during the exam and be able to pass and flag question is a good skill to have to pass the exam.

Moreover, evaluate the weight of each question and prioritizes your time.

Enable bash completion

You don’t need to know how to do all commands by heart.

Just keep a bookmark of the kubernetes doc on your browser and open it when you start the exam.

https://kubernetes.io/docs/reference/kubectl/cheatsheet/

echo 'source <(kubectl completion bash)' >>~/.bashrc
source ~/.bashrc

Create time saving alias

I will not advice you to use too much alias but the most useful in my opinion are :

alias k=kubectl
alias ka="kubectl get pods"
alias kap="kubectl apply -f"

All these alias have to be used during your training to get familiar with them.

I will recommend you to keep a trace/file and use imperative command to create your pod, deploy, …

export do="--dry-run=client -o yaml" 

Save YAML Files by Question Number and type of Resource

Keep organize your file using this naming convention to keep a trace of your file if you need for other question.

numberofquestion-typeofresource. E.G: 02-pod.yaml 03-deploy.yaml

By example, you will create a pod using this imperative command:

kubectl run podname --image="nginx" --labels="env=test" --dry-run=client -o yaml > 01-pod.yaml
kubectl apply -f  01-pod.yaml

Using alias :

k run podname --image="nginx" --labels="env=test" $do > 01-pod.yaml
kap !$

To have a look on your current alias:

alias

List context and switch context

Before each questions, you will need to change the context, it’s really important to do as if you didn’t, your answer will not be validate!

Basically, it will be like you are making command on the wrong server.

kubectl config get-contexts

Switch between clusters by setting the current-context in a kubeconfig file:

kubectl config use-context <context-name>

Make a context for specific namespace

TIPS: In each question, you will have to switch context and work on specific namespace, add the –namespace argument when you will set the context to go faster.

kubectl config set-context <context-name> --namespace=<namespace>

Check current context

kubectl config current-context

Create a temporary pod for debugging

kubectl run --rm -it --image="alpine" alpine -- sh

Understand how DNS and nslookup work for pod and services

It’s important to understand how the pod and service can communicate between each other using DNS.

By default, pod does not have hostname and has to be contacted with the IP with the ‘.’ changed to ‘-’.

E.G: if the the IP of the pod is 192.168.10.1

nslookup 192-168-10-1
#nslookup 192-168-10-1.namespacename.pod.clustername

nslookup 192-168-10-1.default.pod.cluster.local

The second part is only needed if the pod is in different namespace than the pod source where you will execute your command.

For the service(svc), it will be the name specified in the metadata section.

nslookup myamazingservice
#nslookup myamazingservice.namespacename.svc.clustername

nslookup myamazingservice.default.svc.cluster.local

Same here, if different namespace, you will use the long DNS version.

You can use different command to test your service and pod connectivity:

Check connectivity:
wget -O- http://10.44.0.1:80
curl http://10.44.0.1 80
nc -vz 10.44.0.1 80
netstat -atupn 

Use the Documentation

I will suggest you to do not use too much the documentation but you can use the documentation to get any YAML template and go faster.

Moreover, you can prepare your bookmark before the exam.

For the exam, you will need to use Chrome but if you have any issue, you will need to switch to Vivaldi, so be prepared with your bookmark for both browser.

In my case, I had bookmarked 20 bookmarks and during the exam, I had to switch to Vivaldi and lost all my bookmark 😄

Use imperative command to template yaml file and output to file

I will definitively not recommend you to create fresh YAML file for your resource.

Instead, use imperative command or check the Kubernetes documentation to copy the YAML template.

kubectl create deployment mysuperdeploy --dry-run -o yaml > 03-deploy.yaml
k create deploy mysuperdeploy $do > 03-deploy.yaml

To deploy using the yaml file, you have different command follow your need, learn to use them :

kubectl create -f 03-deploy.yaml
kubectl apply -f 03-deploy.yaml
# the next command will delete and recreate the resource 
kubectl replace -f 03-deploy.yaml --force

To create fast a daemonset as there is no imperative command, you can create a deployment and change the kind and delete the replicas section or you can copy the template from the documentation.

kubectl create deploy beebox-cleanup --image=nginx -o yaml --dry-run=client > daemonset.yml

vim daemonset.yml 

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: beebox-cleanup
  name: beebox-cleanup
spec:
  replicas: 1
  selector:
    matchLabels:
      app: beebox-cleanup
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: beebox-cleanup
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}

# Change to: 

apiVersion: apps/v1
kind: DaemonSet
metadata:
  labels:
    app: beebox-cleanup
  name: beebox-cleanup
spec:
  selector:
    matchLabels:
      app: beebox-cleanup
  template:
    metadata:
      labels:
        app: beebox-cleanup
    spec:
      containers:
      - image: nginx
        name: nginx

And finally deploy the DS:

kubectl apply -f daemonset.yml
kubectl get daemonset -A

To run a pod, you cannot use the create command, you will use the run command:

kubectl run nginx --image=nginx -l  env=test --restart=Never --port=80

More complex:

kubectl run --restart=Never --image=busybox static-busybox --dry-run -o yaml --command -- sleep 1000 > /etc/kubernetes/manifests/static-busybox.yaml

If you edit any resource, use –record to keep track of the change:

kubectl edit svc nameservice --record

Create role and rolebinding fast

kubectl create role developer --verb=create --verb=get --verb=list --verb=update --verb=delete --resource=pods
kubectl create rolebinding developer-binding-myuser --role=developer --user=myuser

Use explain command

If you forget any parameter of a specific command, use the command explain which is like a man page for each kubernetes command.

kubectl explain deployment
DESCRIPTION:
Deployment enables declarative updates for Pods and ReplicaSets.FIELDS:
   metadata <Object>
     Standard object metadata.spec <Object>
     Specification of the desired behavior of the Deployment.status <Object>
     Most recently observed status of the Deployment.

If you want to see only all fields for the API resource, use the argument –recursive :

$ kubectl explain deployment --recursive
DESCRIPTION:
Deployment enables declarative updates for Pods and ReplicaSets.FIELDS:
   apiVersion <string>
   kind <string>
   metadata <Object>
       labels <object>
       name <string>
       ownerReferences <[]Object>
       resourceVersion <string>
       finalizers <[]string>
       generation <integer>
       annotations <object>
       uid <string>
       namespace <string>
       deletionGracePeriodSeconds <integer>
       deletionTimestamp <string>
       generateName <string>
       selfLink <string>
       clusterName <string>
       creationTimestamp <string>
...

Amazing, right ?

if you want to know more about a specific parameter:

kubectl explain deployment.spec.strategy
RESOURCE: strategy <Object>DESCRIPTION:
     The deployment strategy to use to replace existing pods with new ones.DeploymentStrategy describes how to replace existing pods with new ones.FIELDS:
   rollingUpdate <Object>
     Rolling update config params. Present only if DeploymentStrategyType =
     RollingUpdate.type <string>
     Type of deployment. Can be "Recreate" or "RollingUpdate". Default is
     RollingUpdate.x@

Moreover, you can do directly from Vim using the command inside the editor:

:!kubectl explain pods.spec

Don’t ssh on node or master if just need to make few commands.

![CKA-ssh-water-food(../../img/CKA_ssh_water_food.png)

ssh cluster1-worker1 "docker ps -a" 
ssh cluster1-worker1 "systemctl status kubelet"

If you need to output on a local file (not on the remote)

The &> in above command redirects both the standard output and standard error.

ssh cluster1-worker1 "docker ps -a" &> mylocalfileoutputdocker.txt
ssh cluster1-worker1 "docker logs 83edegr82" &> mydockercontainer.log

Moreover, you can ssh and copy from your terminal to the node and vice-versa using scp.

scp localfile.yaml nodemaster:/tmp
scp nodemaster:/tmp/localfile.yaml . 

Be confident with systemctl and journalctl to debug service:

systemctl show kubelet
systemctl status -n numberline docker

If you make any change on service:

systemctl daemon-reload && systemctl restart kubelet

The system unit for kubelet and docker/container/CRIO are defined on ubuntu in directory :

/etc/systemd/system/

Use journalctl

journalctl -fexu kubelet

-x --catalog               Add message explanations where available
-e --pager-end             Immediately jump to the end in the pager
-f --follow                Follow the journal
-u --unit=UNIT             Show logs from the specified unit

or 

journalctl -au kubelet
-a --all                   Show all fields, including long and unprintable

Learn to use vim

You will need to be familiar with Vim to edit the Yaml file.

Learn few basic shortcut and used them during your practice:

vim +numberline pod.yaml 
vim +12 pod.yaml

use ZZ to save and quit your file faster
use gg and G to go to end and beginning of the file
use dd to delete line or 3dd to delete 3 lines
use yy and p for copy paste, 4yy will copy the 4 next line

#identify tabs
:set list  
# fix tabs
:retab! 

# to replace all word in the file
:%s/wordtoreplace/newword/g

You can as well improved vim to edit Yaml file.

echo "ts=2 sw=2 expandtab ruler number" >> ~/.vimrc
source ~/.vimrc

Learn to use history and command inside Vim

To launch command without exiting vim can make you win some times.

E.G:

# inside vim
:!kubectl explain pods.spec
:!kubectl get nodes

#to see the history of your command and edit them:
q:

Always record your change when you are making scaling up/down or your deployment

To be sure you don’t forget to record your change:

kubectl scale deploy mysuperdeploy --replicas=3 --record

Test yourself

With the CKA, you will have access to 2 sessions of 36h on killer.sh which is a real great simulator to test your skill before the exam.

Moreover, if you don’t pass the CKA the first attempt, you still have a free retake.

The most important tips

Practice! Practice! Practice!

As the exam is totally hands-on and the time provided is short, you have to be prepared and use kubectl like a robot, you will not have time to learn the imperative command during the exam or any subject.

Before the exam, read the CKA curriculum again and verify your knowledge.

If there is any subject, you are not confident, practice more and make your own lab.

So Run, Eat and Dream kubernetes and you will pass the CKA easily 😄

Good Luck ! Do the kubernetes master be with you !