|7 min read

CKA: Becoming a Certified Kubernetes Administrator

I passed the CKA exam and here is what it actually takes to master Kubernetes administration

kubernetescareer

I passed the Certified Kubernetes Administrator exam last week. The CKA is a performance-based certification administered by the Cloud Native Computing Foundation in partnership with the Linux Foundation. Unlike most IT certifications, there are no multiple-choice questions. You get a terminal, a set of Kubernetes clusters, and two hours to solve real problems.

It is, without qualification, the most demanding technical certification I have ever taken.

Why CKA

I have been running Kubernetes in production at a major entertainment company for over a year. I manage clusters that serve content delivery workflows for millions of users. So the question I got from several colleagues was: why bother with a certification when you already do this work every day?

Two reasons.

First, production work creates blind spots. When you manage Kubernetes clusters day to day, you develop deep expertise in the specific patterns and configurations your organization uses. But Kubernetes is vast, and there are entire subsystems, network policies, resource quotas, pod security policies, RBAC configurations, that you might never touch if your existing setup works well. The CKA preparation forced me to go deep on areas I had been comfortably ignoring.

Second, certifications provide a structured framework for validating knowledge. I have opinions about most certifications (many test memorization rather than competence), but the CKA is different. You cannot pass it by memorizing answers. You have to actually operate Kubernetes clusters under time pressure, troubleshoot broken configurations, and demonstrate fluency with kubectl, YAML manifests, and Linux system administration.

Preparation

I spent about six weeks preparing, roughly two hours per day on weekday evenings and four to five hours on weekends. Here is what my preparation looked like.

Building the Foundation

I started by reading the Kubernetes documentation end to end. Not skimming: reading. The official docs are comprehensive and well-written, and they cover the entire exam curriculum. I kept a notebook of concepts I could not explain clearly and revisited them until I could.

The exam domains are:

  • Cluster Architecture, Installation, and Configuration (25%): bootstrapping clusters with kubeadm, managing etcd, upgrading cluster versions, RBAC.
  • Workloads and Scheduling (15%): deployments, pod scheduling, resource limits, affinity rules, taints and tolerations.
  • Services and Networking (20%): service types, ingress, DNS, network policies, CNI plugins.
  • Storage (10%): persistent volumes, persistent volume claims, storage classes, volume modes.
  • Troubleshooting (30%): diagnosing failed pods, broken networking, cluster component failures, log analysis.

Troubleshooting being 30% of the exam tells you everything about the CKA's philosophy. This is a practitioner's exam.

Hands-On Practice

Reading documentation is necessary but insufficient. The CKA is a practical exam, and the only way to prepare for it is to practice. Extensively.

I set up a multi-node Kubernetes cluster using kubeadm on three virtual machines. Not minikube, not kind, not a managed service. Bare metal kubeadm on Ubuntu 18.04. This forced me to understand every component of the cluster: etcd, the API server, the controller manager, the scheduler, kubelet, kube-proxy. When something broke (and things broke frequently during setup), I had to diagnose it from first principles.

Exercises I practiced repeatedly:

  • Bootstrap a cluster from scratch using kubeadm, including configuring the pod network (I used Calico) and joining worker nodes.
  • Perform a cluster upgrade from one minor version to the next, following the documented upgrade process for kubeadm, kubelet, and kubectl.
  • Back up and restore etcd. This involves taking a snapshot with etcdctl, stopping the cluster, restoring the snapshot to a new data directory, and updating the etcd manifest to point at the restored data.
  • Configure RBAC with roles, cluster roles, role bindings, and service accounts. Create a user with limited permissions and verify they cannot exceed those permissions.
  • Implement network policies that restrict pod-to-pod communication based on labels, namespaces, and ports.
  • Troubleshoot broken clusters by intentionally breaking components (corrupting a kubelet config, misconfiguring a network plugin, providing invalid manifest YAML) and fixing them.

Speed and Efficiency

The CKA gives you two hours for approximately 15 to 20 tasks across multiple clusters. That is six to eight minutes per task, which is tight. Speed matters, and speed comes from muscle memory with kubectl.

I practiced until the following commands were second nature:

# Generate YAML templates quickly
kubectl run nginx --image=nginx --dry-run=client -o yaml > pod.yaml
kubectl create deployment web --image=nginx --dry-run=client -o yaml > deploy.yaml
kubectl expose deployment web --port=80 --dry-run=client -o yaml > svc.yaml

# Quick resource inspection
kubectl get pods -A -o wide
kubectl describe pod failing-pod -n kube-system
kubectl logs pod-name -c container-name --previous

# Context switching (critical for multi-cluster exam)
kubectl config use-context cluster1
kubectl config get-contexts

I also became proficient with imperative commands for tasks that do not require YAML customization. Creating a configmap from a file, creating a secret, exposing a service: these are faster done imperatively than by writing YAML from scratch.

Setting up aliases and shell variables saved precious minutes:

alias k=kubectl
alias kgp='kubectl get pods'
alias kgs='kubectl get svc'
export do='--dry-run=client -o yaml'

Practice Exams

I used Killer.sh, which provides practice exams that simulate the CKA environment. The Killer.sh questions are harder than the actual exam, which is exactly what you want from practice material. If you can pass Killer.sh comfortably, the real exam will feel manageable.

The Exam Experience

The CKA is proctored online. You share your screen, show your workspace via webcam, and a proctor monitors you throughout. The environment is a browser-based terminal connected to multiple Kubernetes clusters.

Each question specifies which cluster context to use. Missing this detail and working on the wrong cluster is a common mistake, and one I nearly made on question three. I developed a habit of running kubectl config use-context as the first action for every question, regardless of whether I thought I was already on the correct context.

The questions ranged from straightforward (create a pod with specific resource limits) to complex (troubleshoot a multi-node cluster where pods cannot communicate across nodes due to a CNI misconfiguration). The troubleshooting questions were the most time-consuming and the most satisfying when solved.

I finished with about 15 minutes to spare, which I used to revisit two questions I had flagged as uncertain.

What CKA Actually Tests

The CKA tests operational competence. Can you build a cluster? Can you fix one when it breaks? Can you configure networking, storage, and access control correctly? Can you do all of this under time pressure, using the Kubernetes documentation as your reference?

It does not test whether you can design a microservices architecture or choose between service mesh implementations. It tests whether you can operate the platform that runs those services.

This makes it uniquely valuable among certifications. Most certifications test knowledge. The CKA tests skill. The distinction matters: knowledge is knowing that etcd stores cluster state; skill is restoring an etcd backup at 3 AM when the cluster is down and your team is waiting.

Post-Certification Reflections

Passing the CKA did not teach me anything I could not have learned without it. But the structured preparation process surfaced gaps in my knowledge that I would not have found through daily work alone. I am a materially better Kubernetes operator now than I was six weeks ago, and the certification process deserves credit for that.

If you are running Kubernetes in production and considering the CKA, I would recommend it, with the caveat that the preparation matters more than the exam itself. The six weeks I spent building clusters from scratch, deliberately breaking them, and learning to fix them under pressure were worth more than the certificate on the wall.

The certificate validates what you know. The preparation is what actually makes you better.

Share: