Passing the CKA Exam: From Building Clusters to Becoming Certified

Introduction

Alright, so confession time - after passing my CKAD exam a couple of months ago, I was feeling pretty good about myself. “I know Kubernetes!” I thought. “How hard could the CKA be?”

Turns out, pretty hard. Different hard.

While the CKAD focused on deploying and managing applications, the CKA is all about being the person who keeps the entire Kubernetes cluster running. You know, the person everyone blames when things break at 3 AM. Yeah, that person.

But here’s the thing - I’ve been building and managing Kubernetes clusters for a while now. I’ve dealt with failed etcd nodes, tricky network policies, cluster upgrades that went sideways, and all the fun stuff that comes with being responsible for infrastructure. So I figured, why not make it official?

Spoiler: I passed! And honestly? This exam kicked my butt way harder than CKAD did, even with all my real-world experience.

Why CKA After CKAD?

You might be thinking, “Didn’t you just pass CKAD? Why torture yourself again?” Fair question. Here’s my reasoning:

1. Complete the picture: CKAD taught me to be a better application developer on Kubernetes. CKA would make me a better cluster administrator. Together? That’s the full stack of Kubernetes knowledge.

2. It’s literally my job: I build and maintain clusters. Having the official certification that says “yes, this person knows how to keep your cluster alive” just made sense.

3. The challenge: After CKAD, I knew what I was getting into. And honestly? I kind of enjoyed the pressure. (Clearly something’s wrong with me.)

4. Career credibility: Having both CKAD and CKA shows you understand Kubernetes from both the development and operations side. It’s a powerful combination.

CKA vs CKAD: What’s the Difference?

Before we dive deeper, let me break down how these exams differ, because they’re really not the same beast:

CKAD focuses on:

• Deploying applications
• Managing pods, deployments, services
• ConfigMaps, Secrets
• Application-level concerns

CKA focuses on:

• Installing and configuring clusters
• Managing cluster components (API server, scheduler, controller manager)
• etcd backup and restore
• Cluster upgrades
• Node maintenance
• Troubleshooting at the infrastructure level
• Networking (CNI plugins, CoreDNS)
• Security and RBAC

Think of it this way: CKAD is for the folks deploying apps on Kubernetes. CKA is for the folks making sure there’s a working cluster for those apps to run on.

My Background Going Into CKA

Just to give you context, by the time I took CKA, I had:

• Built multiple bare-metal Kubernetes clusters from scratch (including this HA setup I blogged about)
• Managed cluster upgrades and maintenance windows
• Dealt with etcd disasters (fun times, let me tell you)
• Configured various networking solutions (Calico, Cilium, etc.)
• Set up monitoring and troubleshooting workflows
• Wrestled with RBAC more times than I can count
• Lost sleep over production cluster issues

But here’s what’s wild - even with all that experience, I still had gaps. The exam covers EVERYTHING about cluster administration, including stuff I’d avoided or automated away. Time to face the music!

Exam Format

The CKA exam format is similar to CKAD:

• 2 hours: 120 minutes to complete all tasks
• 66% to pass: You need to get at least 66% correct
• Performance-based: All hands-on, no multiple choice
• Multiple clusters: Different questions use different clusters
• Open book: You can use the Kubernetes documentation
• Browser-based: Everything in your browser with kubectl and SSH access

The key difference? The questions are more focused on cluster-level operations rather than application deployment.

Preparation Strategy

Understanding the Curriculum

First thing I did was study the official CKA curriculum. It’s broken down into:

• Cluster Architecture, Installation & Configuration (25%)
• Workloads & Scheduling (15%)
• Services & Networking (20%)
• Storage (10%)
• Troubleshooting (30%)

That 30% troubleshooting weighting is no joke. The exam really wants you to prove you can fix broken clusters, not just build new ones.

My Study Plan

1. Hands-On Practice (90% of my time)

Look, you cannot pass this exam by just reading. You need to break things and fix them. Over and over again. Here’s what I did:

Cluster Setup Practice:

# I must have installed kubeadm clusters a hundred times
kubeadm init --pod-network-cidr=10.244.0.0/16
kubeadm join <control-plane-ip>:6443 --token <token> --discovery-token-ca-cert-hash sha256:<hash>

# Getting really comfortable with certificates and config files
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout

etcd Backup and Restore: This comes up A LOT, and if you mess it up, you could lose precious points:

# Backup
ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

# Restore
ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-snapshot.db \
  --data-dir=/var/lib/etcd-new

Practice this until you can do it in your sleep. Seriously.

Cluster Upgrades: Upgrading clusters is a critical skill:

# Upgrade control plane
apt-mark unhold kubeadm && apt-get update && apt-get install -y kubeadm=1.34.0-00 && apt-mark hold kubeadm
kubeadm upgrade plan
kubeadm upgrade apply v1.34.0

# Upgrade kubelet
apt-mark unhold kubelet kubectl && apt-get install -y kubelet=1.34.0-00 kubectl=1.34.0-00 && apt-mark hold kubelet kubectl
systemctl daemon-reload
systemctl restart kubelet

Troubleshooting Scenarios: I spent a ton of time breaking clusters on purpose and then fixing them:

• Messing up kubeconfig files
• Stopping cluster components
• Breaking networking
• Creating certificate issues
• Making nodes go NotReady

2. Key Topics I Drilled

RBAC (Role-Based Access Control): This topic shows up everywhere. Get comfortable creating Roles, ClusterRoles, RoleBindings, and ClusterRoleBindings:

# Create a role
kubectl create role pod-reader --verb=get --verb=list --resource=pods

# Create a rolebinding
kubectl create rolebinding read-pods --role=pod-reader --user=jane

# Check permissions
kubectl auth can-i get pods --as=jane

Cluster Component Management: Understanding where everything lives and how to troubleshoot:

# Static pod manifests
ls /etc/kubernetes/manifests/

# Check component logs
journalctl -u kubelet
kubectl logs -n kube-system kube-apiserver-master

# Component status
kubectl get componentstatuses

Networking:

• Installing CNI plugins
• Troubleshooting CoreDNS
• Network policies
• Service networking and kube-proxy

Node Maintenance:

# Drain a node
kubectl drain node01 --ignore-daemonsets --delete-emptydir-data

# Make node unschedulable
kubectl cordon node01

# Make node schedulable again
kubectl uncordon node01

Storage:

• PersistentVolumes and PersistentVolumeClaims
• StorageClasses
• Volume types and access modes

JSONPath Mastery: Okay, this one’s a game-changer. JSONPath queries can save you SO much time in the exam when you need to extract specific information:

# Get all node names
kubectl get nodes -o jsonpath='{.items[*].metadata.name}'

# Get node IPs
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}'

# Get all container images in a namespace
kubectl get pods -n kube-system -o jsonpath='{.items[*].spec.containers[*].image}'

# Custom columns with JSONPath
kubectl get nodes -o custom-columns=NAME:.metadata.name,IP:.status.addresses[0].address

# Find pods not running
kubectl get pods -A -o jsonpath='{range .items[?(@.status.phase!="Running")]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.status.phase}{"\n"}{end}'

I can’t tell you how many times I used JSONPath during the exam to quickly verify configurations or extract specific values without having to parse through tons of YAML. Practice these patterns because they’re incredibly useful for troubleshooting questions.

3. Practice Platforms

• killer.sh: Comes free with exam registration - use it! The scenarios are harder than the real exam, which is good for preparation
• Killer Coda: Has great CKA-specific scenarios
• Local VMs: I set up multiple VMs using virtual box to practice cluster installation from scratch
• KodeKloud: Their CKA course and labs are excellent.

Critical Skills to Master

1. Speed with kubeadm: You might need to build a cluster from scratch. Know the process cold.

2. etcd operations: Backup, restore, checking cluster health. This is non-negotiable.

3. Troubleshooting methodology: When something’s broken, where do you look first? Second? Have a systematic approach.

4. Certificate management: Understanding where certs live, how to check them, how to fix issues.

5. systemctl and journalctl: Kubelet component runs as systemd service. Get comfortable with:

   systemctl status kubelet
   systemctl restart kubelet
   journalctl -u kubelet -f
   

Exam Day Experience

Pre-Exam Preparation

Same drill as CKAD:

• Cleared my desk completely
• Had my ID ready
• Checked system compatibility
• Made sure internet was stable

During the Exam

The Good:

1. My CKAD experience helped: The exam format was familiar. I knew to set up aliases immediately, knew how to navigate the docs, and was comfortable with the pressure.

2. Real-world experience paid off: All those late nights troubleshooting production issues? They actually prepared me for the troubleshooting questions. When you’ve fixed a broken etcd cluster at 2 AM, doing it in an exam is less scary.

3. Time management: I stuck to my strategy from CKAD - flag tough questions, move on, come back later. It worked.

The Challenging:

1. The troubleshooting questions: Some of these were HARD. Like, intentionally-broken-in-ways-you’ve-never-seen hard. You really need to know how to troubleshoot systematically.

2. Certificate and kubeconfig issues: These questions can eat up time fast if you’re not careful. And one mistake can spiral.

3. Realizing gaps: There were moments where I realized I didn’t know something as well as I thought. Like certain etcd commands or specific kubeadm flags.
4. Nervousness: Even with experience, the pressure of the clock and proctoring can get to you. Stay calm and focused.

Essential Tips for CKA

1. Set Up Your Aliases Immediately: Just like in CKAD, aliases will save you so much time:

   alias k=kubectl
   alias kgn='kubectl get nodes'
   alias kgp='kubectl get pods -A'
   alias kd='kubectl describe'
   alias kl='kubectl logs'
   export do="--dry-run=client -o yaml"
   export now="--force --grace-period=0"
   

   Keep them in a notepad ready to paste after SSH’ing to each cluster!

2. Verify Context and Cluster: Before starting ANY question:

   kubectl config get-contexts
   kubectl config use-context <correct-context>
   

   I almost worked on the wrong cluster. Don’t be me.

3. Know Your Way Around systemctl:

   systemctl status kubelet
   systemctl restart kubelet
   systemctl daemon-reload  # After config changes
   journalctl -u kubelet -f  # Follow logs
   

4. Master the Documentation: Know where to find:
   • kubeadm installation guides
   • etcd backup/restore procedures
   • Upgrade documentation
   • Troubleshooting guides

   The exam environment provides documentation links, use them!

5. Check Your Work: After completing a task:

   kubectl get nodes
   kubectl get pods -A
   kubectl cluster-info
   

   Make sure things are actually working, not just created.

6. etcd Troubleshooting Tips:
   • etcd runs as a static pod: check /etc/kubernetes/manifests/etcd.yaml
   • Logs: kubectl logs -n kube-system etcd-<node-name>
   • Check certificates and paths carefully
7. For Cluster Installation Questions:
   • Follow the official kubeadm docs exactly
   • Don’t skip steps like removing swap or loading kernel modules
   • Test the cluster after installation with kubectl get nodes
8. Use kubectl explain: When you forget field names:

   kubectl explain pod.spec --recursive
   kubectl explain persistentvolume.spec
   

9. For RBAC Questions:
   • Use imperative commands to generate YAML
   • Always verify with kubectl auth can-i
   • Remember: Roles are namespace-scoped, ClusterRoles are cluster-wide
10. Get Comfortable with JSONPath: Seriously, learn this. It’ll save you so much time:

    # Quick examples that came in handy
    kubectl get nodes -o jsonpath='{.items[*].metadata.name}'
    kubectl get pods -o jsonpath='{.items[*].spec.containers[*].image}' | tr ' ' '\n' | sort -u
    kubectl get pv -o jsonpath='{range .items[*]}{.metadata.name}{"\t"}{.spec.capacity.storage}{"\n"}{end}'
    

    Practice constructing JSONPath queries before the exam - they’re perfect for troubleshooting and verification tasks.

11. Troubleshooting Methodology:
    • Check pod status: kubectl get pods
    • Check pod logs: kubectl logs <pod>
    • Describe the resource: kubectl describe pod <pod>
    • Check events: kubectl get events --sort-by='.lastTimestamp'
    • For cluster components: check systemd services and journalctl

Comparing My CKAD and CKA Experiences

Having taken both exams, here’s my honest comparison:

CKAD:

• Faster-paced questions
• More about speed and efficiency
• Application-level thinking
• Shorter YAML files
• Less system administration

CKA:

• Deeper, more complex questions
• More about systematic troubleshooting
• Infrastructure-level thinking
• More interaction with system services
• Requires broader Kubernetes knowledge

If I’m being honest? CKA felt harder. Not because the concepts were more difficult, but because the questions were more involved and required more steps to complete. One troubleshooting question might require checking logs, fixing config files, restarting services, and verifying the fix all works together.

Was It Worth It?

Absolutely, yes. Here’s what getting CKA certified gave me:

Immediate Benefits:

1. Validation: Now I can officially say I know how to administer Kubernetes clusters
2. Confidence: I can handle cluster-level issues with more certainty
3. Completeness: With both CKAD and CKA, I’ve got almost the full Kubernetes picture. CKS is next on my list!

Personal Growth:

1. Filled knowledge gaps: Learned things I’d been avoiding
2. Better troubleshooting: More systematic in my approach now
3. Deeper understanding: Going beyond “it works” to truly understanding why

Tips for Different Backgrounds

If You’re New to Kubernetes Administration:

• Don’t rush into the exam
• Build multiple clusters from scratch first
• Break things intentionally to learn troubleshooting
• Spend at least 2-3 months preparing

If You’re an Experienced Admin:

• Don’t underestimate the exam
• Practice the exam format specifically
• Review areas you don’t touch regularly
• Focus on speed and efficiency

If You Already Have CKAD:

• Build on your kubectl knowledge
• Focus on cluster-level operations
• Practice etcd operations extensively
• Expect a different kind of challenge

Resources That Helped Me

1. Official Kubernetes Documentation - Your bible during the exam
2. killer.sh - Best exam simulation, no contest
3. Killer Coda CKA Scenarios - Great for specific topic practice
4. KodeKloud CKA Course - Comprehensive and hands-on
5. kubeadm documentation - Read it multiple times
6. Kelsey Hightower’s Kubernetes The Hard Way - Not required but builds deep understanding

Final Thoughts

Look, I’m not going to sugarcoat it - the CKA exam is tough. Even with years of cluster administration experience, I had to put in serious preparation work. There’s a difference between knowing how to do something and being able to do it quickly under pressure while being watched by a proctor.

But here’s the thing - it’s totally doable. If you’re working with Kubernetes clusters regularly, you have way more knowledge than you think. You just need to organize it, practice it, and prove it.

The certification itself? It’s opened doors and given me confidence. But honestly, the best part was the journey. The preparation forced me to systematically learn all the parts of Kubernetes I’d been handwaving over. It made me a better administrator, a better troubleshooter, and a better engineer.

If you’re thinking about taking the CKA, my advice is simple: stop thinking and start practicing. Spin up some clusters, break them, fix them, and repeat. Then when you feel ready, schedule the exam before you can talk yourself out of it.

The cloud-native world needs good Kubernetes administrators. The CKA proves you’re one of them. Now go get certified!

---

Already passed CKA or currently studying for it? I’d love to hear about your experience! Drop a comment below and let’s compare notes.