The certifications on Kubernetes help you to have a context applicable to reality, which in most cases you can also find yourself facing in your daily routine.
We can consider the Kubernetes certifications, CKA, CKAD, CKS, as very similar to each other on a practical level. You can apply the same study and practice method to all of them. The thing that changes is the content.
In this article, I want to share my study strategies, tips, and tricks to take the exam in a prepared and safe way. They are remote exams, consisting of hands-on questions. You may think a person who works daily in this kind of technology can pass exams in a very easy way. In reality, the real variable is time management.
Tips for studying:
Kode Cloud Course
The structure of the course, divided between theory and practical exercises, allows you to acquire the skills and apply them right away. It is also important because it gives direction to the contents and a guide to follow.
I did the theory exercises several times before moving on to the mock exams. Don't make the mistake of throwing yourself straight into mock exams, because not everything is covered with just those exercises.
Here there are more complex exercises than the real exam, and the mock exam user interface is very similar to the real exam. They were helpful in preparing for the exam mentally and becoming familiar with time management.
Github (Pay attention to the Kubernetes version!)
It goes without saying that GitHub is truly a resource pit. If you try typing CKS in the search bar, you will be spoiled for choice by how much material there is and how many people have been willing to take the time to help others. Let’s do it!
Practical advice for the exam
alias keti='kubectl exec -it'
kubectl is the command you will almost always use; try also to remember contract form of Kubernetes Object, like the following examples:
k get po
k get netpol
k get svc
keti <pod-name> -- bash #Open shell inside pod quickly
export DRY="--dry-run=client -o yaml"
export NOW="--force --grace-period=0"
Although you can use the documentation to recover yaml, I recommend using this command for creating and editing the working yaml file:
k run nginx --image=nginx $DRY > nginx.yaml
k delete pod nginx $NOW
Learning Vim is a lifesaver
Read this simple article with all basic commands that are very useful, not only for the exam. The exam will show you some really long Yaml such as Api Server or Falco. Being familiar with Vim on search and basic commands allows you to not waste precious time.
Knowing the yaml is important but for the exam, my advice is to exploit the imperative commands as much as possible. I think they are the things that make the most difference in saving time. Use a lot of kubectl, which is packed with examples, and very often they cover what you are looking for.
k create role --help
Create a role with single rule.
# Create a Role named "pod-reader" that allows user to perform "get", "watch" and "list" on pods
kubectl create role pod-reader --verb=get --verb=list --verb=watch --resource=pods
# Create a Role named "pod-reader" with ResourceName specified
kubectl create role pod-reader --verb=get --resource=pods --resource-name=readablepod --resource-name=anotherpod
# Create a Role named "foo" with API Group specified
kubectl create role foo --verb=get,list,watch --resource=rs.extensions
# Create a Role named "foo" with SubResource specified
kubectl create role foo --verb=get,list,watch --resource=pods,pods/status
Learn more about the tools
The exercises you find in the courses are more than enough. What I would like to share with you is the repo that you can use to have a clean cluster and not have everything ready as gvisor and falco, trivi, kube-bench, kubesec already installed.
You can use this cluster to practice in this way:
1. Upgrade Kubernetes cluster
The version required for the exam: you can find the exam version HERE. You can find the official guide on how to update the cluster with kubeadm among the bookmarks.
E.g. Create pods like below:
k run nginx --image=nginx
k run nginx --image=nginx:alpine
k run nginx --image=nginx:1.19.1
k run nginx --image=redis
Identify and delete the pods which have CRITICAL vulnerabilities.
Read the kube-bench assessment report. Fix the tests that have FAIL status for the all configuration.
4. Runtime Classes
Install and create a RuntimeClass with "gVisor" using the handler "runsc". Create a pod that uses the runtime class "gVisor".
Enable auditing in this Kubernetes cluster. Create an audit policy file that will log events of your cluster.
Install OPA. Make sure that it will not be possible to install images from a not-trusted registry or that it will not be possible to install images with the latest tag.
Opa Gatekeeper Installation
General advice and problems I have addressed
Test your webcam and make sure your documents are clearly visible.
I bought a 1080p webcam but it was a flop because the proctor could not display the identification document numbers, I had to switch into the laptop’s built-in one before moving on. Get a good webcam and before the exam try to understand if the characters of your identification documents are visible and not blurry.
Create your browser favorites
During the exam you have an additional tab to view the official k8s documentation. I found it convenient as I followed the courses and mocks to save the pages and organize them so that I could consult them quickly.
I share mine and I hope that with practice you can take manual skills in the search for resources.
Attention! The exam rules can change at any time. Always check if the address is allowed before consulting it during the exam.
My last piece of advice: create your local cluster and practice, practice and practice!