CKAkubernetescertificationkubectl

CKA Exam Prep: The Commands I Used Every Single Day

November 20, 2024·4 min read

The exact kubectl commands, YAML patterns, and mental models that got me through the CKA exam. No theory — just what actually works under pressure.

Passed on First Attempt — Here's What I Did

I passed CKA with a 92% score. Here's the honest breakdown of what mattered and what didn't.

The Non-Negotiables

1. kubectl explain is your open-book

The exam is open-book — the Kubernetes docs are available. But kubectl explain is faster:

# Get the full spec for any resource
kubectl explain pod.spec.containers
kubectl explain deployment.spec.strategy
kubectl explain networkpolicy.spec

# Add --recursive for the full tree
kubectl explain pod.spec --recursive | grep -i affinity

2. Imperative commands first, YAML second

Don't write YAML from scratch unless you have to. Generate it:

# Create a deployment
kubectl create deployment nginx --image=nginx:1.25 --replicas=3

# Generate YAML without applying
kubectl create deployment nginx --image=nginx:1.25 --dry-run=client -o yaml > deploy.yaml

# Expose it
kubectl expose deployment nginx --port=80 --type=ClusterIP

# Run a one-off pod for debugging
kubectl run debug --image=busybox --rm -it --restart=Never -- sh

3. Alias everything

Set these at the start of every exam session:

alias k=kubectl
alias kgp='kubectl get pods'
alias kgn='kubectl get nodes'
alias kdp='kubectl describe pod'
alias kaf='kubectl apply -f'
export do='--dry-run=client -o yaml'
export now='--force --grace-period=0'

Then you can write:

k create deploy nginx --image=nginx $do > nginx.yaml
k delete pod stuck-pod $now

Contexts and Namespaces

The exam switches between multiple clusters. Context management is critical:

# List all contexts
kubectl config get-contexts

# Switch context
kubectl config use-context k8s-prod

# Set default namespace for current context
kubectl config set-context --current --namespace=kube-system

# Always check where you are before doing anything
kubectl config current-context

The YAML Patterns You Must Know Cold

Pod with resource limits and probes

apiVersion: v1
kind: Pod
metadata:
  name: app
  namespace: production
spec:
  containers:
  - name: app
    image: nginx:1.25
    resources:
      requests:
        cpu: "100m"
        memory: "128Mi"
      limits:
        cpu: "200m"
        memory: "256Mi"
    livenessProbe:
      httpGet:
        path: /healthz
        port: 8080
      initialDelaySeconds: 10
      periodSeconds: 5
    readinessProbe:
      httpGet:
        path: /ready
        port: 8080
      initialDelaySeconds: 5
      periodSeconds: 3

NetworkPolicy: deny-all with specific allow

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: deny-all-allow-frontend
  namespace: backend
spec:
  podSelector:
    matchLabels:
      app: api
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend
      podSelector:
        matchLabels:
          app: web
    ports:
    - protocol: TCP
      port: 8080
  egress:
  - to:
    - podSelector:
        matchLabels:
          app: database
    ports:
    - protocol: TCP
      port: 5432

RBAC: ServiceAccount + Role + RoleBinding

# Create everything imperatively
kubectl create serviceaccount monitor -n monitoring
kubectl create role pod-reader \
  --verb=get,list,watch \
  --resource=pods \
  -n monitoring
kubectl create rolebinding monitor-pod-reader \
  --role=pod-reader \
  --serviceaccount=monitoring:monitor \
  -n monitoring

# Verify
kubectl auth can-i list pods \
  --as=system:serviceaccount:monitoring:monitor \
  -n monitoring

Cluster Troubleshooting Checklist

When asked to fix a broken cluster node:

# 1. Check node status
kubectl get nodes
kubectl describe node <node-name>

# 2. SSH to the node and check kubelet
systemctl status kubelet
journalctl -u kubelet -f

# 3. Common fixes
systemctl start kubelet
systemctl enable kubelet

# 4. Check the kubelet config
cat /etc/kubernetes/kubelet.conf
cat /var/lib/kubelet/config.yaml

Time Management

The exam is 2 hours. Here's how I split it:

  • Easy tasks (1-2 points): max 3 minutes each — do these first
  • Medium tasks (3-4 points): max 8 minutes each
  • Hard tasks (5+ points): max 15 minutes — skip and return

If you're stuck after 5 minutes, skip it, mark it, come back. This mindset alone saved me 20 minutes.

The Final Week

  1. Practice on killer.sh — it's harder than the real exam, intentionally
  2. Time yourself on every task
  3. Know how to upgrade a cluster with kubeadm upgrade

Good luck. You'll do great.

← Back to all posts