Certified Kubernetes Administrator
Validates the skills, knowledge, and competency to perform the responsibilities of a Kubernetes administrator, including cluster architecture, installation and configuration using kubeadm, workload scheduling, services and networking, storage management, and troubleshooting. The CKA is a performance-based exam requiring hands-on problem solving in a live Kubernetes environment within a 2-hour time limit.
Exam domains
- Troubleshooting30%
Troubleshoot clusters and nodes — kubectl get nodes, NotReady conditions, kubelet logs, describe nodes, taints, node pressure (DiskPressure, MemoryPressure, PIDPressure), eviction. Troubleshoot cluster components — control plane health (kube-apiserver, etcd, kube-controller-manager, kube-scheduler), static pod manifests in /etc/kubernetes/manifests, etcdctl, journalctl -u kubelet, container runtime debugging. Monitor cluster and application resource usage — kubectl top nodes/pods, metrics-server, Resource Metrics API, kube-state-metrics, custom metrics. Manage and evaluate container output streams — kubectl logs, --previous, --container, --tail, --follow, log rotation, sidecar logging patterns, ephemeral containers (kubectl debug). Troubleshoot services and networking — kubectl get endpoints, EndpointSlices, kube-proxy debugging, DNS resolution checks (dnsutils pod), NetworkPolicy effects, Ingress/Gateway routing, kubectl port-forward, kubectl exec for in-pod tcpdump.
- Cluster Architecture, Installation & Configuration25%
Manage role-based access control (RBAC) — Roles, ClusterRoles, RoleBindings, ClusterRoleBindings, ServiceAccounts. Prepare underlying infrastructure for installing a Kubernetes cluster. Create and manage Kubernetes clusters using kubeadm: kubeadm init, kubeadm join, kubeadm upgrade plan/apply. Manage the lifecycle of Kubernetes clusters including version upgrades, drain, cordon, uncordon. Implement and configure a highly-available control plane (stacked etcd vs external etcd, multiple control-plane nodes, kube-vip / HAProxy front-end, certificate management). Use Helm and Kustomize to install cluster components — Helm charts/releases/values, Kustomize bases/overlays/patches/components. Understand extension interfaces — CNI (Container Network Interface, plugins like Calico/Cilium/Flannel), CSI (Container Storage Interface drivers), CRI (Container Runtime Interface, containerd/CRI-O), device plugins. Understand CRDs (CustomResourceDefinitions, schema, validation, conversion webhooks), install and configure operators (controller pattern, OperatorHub, OLM).
Sources
Questions are grounded in 150 references from official and authoritative materials.