DEV Community

Thesius Code
Thesius Code

Posted on • Originally published at datanest-stores.pages.dev

Kubernetes CKA Lab Workbook: Kubernetes CKA Lab Workbook Certified Kubernetes Administ...

#certification #cloud #aws #devops

Kubernetes CKA Lab Workbook (Certified Kubernetes Administrator)

Master Kubernetes administration through hands-on practice with this lab workbook designed specifically for the CKA exam. The CKA is a performance-based exam where you solve real problems in a live Kubernetes environment — reading documentation alone will not pass it. This workbook provides structured lab exercises covering cluster architecture, workload scheduling, services and networking, storage, and troubleshooting. Each lab builds on the previous one, progressively developing the muscle memory and kubectl fluency required to complete exam tasks within the strict time limit. Practice every lab until the commands flow naturally.

Key Features

  • Performance-based exam preparation with hands-on labs matching the actual exam format
  • Cluster setup and configuration including kubeadm bootstrapping, ETCD backup/restore, and upgrades
  • Workload management covering Deployments, DaemonSets, StatefulSets, and scheduling constraints
  • Networking including Services, Ingress, NetworkPolicies, DNS, and CoreDNS troubleshooting
  • Storage with PersistentVolumes, PersistentVolumeClaims, StorageClasses, and volume types
  • Security covering RBAC, ServiceAccounts, SecurityContexts, and certificate management
  • Troubleshooting labs for broken clusters, failed pods, networking issues, and node problems

Study Plan

Week 1-2: Cluster Architecture and Setup (25% of exam)

  • kubeadm cluster initialization and worker node joining
  • ETCD backup and restore procedures
  • Cluster upgrade from one minor version to the next
  • Managing kubeconfig files and contexts
  • Understanding control plane components: API server, scheduler, controller manager

Week 3-4: Workloads and Scheduling (15% of exam)

  • Deployments: rolling updates, rollbacks, scaling strategies
  • DaemonSets, StatefulSets, and Jobs/CronJobs
  • Node affinity, taints, tolerations, and pod topology spread constraints
  • Resource requests and limits, LimitRanges, and ResourceQuotas
  • Static Pods and multi-scheduler configurations

Week 5-6: Services and Networking (20% of exam)

  • ClusterIP, NodePort, and LoadBalancer service types
  • Ingress controllers and Ingress resource configuration
  • NetworkPolicy rules for pod-to-pod traffic control
  • CoreDNS configuration and DNS troubleshooting
  • CNI plugin fundamentals and cluster networking

Week 7-8: Storage (10% of exam)

  • PersistentVolumes and PersistentVolumeClaims lifecycle
  • StorageClasses and dynamic provisioning
  • Volume types: emptyDir, hostPath, configMap, secret
  • Volume expansion and reclaim policies

Week 9-10: Troubleshooting and Security (30% of exam)

  • Debugging pods: CrashLoopBackOff, ImagePullBackOff, Pending states
  • Node troubleshooting: NotReady, kubelet issues, certificate expiry
  • RBAC: Roles, ClusterRoles, RoleBindings, ClusterRoleBindings
  • ServiceAccount tokens and pod security contexts
  • Cluster component log analysis

Key Topics

Domain Weight Focus Areas
Cluster Architecture 25% kubeadm, ETCD, upgrades, HA
Workloads and Scheduling 15% Deployments, scheduling, resources
Services and Networking 20% Services, Ingress, NetworkPolicy
Storage 10% PV, PVC, StorageClasses
Troubleshooting 30% Pod debugging, node issues, RBAC

Practice Questions

Q1: The ETCD cluster is running on the control plane node. Create a snapshot of the ETCD database and save it to /opt/etcd-backup.db. The ETCD is running with TLS certificates located at /etc/kubernetes/pki/etcd/.

A1:

ETCDCTL_API=3 etcdctl snapshot save /opt/etcd-backup.db \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

# Verify the snapshot
ETCDCTL_API=3 etcdctl snapshot status /opt/etcd-backup.db --write-table
Enter fullscreen mode Exit fullscreen mode

Q2: A pod named web-app in the production namespace is stuck in CrashLoopBackOff. Troubleshoot and fix the issue.

A2:

# Check pod status and events
kubectl describe pod web-app -n production
# Look at container logs for the crash reason
kubectl logs web-app -n production --previous
# Common fixes: wrong command, missing config, resource limits too low
# After identifying the issue, edit the pod or its parent deployment
kubectl edit deployment web-app -n production
Enter fullscreen mode Exit fullscreen mode

Q3: Create a NetworkPolicy in the app namespace that allows ingress to role=backend pods only from role=frontend pods on port 8080.

A3: Create a NetworkPolicy with podSelector targeting role: backend, an ingress rule with from podSelector matching role: frontend, and port 8080/TCP. Apply with kubectl apply -f netpol.yaml -n app. Key: without an ingress rule, a NetworkPolicy with policyTypes Ingress denies all incoming traffic by default.

Lab Exercises

Lab 1: Cluster Setup with kubeadm 

# Initialize control plane and configure kubeconfig
sudo kubeadm init --pod-network-cidr=10.244.0.0/16
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# Verify permissions
kubectl auth can-i get pods -n dev-team --as=system:serviceaccount:dev-team:dev-user
kubectl auth can-i delete pods -n dev-team --as=system:serviceaccount:dev-team:dev-user
Enter fullscreen mode Exit fullscreen mode

Lab 3: Troubleshooting a Broken Node 

kubectl get nodes
kubectl describe node <node-name>
# SSH to the node and check kubelet
sudo systemctl status kubelet
sudo journalctl -u kubelet --no-pager -l | tail -50
sudo systemctl restart kubelet
Enter fullscreen mode Exit fullscreen mode

Exam Tips

  1. Speed is everything — you have 2 hours for 15-20 tasks; practice until kubectl commands are automatic
  2. Use kubectl shortcutsalias k=kubectl, enable bash completion, use --dry-run=client -o yaml to generate manifests
  3. Bookmark the docs — you have access to kubernetes.io during the exam; bookmark key pages for RBAC, NetworkPolicy, and PV/PVC
  4. Master imperative commandskubectl create, kubectl run, kubectl expose are faster than writing YAML from scratch
  5. ETCD backup/restore appears on almost every exam — practice until you can do it without looking at notes
  6. Read the question carefully — note the namespace, context, and exact resource names; switching contexts correctly is critical
  7. Skip and return — if a task takes more than 8 minutes, flag it and move on; come back with remaining time

Resources

This is 1 of 11 resources in the Certification Prep Pro toolkit. Get the complete [Kubernetes CKA Lab Workbook] with all files, templates, and documentation for $79.

Get the Full Kit →

Or grab the entire Certification Prep Pro bundle (11 products) for $249 — save 30%.

Get the Complete Bundle →

Related Articles

Top comments (0)