Newly-minted Certified Kubernetes Administrator (CKA)

In July I became a CKA on my second attempt, improving my score from 67% to 79% (74% to pass).

A couple of people – nerds, really – asked me about it, so I thought I’d write down some of the things I picked up along the way.

What worked

  • Practice effect. I took the exam twice!
  • Practical experience. Second time around, I really took the time to familiarize with kubectl, and at work I deployed a CI/CD integration with my cluster, and that helped for sure, too.
  • Having an external display in portrait rotation, since you get one extra browser tab.

What didn’t work

  • First time around, using only a low-res display.
  • Ctrl-C/Ctrl-V to copy/paste does not work in the browser, I think it’s Ctrl-/Shift-Insert instead.


kubectl explain is a life-saver: use it to explain (of course), what the level of indentation, as well as what type of value(s) is expected.

The is a handy collection of tips; e.g.,

Don’t waste time typing out kubectl in full – just use your new k alias defined below, and please enable Tab auto-completion (of resource names); e.g., in your ~/.bashrc:

alias k=kubectl
source <(kubectl completion bash)
complete -F __start_kubectl k

Don’t waste time typing out manifest files; e.g., use k run --generator=run-pod/v1 --image=foo --dry-run -o=yaml > foo.yaml, it’s far quicker to modify an existing manifest.


For standard, non-headless Services, a DNS name is created so it is not necessary to know which Endpoints to use. But there is also Pods DNS, which I remember as the “dashed IP of a given Pod”, followed by something like “.default.pod.cluster.local”; e.g., 192-168-1-39.default.pod.cluster.local. See

Two containers within the same Pod will not see the same filesystem unless they have the same named volumeMounts specification. See


Swap must be disabled in order for kubelet.service to work correctly (e.g., swapoff -a). See

It’s possible to configure kubelet with Pod manifests (e.g., /etc/kubernetes/manifests/), but check if --staticPodPath is also defined. See

To take a snapshot of your etcd, use etcdctl snapshot save --endpoints= --cacert= --cert= --key=, with the last 4 arguments having values specific to your cluster. See

Carefully inspect the output of systemctl status kubelet. If you’re seeing a NotReady node, it mght be because the kubelet.service file references a config file – there are multiple! – that doesn’t exist, so it’s just a matter of correcting the filepath/name, and perhaps grabbing a copy off a node that you already know works.