Study Guide

Certified Kubernetes Administrator Study Guide

Use the saved domain outline to connect cluster architecture, installation & configuration, workloads & scheduling, services & networking, storage to scenario-based questions and explanations.

Download App Free Practice Exam Key Terms Glossary

How the Exam Is Structured

Certified Kubernetes Administrator (CKA) validates cluster architecture, installation & configuration, workloads & scheduling, services & networking, storage. The ExamPal practice bank includes 154 premium questions and 40 free questions mapped across the official blueprint.

Domain	Weight	Focus
Domain 1: Cluster Architecture, Installation & Configuration	20%	Task 1: Manage cluster bootstrap and lifecycle; Use `kubeadm` to initialize and join cluster nodes
Domain 2: Workloads & Scheduling	18%	Task 1: Create and manage Pods, Deployments, and higher-level workloads; Create Pods and Deployments from imperative commands or YAML
Domain 3: Services & Networking	18%	Task 1: Expose applications with Services; List and inspect Services across namespaces
Domain 4: Storage	16%	Task 1: Manage PersistentVolumes and PersistentVolumeClaims; Create PersistentVolumes with required capacity and access modes
Domain 5: Troubleshooting	14%	Task 1: Troubleshoot failed workloads; Describe Pods to identify startup and scheduling issues
Domain 6: Security, RBAC & Configuration	14%	Task 1: Manage namespaces and core configuration objects; Create namespaces and list existing namespaces

20% of exam

Domain 1: Cluster Architecture, Installation & Configuration

Covers cluster bootstrap, lifecycle operations, certificates, contexts, backup and restore, and basic health inspection. This domain focuses on foundational administration tasks needed to install, access, maintain, and recover a Kubernetes cluster.

Task 1: Manage cluster bootstrap and lifecycle

Use `kubeadm` to initialize and join cluster nodes

Plan and perform control plane version upgrades

Drain, cordon, and uncordon nodes during maintenance

Verify component versions after upgrade operations

Task 2: Manage Kubernetes certificates and authentication artifacts

Inspect kubeconfig settings and active contexts

18% of exam

Domain 2: Workloads & Scheduling

Covers creating, updating, and troubleshooting workloads, as well as controlling where Pods run. This domain includes multi-container Pods, static Pods, scheduling behavior, and custom scheduler usage.

Task 1: Create and manage Pods, Deployments, and higher-level workloads

Create Pods and Deployments from imperative commands or YAML

Scale Deployments to desired replica counts

Update container images and verify rollout status

Roll back Deployments to previous stable revisions

Task 2: Configure multi-container Pods and static Pods

Create Pods with multiple application containers

18% of exam

Domain 3: Services & Networking

Covers exposing applications with Services, configuring Ingress routing, implementing network security controls, and inspecting cluster networking state. This domain emphasizes service discovery, traffic routing, and policy-based access control.

Task 1: Expose applications with Services

List and inspect Services across namespaces

Create Services to expose Pod-backed applications

Sort and query Service information for verification

Validate endpoints and service-to-pod matching

Task 2: Configure Ingress routing

Create Ingress resources for HTTP path-based routing

16% of exam

Domain 4: Storage

Covers persistent storage objects, volume attachment to workloads, node-local storage, and storage troubleshooting. This domain focuses on matching storage requirements to Kubernetes volume resources and diagnosing binding or mount issues.

Task 1: Manage PersistentVolumes and PersistentVolumeClaims

Create PersistentVolumes with required capacity and access modes

Create PersistentVolumeClaims with appropriate storage classes

Verify binding status between PVs and PVCs

Inspect storage objects for configuration correctness

Task 2: Attach persistent storage to workloads

Mount PVC-backed volumes into Pods at required paths

14% of exam

Domain 5: Troubleshooting

Covers diagnosing failed workloads, node and kubelet issues, resource usage symptoms, and control plane behavior. This domain emphasizes root-cause analysis, corrective action, and verification of restored functionality.

Task 1: Troubleshoot failed workloads

Describe Pods to identify startup and scheduling issues

Retrieve logs from application containers

Extract specific log lines and write results to files

Output clean resource YAML for diagnosis or recreation

Task 2: Troubleshoot cluster nodes and kubelet issues

Investigate NotReady worker nodes

14% of exam

Domain 6: Security, RBAC & Configuration

Covers namespaces, ConfigMaps, Secrets, RBAC roles and bindings, and authorization testing. This domain focuses on securing access, defining least-privilege permissions, and validating effective authorization.

Task 1: Manage namespaces and core configuration objects

Create namespaces and list existing namespaces

Create and inspect ConfigMaps in the cluster

Create Secrets from literal values and manifests

Verify stored object data and references

Task 2: Create and validate RBAC roles

Create Roles with least-privilege permissions

Key Terms to Know

These terms are loaded from the shared terminology pack and appear across the question explanations.

DNS resolution: The process of translating domain names into IP addresses, often required for application connectivity.
DaemonSet: A controller that ensures a Pod runs on all or selected nodes, commonly used for node-level services.
Deployment: A workload resource that manages stateless applications and supports declarative updates and rollbacks.
Gateway API: A Kubernetes API for defining and managing service networking using Gateway and Route resources.
GatewayClass: A cluster-scoped resource that defines a class of Gateways implemented by a specific controller.
HTTPRoute: A Gateway API resource that defines HTTP routing rules and attaches traffic policies to a Gateway.
Ingress: A Kubernetes resource that manages external HTTP and HTTPS access to Services using routing rules.
Kustomize: A Kubernetes configuration customization tool that modifies manifests using overlays without templates.
NetworkPolicy: A Kubernetes resource that controls allowed ingress and egress traffic for Pods based on selectors and ports.
Pending: A Pod phase indicating the Pod has been accepted but cannot yet run, often due to scheduling constraints.
PersistentVolumeClaim: A user request for persistent storage that is bound to a matching PersistentVolume.
Pod Security Admission: A built-in admission controller that enforces Pod Security Standards at the namespace level.
Pod Security Standards: Predefined security policy profiles such as privileged, baseline, and restricted for Pod configurations.
PriorityClass: A resource that assigns scheduling priority to Pods and influences preemption behavior.
Service: A Kubernetes resource that exposes a stable network endpoint for a set of Pods.
StatefulSet: A workload resource for stateful applications that need stable identities, ordered deployment, and persistent storage.
StorageClass: A resource that defines storage provisioning parameters and behavior for persistent volumes.
TCP port 80: The standard port typically used for HTTP traffic over TCP.

Official Materials and Guidance

This page is built from Linux Foundation official materials and ExamPal shared release pack, the shared syllabus, topic tree, terminology pack, free pack, and premium pack.

-Guidance: Linux Foundation exam page, curriculum, handbook, simulator
-Domain outline: Storage 10%; Troubleshooting 30%; Workloads & Scheduling 15%; Cluster Architecture/Install/Config 25%; Services & Networking 20%.

Download App Official source Start Free Practice Exam