CKA Exam Start Checklist
Beginning of Exam — Run Once Link to heading
Step 1 — check .vimrc Link to heading
vim ~/.vimrc
set expandtab
set tabstop=2
set shiftwidth=2
set number
set autoindent
Beginning of Every Question — Run These First Link to heading
export do="--dry-run=client -o yaml"
echo $do
k config set-context --current --namespace=<namespace>
Exam Strategy — First 2 Minutes Link to heading
- Run the setup above
- Read through ALL questions quickly
- Flag hard ones, do easy ones first
Allowed Resources Link to heading
Kubernetes Documentation https://kubernetes.io/docs
Kubernetes Blog https://kubernetes.io/blog/
Helm Documentation https://helm.sh/docs
CKA only: Gateway API Documentation https://gateway-api.sigs.k8s.io
During the Exam Link to heading
- Read the question TWICE before touching the keyboard
- Imperative first — always try
k create/k runbefore writing YAML - Verify after every task —
k get,k describe,k logs - Save output files — if question asks for a file, write it before moving on
- Read resource names carefully — one wrong name nukes the whole question
- **Skip and flag hard questions after 4 minutes MAX!!!
Temp Pod Patterns (curl / wget / shell) Link to heading
# Single command — use -i only (NOT -it, causes hang)
k run tmp -i --rm --restart Never --image nginx:alpine -- curl http://<svc>:<port>
# wget variant (busybox)
k run tmp -i --rm --restart Never --image busybox -- wget -O- http://<svc>:<port>
# nc — TCP connectivity test (when no curl/wget available)
k run tmp -i --rm --restart Never --image busybox -- nc -zv <svc> <port>
Rules:
-ionly = single command (curl,wget,env,cat,nc)nc -z= scan only, no data —-v= verbose
Service Debugging Reflex Link to heading
# Step 1 — check endpoints
k get endpoints <svc>
# <none> = selector mismatch
# Step 2 — verify pod labels
k get pods --show-labels
# Step 3 — check selector and ports in svc
k get svc <svc> -o yaml
# Step 4 — verify containerPort in pod
k get pod <pod> -o yaml | grep containerPort
# targetPort in svc must match containerPort in pod
# Step 5 — fix
k edit svc <svc>
Services select pods, not deployments. Match pod LABELS, not deployment name.
NetworkPolicy Reflex Link to heading
Before writing any NetworkPolicy — check labels first:
k get pods --show-labels
Quick Reference — Most Common Imperatives Link to heading
# Pod
k run <n> --image <image>
# Deployment
k create deploy <n> --image <image> --replicas 3
# Service (expose)
k expose <resource> <n> --name <svc-name> --type <type> --port <port> --target-port <target> -n <ns>
# ConfigMap
k create cm <n> --from-literal key=value
# Secret
k create secret generic <n> --from-literal key=value
# ServiceAccount
k create sa <n>
# Role
k create role <n> --verb get,list --resource pods
# RoleBinding
k create rolebinding <n> --role <role> --user <user>
# ClusterRole
k create clusterrole <n> --verb get,list --resource pods
# ClusterRoleBinding
k create clusterrolebinding <n> --clusterrole <role> --user <user>
# Job
k create job <n> --image <image>
# CronJob
k create cronjob <n> --image <image> --schedule "*/5 * * * *"
Docs Search Terms (kubernetes.io/docs) Link to heading
| Category | Resource | Search Term |
|---|---|---|
| Config | env envFrom ConfigMap | envfrom |
| env envFrom Secret | envfrom secret | |
| ResourceQuota | quota | |
| LimitRange | ranges | |
| Workload | Init containers | init |
| Multi-container | sidecar | |
| Probes | liveness | |
| Lifecycle hooks | lifecycle attach | |
| CRD / CR | crd | |
| **Storage | PV/PVC | pv |
| Volumes | volumes | |
| Scheduling | Affinity | affinity |
| Tolerations | taint | |
| iSecurity | SecurityContext | security context |
| Networking | NetworkPolicy | netpol |
| Ingress | ingress | |
Namespace label (kubernetes.io/metadata.name) | well-known labels | |
| Controllers | StatefulSet | statefulset |
| DaemonSet | daemonset | |
| HPA | hpa walkthrough |