Achieving Kubestronaut in 40 Days

My first interaction with Kubernetes was in Fall of 2017, when I planned to move my Meteorjs Application away from Heruku as I wanted to implement microservices to scale individual service units.

After 3 years of playing around with Kubernetes, in 2020, a recruiter wanted to discuss further a consulting requirement and said “It would have been great if you had a Kubernetes Certification”. I told him to schedule an interview with the client and I will ensure he will have it before that. Indeed I passed it in less than a week but with a score of 71% only. Scores were not important to me then, I got the offer letter but the offer was pulled with a regret letter because of the 2020 Pandemic.

Fast forward to December 2024, our company Low Code Solutions got a Lead to set up an on-prem capability of Openshift Multi-Cluster for a Telco. This is when I planned to support the company’s Pre-Qualification in front of the Customer and started preparing for Kubestronaut Training on Dec 13 2024.

Due to my busy schedule, I was not able to spend more than a couple of hours a day, which is why I am going to share how smartly it will be possible for you to achieve your certifications in even less time. I will discuss each one in the sequence that I attempted:

CKA

Starting off with CKA, as I thought it would have been the hardest, however, it turned out to be the easier one compared to CKAD and CKS. If you have a reasonable knowledge of Linux basics, Docker and Linux Package Managers then you can prepare for it in less than a week.

Important Topics:

Following are the most important topics, where you will need to spend most of your time:

1. Imperative Commands to create, delete and update Kubernetes Resources, e.g: Pods, Deployments, Services etc.

2. Cluster Installation, Upgrade and Basic Troubleshooting

3. Understanding of Kubernetes Services Architecture (ETCD, Kube-Scheduler, Kube-Controller-Manager, Kube-ApiServer, etc.)

4. Understanding of Deployment, and Management of Nodes into a Cluster, understanding the role of Kubelet and Kube-Proxy

5. Understanding Static Pods and Important Config file Locations e.g: /etc/kubernetes, /var/lib/kubelet etc.

6. Understanding of TLS and Certificate Management.

7. Backup and Restore of ETCD

8. RBAC, how to create roles, rolebindings, clusterroles, clusterrolebindings, and service accounts. If you understand these 5 elements in depth then RBAC will be a piece of cake for you. (tip: it will also help you with your CKS exam, so spend more time with it.)

CKAD

CKAD is more about deploying and managing cloud-native applications on Kubernetes. Remember if you have done CKA, then it will help you in preparing for CKAD, and even for CKS, all you need to do is prepare some additional concepts, here are the important topics that I think you would need to emphasize more than others:

1. Imperative Commands as mentioned for CKA also.

k create --help 
k run --help
k expose --help
k edit --help
k replace -f file.yaml -n namespace
k delete --help
k scale --help

2. Understand the concept of Ingress Resource and practice the following command:

k create ingress NAME --rule=host/path=service:port[,tls[=secret]]

3. Practice the creation, updation and mounting of secrets, configmaps, service accounts, volumes and volume claims in Pods/Containers.

4. Taints, Tolerations, Node Affinity, Node Selector and nodeName for controlling how we schedule pods on specific nodes. Also understand why we need node affinity when we have taints and tolerations.

5. Init and Sidecar Containers

6. Logging, Monitoring and Probes.

7. Green-Blue and Canary Deployments

8. Pod SecurityContext and RBAC as mentioned above also.

9. Custom Resource Definitions and HELM

CKS

The CKS exam is where the real challenge begins. If you excelled in the CKA and CKAD exams, it’s easy to underestimate the difficulty of the CKS. I made the same mistake — despite my extensive Kubernetes experience and proficiency with the complex commands and vim, I failed on my first attempt. So before I tell you what to prepare most, let me share the mistakes:

Mistake #1:

I spent my first hour on just 3 questions, which left me with no chance to attempt all the questions and I was not able to even view the last 3 questions. So time management is important. Cluster Upgrade, Setting Up Audit Policy, and ImagePolicyWebhook are the most time-consuming questions, attempt them wisely.

Mistake #2:

I had clear and vivid core concepts of all the topics, so I thought I will take help from the documentation and solve all the questions. But Practice is the key, you can’t switch between the documentation and expect that you will finish in time.

Mistake #3:

I did not practice troubleshooting cluster crashes. So practice troubleshooting Api-Server or Kubelet issues by utilizing docker/crictl logs, displaying logs from /var/log folders for pods and containers, and other interactive ways. There are specific scenarios of such troubleshooting in KillerCoda Playgrounds.

CKS Exam TIPs:

1. Falco questions are tricky, most of my peers were unable to solve it, so do not spend too much time on it.

2. Make sure you know the difference between Layer 3, Layer 4, and Layer 7 Cillium Policies.

3. Some questions have supplementary tasks at the end of the questions. Read the whole scenario, do not assume that you are done.

4. Verify your answers. For every scenario, practice the verification process. Spare at least 15 to 20 min for your answer verification, which leaves you with 90 to 100 minutes for solving the scenarios.

Important Topics for CKS which require extreme practice:

1. BOM, Benchmarking and Vulnerability Scanning CLI Tools e.g: BOM, Kube-bench, Trivy, lsof, strace, netstat -plnt etc.

2. Api-Server Audit Log, ImagePolicyWebhook, Cluster Upgrade, Securing and Encrypting ETCD data and Setting up Network Policy (both native and cilium)

3. Sandboxing the Containers, Immutability and Runtime Security with Falco etc.

4. Setting proper Pod Security Context, AppArmor/Seccomp profiles, readOnlyRootFilesystem, allowPrivilegeEsclation etc. in context of Pod Security Standards.

5. Ingress Resource with TLS Secrets and its important annotations. (Hint: Imperitive Commands will help save time)

General Exam Tips

KCNA and KCSA are relatively easier exams, I recommend you give them at the end as after you prepare the above three exams you will have enough general knowledge to attempt the MCQs effectively, however there are a lot of topics that you might have to prepare e.g: Compliance Standards like CIS, OWASP, NIST etc. Here are some generic exam tips for CKAD, CKA and CKS:

1. Practice is the key, you may know and understand the concepts in depth, but remember CKA, CKAD and CKS are performance-based exams, and you will get 16 to 18 scenarios to solve. In our consulting world, we take at least a day or two to solve even one.

2. Solve at least 2 to 3 times the KillerCoda Playgrounds thanks to Kim Wustkamp, the founder, for keeping it free. However, I would recommend taking at least a 1 month pro subscription because this way you will get the exam desktop which will help you familiarize yourself with the exam environment. I wasted 5 minutes finding how to do basic functionalities like copy/pasting and keeping notes etc.

3. Get a KodeKloud Subscription, it is a gold mine of learning material for Infrastructure and DevOps. If you are validating

4. VIM proficiency: you need to start using some shortcuts in vim, some of the most handy are the ones which will help you with: Copy, Past, Delete Line, replace-in-place, Indentation, set number to show line numbers, visual tool to copy/duplicate multiple lines, find text.

5. Grep proficiency: Grep can help you in unimaginable ways e.g: finding a particular vulnerability in a BOM scan, finding a file containing a specific text in a folder of multiple such files (hint: grep -r), greping two options (hint: grep -E “one|two”).

Profession Tips

Even though The Linux Foundation and the CNCF has done a great job at creating and crafting these exams and certifications programs where they have made sure that only the exceptional comes out shining. However, it is important to know that real-world scenarios are even more complex and worse than the ones you will encounter in these exams. So, getting the certification does not guarantee that you are suitable for some challenging role. The certification will help you to land an interview though, but to get a great offer you will need a lot more than the certifications. So after hiring 100s of individual I am going to share some of the most important traits that you also need to land your dream job:

1. Prepare for these certifications keeping your professional goals in mind. Prepare yourself for the industry challenges not only for the exam, have your previous job scenarios in mind and relate every topic with your current or upcoming role in business.

2. Work on your soft-skills, make sure you know how to express your learning and experiences effectively. Understand and make use of industry and technology buzzwords and their concepts e.g: cloud-native, cluster-hardening, encryption at rest, zero-trust, software security compliance and standards etc.

3. Make yourself vocal on platforms like LinkedIn and X by sharing your thoughts on generic technology discussions. (even I am struggling to do that often)

4. Express your ideas in Diagrams and Visuals. Make every presentation or discussion more meaningful with your visual skills.

5. Learn how to explain a complex idea or architecture to multiple audiences, tech, non-tech, business or a layman.

6. Write blogs/articles while your are learning or even after accomplishing a goal. Focus on spreading the knowledge, tips and tricks rather than publicity or marketing.

7. Start Contributing in Kubernetes and/or other CNCF Projects. Start by attending the weekly or monthly meetings and help yourself understand the working group processes until you think you are ready to take on the challenge of taking an assignment.

8. Remember the motive, we are working to help make the world a better place.