Certification Series: CKA in 2021

Mike sets sail with containers and Kubernetes

Picture it, Silicon Valley (but remote), twenty nineteen.

I’m working at GitLab after being hired despite the job description saying “needs Kubernetes experience” and my interview featuring the concession:

Yeah, we don’t really see anybody with Public Sector and Kubernetes experience.

This post is part 4 of a 5-part series on Mike’s certification history.

  1. A+ in the ’90s
  2. CISSP in 2012
  3. PMP in 2014
  4. CKA in 2021
  5. CKS in the future

These are not meant to be instructive or helpful in any way in terms of achieving the certifications. They’re simply an account of my deciding to become certified and how I got it done.

For the record, I have never tried any other certifications.

Collecting the knowledge to be tested

Between when I was hired at GitLab and when I passed the Certified Kubernetes Administrator was a couple years of incrementally gaining experience with Kubernetes.

First was trying out GitLab’s Kubernetes integration which, at the time, was pretty brittle and required making the GitLab instance a cluster administrator. It was definitely cool but, as the hiring manager pointed out, nobody in Public Sector could run it.

In the intervening time, the way that GitLab could be installed into Kubernetes got better. The ability to integrate with Kubernetes became more flexible and helpful. The amount of interest in public sector Kubernetes started creeping up. Much of it was confused Openshift noises but there were some using kubeadm or cloud providers that could really take advantage of Kubernetes.

During that evolution of the market, I migrated my homelab into a bare metal Kubernetes cluster to learn about the day 2 operations that GitLab didn’t handle. Any time a cluster misbehaved, the developers or system administrators or solutions architects would just make a new one and start over. This isn’t how companies work so I made it a point to care-and-feed my homelab.

Switched from Kubespray to kubeadm around 1.18 and upgraded and troubleshot. Some janky hardware let me figure out storage issues as the hardware failed. Lots of networking and TLS break/fix work. Just enough pressure to keep it running without too much stress.

In late 2020, I got a new job supporting a Kubernetes-only product that featured me working a lot more, directly, with a lot of Kubernetes newbies and my team of developers building stuff for Kubernetes. The proven ability to solve their problems lead me to the conclusion that I can pass the CKA without much more work.

I still signed up for the Udemy course and took some practice sessions in there to validate that I was ready. I was able to pass all of the questions eventually, though most took several minutes and some were even longer. The way KodeKloud’s questions work, as soon as you get the right answer, it tells you that you’re safe to move on. This isn’t how the real exam works so I didn’t practice validating answers quickly.

Testing strategy

The CKA Exam is a home-based exam where you have 2 browser tabs, one for the exam and one for https://kubernetes.io/docs.

  1. Get good with vim
  2. Use the docs for references
  3. Learn how to confirm since the test won’t help you
  4. kubectl, etcdtl, systemctl are the important commands

You may have noticed multiple Test day headers below, the major factor that I underestimated was speed. To succeed, one must identify the steps to take without searching docs, then take the steps with a docs search for yaml, and then validate from memory.

Test day

Spent 20 minutes going over my workspace with a proctor and getting rid of scraps of paper and things. Had to put my coffee cup far away and this was second-cup-of-coffee time so I took a lesson about timing.

Started the exam. Spent 40 minutes trying to make kubectl auth can-i work in the confines of an early question. It was literally 4% of the total points and I burned more than a quarter of the time on it.

The test time expired with 1/3rd of the questions never even attempted.

I failed!

Regroup for next attempt

I immediately signed up for another attempt since I was sure that the one question about RoleBindings was the root of my problem. If I’d skipped it I would have finished and being at -4% for a skipped is much better than -33% for running out of time.

Reviewed the auth section of the Udemy course as well to get a sense for what I should have done on that question, though I concluded that I was doing the right command and it must have been something about my yaml that made it fail. Also note the KodeKloud lack of validation practice issue.

Test day two

I had the room better prepared this time so the preflight review of the area only took 10 minutes and I was off to the races. I did schedule it after lunch so I could finish my coffee but decided to eat heavy greasy food which was a mistake.

The questions that I didn’t get to the first time were all just harder than I expected. They took time to look up the yaml. Every time I went to validate it, I found something minor that needed adjustment to meet the need. Even the kubectl auth can-i question still hung me up for a good 15 minutes and I wasn’t able to validate that I got it working.

Ended the test with several questions skipped or only partially completed… not surprisingly:

I failed!

Somehow scored even worse than my first attempt!

Regroup for yet another attempt

Even with answering more questions, this failure showed that something bigger was wrong with my test taking approach. My flow for answering questions was to default to referencing a docs page before I started answering the question. Even for the 4% questions I was always checking docs. I needed some help from a simulator.

The best practice mechanism for the CKA exam

Killer.sh CKA Simulator

The best practice mechanism for the CKA exam

Enter killer.sh and their CKA simulator where you get an exam-like environment and are timed for a while and then let loose to figure out faster ways to solve the problems. This simulator is different from the one Udemy uses because it doesn’t tell you whether you answered right or not unless you switch to the scoring page. This behaves much more like the real test where you can burn several minutes on the verification part.

I’m not sure how most people use it, but as a tactile learner, I enjoyed spending a 2 hour segments running through as many questions as I could. The first session got me through about half of the questions so when I pulled up the answer sheet to see the quick way, it was eye-opening. Rather than hand-crafting the yaml specs the suggestion was to use kubectl’s imperative commands to get 90% there and then finish it off with yaml tweaks.

Armed with this new approach and still having a dozen unseen questions, I resetting the simulator environment and did another 2-hour session. I didn’t go much faster since these had different imperative commands, so it took two full 2-hour sessions to complete the CKA simulator and then my 36 hours were up since life was happening the whole time.

I signed up for the next attempt at the CKA for a Wednesday, about a month out, and cleared my schedule for the first few days of the week of the exam. The week of the exam I fired up the killer.sh simulator again and redid the whole thing. Still took longer than 2 hours but as I went through, I practiced the imperative methods and got better at using them and more confident about when to move onto the next question.

Test day three

This time, the preflight was a breeze and it was scheduled after coffee but before lunch so I had a light, late breakfast and didn’t have any food-related lethargy.

When answering questions, all the 4% questions were executed from memory entirely and only a couple of validations to ensure I hadn’t missed a minor aspect of the spec were done with docs references. The higher percentage questions had some docs look-ups but I was about to dedicate a lot more time to them without feeling rushed thanks to breezing through many of the other questions.

Finished about 20 minutes before the end of the session and went back to check my work. Running more commands into the environments started freaking me out like I was going to mess up something that I’d done so I just hit the “end exam” button and didn’t use the remainder of the time.

I Passed!

Follow-on activities

This one thankfully doesn’t feature the same sort of begging for money that ISCĀ² and PMI engage in so it looks like I can just enjoy having achieved the certification. No professional association membership or CPE nonsense.

This exam was incredibly satisfying to achieve so it inspired me to write up the whole series here.

I am going to take the CKS at some point later this year so I’ll add another article for that one when it’s time.