Renewing My Kubernetes Certifications

2025-03-11 · 4 min · Jasper Dijt

This February I renewed my Certified Kubernetes Administrator (CKA) and gained the Certified Kubernetes Application Developer (CKAD) and Certified Kubernetes Security Specialist (CKS) certifications. My employer, Lunatech, provided me the opportunity to take the exams.

Preparing for the exams

I did not use any paid course to prepare for the exams. These are probably useful if there are big gaps in the required knowledge, or if someone would just like to be guided along a review of all the needed material. But I think they are likely superfluous for anyone who somewhat regularly interacts with a Kubernetes cluster.

Below are the tools/methods I used to prepare for the exams:

My homelab

This turned out to be a key part of preparing for the exam. I run kubernetes in my homelab in a setup similar to the exam machines: A cluster installed using kubeadm with Cilium for networking.

On the job I usually have to deal with some platform managed kubernetes like Azure AKS. In these cases there is a lot less exposure to the cluster administration tasks that are part of the CKA and the CKS.

It was for these exams that my homelab experience was the big benefit. As it is a lab environment stability is sometimes a bit lacking and I spent more than a few hours investigating some self-inflicted breakage. A lot more so than I have had to do in more controlled environments.

Killer.sh

The second ingredient was to make use of the two killer.sh simulator sessions that were included with my exam vouchers. For CKAD I only used one and concluded I would be fine. For the other two I took the following approach:

1. Do one practise run to identify gaps in my knowledge
2. Study to fill the gaps
3. Do another practise run to practise for speed.

After trying for time I read through the solutions of the simulator tasks. These are very thoroughly described and gave more than enough pointers to start filling knowledge gaps. I recommend reading these even for tasks completed successfully in the simulator.

Kubectl

The tools provided during the exam are just the basic kubectl, kubeadm, etcdctl commands. This was one of the bigger challenges as I got spoiled by tools like k9s, and the network policy editor.

I had to go back to basics for a while to get the required commands back into muscle memory. This is important because there is limited time for the exams. Also the runs in the killer.sh simulators helped with this.

There are a few commands that really helped me with speed because they let me stay in the terminal instead of needing to find and then copy-paste from documentation.

• kubectl create and kubectl run to generate basic yaml for kubernetes resources.
• kubectl explain for fast access to the schemas of builtin & custom resources.

# creates a basic deployment yaml for running a single image in a single replica
kubectl create --dry-run=client -oyaml deployment busybox --image busybox:latest

# Creates a basic Pod resource yaml 
kubectl run --dry-run=client -oyaml busybox --image busybox:latest

# Shows all the fields available to specify pod affinity:
kubectl explain --recursive pod.spec.affinity

# Remind me how to specify the cilium ingress part of a Cilium Networkpolicy
kubectl explain --recursive CiliumNetworkPolicy.spec.ingress

The exam experience

There is not much to say about actually doing the exams, it is pretty well explained in the Candidate Handbook.

One thing that is notable is that the secure browser that is required to take the exam only supports a very limited set of Linux distributions: Ubuntu 20.04, 22.04, and 24.04 at the time of writing this post. I am certain that from the point of view of maintaining the integrity of the exams it is very difficult, and expensive, to support a large variety of distros. But even with that in mind it is not a great look for exams from the Linux Foundation to support such a narrow set.

Because all of my personal devices are on different distros I opted to do the exam on my work macbook. This worked fine in my case but was warned against in the candidate handbook, there are probably cases where a work machine is locked down so far that it interferes with the exam software. As I was writing this article I realized an alternative option would have been to use an Ubuntu live USB stick, this will likely be my approach the next time.

In conclusion

Now I'm certified again for the coming two years! For me it was a fairly smooth journey to get it all done and I am happy to possess some evidence that my kubernetes knowledge is up-to-date!