CKA: Certified Kubernetes Administrator — Panduan Lengkap

📋 Daftar Isi

Apa Itu CKA?
Format Ujian CKA
Exam Domains
Cluster Architecture & Installation
Workloads & Scheduling
Networking
Storage
Troubleshooting
Study Plan 12 Minggu
Tips & Tricks Ujian
Resources Belajar
Quiz Pemahaman

1. Apa Itu CKA?

CKA (Certified Kubernetes Administrator) adalah sertifikasi resmi dari Cloud Native Computing Foundation (CNCF) yang membuktikan kemampuan kamu dalam mengelola cluster Kubernetes di production. Ini adalah salah satu sertifikasi DevOps paling dihormati di industri.

CKA berbeda dari sertifikasi pilihan ganda — ujian ini 100% hands-on performance-based. Kamu diberikan akses ke cluster Kubernetes nyata dan harus menyelesaikan task dalam waktu 2 jam. Tidak ada pilihan ganda — kamu harus benar-benar bisa mengoperasikan Kubernetes.

CKA vs Sertifikasi Kubernetes Lainnya

Sertifikasi	Fokus	Prasyarat	Level
CKA	Administrasi cluster Kubernetes	Tidak ada (disarankan 1+ tahun K8s)	Intermediate-Advanced
CKAD	Application Development di K8s	Tidak ada	Intermediate
CKS	Kubernetes Security	CKA harus aktif	Advanced

Mengapa Harus Ambil CKA?

Manfaat	Penjelasan
Validasi Skill	Proof bahwa kamu benar-benar bisa mengelola Kubernetes, bukan hanya tahu teori
Career Boost	DevOps/SRE dengan CKA rata-rata gaji 20-30% lebih tinggi
Industry Recognition	CKA dihormati di seluruh industri — dari startup sampai enterprise
Deep Understanding	Proses belajar untuk CKA membuat kamu paham Kubernetes secara mendalam
Prerequisite CKS	CKA adalah prasyarat untuk CKS (Kubernetes Security) — lanjutan level expert
Digital Badge	Badge Credly yang bisa di-share di LinkedIn

💡 Siapa yang Cocok Ambil CKA?

CKA cocok untuk: DevOps Engineer, Site Reliability Engineer (SRE), Platform Engineer, Backend Developer yang deploy ke K8s, dan Cloud Engineer. Minimal kamu harus sudah familiar dengan Docker dan konsep container sebelum mulai belajar CKA.

2. Format Ujian CKA

Detail Ujian

Aspek	Detail
Format	Performance-based (hands-on lab di cluster K8s nyata)
Jumlah Soal	15-20 task
Durasi	2 jam
Passing Score	66%
Platform	PSI (sebelumnya KillerCoda/ExamPro)
Biaya	$395 USD (termasuk 1 free retake)
Validity	3 tahun (sebelumnya 2 tahun)
Kubernetes Version	Latest stable (biasanya 1.30+ per 2026)
Akses	Bisa gunakan kubectl docs (official documentation only!)
Environment	6 cluster nodes (Ubuntu/CentOS), kubectl pre-installed

⚠️ Yang Boleh & Tidak Boleh Saat Ujian

BOLEH:

Official Kubernetes documentation (kubernetes.io/docs)
Official Kubernetes blog
kubectl reference docs
GitHub repos resmi Kubernetes

TIDAK BOLEH:

Search engine (Google, Bing, dll.)
Blog/tutoriais pribadi
Stack Overflow
AI chatbot (ChatGPT, dll.)
Notes pribadi

Bobot Exam Domains (2026)

Domain	Bobot	Topik Utama
Cluster Architecture, Installation & Configuration	25%	kubeadm, etcd backup, RBAC, kubectl, cluster upgrade
Workloads & Scheduling	15%	Deployments, Pods, ConfigMaps, Secrets, scheduling
Services & Networking	20%	Services, Ingress, NetworkPolicy, CoreDNS, CNI
Storage	10%	PV, PVC, StorageClass, Volume types
Troubleshooting	30%	Node issues, control plane, networking, application

3. Exam Domains — Overview

Mari kita breakdown setiap domain dan topik yang harus dikuasai:

Diagram: CKA Exam Domains Weight

┌──────────────────────────────────────────────────────┐
│                  CKA EXAM DOMAINS                     │
│                                                       │
│  ████████████████████████░░  Troubleshooting (30%)   │
│  ██████████████████░░░░░░░  Cluster Arch (25%)       │
│  ████████████████░░░░░░░░░  Networking (20%)         │
│  ████████████░░░░░░░░░░░░░  Workloads (15%)          │
│  ████████░░░░░░░░░░░░░░░░░  Storage (10%)            │
│                                                       │
│  Tips: Troubleshooting & Cluster = 55% dari exam!   │
│  Fokus belajar di dua domain ini terlebih dahulu      │
└──────────────────────────────────────────────────────┘

4. Cluster Architecture & Installation (25%)

Domain ini mencakup setup, konfigurasi, dan manajemen cluster Kubernetes menggunakan kubeadm.

kubeadm: Install & Configure Cluster

Bash — Install Kubernetes Cluster dengan kubeadm

# ============================================
# STEP 1: Prepare semua node (master + worker)
# ============================================

# Disable swap (wajib untuk Kubernetes)
sudo swapoff -a
sudo sed -i '/ swap / s/^/#/' /etc/fstab

# Load kernel modules
cat <<EOF | sudo tee /etc/modules-load.d/k8s.conf
overlay
br_netfilter
EOF

sudo modprobe overlay
sudo modprobe br_netfilter

# Sysctl settings untuk networking
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.bridge.bridge-nf-call-iptables  = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv4.ip_forward                 = 1
EOF

sudo sysctl --system

# Install containerd
sudo apt-get update
sudo apt-get install -y containerd

# Configure containerd
sudo mkdir -p /etc/containerd
containerd config default | sudo tee /etc/containerd/config.toml
# Edit: SystemdCgroup = true
sudo sed -i 's/SystemdCgroup = false/SystemdCgroup = true/' \
  /etc/containerd/config.toml

sudo systemctl restart containerd
sudo systemctl enable containerd

# Install kubeadm, kubelet, kubectl
sudo apt-get update
sudo apt-get install -y apt-transport-https ca-certificates curl

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key | \
  sudo gpg --dearmor -o /etc/apt/keyrings/kubernetes-apt-keyring.gpg

echo 'deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] \
  https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /' | \
  sudo tee /etc/apt/sources.list.d/kubernetes.list

sudo apt-get update
sudo apt-get install -y kubelet kubeadm kubectl
sudo apt-mark hold kubelet kubeadm kubectl

# ============================================
# STEP 2: Initialize control plane (master)
# ============================================
sudo kubeadm init --pod-network-cidr=10.244.0.0/16 \
  --apiserver-advertise-address=<MASTER_IP>

# Setup kubectl untuk user
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config

# ============================================
# STEP 3: Install CNI (network plugin)
# ============================================
kubectl apply -f https://github.com/flannel-io/flannel/releases/latest/download/kube-flannel.yml

# ============================================
# STEP 4: Join worker nodes
# ============================================
# Di setiap worker node, jalankan join command dari output kubeadm init:
sudo kubeadm join <MASTER_IP>:6443 \
  --token <TOKEN> \
  --discovery-token-ca-cert-hash sha256:<HASH>

# Verifikasi cluster
kubectl get nodes
kubectl get pods -A

RBAC (Role-Based Access Control)

YAML — RBAC Configuration

# 1. Buat ServiceAccount
apiVersion: v1
kind: ServiceAccount
metadata:
  name: app-deployer
  namespace: production

---
# 2. Buat Role (permission di namespace tertentu)
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  name: deploy-role
  namespace: production
rules:
  - apiGroups: ["apps"]
    resources: ["deployments"]
    verbs: ["get", "list", "create", "update", "patch"]
  - apiGroups: [""]
    resources: ["pods", "services"]
    verbs: ["get", "list"]

---
# 3. Bind Role ke ServiceAccount
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: deployer-binding
  namespace: production
subjects:
  - kind: ServiceAccount
    name: app-deployer
    namespace: production
roleRef:
  kind: Role
  name: deploy-role
  apiGroup: rbac.authorization.k8s.io

# ============================================
# ClusterRole (cluster-wide, bukan per namespace)
# ============================================
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: node-reader
rules:
  - apiGroups: [""]
    resources: ["nodes"]
    verbs: ["get", "list", "watch"]

etcd Backup & Restore

Bash — etcd Backup & Restore

# Backup etcd
ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

# Verifikasi backup
ETCDCTL_API=3 etcdctl snapshot status /backup/etcd-snapshot.db \
  --write-table

# Restore etcd dari backup
ETCDCTL_API=3 etcdctl snapshot restore /backup/etcd-snapshot.db \
  --data-dir=/var/lib/etcd-restored \
  --name=master1 \
  --initial-cluster=master1=https://127.0.0.1:2380 \
  --initial-advertise-peer-urls=https://127.0.0.1:2380

# Update etcd manifest untuk point ke data restored
# Edit /etc/kubernetes/manifests/etcd.yaml
# Ganti --data-dir ke /var/lib/etcd-restored

5. Workloads & Scheduling (15%)

Imperative Commands (PENTING untuk ujian!)

Bash — Essential kubectl Imperative Commands

# ============================================
# IMPERATIVE COMMANDS — Lebih cepat dari YAML!
# Di ujian, gunakan imperative command untuk hemat waktu
# ============================================

# Create deployment
kubectl create deployment nginx --image=nginx:1.25 --replicas=3

# Create service (expose deployment)
kubectl expose deployment nginx --port=80 --type=ClusterIP

# Create namespace
kubectl create namespace production

# Create ConfigMap
kubectl create configmap app-config \
  --from-literal=DB_HOST=mysql.prod.svc \
  --from-literal=DB_PORT=3306

# Create Secret
kubectl create secret generic db-creds \
  --from-literal=username=admin \
  --from-literal=password='S3cur3P@ss!'

# Generate YAML tanpa apply (untuk edit dulu)
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml > deploy.yaml

# Scale deployment
kubectl scale deployment nginx --replicas=5

# Rolling update
kubectl set image deployment/nginx nginx=nginx:1.26

# Rollback
kubectl rollout undo deployment/nginx

# Check rollout status
kubectl rollout status deployment/nginx

# Label node
kubectl label node worker1 disk=ssd

# Taint node (prevent scheduling)
kubectl taint node worker1 maintenance=true:NoSchedule

# Remove taint
kubectl taint node worker1 maintenance=true:NoSchedule-

ConfigMaps & Secrets

YAML — Pod dengan ConfigMap & Secrets

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-config
data:
  APP_ENV: "production"
  LOG_LEVEL: "info"
  config.json: |
    {
      "database": "mysql://db:3306/app",
      "cache": "redis://cache:6379"
    }

---
apiVersion: v1
kind: Secret
metadata:
  name: db-secret
type: Opaque
data:
  DB_PASSWORD: cGFzc3dvcmQxMjM=   # base64 encoded "password123"
  API_KEY: c2VjcmV0LWtleQ==        # base64 encoded "secret-key"

---
apiVersion: v1
kind: Pod
metadata:
  name: app-pod
spec:
  containers:
    - name: app
      image: myapp:1.0
      # Environment variables dari ConfigMap
      envFrom:
        - configMapRef:
            name: app-config
      # Individual env dari Secret
      env:
        - name: DB_PASSWORD
          valueFrom:
            secretKeyRef:
              name: db-secret
              key: DB_PASSWORD
      # Volume mount ConfigMap sebagai file
      volumeMounts:
        - name: config-volume
          mountPath: /app/config
  volumes:
    - name: config-volume
      configMap:
        name: app-config

Resource Management & Scheduling

YAML — Resource Limits & Node Affinity

apiVersion: v1
kind: Pod
metadata:
  name: critical-app
spec:
  containers:
    - name: app
      image: myapp:1.0
      resources:
        requests:
          memory: "128Mi"
          cpu: "250m"
        limits:
          memory: "256Mi"
          cpu: "500m"
  # Node affinity — schedule ke node dengan SSD
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
              - key: disk
                operator: In
                values:
                  - ssd

  # Tolerations — schedule ke tainted node
  tolerations:
    - key: "maintenance"
      operator: "Equal"
      value: "true"
      effect: "NoSchedule"

6. Services & Networking (20%)

Service Types

Service Type	Kegunaan	Akses
`ClusterIP`	Internal communication antar pods	Hanya di dalam cluster
`NodePort`	Expose di port node (30000-32767)	External via NodeIP:NodePort
`LoadBalancer`	External load balancer (cloud provider)	External via LB IP
`ExternalName`	CNAME ke external service	DNS redirect

Network Policies

YAML — NetworkPolicy

# Default deny semua ingress di namespace
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: default-deny-ingress
  namespace: production
spec:
  podSelector: {}
  policyTypes:
    - Ingress

---
# Izinkan ingress hanya dari namespace tertentu
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-frontend
  namespace: production
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              name: frontend
        - podSelector:
            matchLabels:
              app: web
      ports:
        - protocol: TCP
          port: 8080

---
# Izinkan egress ke DNS dan database
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-app-egress
  namespace: production
spec:
  podSelector:
    matchLabels:
      app: backend
  policyTypes:
    - Egress
  egress:
    # Allow DNS
    - to: []
      ports:
        - protocol: UDP
          port: 53
        - protocol: TCP
          port: 53
    # Allow database
    - to:
        - podSelector:
            matchLabels:
              app: database
      ports:
        - protocol: TCP
          port: 3306

Ingress Resources

YAML — Ingress Configuration

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: app-ingress
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
    - host: app.example.com
      http:
        paths:
          - path: /api
            pathType: Prefix
            backend:
              service:
                name: api-service
                port:
                  number: 8080
          - path: /web
            pathType: Prefix
            backend:
              service:
                name: web-service
                port:
                  number: 80

7. Storage (10%)

Persistent Volumes & Claims

YAML — PV, PVC, dan StorageClass

# Persistent Volume (dibuat oleh admin)
apiVersion: v1
kind: PersistentVolume
metadata:
  name: local-pv
spec:
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /mnt/data

---
# Persistent Volume Claim (dibuat oleh developer)
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: app-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 5Gi

---
# Pod menggunakan PVC
apiVersion: v1
kind: Pod
metadata:
  name: app-pod
spec:
  containers:
    - name: app
      image: nginx
      volumeMounts:
        - name: data
          mountPath: /usr/share/nginx/html
  volumes:
    - name: data
      persistentVolumeClaim:
        claimName: app-pvc

---
# StorageClass (dynamic provisioning)
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: fast-ssd
provisioner: kubernetes.io/aws-ebs
parameters:
  type: gp3
  iopsPerGB: "10"
reclaimPolicy: Delete
allowVolumeExpansion: true

8. Troubleshooting (30%)

Ini domain terbesar (30%) dan sering jadi penentu lulus/tidak. Kamu harus bisa troubleshoot berbagai masalah di cluster.

Bash — Troubleshooting Commands Lengkap

# ============================================
# NODE TROUBLESHOOTING
# ============================================

# Cek node status
kubectl get nodes -o wide
kubectl describe node <node-name>

# Cek node conditions
kubectl get nodes -o json | jq '.items[]|.status.conditions'

# SSH ke node (jika perlu)
ssh <node-ip>

# Cek kubelet status di node
sudo systemctl status kubelet
sudo journalctl -u kubelet -f

# Restart kubelet
sudo systemctl restart kubelet

# ============================================
# CONTROL PLANE TROUBLESHOOTING
# ============================================

# Cek control plane pods
kubectl get pods -n kube-system

# Cek specific component
kubectl describe pod kube-apiserver-master -n kube-system
kubectl logs kube-apiserver-master -n kube-system

# Cek static pods manifests
ls /etc/kubernetes/manifests/

# Cek etcd health
ETCDCTL_API=3 etcdctl endpoint health \
  --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key

# ============================================
# POD TROUBLESHOOTING
# ============================================

# Cek pod status
kubectl get pods -o wide
kubectl describe pod <pod-name>

# Cek logs
kubectl logs <pod-name>
kubectl logs <pod-name> -c <container-name>  # multi-container pod
kubectl logs <pod-name> --previous            # logs dari crashed container
kubectl logs <pod-name> -f                    # follow/stream logs

# Execute ke dalam pod
kubectl exec -it <pod-name> -- /bin/sh

# Cek events
kubectl get events --sort-by='.lastTimestamp'

# ============================================
# NETWORKING TROUBLESHOOTING
# ============================================

# Cek service endpoints
kubectl get svc
kubectl describe svc <service-name>
kubectl get endpoints <service-name>

# DNS troubleshooting
kubectl run debug --image=busybox:1.36 --rm -it -- nslookup kubernetes
kubectl run debug --image=busybox:1.36 --rm -it -- nslookup <service-name>.<namespace>.svc.cluster.local

# Cek CoreDNS
kubectl get pods -n kube-system -l k8s-app=kube-dns
kubectl logs -n kube-system -l k8s-app=kube-dns

# Cek NetworkPolicy
kubectl get networkpolicy -A

⚠️ Troubleshooting Mindset untuk CKA

Saat menemui task troubleshooting, ikuti langkah ini:

Read the error — Baca error message dengan teliti. Biasanya memberi petunjuk jelas.
Check events — kubectl get events sering memberi jawaban langsung.
Check logs — kubectl logs untuk pod, journalctl untuk kubelet.
Verify configs — Cek YAML manifests, RBAC, NetworkPolicy.
Systematic elimination — Cek satu per satu: networking → storage → config → resource.

9. Study Plan 12 Minggu

Berikut study plan terstruktur untuk mempersiapkan CKA. Total: 12 minggu dengan 10-15 jam per minggu.

Study Plan CKA 12 Minggu

MINGGU 1-2: KUBERNETES FUNDAMENTALS
├── Pelajari architecture: control plane, worker nodes
├── Install cluster dengan kubeadm di VM lokal
├── kubectl dasar: get, describe, create, apply, delete
├── Pods, ReplicaSets, Deployments
├── Services: ClusterIP, NodePort
└── Lab: Deploy aplikasi multi-tier

MINGGU 3-4: WORKLOADS & SCHEDULING
├── ConfigMaps & Secrets
├── Resource requests & limits
├── Node affinity, taints & tolerations
├── DaemonSets, StatefulSets, Jobs, CronJobs
├── Rolling updates & rollbacks
└── Lab: Deploy stateful app dengan PV

MINGGU 5-6: NETWORKING
├── Service types mendalam
├── Ingress controllers & resources
├── NetworkPolicy (deny all + selective allow)
├── CoreDNS & DNS resolution
├── CNI basics (Calico, Flannel, Cilium)
└── Lab: NetworkPolicy scenarios

MINGGU 7-8: STORAGE & SECURITY
├── PV, PVC, StorageClass
├── Dynamic provisioning
├── RBAC: Role, ClusterRole, RoleBinding
├── ServiceAccounts
├── etcd backup & restore
└── Lab: RBAC scenarios + etcd backup

MINGGU 9-10: TROUBLESHOOTING (FOKUS!)
├── Node troubleshooting
├── Control plane troubleshooting
├── Pod crash scenarios
├── Networking issues
├── kubelet & container runtime issues
└── Lab: KillerCoda CKA scenarios

MINGGU 11: CLUSTER ADMIN
├── kubeadm cluster upgrade
├── OS maintenance (drain, cordon)
├── Cluster logging & monitoring
├── Backup strategies
└── Lab: Full cluster lifecycle

MINGGU 12: MOCK EXAM & REVIEW
├── KillerCoda mock exam (2 jam, timed)
├── Killer.sh practice (jika langganan)
├── Review semua domain yang lemah
├── Speed drills: imperative commands
└── Rest — jangan belajar H-1 exam!

10. Tips & Tricks Ujian CKA

Tips Saat Ujian

📋 Strategi Ujian CKA

Baca semua soal duluan — Skim semua soal di 5 menit pertama. Kerjakan yang paling mudah duluan.
Flag soal sulit — Skip soal yang sulit, kembali nanti. Jangan habiskan 30 menit di 1 soal.
Gunakan imperative command — Lebih cepat dari menulis YAML manual.
Bookmark docs — Simpan URL halaman docs yang sering dipakai. Saat ujian, langsung buka tanpa search.
Time management — 15-20 soal dalam 120 menit = ~6-8 menit per soal. Jangan lebih.
Copy-paste dari docs — Jangan mengetik manual. Copy spec dari docs, edit sesuai kebutuhan.
Verify setelah selesai — Jalankan kubectl get untuk verify resource sudah benar.
Set alias — Di awal ujian, set alias: alias k=kubectl, export do="--dry-run=client -o yaml"

Bash — Kubectl Shortcuts untuk Ujian

# Set di awal ujian (simpan 5 menit!)
alias k=kubectl
export do="--dry-run=client -o yaml"
alias kgp="kubectl get pods"
alias kgs="kubectl get svc"
alias kgn="kubectl get nodes"

# Generate YAML cepat
k create deploy nginx --image=nginx $do > deploy.yaml
k run pod1 --image=nginx $do > pod.yaml
k expose deploy nginx --port=80 $do > svc.yaml

# Vim settings (jika perlu edit YAML)
# Klik tombol "Settings" di exam environment
# Paste:
set tabstop=2
set shiftwidth=2
set expandtab
set number

# Shortcut generate resource dari existing
k get deploy nginx -o yaml > nginx-deploy.yaml

# Quick edit tanpa generate file
k edit deploy nginx

11. Resources Belajar

Kursus & Video

Resource	Tipe	Harga	Rating
Mumshad Mannambeth — CKA Course (Udemy)	Video course + labs	~$15 (sale)	⭐⭐⭐⭐⭐ Wajib!
Killer.sh	Practice exam environment	$35 (2 session)	⭐⭐⭐⭐⭐ Sangat mirip exam
KillerCoda (kodekloud)	Free practice labs	Gratis	⭐⭐⭐⭐ Bagus untuk latihan
DevOps Toolkit (YouTube)	Video tutorials	Gratis	⭐⭐⭐⭐ Visual explanations
Kubernetes official docs	Dokumentasi	Gratis	⭐⭐⭐⭐⭐ Referensi utama

Practice Labs

Platform	Deskripsi	Harga
Killer.sh	Mock exam paling mirip ujian sesungguhnya	Included di CKA registration (2 session)
KodeKloud CKA Labs	Interactive labs per topik	Included di kursus Udemy
Play with Kubernetes	Free online K8s lab	Gratis
Kind (local cluster)	Run K8s di laptop dengan Docker	Gratis
Minikube	Single-node K8s di laptop	Gratis

Bash — Setup Practice Environment Lokal

# Install Kind (Kubernetes in Docker) — untuk latihan lokal
# Kind memungkinkan kamu buat cluster multi-node di laptop

# Install kind
curl -Lo ./kind https://kind.sigs.k8s.io/dl/v0.23.0/kind-linux-amd64
chmod +x ./kind
sudo mv ./kind /usr/local/bin/kind

# Buat multi-node cluster
cat > kind-config.yaml <<'EOF'
kind: Cluster
apiVersion: kind.x-k8s.io/v1alpha4
nodes:
  - role: control-plane
  - role: worker
  - role: worker
EOF

kind create cluster --config kind-config.yaml --name cka-practice

# Verifikasi
kubectl get nodes
kubectl get pods -A

# Latihan CKA tasks di sini!
# Cluster Kind sangat ringan (berjalan di Docker container)

12. Quiz Pemahaman

Uji pemahaman kamu tentang CKA:

Pertanyaan 1: Berapa passing score untuk ujian CKA?

a) 70%

b) 66%

c) 80%

d) 60%

Pertanyaan 2: Domain mana yang memiliki bobot terbesar di CKA?

a) Networking (20%)

b) Cluster Architecture (25%)

c) Troubleshooting (30%)

d) Storage (10%)

Pertanyaan 3: Yang mana yang BOLEH diakses saat ujian CKA?

a) Google Search

b) Stack Overflow

c) Official Kubernetes documentation (kubernetes.io)

d) ChatGPT

Pertanyaan 4: Command apa yang paling cepat untuk membuat deployment di ujian?

a) Menulis YAML manual lalu kubectl apply

b) kubectl create deployment --image=... --dry-run=client -o yaml

c) Menggunakan Helm chart

d) Menggunakan k9s

Pertanyaan 5: Apa fungsi dari `kubectl drain`?

a) Menghapus node dari cluster

b) Memindahkan semua pod dari node dan mencegah scheduling baru

c) Restart kubelet di node

d) Backup etcd