Skip to content
GitHub

Module 0.4: kubernetes.io Navigation

Hands-On Lab Available
K8s Cluster beginner 20 min
Launch Lab ↗

Opens in Killercoda in a new tab

Complexity: [QUICK] - Know where things are, find them fast

Time to Complete: 20-30 minutes

Prerequisites: None

What You’ll Be Able to Do

Section titled “What You’ll Be Able to Do”

After this module, you will be able to:

  • Navigate kubernetes.io docs to find any resource specification in under 30 seconds
  • Copy working YAML examples from the docs and adapt them to exam scenarios
  • Use the docs search effectively (knowing which keywords work and which waste time)
  • Bookmark the 5-6 most critical doc pages that cover 80% of CKA questions

Why This Module Matters

Section titled “Why This Module Matters”

During the CKA exam, you have access to:

  • kubernetes.io/docs
  • kubernetes.io/blog
  • helm.sh/docs (for Helm)
  • github.com/kubernetes (for reference)

This is open-book. You don’t need to memorize YAML schemas. But if you spend 3 minutes searching for a NetworkPolicy example, you’ve wasted half your question time.

This module teaches you where everything is—so you can find it in seconds.

The Library Analogy

Imagine you need a specific recipe from a library. You could wander the aisles hoping to stumble upon it. Or you could know that cookbooks are in section 641.5, third shelf from the top. The kubernetes.io docs are your library. Wandering wastes time. Knowing the sections—Tasks for how-to, Reference for specs, Concepts for theory—is your Dewey Decimal System. This module gives you the map.

War Story: The Search That Cost 8 Points

A candidate needed a NetworkPolicy example during their CKA. They typed “network policy” in the search bar and got dozens of results. They clicked through Concepts first (wrong—theory, no examples), then a blog post (interesting but not what they needed), then finally found the Tasks page. Total time: 4 minutes. They ran out of time on the last question. Later they learned: Tasks → Administer Cluster → Declare Network Policy. That’s a 15-second lookup if you know the path.

Part 1: Documentation Structure

Section titled “Part 1: Documentation Structure”

The Kubernetes documentation has a predictable structure:

kubernetes.io/docs/
├── concepts/           ← Theory, how things work
├── tasks/              ← Step-by-step HOW-TO guides
├── reference/          ← API specs, kubectl, glossary
└── tutorials/          ← End-to-end walkthroughs

What You’ll Use in the Exam

Section titled “What You’ll Use in the Exam”
SectionUse ForExample
TasksHow to DO something”Configure a Pod to Use a ConfigMap”
ReferenceYAML fields, kubectl flags”kubectl Cheat Sheet”
ConceptsUnderstanding (rarely during exam)“What is a Service?”

Tasks is your primary destination during the exam.

Stop and think: You’re configuring a complex Pod with multiple volume mounts and specific security contexts. You’ve found a basic Pod example in the Tasks section, but it’s missing the security fields. What is the most time-efficient strategy to complete your YAML without getting lost in the documentation?

Part 2: Bookmark These URLs

Section titled “Part 2: Bookmark These URLs”

These are the pages you’ll visit most. Bookmark them now.

Must-Have Bookmarks

Section titled “Must-Have Bookmarks”
TopicURL
kubectl Cheat Sheethttps://kubernetes.io/docs/reference/kubectl/cheatsheet/
Tasks (main page)https://kubernetes.io/docs/tasks/
Workloadshttps://kubernetes.io/docs/concepts/workloads/
Networkinghttps://kubernetes.io/docs/concepts/services-networking/
Storagehttps://kubernetes.io/docs/concepts/storage/
Configurationhttps://kubernetes.io/docs/concepts/configuration/

High-Value Task Pages

Section titled “High-Value Task Pages”
NeedGo To
Create ConfigMapTasks → Configure Pods → Configure ConfigMaps
Create SecretTasks → Configure Pods → Secrets
Create PVCTasks → Configure Pods → Configure PersistentVolumeClaim
NetworkPolicyTasks → Administer Cluster → Network Policies
RBACTasks → Administer Cluster → Using RBAC Authorization
IngressTasks → Access Applications → Set Up Ingress
HPATasks → Run Applications → Horizontal Pod Autoscale

New in 2025 - Know These

Section titled “New in 2025 - Know These”
TopicURL
Gateway APIhttps://kubernetes.io/docs/concepts/services-networking/gateway/
Helmhttps://helm.sh/docs/
Kustomizehttps://kubernetes.io/docs/tasks/manage-kubernetes-objects/kustomization/

Part 3: Search Strategy

Section titled “Part 3: Search Strategy”

The built-in search works, but it’s often faster to know where things are.

Section titled “Strategy 1: Use the Search Bar”
  1. Press / or click the search icon
  2. Type keywords: “networkpolicy example”
  3. Look for Tasks results first

Strategy 2: Go Directly to Tasks

Section titled “Strategy 2: Go Directly to Tasks”

Most exam answers are in Tasks:

kubernetes.io/docs/tasks/
├── Administer a Cluster/
│   ├── Network Policies
│   ├── Using RBAC Authorization
│   └── Manage Resources
├── Configure Pods and Containers/
│   ├── Configure a Pod to Use a ConfigMap
│   ├── Configure a Pod to Use a Secret
│   └── Configure a Pod to Use a PersistentVolume
├── Access Applications in a Cluster/
│   └── Set up Ingress on Minikube with NGINX
└── Run Applications/
    └── Horizontal Pod Autoscaling

Strategy 3: kubectl explain

Section titled “Strategy 3: kubectl explain”

Faster than any website:

Terminal window
# See available fields for a resource
k explain pod.spec.containers


# Go deeper
k explain pod.spec.containers.resources
k explain pod.spec.containers.volumeMounts


# See all fields at once
k explain pod --recursive | grep -A5 "containers"

This works offline and shows exactly what fields are available.

Part 4: Finding YAML Examples

Section titled “Part 4: Finding YAML Examples”

Pause and predict: You search for “ingress” on kubernetes.io and the first result is a Concepts page explaining how Ingress controllers work. If you click it and scroll to the bottom, what type of content are you most likely to find, and how should that influence your next click?

Pattern: Every Task Has Examples

Section titled “Pattern: Every Task Has Examples”

When you find a task page, scroll down. There’s almost always a copyable YAML example.

Example: “Configure a Pod to Use a ConfigMap”

  • Scroll to “Define container environment variables using ConfigMap data”
  • Copy the YAML
  • Modify for your needs

Pattern: Look for “What’s next” Section

Section titled “Pattern: Look for “What’s next” Section”

At the bottom of pages, “What’s next” links to related tasks. If you’re close but not quite right, check these links.

Pattern: API Reference for Field Details

Section titled “Pattern: API Reference for Field Details”

Need to know all PVC accessModes?

kubernetes.io/docs/reference/kubernetes-api/
├── Workload Resources/
├── Service Resources/
├── Config and Storage Resources/
│   └── PersistentVolumeClaim
└── ...

Or faster:

Terminal window
k explain pvc.spec.accessModes

Part 5: Quick Reference Locations

Section titled “Part 5: Quick Reference Locations”

NetworkPolicy

Section titled “NetworkPolicy”

Location: Tasks → Administer a Cluster → Declare Network Policy

Direct URL: https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/

Key Example:

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: test-network-policy
  namespace: default
spec:
  podSelector:
    matchLabels:
      role: db
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - podSelector:
        matchLabels:
          role: frontend
    ports:
    - protocol: TCP
      port: 6379

PersistentVolumeClaim

Section titled “PersistentVolumeClaim”

Location: Tasks → Configure Pods → Configure a Pod to Use a PersistentVolumeClaim

Key Example:

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi

RBAC (Role + RoleBinding)

Section titled “RBAC (Role + RoleBinding)”

Location: Tasks → Administer a Cluster → Using RBAC Authorization

Key Example:

apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: default
  name: pod-reader
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["get", "watch", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-pods
  namespace: default
subjects:
- kind: User
  name: jane
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: pod-reader
  apiGroup: rbac.authorization.k8s.io

Ingress

Section titled “Ingress”

Location: Concepts → Services, Load Balancing → Ingress

Key Example:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: minimal-ingress
spec:
  rules:
  - host: example.com
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: my-service
            port:
              number: 80

Gateway API (New in 2025)

Section titled “Gateway API (New in 2025)”

Location: Concepts → Services, Load Balancing → Gateway API

Key Example:

apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: http-route
spec:
  parentRefs:
  - name: my-gateway
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /app
    backendRefs:
    - name: my-service
      port: 80

Part 6: Speed Drills

Section titled “Part 6: Speed Drills”

Practice finding these as fast as possible:

Drill 1: Find NetworkPolicy Example (Target: <30 seconds)

Section titled “Drill 1: Find NetworkPolicy Example (Target: <30 seconds)”
  1. Go to kubernetes.io
  2. Search “network policy”
  3. Click first Tasks result
  4. Scroll to YAML example

Drill 2: Find PVC Access Modes (Target: <20 seconds)

Section titled “Drill 2: Find PVC Access Modes (Target: <20 seconds)”
Terminal window
k explain pvc.spec.accessModes

Or search “PVC accessModes”

Drill 3: Find RBAC Role Example (Target: <30 seconds)

Section titled “Drill 3: Find RBAC Role Example (Target: <30 seconds)”
  1. Search “RBAC”
  2. Click “Using RBAC Authorization”
  3. Find “Role example”

Drill 4: Find Helm Install Syntax (Target: <30 seconds)

Section titled “Drill 4: Find Helm Install Syntax (Target: <30 seconds)”
  1. Go to helm.sh/docs
  2. Search “install”
  3. Find helm install command reference

Did You Know?

Section titled “Did You Know?”

  • The exam browser has limited tabs. You can’t open 20 tabs like normal browsing. Learn to navigate efficiently with fewer tabs.

  • kubernetes.io search is decent but not great. Sometimes Google would be better, but you can’t use it in the exam. Practice using the native search.

  • kubectl explain doesn’t need internet. It reads from your cluster’s API server. This is often faster than searching documentation.

  • Blog posts are allowed (kubernetes.io/blog). Some complex topics have excellent blog explanations. But Tasks is usually faster for “how do I do X.”

Common Mistakes

Section titled “Common Mistakes”
MistakeProblemSolution
Searching too broadlyToo many resultsUse specific terms: “networkpolicy ingress example”
Reading concepts during examWastes timeGo straight to Tasks
Memorizing YAMLUnnecessaryKnow WHERE to find examples
Not using kubectl explainSlowk explain is instant
Opening too many tabsBrowser slows downClose tabs you’re done with

Quiz

Section titled “Quiz”

  1. Scenario: You are 15 minutes into the exam and need to configure a Pod to use a PersistentVolumeClaim. You remember seeing a page about this, but you can’t remember the exact YAML structure for the volumes array. You open the kubernetes.io search bar. How do you quickly locate the exact YAML snippet you need without reading through conceptual explanations?

    Answer You should search for "Configure a Pod to Use a PersistentVolumeClaim" and specifically look for a result under the **Tasks** section, bypassing any **Concepts** or **Reference** results. The Tasks section is designed as a collection of how-to guides that almost always include copy-pasteable YAML examples. By prioritizing Tasks, you avoid wasting time reading architectural theory and immediately get a working template that you can adapt for your specific exam question.

  2. Scenario: You are tasked with creating a NetworkPolicy that denies all ingress traffic except from a specific namespace. You found a YAML example in the docs, but it uses podSelector instead of namespaceSelector. You need to know the exact syntax for namespaceSelector. What is the fastest method to discover this specific field’s syntax without returning to the web browser?

    Answer The fastest method is to use the command line tool directly by running `kubectl explain networkpolicy.spec.ingress.from.namespaceSelector`. During the exam, switching context back to the browser and searching through API reference pages can be slow and distracting. The `kubectl explain` command queries the cluster's OpenAPI schema directly, providing you with instant, offline documentation for the exact structure and fields available. This approach keeps your hands on the keyboard and your focus on the terminal, saving you precious minutes.

  3. Scenario: You are answering a question that requires deploying a Gateway API HTTPRoute. You type “HTTPRoute” into the kubernetes.io search bar, but the results are overwhelming and mostly point to blog posts from 2022. Knowing the structure of the documentation, where should you manually navigate to find the authoritative example?

    Answer You should navigate to the **Concepts → Services, Load Balancing → Gateway API** section of the documentation. While the Tasks section is generally best for examples, newer APIs or heavily architectural features sometimes have their primary examples embedded in the Concepts pages where they are introduced. Knowing the documentation tree allows you to bypass a failing search function and go directly to the networking section where the Gateway API is housed. This ensures you find up-to-date, exam-valid YAML without relying on unpredictable keyword matching.

  4. Scenario: While troubleshooting a failing Deployment, you realize you need to add an initContainer to delay startup. You have the main Deployment YAML ready but need the initContainers array structure. You run kubectl explain deployment.spec.template.spec.initContainers, but the output scrolls off your terminal screen, making it hard to read. How do you efficiently extract just the fields you need?

    Answer You should pipe the output of the explain command to a pager like `less` or use `grep`, for example: `kubectl explain pod.spec.initContainers | grep -A 5 volumeMounts`. The exam terminal can be restrictive, and scrolling back through hundreds of lines of API documentation is inefficient and prone to user error. Using standard Linux text manipulation tools with `kubectl explain` allows you to control the output and read the definitions at your own pace. This technique helps you quickly identify the required fields without getting overwhelmed by the sheer volume of API information.

Hands-On Exercise

Section titled “Hands-On Exercise”

Task: Practice finding documentation quickly.

Timed Challenges (use a stopwatch):

  1. Find ConfigMap example (Target: <30 sec)

    • Find a complete ConfigMap YAML in the docs

  2. Find Secret from file example (Target: <45 sec)

    • Find how to create a Secret from a file

  3. Find all PVC accessModes (Target: <15 sec)

    • Use kubectl explain

  4. Find HPA example (Target: <45 sec)

    • Find a complete HorizontalPodAutoscaler YAML

  5. Find Helm upgrade command (Target: <30 sec)

    • Find the helm upgrade documentation

Success Criteria:

  • Can find ConfigMap task page in <30 seconds
  • Can find any YAML example in <1 minute
  • Know how to use kubectl explain
  • Know the difference between Tasks and Concepts

Practice Drills

Section titled “Practice Drills”

Drill 1: Documentation Race (Target times provided)

Section titled “Drill 1: Documentation Race (Target times provided)”

Open kubernetes.io and race to find these. Use a stopwatch.

TaskTarget Time
Find NetworkPolicy YAML example< 30 sec
Find PVC with ReadWriteMany example< 45 sec
Find RBAC RoleBinding example< 30 sec
Find Ingress with TLS example< 45 sec
Find HorizontalPodAutoscaler example< 45 sec
Find Job with backoffLimit example< 30 sec

Record your times. Repeat until you beat all targets.

Drill 2: kubectl explain Mastery (Target: 2 minutes total)

Section titled “Drill 2: kubectl explain Mastery (Target: 2 minutes total)”

Without using the web, find these using only kubectl explain:

Terminal window
# 1. What fields does a Pod spec have?
kubectl explain pod.spec | head -30


# 2. What are valid values for PVC accessModes?
kubectl explain pvc.spec.accessModes


# 3. What fields does a container have for health checks?
kubectl explain pod.spec.containers.livenessProbe


# 4. What's the structure of a NetworkPolicy spec?
kubectl explain networkpolicy.spec


# 5. How do you specify resource limits?
kubectl explain pod.spec.containers.resources

Drill 3: Find and Apply (Target: 5 minutes)

Section titled “Drill 3: Find and Apply (Target: 5 minutes)”

Using ONLY kubernetes.io docs, find examples and create:

Terminal window
# 1. Find a ConfigMap example and create one
# kubernetes.io → Tasks → Configure Pods → ConfigMaps


# 2. Find a Secret example and create one
# kubernetes.io → Tasks → Configure Pods → Secrets


# 3. Find a NetworkPolicy example and create one
# kubernetes.io → Tasks → Administer Cluster → Network Policies


# Verify all three exist
kubectl get cm,secret,netpol


# Cleanup
kubectl delete cm --all
kubectl delete secret --all  # careful: leaves default secrets
kubectl delete netpol --all

Drill 4: Helm Documentation Hunt (Target: 3 minutes)

Section titled “Drill 4: Helm Documentation Hunt (Target: 3 minutes)”

Find these on helm.sh/docs:

Terminal window
# 1. How do you install a chart from a repo?
# Answer: helm install [RELEASE] [CHART]


# 2. How do you see values available for a chart?
# Answer: helm show values [CHART]


# 3. How do you rollback to a previous release?
# Answer: helm rollback [RELEASE] [REVISION]


# 4. How do you list all releases?
# Answer: helm list


# 5. How do you upgrade with new values?
# Answer: helm upgrade [RELEASE] [CHART] -f values.yaml

Drill 5: Gateway API Deep Dive (Target: 5 minutes)

Section titled “Drill 5: Gateway API Deep Dive (Target: 5 minutes)”

Gateway API is new to CKA 2025. Find these in the docs:

Terminal window
# 1. Find the HTTPRoute example
# kubernetes.io → Concepts → Services → Gateway API


# 2. Find what parentRefs means in HTTPRoute
kubectl explain httproute.spec.parentRefs  # If Gateway API CRDs installed


# 3. Find the difference between Gateway and HTTPRoute
# Gateway = infrastructure (like LoadBalancer)
# HTTPRoute = routing rules (like Ingress rules)

Drill 6: Troubleshooting - Wrong Documentation

Section titled “Drill 6: Troubleshooting - Wrong Documentation”

Scenario: You found what looks like the right YAML but it doesn’t work.

Terminal window
# You found this "Ingress" example but it fails
cat << 'EOF' > wrong-ingress.yaml
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: test-ingress
spec:
  backend:
    serviceName: testsvc
    servicePort: 80
EOF


kubectl apply -f wrong-ingress.yaml
# ERROR: no matches for kind "Ingress" in version "extensions/v1beta1"


# YOUR TASK: Find the CORRECT API version in current docs
# Hint: The docs example is outdated. Find current version.
Solution

The old extensions/v1beta1 API was deprecated. Current version:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
spec:
  defaultBackend:
    service:
      name: testsvc
      port:
        number: 80

Lesson: Always check the apiVersion in docs matches your cluster version. Use kubectl api-resources | grep ingress to see available versions.

Drill 7: Speed Documentation Challenge

Section titled “Drill 7: Speed Documentation Challenge”

Set a 10-minute timer. Complete as many as possible:

  1. Create a Pod with resource limits (find in docs)
  2. Create a Deployment with 3 replicas (find in docs)
  3. Create a Service type LoadBalancer (find in docs)
  4. Create a ConfigMap from a file (find in docs)
  5. Create a PVC with 1Gi storage (find in docs)
  6. Create a Job that runs once (find in docs)
  7. Create a CronJob running every minute (find in docs)
  8. Create a NetworkPolicy allowing only port 80 (find in docs)
Terminal window
# Validate each one works
kubectl apply -f <file> --dry-run=client

Score: How many did you complete in 10 minutes?

  • 8: Excellent - exam ready
  • 6-7: Good - keep practicing
  • 4-5: Needs work - repeat drill daily
  • <4: Review documentation structure again

Next Module

Section titled “Next Module”

Module 0.5: Exam Strategy - Three-Pass Method - The strategy that maximizes your score.