CKA · topic practice

Cluster Architecture, Installation & Configuration practice questions

Practise Certified Kubernetes Administrator CKA Cluster Architecture, Installation & Configuration practice questions — original exam-style scenarios with answer choices, explanations, and analysis of common mistakes.

Courseiva uses original exam-style practice questions designed for learning and revision. The goal is to understand the concepts, recognise exam patterns, and improve through explanations — not memorise copied exam dumps.

Reviewed byJohnson Ajibi· MSc IT Security
20 questionsDomain: Cluster Architecture, Installation & Configuration

What the exam tests

What to know about Cluster Architecture, Installation & Configuration

Cluster Architecture, Installation & Configuration questions test whether you can apply the concept in context, not just recognise a definition.

How the topic appears in realistic exam-style scenarios.

Which detail in the question changes the correct answer.

How to eliminate plausible but wrong options.

How to connect the question back to the wider exam objective.

Watch out for

Common Cluster Architecture, Installation & Configuration exam traps

  • Answering from memory before reading the full scenario.
  • Missing a constraint such as cost, availability, security, scope or command context.
  • Choosing a broad answer when the question asks for the most specific fix.
  • Ignoring why the wrong options are tempting.

Practice set

Cluster Architecture, Installation & Configuration questions

20 questions · select your answer, then reveal the explanation

A company wants to install Kubernetes on a set of bare-metal servers with no existing orchestration tools. They need a solution that supports high availability for the control plane and uses etcd operators for cluster management. Which tool should they use?

A DevOps engineer notices that the kubelet on a node is unable to register with the Kubernetes API server. The kubelet logs show 'Failed to get bootstrap CA certificate' and the node is not yet part of the cluster. What is the most likely cause?

An administrator needs to upgrade the kube-apiserver on a control plane node from version 1.22.0 to 1.23.0. Which of the following is the correct order of steps?

A Kubernetes cluster has been running for months. Recently, some pods are reporting 'FailedScheduling' due to insufficient memory. The administrator wants to add a new node with 32GB RAM. However, after joining the node, the new node shows 'NotReady' and the kubelet logs indicate 'Failed to update node status: context deadline exceeded'. What is the most likely cause?

A cluster administrator has configured a PodSecurityPolicy (PSP) that requires all pods to run with read-only root filesystem. However, a newly deployed pod is failing to start with the error 'container has runAsNonRoot and image will run as root'. The PSP is designed to prevent running as root. What is the most likely cause?

An administrator is tasked with setting up a new Kubernetes cluster using kubeadm. They have two nodes: one control plane and one worker. After initializing the control plane with 'kubeadm init', the worker node fails to join with the error 'error execution phase preflight: [preflight] Some fatal errors occurred: [ERROR CRI]: container runtime is not running'. What should the administrator check first?

A team is configuring etcd for a multi-node Kubernetes cluster. They want to ensure that etcd data is encrypted at rest. Which approach should they use?

A cluster is running on a cloud provider that supports load balancers. An administrator needs to expose a service externally using a cloud load balancer. However, the service remains in 'Pending' state. The cloud provider requires the cluster to be configured with the correct cloud provider flag. Which kube-controller-manager flag is required for this integration?

During a 'kubeadm init', the administrator sees the message 'Your Kubernetes control-plane has been initialized successfully!' but the 'kubectl get nodes' shows the control plane node as 'NotReady'. What is the most likely missing step?

Which TWO of the following are valid commands to upgrade a kubeadm cluster from version 1.22.x to 1.23.x on the control plane node? Assume the node is already drained.

A cluster uses etcd with TLS encryption. Which THREE of the following are valid etcd client certificate authentication flags?

Which TWO of the following are valid methods to configure the kubelet's node IP address?

Which THREE of the following are valid steps to enable audit logging in a Kubernetes cluster?

A user tries to create a pod with the YAML file that requests 2 CPUs as a limit. The cluster has a ResourceQuota named 'compute-quota' with limits.cpu: 2. The user sees the above error. What is the likely issue?

Exhibit

Refer to the exhibit.

Error from server: error when creating "pod.yaml": pods "my-pod" is forbidden: exceeded quota: compute-quota, requested: limits.cpu=2, used: limits.cpu=1, limited: limits.cpu=2

An administrator runs 'kubeadm init' on a machine that previously had a Kubernetes cluster. The command fails with the above errors. What is the best course of action?

Network Topology
$ kubeadm initpod-network-cidr=10.244.0.0/16apiserver-advertise-address=192.168.1.10[ERROR FileAvailableetc-kubernetes-manifests-kube-apiserver.yaml]: /etc/kubernetes/manifests/kube-apiserver.yaml already existsRefer to the exhibit.[init] Using Kubernetes version: v1.23.0[preflight] Running pre-flight checks[preflight] Some fatal errors occurred:

You are a cluster administrator managing a multi-node Kubernetes cluster version 1.22. The cluster runs critical applications in the 'production' namespace. You have been asked to upgrade the control plane node to version 1.23 while minimizing downtime. The cluster uses a single control plane node (not HA). You have already backed up etcd and verified the backup is valid. You have also reviewed the upgrade notes and there are no breaking changes that affect your workloads.

You have drained the control plane node and ensured all pods are evicted. The node is now in 'Ready,SchedulingDisabled' state. You then run 'kubeadm upgrade plan' and see that upgrade to v1.23.0 is available. Next, you run 'kubeadm upgrade apply v1.23.0'. The command completes successfully. However, when you try to uncordon the node with 'kubectl uncordon <node>', you get an error: 'error: unable to update node: the object has been modified; please apply your changes to the latest version and try again'. What is the most likely cause and the correct next step?

A Kubernetes cluster has three control plane nodes and five worker nodes. The kube-apiserver is failing to start on one control plane node with the error 'etcdserver: request timed out'. The etcd cluster is healthy with three members. Which of the following is the most likely cause?

Question 18easymultiple choice
Review the full subnetting walkthrough →

An administrator needs to initialize a new Kubernetes control plane node using kubeadm. Which of the following is the correct command to initialize the control plane with a specific pod network CIDR of 10.244.0.0/16?

Which TWO of the following are valid methods to add a worker node to an existing Kubernetes cluster that was initialized with kubeadm?

Based on the exhibit, what is the most likely cause of the worker2 node being NotReady?

Exhibit

Refer to the exhibit.
```
$ kubectl get nodes
NAME           STATUS   ROLES    AGE   VERSION
controlplane   Ready    master   10d   v1.25.0
worker1        Ready    <none>   10d   v1.25.0
worker2        NotReady <none>   10d   v1.25.0

$ kubectl describe node worker2 | grep -i condition
Conditions:
  Type                 Status  LastHeartbeatTime                 LastTransitionTime                Reason                       Message
  ----                 ------  -----------------                 ------------------                ------                       -------
  NetworkUnavailable   False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   CalicoIsUp                   Calico is running on this node
  MemoryPressure       False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   KubeletHasSufficientMemory   kubelet has sufficient memory available
  DiskPressure         False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   KubeletHasNoDiskPressure     kubelet has no disk pressure
  PIDPressure          False   Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   KubeletHasSufficientPID      kubelet has sufficient PID available
  Ready                Unknown Thu, 01 Jan 2023 00:00:00 +0000   Thu, 01 Jan 2023 00:00:00 +0000   NodeStatusUnknown            Kubelet stopped posting node status.
```

Free account

Track your progress over time

Create a free account to save your results and see which topics improve across sessions.

Focused Cluster Architecture, Installation & Configuration sessions

Start a Cluster Architecture, Installation & Configuration only practice session

Every question in these sessions is drawn from the Cluster Architecture, Installation & Configuration domain — nothing else.

Related practice questions

Related CKA topic practice pages

Move into related areas when this topic feels solid.

Frequently asked questions

What does the CKA exam test about Cluster Architecture, Installation & Configuration?
Cluster Architecture, Installation & Configuration questions test whether you can apply the concept in context, not just recognise a definition.
How should I use these practice questions?
Select your answer before revealing the explanation. Then read why each option is right or wrong — this active recall approach builds retention far faster than re-reading notes.
Can I practise just Cluster Architecture, Installation & Configuration questions in a focused session?
Yes — the session launcher on this page draws every question from the Cluster Architecture, Installation & Configuration domain. Use a 10-question session first to gauge your baseline, then move to 20 or 30 once the weak spots are clear.
Where can I practise other CKA topics?
Use the topic links above to move to related areas, or go back to the CKA question bank to see all topics.
Are these real exam questions or dumps?
These are original practice questions written to test the same concepts the CKA exam covers. They are not copied from any real exam or dump site.