Last active August 15, 2024 16:04
K8s bookmarks for CKA, CKAD and CKS exams
<DT><H3 ADD_DATE="1627387551" LAST_MODIFIED="1627387551">K8S-BMKS</H3>
<DT><A HREF="" ADD_DATE="1627387551" ICON="">START: cheatSheet: useful commands</A>
<DT><A HREF="" ADD_DATE="1627387551">-------------------- YAML -------------------</A>
<DT><A HREF="" ADD_DATE="1627387551">AUDITPOLICY: auditPolicy spec</A>
<DT><A HREF="" ADD_DATE="1627387551">CRONJOB: cronjbo spec</A>
<DT><A HREF="" ADD_DATE="1627387551">DEPLOY: sample nginx deployment spec</A>
<DT><A HREF="" ADD_DATE="1627387551">INGRESS: ingress spec</A>
<DT><A HREF="" ADD_DATE="1627387551">NETWORKPOLICY: spec</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: configMap as env</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: env as configMapRef [all values]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: env as configMapKeyRef [single value]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: inline environmental variables</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: livenessProbe [command]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: livenessProbe [http]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: imagePullSecrets</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: nodeAffinity</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: nodeSelector</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: command and args</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: env from secretRef</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: projected volume [sa token]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: persistentVolumeClaim</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: tolerations</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: volume mount [emptyDir]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: volume mount [hostPath]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: securityContext [basic config]</A>
<DT><A HREF="" ADD_DATE="1627387551">PV: pv spec</A>
<DT><A HREF="" ADD_DATE="1627387551">PVC: pvc spec</A>
<DT><A HREF="" ADD_DATE="1627387551">RUNTIME-CLASS: spec</A>
<DT><A HREF="" ADD_DATE="1627387551">SERVICE: nodePort</A>
<DT><A HREF="" ADD_DATE="1627387551">SERVICE: loadBlancer</A>
<DT><A HREF="" ADD_DATE="1627387551">---------------- TASKS ----------------</A>
<DT><A HREF="" ADD_DATE="1627387551">ADMISSION-CONTROLLER: configure ImagePolicyWebhook </A>
<DT><A HREF="" ADD_DATE="1627387551">CLUSTER: installation</A>
<DT><A HREF="" ADD_DATE="1627387551">CLUSTER: upgrade</A>
<DT><A HREF="" ADD_DATE="1627387551">CSR: create and execute</A>
<DT><A HREF="" ADD_DATE="1627387551">DASHBOARD: deploy dashboard</A>
<DT><A HREF="" ADD_DATE="1627387551">DEPLOY: update deployment and set new image</A>
<DT><A HREF="" ADD_DATE="1627387551">DNS: debug DNS</A>
<DT><A HREF="" ADD_DATE="1627387551">DNS: test resolution</A>
<DT><A HREF="" ADD_DATE="1627387551">ETCD: create backup</A>
<DT><A HREF="" ADD_DATE="1627387551">KUBELET: config options</A>
<DT><A HREF="" ADD_DATE="1627387551">KUBE-API: admissionPlugins [default admission plugins]</A>
<DT><A HREF="" ADD_DATE="1627387551">NETPOL: limit ingress</A>
<DT><A HREF="" ADD_DATE="1627387551">NETPOL: namespace selector</A>
<DT><A HREF="" ADD_DATE="1627387551">NODE: taint node to be unschedulable</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: configure pulling images from private repository</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: configure resources limits</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: configure sidecar container with logging agent</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: configure initContainer</A>
<DT><A HREF="" ADD_DATE="1627387551">ROLE: create via YAML</A>
<DT><A HREF="" ADD_DATE="1627387551">ROLE: create imperatively</A>
<DT><A HREF="" ADD_DATE="1627387551">ROLEBINDING: create imperatively</A>
<DT><A HREF="" ADD_DATE="1627387551">ROLEBINGIND: creating declaratively</A>
<DT><A HREF="" ADD_DATE="1627387551">SECRET: decode secret values</A>
<DT><A HREF="" ADD_DATE="1627387551">---------------- CKS ONLY ----------------</A>
<DT><A HREF="" ADD_DATE="1627387551">APPARMOR: Documentation</A>
<DT><A HREF="" ADD_DATE="1627387551">APPARMOR: restrict a container&#39;s access</A>
<DT><A HREF="" ADD_DATE="1627387551">AUDITPOLICY: implement audit policy</A>
<DT><A HREF="" ADD_DATE="1627387551">FALCO: output fields</A>
<DT><A HREF="" ADD_DATE="1627387551">FALCO: default rules</A>
<DT><A HREF="" ADD_DATE="1627387551">KUBELET: enable certificates Rotation for the Kubelet </A>
<DT><A HREF="" ADD_DATE="1627387551">PSP: podSecurityPolicy resource</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: securityContext [capabilities]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: securityContext [container level add capabilities]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: securityContext [container level runAs]</A>
<DT><A HREF="" ADD_DATE="1627387551">POD: securityContext [pod level runAs]</A>
<DT><A HREF="" ADD_DATE="1627387551">RUNTIMECLASS: usage</A>
<DT><A HREF="" ADD_DATE="1627387551">SECCOMP: seccompProfile [restrict pod]</A>
<DT><A HREF="" ADD_DATE="1627387551">SYSDIG: documentation</A>
<DT><A HREF="" ADD_DATE="1627387551">TRIVY: documentation</A>
just wanted to say thank you these links, I'm prepping for my CKA and these are a lifesaver. Quick comment though; your cronjob link goes to a pv-claim.yaml sample instead of a cronjob sample. Thanks again!

Thank you for the catch, I've updated the gist. It's great to hear that you find it useful, I use it almost daily and of course during the exams. Good luck with the CKA!

Thanks for bookmarks.
I have one doubt after reading official exam docs:

What resources am I allowed to access during my exam?
During the CKA & CKAD exam, candidates may:
review the Exam content instructions that are presented in the command line terminal
review Documents installed by the distribution (i.e. /usr/share and its subdirectories)
use their Chrome or Chromium browser to open one additional tab in order to access assets at:,, and their subdomains. This includes all available language translations of these pages (e.g.
No other tabs may be opened and no other sites may be navigated to (including

a lot of links in bookmarks are pointed to are you sure that is allowed and doesn't cause any penalties during exam?

I have used the bookmarks even recently in CKS exam without a problem. If you look at the “Resources allowed” section (, it states that you can use the Kubernetes Github domain and its subdomains.

Use nslookup on and and you will see that they resolve to the same IPs (A record), is a subdomain and is an alias.

Torkolis commented Nov 30, 2023

Can somebody explain to me how I can add the bookmarks to the browser I will be using during the exam?
"Ressources Allowed" says that I will be able to:

  • use the browser within the VM to access the following documentation

but I will only gain access to that browser once the exam starts and I did the whole check in process. So how do I add the bookmarks to that browser beforehand? I mean once the exam starts it is too late already, because I am not allowed to take any notes or anything so also no textfiles containing the bookmarks which I could import.... I am so confused...

Looks like the exam environment changed, previously it was possible to use a browser on the host machine to access web pages from the allowed section. In June 2022 the info on the page still stated that it's possible to use your host machine browser., so it looks to be a relatively recent change in the exam process.

I'm leaving the gist as is, but for whoever stumbles upon this in the future.


I'ts not possible to use host browser any longer and import the bookmarks.

