nerdexam
ExamsCKSQuestions#57
Linux_FoundationLinux_Foundation

CKS · Question #57

CKS Question #57: Real Exam Question with Answer & Explanation

This scenario tests your understanding of how to use the kubeadm-generated admin kubeconfig file to maintain or restore cluster access when normal authentication mechanisms may be disrupted. The /etc/kubernetes/admin.conf file provides certificate-based cluster-admin access indep

Submitted by obi.ng· May 4, 2026Cluster Hardening

Question

You can use the cluster's original `kubectl` configuration file `/etc/kubernetes/admin.conf`, located on the cluster's master node, to ensure that authenticated and authorized requests are still allowed.

Explanation

This scenario tests your understanding of how to use the kubeadm-generated admin kubeconfig file to maintain or restore cluster access when normal authentication mechanisms may be disrupted. The /etc/kubernetes/admin.conf file provides certificate-based cluster-admin access independent of RBAC or other auth configurations.

Approach. The file /etc/kubernetes/admin.conf is generated by kubeadm during cluster initialization and contains the cluster CA certificate, the admin client certificate, and the admin client private key - all embedded or referenced within it. Because it uses TLS client certificate authentication (not token-based or OIDC), it bypasses RBAC webhook misconfigurations or broken authenticator plugins and directly authenticates as kubernetes-admin with cluster-admin ClusterRole binding. To use it, either run kubectl --kubeconfig=/etc/kubernetes/admin.conf <command> directly on the master node, or export KUBECONFIG=/etc/kubernetes/admin.conf in your shell session. This is the standard recovery path in CKA scenarios where you need to verify the API server is still responding to legitimate requests after modifying authentication or authorization configuration.

Concept tested. Kubernetes cluster administration and recovery - specifically, understanding the role of /etc/kubernetes/admin.conf as the bootstrap admin kubeconfig (created by kubeadm), how to specify an alternate kubeconfig with --kubeconfig or $KUBECONFIG, and why certificate-based admin credentials remain valid even when RBAC or other auth mechanisms are misconfigured.

Reference. Kubernetes docs: Organizing Cluster Access Using kubeconfig Files - https://kubernetes.io/docs/concepts/configuration/organize-cluster-access-kubeconfig/

Topics

#kubectl configuration#admin.conf#Authentication#Authorization

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CKS PracticeBrowse All CKS Questions