CKAD Certification: The Comprehensive Guide for Future CKADs

This CKAD Exam study guide will help you prepare for the CKAD Certification exam with all the required resources. CKAD is one of the best Kubernetes certifications focused on the development aspects of Kubernetes.

In this article, I will go through all the resources that can help you prepare for the CKAD exam. I will also be sharing many tips that helped me pass the CKAD exam with a near-perfect score of 96 out of 100.

Note: All the authors of this blog are CKAD certified.

What is the Certified Kubernetes Application Developer (CKAD) exam?

The official CNCF certification page says:

A Certified Kubernetes Application Developer can define application resources and use core primitives to build, monitor, and troubleshoot scalable applications and tools in Kubernetes.

Certified Kubernetes Application Developer (CKAD) is one of the highest in-demand certifications in the industry right now. It is aimed at engineers interested in the design, development, build & management of applications on Kubernetes. So if you are someone who works on the development aspects of Kubernetes, this certification is for you.

The purpose of the Certified Kubernetes Application Developer (CKAD) program is to assure that CKADs have the skills, knowledge, and competency to perform the responsibilities of Kubernetes application developers.

Register for the CKAD Certification [Save 30% Today]

To begin your journey of becoming a Certified Kubernetes Application Developer (CKAD) – start by registering for the CKAD exam on the Linux Foundation portal. When you register you get free access to two sessions of killer.sh CKAD practice exams that will help you clear the CKAD exam.

Note: Save 30% today on CKAD certification using the Voucher code given below. This offer expires soon.

Code: Use coupon 30COMTECHIES at checkout

If you are planning for all the Kubernetes certifications, You can choose the CKA + CKAD + CKS bundle to save up to $528 using code 30COMTECHIES.

Here are some things to keep in mind regarding the exam.

1. The CKAD certification exam is to be taken online, and it is proctored remotely.
2. A score of 66% or above must be earned to pass.
3. Certifications are valid for two years.
4. After registration, you get one year to schedule the exam.
5. After registration, you get a maximum of 2 attempts to take the test. If you miss a scheduled exam for any reason – your second attempt gets nullified.
6. Free access to killer.sh for the CKAD practice exam.

Note: You can always check the latest Kubernetes Certification Voucher Codes to save costs on the CKA, CKAD, and CKS certification registration

Certified Kubernetes Application Developer (CKAD) Exam Preparation Guide

This section will go over the complete resources and official CKAD kubernetes documentation pages that can help you prepare for the exam better.

CKAD Exam prerequisites

CKAD does not require any candidate to have any other certification before appearing for the CKAD exam. The only thing required to clear the exam is practice, practice, and practice.

CKAD Exam details

Exam Duration	2 hours
Pass Percentage	66%
CKAD Exam Kubernetes Version	Kubernetes v1.30
CKAD Validity	2 Years
Exam Cost	$395 USD

CKAD exam is an open book exam i.e. you can use the following websites while you are taking the exam (Resources Allowed):-

1. https://kubernetes.io/docs/
2. https://github.com/kubernetes/
3. https://kubernetes.io/blog/ and their subdomains. This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)

The online proctored exam is taken on PSI’s Proctoring Platform “Bridge”, using the PSI Secure Browser (a web browser created to guarantee a secure exam delivery over a virtual connection). Read more about the system and testing environment requirements.

The remote desktop is configured with all the tools and software needed to complete the tasks. This includes:

1. Terminal Emulator
2. Firefox browser to access “Resources Allowed”
3. Virtual Keyboard

Read more about the CKAD Exam user interface here.

CKAD Exam Syllabus

The following are the domains and competencies part of the CKAD syllabus along with their respective topics and weightage.

Topic	Concepts	Weightage
Application Design and Build	1. Define, build, and modify container images 2. Understand Jobs and CronJobs 3. Understand multi-container Pod design patterns (e.g. sidecar, init, and others) 4. Utilize persistent and ephemeral volumes	20 %
Application Environment, Configuration, and Security	1. Discover and use resources that extend Kubernetes (CRD) 2. Understand authentication, authorization, and admission control 3. Understanding and defining resource requirements, limits, and quotas 4. Understand ConfigMaps 5. Create & consume Secrets 6. Understand ServiceAccounts 7. Understand SecurityContexts	25%
Services & Networking	1. Understand API deprecations 2. Implement probes and health checks 3. Use the provided tools to monitor Kubernetes applications 4. Utilize container logs 4. Debugging in Kubernetes	20%
Application Deployment	1. Use Kubernetes primitives to implement common deployment strategies (e.g. blue/green or canary) 2. Understand Deployments and how to perform rolling updates 3. Use the Helm package manager to deploy existing packages	20%
Application Observability and Maintenance	1. Understand API deprecations 2. Implement probes and health checks 3. Use provided tools to monitor Kubernetes applications 4. Utilize container logs 4. Debugging in Kubernetes	15%

We will look at each section in detail below.

CKAD Exam Practice Lab Setups

The best way to prepare is to practice a lot! The below setups will give you a Kubernetes cluster where you can do all the required practice. The exam expects you to solve problems on a live cluster.

CKAD does not have any MCQ-type format – so hands-on practice is a must.

1. Killercoda
2. Minikube
3. Kubernetes Setup using Kubeadm [Detailed Guide]
4. Kubernetes Vagrant Setup using Kubeadm
5. GKE Cluster using free Google Cloud Credits
6. EKS Service on AWS using AWS $300 POC credits
7. AKS service on Azure using free cloud credits
8. Kubernetes Cluster on Digital Ocean[ Get $100 Digital Ocean Free Credits]

CKAD Preparation Course

Investing in a CKAD course will help you understand all the concepts for the CKAD exam in an easier manner. If you are a beginner and have no experience working on Kubernetes environments, I strongly suggest you invest in a good guided CKAD course of your choice.

I recommend going for the CKAD preparation course by Mumshad. His course has a lot of quizzes and the quality is top-notch.

Also, to practice for the CKAD exam, you can try the Mock exams. It will help you build confidence and practice many scenarios for the exam.

Also, you can solve CKAD scenarios from Killer coda CKAD practice scenarios.

CKAD Certification Resources

Here, I will be discussing official Kubernetes resources that can be used to prepare for each topic of the CKAD exam. You can use these documentation pages during the exam for reference.

Also, ensure you have a very good understanding of Kubernetes architecture before you start the hands-on learning.

Application Design and Build

Understand Kubernetes API primitives

The Kubernetes API lets you query and manipulate the state of objects like Pods, Namespaces, ConfigMaps, and Events.

Official Reference:  Kubernetes-API

Understand how to use Labels, Selectors, and Annotations

Labels are key/value pairs that are attached to objects, such as pods. They help in filtering out specific objects.

Using a Selector, the client/user can identify a set of objects.

Imperative commands:

kubectl get pods --show-labels //display labels of each pod

kubectl get pods --selector=foo=bar //filter on basis of labels

kubectl label pod <pod-name> k1=v1 k2=v2 k3=v3 //to add labels

kubectl label pod <pod-name> k1- //to remove labels

kubectl label pod <pod-name> k2=v2.1 --overwrite //to overwrite

Annotations are used to attach arbitrary non-identifying metadata to objects.

Imperative commands:

kubectl annotate pods <pod-name> description='desc' //add annotations

kubectl annotate pods <pod-name> description- //to remove annotations

kubectl annotate pods <pod-name> description='desc2' --overwrite//to overwrite

Define, build, and modify container images

Pods are the basic objects where your images/code run.

Reference	Pod Concepts
Task	Configure Pods and Containers

Imperative commands: These are commands which let you create objects via a CLI, i.e., they remove the need to write the whole YAML. Knowing imperative commands can help you save time in the exam. I highly recommend them. Refer create Kubernetes YAML guide.

Imperative commands for pods:

kubectl run <name of pod> --image=<image>  

We can get the pod YAML pod by running this command and then changing it accordingly:

kubectl run <name-of-pod> --image=<image> --dry-run=client -o yaml > pod.yaml

Imperative command to change the pod image:

kubectl set image pod <pod-name> <current-image>=<new-image>

Understand Jobs and CronJobs

Kubernetes Jobs are used to create transient pods that perform specific tasks they are assigned to. CronJobs do the same thing, but they run tasks based on a defined schedule.

Ensure you know the to cron expressions based on the given schedules.

Imperative Commands:

kubectl create job my-job --image=busybox 

kubectl create cronjob my-job --image=busybox --schedule="*/2 * * * *" -- date

Reference:  create Jobs and CronJobs

Understand Multi-Container Pod design patterns

In Kubernetes, each pod can run multiple containers inside it. These containers share a common network, i.e., each pod can make requests to other containers using localhost.

This has a lot of use cases in Kubernetes logging or metrics analysis in the cluster.

Official Reference: : Multicontainer pod patterns

Understand Persistent Volume Claims for storage

1. StorageClasses: StorageClass provides a way to describe the “classes” of storage offers available.
2. PersistentVolume: It is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using StorageClasses. They are created over StorageClasses.
3. PersistentVolumeClaim: It is a request for storage by a user. They are created over PersistentVolumes.

Official Reference: Persistent Volumes

Understand Taint and Tolerations

Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. We apply taint on Node and toleration on Pod.

Read about Node Affinity as well, we can restrict a Pod to run on a particular node or prefer to run on some particular nodes.

kubectl label node <node-name> <label-key>=<label-value>

kubectl taint node <node-name> <key>=<value>:<taint-effect>

Application Environment, Configuration, and Security

Understand ConfigMaps

Configmaps are useful to store non-critical data in key-value pair format. They can also be used to inject env vars into pods.

Imperative commands for Configmaps:

kubectl create cm <name-of-configmap> --from-file=hello.txt 

kubectl create cm <name-of-configmap> --from-literal=key1=value1 

Ensure you know how to inject values as environment variables from configmaps.

Official Reference:  Configmaps

Understand SecurityContexts

A security context defines privilege and access control settings for a Pod or Container.

Official Reference:  security context

We define the security context at the pod level and at the container level. Understand the differences correctly so that you can solved the scenarios in the exam without much confusion.

Define an application’s resource requirements

It is used to define the CPU and memory requirements of a container.

Imperative commands for resources:

kubectl run test --image=alpine --requests=cpu=100m,memory=256Mi --limits=cpu=200m,memory=512Mi

Official Reference: Resource Management for Pods and Containers

Create & Consume Secrets

Secrets are useful to store sensitive data in key-value pair format. They can also be used to inject env vars into pods.

Imperative commands for secrets:

kubectl create secret generic <name-of-secret> --from-file=hello.txt 

kubectl create secret generic <name-of-secret> --from-literal=key1=value1 

Understanding of injecting secret values in to env values is a must have knowledge.

Official Reference: Secrets

Understand ServiceAccounts

Kubernetes service account provides an identity for processes that run in a Pod.


Imperative commands for service account:

kubectl create sa <name-of-serviceaccount> 

Learn to figure out if the deployment or pod had the correct service account mounted. Learn list serviceaccount and check its permissions.

Reference: Create Kubernetes Service Account

Understand Authentication, Authorization, and Admission Control

In Kubernetes, you must be authenticated (logged in) before your request can be authorized (granted permission to access). There are multiple modes of Authorization i.e Node, ABAC, RBAC, and Webhook. Authorization mode is defined in kube-apiserver setting in kube-system namespace.

Check the RBAC mode which is widely used.

Admission Controllers help us implement better security measures to enforce how a cluster is used.

Services & Networking

Understand Services

Services are an abstract way to expose an application running on a set of Pods as a network service. They are used for inter-pod communications.

The fact that each service’s IP address remains unchanged until it is deleted & recreated is why Services are used for inter-pod communications instead of Pod IP addresses.

Imperative commands:

kubectl expose deployment nginx --port=80 --target-port=8000 --type=ClusterIP

kubectl create service nodeport my-ns --tcp=5678:8080

Demonstrate a Basic understanding of Network Policies

Network Policies are an application-centric construct that allows you to specify how a pod is allowed to communicate with various network “entities” such as pods, deployments, etc over the network.

Basically, you can tell Kubernetes through Network Policies whether pod A should be allowed to take requests from pod B or whether pod A can communicate with pod C. It gives you much tighter control of the network flow and traffic.

Ingress exposes HTTPS and HTTP routes outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.

Imperative Command:

kubectl create ingress <ingress-name> --rule=<"rule-name">=<service-name>:<port> -n <namespace-name>

//rule name is the url name for eg. abc.com/word*

Practice network policy scenarios well. It might seem easy but during the exam you might get confused. You can use the network policy editor to visually learn about Network Policies.

Application Deployment

Understand Deployments and how to perform rolling updates

Deployments ensure a minimum no of replicas of an application running at all times. In case a replica goes down, the Kubernetes API ensures that a new one is created within minutes.

Imperative commands:

kubectl create deployment <deployment-name> --image=<name> -n <namespace-name> //create deployment

kubectl create deployment <deployment-name> --image=<name> -- sleep 300 //with command arguments

kubectl scale deployment <deployment-name> --replicas=4 //scale up or down

kubectl edit deployment <deployment-name> -n <namespace-name> //edit the deployment

Understand Deployments and how to perform rollbacks

Sometimes, you may want to roll back a Kubernetes Deployment; for example, when the Deployment is not stable, such as crash looping. Kubernetes handles this in the form of rollbacks.

Imperative commands:

kubectl set image deployment <deployment-name> <name-of-container>=<new-image-name>   //update image

kubectl rollout status deployment <deployment-name> //see status

kubectl rollout history deployment <deployment-name> //see history 

kubectl rollout undo deployment <deployment-name>  //rollback

kubectl rollout undo deployment <deployment-name> --to-revision=<revision-name> //rollback to the specific version

Official Reference: Rolling Back a Deployment

Understand Helm Package Manager

Helm is a Kubernetes package manager. It helps us to define, install, and upgrade complex Kubernetes applications. Helm Charts are easy to create, version, share, and publish.

You can expect Helm package and release management scenarios in the exam. Ensure you know how to manage releases and rollbacks using Helm.

You are allowed to use the official Helm documentation.

Application Observability and Maintenance

Ensure you have good understanding of health probes.

Understand LivenessProbes, ReadinessProbes and StartupProbes

1. Liveness probes are used to know when to restart a container.
2. Readiness probes are used to know when a container is ready to start accepting traffic.
3. Startup probes are used to know when a container application has started.

Official Reference: Liveness & Readiness Probes

Also, learn to check application logs using kubectl commands.

Understand container logging

Application logs can help in understanding the activities and status of the application. The logs are particularly useful for debugging problems and monitoring cluster activity.

Tools like EFK Stack and Istio are popular as they make the management of these logs very easy.

There are certain flags in kubectl commands which can help speed up your debugging cases, they are given below.

Commands:

kubectl logs pod <pod-name> 

kubectl logs pod <pod-name>  --tail=10

kubectl logs pod <pod-name>  --tail=10 -f 

Reference: Kubernetes Logging Tutorial For Beginners

Understand how to monitor applications in Kubernetes

Monitoring applications can be done by storing logs and studying the application’s metrics.

Tools like Prometheus-Grafana are popular as they make the management of metrics very easy.

Very often, sidecar containers are used as metrics exporters of the main application container.

Understand debugging in Kubernetes

The exam requires you to be able to identify errors, understand the root cause, and rectify the errors. For this practice is required. There are certain basic steps one can take to understand the error very easily.

These steps involve – studying the logs of the pods, setting up probes, and studying the application metrics.

Commands:

kubectl describe deployment <deployment-name> 

kubectl describe pod <pod-name>

kubectl logs deployment <deployment-name> 

kubectl logs pod <pod-name>

kubectl logs deployment <deployment-name> --tail=10

kubectl logs deployment <deployment-name> --tail=10 -f 

kubectl top node

kubectl top pod

Official Reference: Debug Running Pods

Understand API Deprecations

As the Kubernetes API evolves, APIs are periodically reorganized or upgraded. When APIs evolve, the old API is deprecated and eventually removed. Read more about it:

To update the API in the manifest files:

kubectl convert -f <old-manifest-file> --output-version <new-api>

Official Reference: API deprecation Guide

Kubernetes Objects Shortcuts

Use the following Kubernetes object shortcuts to save time:

Objects	Shortcuts
pods	po
deployments	deploy
services	svc
serviceaccounts	sa
nodes	no
configmaps	cm
namespaces	ns
ingresses	ing
persistentvolumes	pv
persistentvolumeclaims	pvc
replicasets	rs

To know the shortcuts of all the resources, execute the following command.

kubectl api-resources

Unofficial Resources For CKAD Practice

Interactive CKAD Practice Lab	CKAD Killerkoda Practice Lab
CKAD Practice Questions	CKAD Exercises
CKAD Questions & Answers With Explanation	5 Set of Kubernetes CKAD Practice Questions
Vim shortcuts	Vim Tips & Tricks
Cheat Sheet	Kubectl Cheat Sheet

CKAD Do’s

1. When you start preparing for the exam, start using the alias and object short names from day one.
2. Use the two killer.sh free practice sessions environment before attempting the real exam. The exam environment is almost similar to the simulation exam.
3. Use Imperative Commands as much as possible.
4. While giving practice exams, try to wrap up 15 minutes before the deadline – it will give you additional time to revise the solutions.
5. Give a lot of practice exams, identify your weak topics, and spend more time on those.
6. On exam day, keep an alternative internet source handy in case of Wi-Fi internet goes down.
7. If any particular question is going to take more than 6-7 mins to solve, flag/mark it to solve for later and come back once you solve the rest.
8. Use the kubectl alias (k) for all the imperative commands. The alias will be present in the exam terminal by default.
9. If possible, try to use a wide screen monitor with dedicated webcam. Because you can use only one live screen. A wide monitor will give you a lot of real estate to work on during the exam.

CKAD Don’t’s

1. Most people don’t even use an alias. So no need to overwhelm yourself with an alias for everything.
2. Don’t take the exam on the last day. The idea is to give it in a pressure-free environment.
3. At the time of the exam, you shouldn’t have anything on the table other than your system.

Conclusion

Preparing for the CKAD exam will help you understand application development on Kubernetes in a much better way and help in your career progression.

CKAD is a sought-after DevOps certification for DevOps engineers out there. So give your best and prepare well!

This CKA exam preparation guide has given you all the best resources, tips, and tricks to pass the CKAD exam. We will keep updating it with new tools and resources—all the best for your preparations.

You might also like our Kubernetes beginner tutorials that have several topics covered under Kubernetes certification. If you want a structured roadmap, check out the Kubernetes learning path.

Do check out the CKA & CKS certification guides as well.

1. CKA Certificataion Exam Guide
2. CKS Certification Exam Guide

Also, If you are interested in DevOps certifications, check out our comprehensive guide on the best devops certifications.