This CKAD Exam study guide will help you prepare for the CKAD Certification exam with all the required resources. CKAD is one of the best Kubernetes certifications focused on the development aspects of Kubernetes.
In this article, I will go through all the resources that can help you prepare for the CKAD exam. I will also be sharing many tips that helped me pass the CKAD exam with a near-perfect score of 96 out of 100.
What is the Certified Kubernetes Application Developer (CKAD) exam?
The official CNCF certification page says:
A Certified Kubernetes Application Developer can define application resources and use core primitives to build, monitor, and troubleshoot scalable applications and tools in Kubernetes.
Certified Kubernetes Application Developer (CKAD) is one of the highest in-demand certifications in the industry right now. It is aimed at engineers interested in the design, development, build & management of applications on Kubernetes. So if you are someone who works on the development aspects of Kubernetes, this certification is for you.
The purpose of the Certified Kubernetes Application Developer (CKAD) program is to assure that CKADs have the skills, knowledge, and competency to perform the responsibilities of Kubernetes application developers.
Register for the CKAD Certification [Save 40% Today]
To begin your journey of becoming a Certified Kubernetes Application Developer (CKAD) – start by registering for the CKAD exam on the Linux Foundation portal. When you register you get free access to two sessions of killer.sh CKAD practice exams that will help you clear the CKAD exam.
Note: Save 40% Today on CKA | CKAD | CKS certification using the Voucher code given below. This offer expires soon.
Code: Use coupon LUNAR24COM at checkout
If you are planning for all the Kubernetes certifications, You can choose the CKA + CKAD + CKS bundle to save up to $506 using code LUNAR24COM.
Here are some things to keep in mind regarding the exam.
- The CKAD certification exam is to be taken online, and it is proctored remotely.
- A score of 66% or above must be earned to pass.
- Certifications are valid for 3 years.
- After registration, you get one year to schedule the exam.
- After registration, you get a maximum of 2 attempts to take the test. If you miss a scheduled exam for any reason – your second attempt gets nullified.
- Free access to killer.sh for the CKAD practice exam.
Note: You can always check the latest Kubernetes Certification Voucher Codes to save costs on the CKA, CKAD, and CKS certification registration
Certified Kubernetes Application Developer (CKAD) Exam Preparation Guide
This section will go over the complete resources and official CKAD kubernetes documentation pages that can help you prepare for the exam better.
CKAD Exam prerequisites
CKAD does not require any candidate to have any other certification before appearing for the CKAD exam. The only thing required to clear the exam is practice, practice, and practice.
CKAD Exam details
|CKAD Exam Kubernetes Version
CKAD exam is an open book exam i.e. you can use the following websites while you are taking the exam (Resources Allowed):-
- https://kubernetes.io/blog/ and their subdomains. This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)
The online proctored exam is taken on PSI’s Proctoring Platform “Bridge”, using the PSI Secure Browser (a web browser created to guarantee a secure exam delivery over a virtual connection). Read more about the system and testing environment requirements.
The remote desktop is configured with all the tools and software needed to complete the tasks. This includes:
- Terminal Emulator
- Firefox browser to access “Resources Allowed”
- Virtual Keyboard
Read more about the CKAD Exam user interface here.
CKAD Exam Syllabus
The following are the domains and competencies part of the CKAD syllabus along with their respective topics and weightage.
|Application Design and Build
|1. Define, build, and modify container images
2. Understand Jobs and CronJobs
3. Understand multi-container Pod design patterns (e.g. sidecar, init, and others)
4. Utilize persistent and ephemeral volumes
|Application Environment, Configuration, and Security
|1. Discover and use resources that extend Kubernetes (CRD)
2. Understand authentication, authorization, and admission control
3. Understanding and defining resource requirements, limits, and quotas
4. Understand ConfigMaps
5. Create & consume Secrets
6. Understand ServiceAccounts
7. Understand SecurityContexts
|Services & Networking
|1. Understand API deprecations
2. Implement probes and health checks
3. Use the provided tools to monitor Kubernetes applications
4. Utilize container logs
4. Debugging in Kubernetes
|1. Use Kubernetes primitives to implement common deployment strategies (e.g. blue/green or canary)
2. Understand Deployments and how to perform rolling updates
3. Use the Helm package manager to deploy existing packages
|Application Observability and Maintenance
|1. Understand API deprecations
2. Implement probes and health checks
3. Use provided tools to monitor Kubernetes applications
4. Utilize container logs
4. Debugging in Kubernetes
We will look at each section in detail below.
CKAD Exam Practice Lab Setups
The best way to prepare is to practice a lot! The below setups will give you a Kubernetes cluster where you can do all the required practice. The exam expects you to solve problems on a live cluster.
CKAD does not have any MCQ-type format – so hands-on practice is a must.
- Kubernetes Setup using Kubeadm [Detailed Guide]
- Kubernetes Vagrant Setup using Kubeadm
- GKE Cluster using free Google Cloud Credits
- EKS Service on AWS using AWS $300 POC credits
- AKS service on Azure using free cloud credits
- Kubernetes Cluster on Digital Ocean[ Get $100 Digital Ocean Free Credits]
CKAD Preparation Course
Investing in a CKAD course will help you understand all the concepts for the CKAD exam in an easier manner. If you are a beginner and have no experience working on Kubernetes environments, I strongly suggest you invest in a good guided CKAD course of your choice.
I recommend going for the CKAD preparation course by Mumshad. His course has a lot of quizzes and the quality is top-notch.
Also, To practice for the CKAD exam, you can try the Mock exams. It will help you build confidence and practice many scenarios for the exam.
CKAD Certification Resources
Here, I will be discussing official Kubernetes resources that can be used to prepare for each topic of the CKAD exam. You can use these documentation pages during the exam for reference.
Also, ensure you have a very good understanding of Kubernetes architecture before you start the hands-on learning.
Application Design and Build
Understand Kubernetes API primitives
The Kubernetes API lets you query and manipulate the state of objects like Pods, Namespaces, ConfigMaps, and Events.
Official Reference: Kubernetes-API
Understand how to use Labels, Selectors, and Annotations
Labels are key/value pairs that are attached to objects, such as pods. They help in filtering out specific objects.
Using a Selector, the client/user can identify a set of objects.
kubectl get pods --show-labels //display labels of each pod
kubectl get pods --selector=foo=bar //filter on basis of labels
kubectl label pod <pod-name> k1=v1 k2=v2 k3=v3 //to add labels
kubectl label pod <pod-name> k1- //to remove labels
kubectl label pod <pod-name> k2=v2.1 --overwrite //to overwrite
Annotations are used to attach arbitrary non-identifying metadata to objects.
kubectl annotate pods <pod-name> description='desc' //add annotations
kubectl annotate pods <pod-name> description- //to remove annotations
kubectl annotate pods <pod-name> description='desc2' --overwrite//to overwrite
Define, build, and modify container images
Pods are the basic objects where your images/code run.
Imperative commands: These are commands which let you create objects via a CLI, i.e., they remove the need to write the whole YAML. Knowing imperative commands can help you save time in the exam. I highly recommend them. Refer create Kubernetes YAML guide.
Imperative commands for pods:
kubectl run <name of pod> --image=<image>
We can get the pod YAML pod by running this command and then changing it accordingly:
kubectl run <name-of-pod> --image=<image> --dry-run=client -o yaml > pod.yaml
Imperative command to change the pod image:
kubectl set image pod <pod-name> <current-image>=<new-image>
Understand Jobs and CronJobs
Kubernetes Jobs are used to create transient pods that perform specific tasks they are assigned to. CronJobs do the same thing, but they run tasks based on a defined schedule.
kubectl create job my-job --image=busybox
kubectl create cronjob my-job --image=busybox --schedule="*/1 * * * *" -- date
Reference: create Jobs and CronJobs
Understand Multi-Container Pod design patterns
In Kubernetes, each pod can run multiple containers inside it. These containers share a common network, i.e., each pod can make requests to other containers using localhost.
This has a lot of use cases in Kubernetes logging or metrics analysis in the cluster.
Official Reference: : Multicontainer pod patterns
Understand Persistent Volume Claims for storage
- StorageClasses: StorageClass provides a way to describe the “classes” of storage offers available.
- PersistentVolume: It is a piece of storage in the cluster that has been provisioned by an administrator or dynamically provisioned using StorageClasses. They are created over StorageClasses.
- PersistentVolumeClaim: It is a request for storage by a user. They are created over PersistentVolumes.
Official Reference: Persistent Volumes
Understand Taint and Tolerations
Taints and tolerations work together to ensure that pods are not scheduled onto inappropriate nodes. We apply taint on Node and toleration on Pod.
Read about Node Affinity as well, we can restrict a Pod to run on a particular node or prefer to run on some particular nodes.
kubectl label node <node-name> <label-key>=<label-value>
kubectl taint node <node-name> <key>=<value>:<taint-effect>
Application Environment, Configuration, and Security
Configmaps are useful to store non-critical data in key-value pair format. They can also be used to inject env vars into pods.
Imperative commands for Configmaps:
kubectl create cm <name-of-configmap> --from-file=hello.txt
kubectl create cm <name-of-configmap> --from-literal=key1=value1
Official Reference: Configmaps
A security context defines privilege and access control settings for a Pod or Container. We define the security context at the pod level and at the container level.
Official Reference: security context
Define an application’s resource requirements
It is used to define the CPU and memory requirements of a container.
Imperative commands for resources:
kubectl run test --image=alpine --requests=cpu=100m,memory=256Mi --limits=cpu=200m,memory=512Mi
Official Reference: Resource Management for Pods and Containers
Create & Consume Secrets
Secrets are useful to store sensitive data in key-value pair format. They can also be used to inject env vars into pods.
Imperative commands for secrets:
kubectl create secret generic <name-of-secret> --from-file=hello.txt
kubectl create secret generic <name-of-secret> --from-literal=key1=value1
Official Reference: Secrets
Kubernetes service account provides an identity for processes that run in a Pod.
Imperative commands for service account:
kubectl create sa <name-of-serviceaccount>
Reference: Create Kubernetes Service Account
Understand Authentication, Authorization, and Admission Control
In Kubernetes, you must be authenticated (logged in) before your request can be authorized (granted permission to access). There are multiple modes of Authorization i.e Node, ABAC, RBAC, and Webhook. Authorization mode is defined in kube-apiserver setting in kube-system namespace.
Check the RBAC mode which is widely used.
Admission Controllers help us implement better security measures to enforce how a cluster is used.
Services & Networking
Services are an abstract way to expose an application running on a set of Pods as a network service. They are used for inter-pod communications.
The fact that each service’s IP address remains unchanged until it is deleted & recreated is why Services are used for inter-pod communications instead of Pod IP addresses.
kubectl expose deployment nginx --port=80 --target-port=8000 --type=ClusterIP
kubectl create service nodeport my-ns --tcp=5678:8080
Demonstrate a Basic understanding of Network Policies
Network Policies are an application-centric construct that allows you to specify how a pod is allowed to communicate with various network “entities” such as pods, deployments, etc over the network.
Basically, you can tell Kubernetes through Network Policies whether pod A should be allowed to take requests from pod B or whether pod A can communicate with pod C. It gives you much tighter control of the network flow and traffic.
Ingress exposes HTTPS and HTTP routes outside the cluster to services within the cluster. Traffic routing is controlled by rules defined on the Ingress resource.
kubectl create ingress <ingress-name> --rule=<"rule-name">=<service-name>:<port> -n <namespace-name>
//rule name is the url name for eg. abc.com/word*
Understand Deployments and how to perform rolling updates
Deployments ensure a minimum no of replicas of an application running at all times. In case a replica goes down, the Kubernetes API ensures that a new one is created within minutes.
kubectl create deployment <deployment-name> --image=<name> -n <namespace-name> //create deployment
kubectl create deployment <deployment-name> --image=<name> -- sleep 300 //with command arguments
kubectl scale deployment <deployment-name> --replicas=4 //scale up or down
kubectl edit deployment <deployment-name> -n <namespace-name> //edit the deployment
Understand Deployments and how to perform rollbacks
Sometimes, you may want to roll back a Kubernetes Deployment; for example, when the Deployment is not stable, such as crash looping. Kubernetes handles this in the form of rollbacks.
kubectl set image deployment <deployment-name> <name-of-container>=<new-image-name> //update image
kubectl rollout status deployment <deployment-name> //see status
kubectl rollout history deployment <deployment-name> //see history
kubectl rollout undo deployment <deployment-name> //rollback
kubectl rollout undo deployment <deployment-name> --to-revision=<revision-name> //rollback to the specific version
Official Reference: Rolling Back a Deployment
Understand Helm Package Manager
Helm is a Kubernetes package manager. It helps us to define, install, and upgrade complex Kubernetes applications. Helm Charts are easy to create, version, share, and publish.
Application Observability and Maintenance
Understand LivenessProbes, ReadinessProbes and StartupProbes
- Liveness probes are used to know when to restart a container.
- Readiness probes are used to know when a container is ready to start accepting traffic.
- Startup probes are used to know when a container application has started.
Official Reference: Liveness & Readiness Probes
Understand container logging
Application logs can help in understanding the activities and status of the application. The logs are particularly useful for debugging problems and monitoring cluster activity.
Tools like EFK Stack and Istio are popular as they make the management of these logs very easy.
There are certain flags in kubectl commands which can help speed up your debugging cases, they are given below.
kubectl logs pod <pod-name>
kubectl logs pod <pod-name> --tail=10
kubectl logs pod <pod-name> --tail=10 -f
Reference: Kubernetes Logging Tutorial For Beginners
Understand how to monitor applications in Kubernetes
Monitoring applications can be done by storing logs and studying the application’s metrics.
Tools like Prometheus-Grafana are popular as they make the management of metrics very easy.
Very often, sidecar containers are used as metrics exporters of the main application container.
Understand debugging in Kubernetes
The exam requires you to be able to identify errors, understand the root cause, and rectify the errors. For this practice is required. There are certain basic steps one can take to understand the error very easily.
These steps involve – studying the logs of the pods, setting up probes, and studying the application metrics.
kubectl describe deployment <deployment-name>
kubectl describe pod <pod-name>
kubectl logs deployment <deployment-name>
kubectl logs pod <pod-name>
kubectl logs deployment <deployment-name> --tail=10
kubectl logs deployment <deployment-name> --tail=10 -f
kubectl top node
kubectl top pod
Official Reference: Debug Running Pods
Understand API Deprecations
As the Kubernetes API evolves, APIs are periodically reorganized or upgraded. When APIs evolve, the old API is deprecated and eventually removed. Read more about it:
To update the API in the manifest files:
kubectl convert -f <old-manifest-file> --output-version <new-api>
Official Reference: API deprecation Guide
Kubernetes Objects Shortcuts
Use the following Kubernetes object shortcuts to save time:
To know the shortcuts of all the resources, execute the following command.
Unofficial Resources For CKAD Practice
|Interactive CKAD Practice Lab
|CKAD Killerkoda Practice Lab
|CKAD Practice Questions
|CKAD Questions & Answers With Explanation
|5 Set of Kubernetes CKAD Practice Questions
|Vim Tips & Tricks
|Kubectl Cheat Sheet
- Use killer.sh environment before attempting the real exam.
- Use Imperative Commands as much as possible.
- While giving practice exams, try to wrap up 15 minutes before the deadline – it will give you additional time to revise the solutions.
- Give a lot of practice exams, identify your weak topics, and spend more time on those.
- On exam day, keep an alternative internet source handy in case of Wi-Fi internet goes down.
- If any particular question is going to take more than 6-7 mins to solve, flag/mark it to solve for later and come back once you solve the rest.
- Use the kubectl alias for all the imperative commands. The alias will be presen in the exam terminal by default.
- Most people don’t even use an alias. So no need to overwhelm yourself with an
- Don’t take the exam on the last day. The idea is to give it in a pressure-free environment.
- At the time of the exam, you shouldn’t have anything on the table other than your system.
Preparing for the CKAD exam will help you understand application development on Kubernetes in a much better way and help in your career progression.
CKAD is a sought-after DevOps certification for DevOps engineers out there. So give your best and prepare well!
This CKA exam preparation guide has given you all the best resources, tips, and tricks to pass the CKAD exam. We will keep updating it with new tools and resources—all the best for your preparations.
Do check out the CKA & CKS certification guides as well.
Also, If you are interested in DevOps certifications, check out our comprehensive guide on the best devops certifications.