Chapter 1. Exam Details and Resources
In this chapter, I want to address the most burning questions frequently asked by candidates planning to prepare and successfully pass the Certified Kubernetes Application Developer (CKAD) exam. Later chapters in the introduction part will give you a summary of Kubernetes’ benefits and architecture and how to interact with a Kubernetes cluster using
Kubernetes Certification Learning Path
The CNCF offers four different Kubernetes certifications. Figure 1-1 categorizes each of them by target audience. The target audience for associate-level certifications are beginners to the cloud and Kubernetes. Practitioner-level certifications are meant for developers and administrators with preexisting experience with Kubernetes. You will find that the CKAD is geared toward application developers and does not require any other certification as a prerequisite.
Let’s have a very brief look at the details for each certification to see if the CKAD is the right fit for you.
Kubernetes and Cloud Native Associate (KCNA)
KCNA is an entry-level certification program for anyone interested in cloud-native application development, runtime environments, and tooling. While the exam does cover Kubernetes, it does not expect you to actually solve problems in a practical manner. This exam is suitable for candidates interested in the topic with a broad exposure to the ecosystem.
Kubernetes and Cloud Native Security Associate (KCSA)
The certification focuses on basic knowledge of security concepts and their application in a Kubernetes cluster. The breadth and depth of the program is comparable to the KCNA, as it does not require solving problems hands-on.
Certified Kubernetes Application Developer (CKAD)
The CKAD exam focuses on verifying your ability to build, configure, and deploy a microservices-based application to Kubernetes. You are not expected to actually implement an application; however, the exam is suitable for developers familiar with topics like application architecture, runtimes, and programming languages.
Certified Kubernetes Administrator (CKA)
The target audience for the CKA exam are DevOps practitioners, system administrators, and site reliability engineers. This exam tests your ability to perform in the role of a Kubernetes administrator, which includes tasks like cluster, network, storage, and beginner-level security management, with a big emphasis on troubleshooting scenarios.
Certified Kubernetes Security Specialist (CKS)
The CKS exam expands on the topics verified by the CKA exam. Passing the CKA is a prerequisite before you can even sign up for the CKS exam. For this certification, you are expected to have a deeper knowledge of Kubernetes security aspects. The curriculum covers topics like applying best practices for building containerized applications and ensuring a secure Kubernetes runtime environment.
More and more application developers find themselves in projects transitioning from a monolithic architectural model to bite-sized, cohesive, and containerized microservices. There are pros and cons to both approaches, but we can’t deny that Kubernetes has become the de facto runtime platform for deploying and operating applications without needing to worry about the underlying physical infrastructure.
Nowadays, it’s no longer the exclusive responsibility of an administrator or release manager to deploy and monitor their applications in target runtime environments. Application developers need to see their applications through from development to operation. Some organizations like Netflix live and breathe this culture, so you, the application developer, are fully responsible for making design decisions as well as fixing issues in production. It’s more important than ever to understand the capabilities of Kubernetes, how to apply the relevant concepts properly, and how to interact with the platform.
The exam has been designed specifically for application developers who need to design, build, configure, and manage cloud native applications on Kubernetes.
Kubernetes version used during the exam
At the time of writing, the exam is based on Kubernetes 1.28. All content in this book will follow the features, APIs, and command-line support for that specific version. It’s certainly possible that future versions will break backward compatibility. While preparing for the certification, review the Kubernetes release notes and practice with the Kubernetes version used during the exam to avoid unpleasant surprises.
The following overview lists the high-level sections, also called domains, of the exam and their scoring weights:
How the book works
The outline of the book follows the CKAD curriculum to a T. While there might be a more natural, didactical organization structure to learn Kubernetes in general, the curriculum outline will help test takers prepare for the exam by focusing on specific topics. As a result, you will find yourself cross-referencing other chapters of the book depending on your existing knowledge level.
Let’s break down each domain in detail in the next sections.
Application Design and Build
The first domain of the curriculum evolves around designing and building a containerized application and operating it in Kubernetes. You will need to be familiar with basic container concepts and how to define a container inside of a Pod. In addition, the domain covers more advanced use cases and Kubernetes concepts: the use of storage in Pods, the need for defining multiple containers inside of a Pod, and how to define and execute batch and periodic workloads.
This domain primarily focuses on the Kubernetes primitive Deployment. A Deployment helps with scaling Pods with the same definition, so-called replicas, and managing the configuration across all replicas it controls. You need to understand the ins and outs of managing Deployments including strategies helpful for rolling out new versions of an application to replicas in a controlled fashion. Lastly, you will need to be familiar with Helm, an open source tool for managing a set of manifests required to deploy and configure an application stack.
Application Observability and Maintenance
Deploying an application to Kubernetes is only the first step. You need to be able to monitor, inspect, and potentially debug Kubernetes objects. Probes are an important concept covered by the domain that define health checks for applications running in a Pod. Furthermore, you need to be confident with identifying runtime issues for workload and how to fix them.
Application Environment, Configuration and Security
Kubernetes offers security and resource management features configurable for a Pod. This includes the security context and resource requirements/constraints covered in this domain. Furthermore, you need to be able to demonstrate the use of ConfigMaps and Secrets to inject configuration data into a Pod to control its runtime behavior. The domain also touches on the rudimentary concepts and functionality of Role-Based Access Control (RBAC) and Custom Resource Definitions (CRDs).
Services & Networking
The last domain of the curriculum deals with providing network access to your application from within the cluster and outside of the cluster. For that purpose, you’ll need to demonstrate knowledge of Services and Ingresses. Lastly, have a rough understanding of network policies which are essentially rules that deny or permit Pod-to-Pod communication.
Involved Kubernetes Primitives
Some of the exam objectives can be covered by understanding the relevant core Kubernetes primitives. Be aware that the exam combines multiple concepts in a single problem. Refer to Figure 1-2 as a rough guide to the applicable Kubernetes resources and their relationships.
During the exam, you are permitted to open a well-defined list of web pages as a reference. You can freely browse those pages and copy-paste code to the exam terminal.
The official Kubernetes documentation includes the reference manual, the GitHub site, and the blog:
Reference manual: https://kubernetes.io/docs
While having the Kubernetes documentation pages at hand is extremely valuable, make sure you know where to find the relevant information within those pages. In preparation for the test, read all the documentation pages from start to end at least one time. Don’t miss out on the search functionality of the official documentation pages. For reference, Appendix B maps the exam objectives to the relevant documentation pages.
Using the documentation efficiently
Using a search term will likely lead you to the right documentation pages quicker than navigating the menu items. Copying and pasting code snippets from the documentation into the console of the exam environment works reasonably well. Sometimes you may have to adjust the YAML indentation manually as the proper formatting may get lost in the process.
Exam Environment and Tips
To take the exam, you must purchase a voucher as registration. A voucher can be acquired on the CNCF training and certification web page. On occasion, the CNCF offers discounts for the voucher (e.g., around the US holiday Thanksgiving). Those discount offers are often announced on the Twitter account @LF_Training.
With the voucher in hand, you can schedule a time for the exam. On the day of your scheduled test, you’ll be asked to log into the test platform with a URL provided to you by email. You’ll be asked to enable the audio and video feed on your computer to discourage you from cheating. A proctor will oversee your actions via audio/video feed and terminate the session if she thinks you are not following the rules.
The voucher you purchased grants two attempts to pass the exam. I recommend preparing reasonably well before taking the test on the first attempt. It will give you a fair chance to pass the test and provide you with a good impression of the exam environment and the complexity of the questions. Don’t sweat it if you do not pass the test on the first attempt. You’ve got another free shot.
The CKAD has a time limit of two hours. During that time window, you’ll need to solve hands-on problems on a real, predefined Kubernetes cluster. Every question will state the cluster you need to work on. Using a practical approach to gauge a candidate’s skill set is superior to tests with multiple-choice questions as you can translate the knowledge directly on tasks performed on the job.
I’d highly recommend reading the FAQ for the exam. You will find answers to most of your pressing questions there, including system requirements for your machine, scoring, certification renewal, and retake requirements.
The certification assumes that you already have a basic understanding of Kubernetes. You should be familiar with Kubernetes internals, its core concepts, and the command-line tool
kubectl. The CNCF offers a free “Introduction to Kubernetes” course for beginners to Kubernetes.
Your background is likely more on the end of an application developer, although it doesn’t really matter which programming language you’re most accustomed to. Here’s a brief overview of the background knowledge you should bring to the table to increase your likelihood of passing the exam:
- Kubernetes architecture and concepts
The exam won’t ask you to install a Kubernetes cluster from scratch. Read up on the basics of Kubernetes and its architectural components. Don’t expect to encounter any multiple-choice questions during the exam. Reference Chapter 2 for a jumpstart on Kubernetes’ architecture and concepts.
kubectlcommand-line tool is the central tool you will use during the exam to interact with the Kubernetes cluster. Even if you only have a little time to prepare for the exam, it’s essential to practice how to operate
kubectl, as well as its commands and their relevant options. You will have no access to the web dashboard UI during the exam. Chapter 3 provides a short summary of the most important ways of interacting with a Kubernetes cluster.
- Working knowledge of a container runtime engine
Kubernetes uses a container runtime engine for managing images. A widely-used container runtime engine is Docker Engine. At a minimum, understand containerfiles, container images, containers, and relevant CLI commands. Chapter 4 explains all you need to know about containers for the exam.
- Other relevant tools
Kubernetes objects are represented by YAML or JSON. The content of this book will only use examples in YAML, as it is more commonly used than JSON in the Kubernetes world. You will have to edit YAML during the exam to create a new object declaratively or when modifying the configuration of a live object. Ensure that you have a good handle on basic YAML syntax, data types, and indentation conforming to the specification. How do you edit the YAML definitions, you may ask? From the terminal, of course. The exam terminal environment comes with the tools
vimpreinstalled. Practice the keyboard shortcuts for common operations, (especially how to exit the editor). The last tool I want to mention is GNU Bash. It’s imperative that you understand the basic syntax and operators of the scripting language. It’s absolutely possible that you may have read, modify, or even extend a multiline Bash command running in a container.
Candidates have a time limit of two hours to complete the exam. At a minimum, 66% of the answers to the questions need to be correct. Many of the questions consist of multiple steps. While the Linux Foundation doesn’t provide a breakdown on the scoring, I’d assume that partially correct answers will still score a portion of the points.
When taking the test, you will notice that the given time limit will put you under a lot of pressure. That’s intentional. The Linux Foundation expects Kubernetes practitioners to be able to apply their knowledge to real-world scenarios by finding solutions to problems in a timely fashion.
The exam will present you with a mix of problems. Some are short and easy to solve; others require more context and take more time. Personally, I tried to tackle the easy problems first in order to score as many points as possible without getting stuck on the harder questions. I marked down any questions I could not solve immediately in the notepad functionality integrated in the exam environment. During the second pass, revisit the questions you skipped and try to solve them as well. In the optimal case, you will have been able to work through all problems in the allotted time.
Command-Line Tips and Tricks
Given that the command line is going to be your solidary interface to the Kubernetes cluster, it’s essential that you become extremely familiar with the
kubectl tool and its available options. This section touches on a couple of tips and tricks for making their use more efficient and productive.
Setting a Context and Namespace
The exam environment comes with multiple Kubernetes clusters already set up for you. Take a look at the instructions for a high-level, technical overview of those clusters. Each of the exam exercises needs to be solved on a designated cluster, as outlined by its description. Furthermore, the instructions will ask you to work in a namespace other than
default. You will need to make sure to set the context and namespace as the first course of action before working on a question. The following command sets the context and the namespace as a one-time action:
$ kubectl config set-context <context-of-question> \ --namespace=<namespace-of-question> $ kubectl config use-context <context-of-question>
You can find a more detailed discussion of the context concept and the corresponding
kubectl commands in “Authentication with Kubectl”.
Using the Alias for kubectl
In the course of the exam, you will have to execute the
kubectl command tens or even hundreds of times. You might be an extremely fast keyboard typer, however, there’s no point in fully spelling out the executable over and over again. The exam environment already sets up the alias
k for the
In preparation for the exam, you can set up the same behavior on your machine. The following
alias command maps the letter
k to the full
$ alias k=kubectl $ k version
Using kubectl Command Auto-Completion
kubectl commands and command-line options takes a lot of practice. The exam environment comes with auto-completion enabled by default. You can find instructions for setting up auto-completion for the shell on your machine in the Kubernetes documentation.
Internalize Resource Short Names
Many of the
kubectl commands can be quite lengthy. For example, the command for managing Persistent volume claims is
persistentvolumeclaims. Having to spell out the full command can be error-prone and time-consuming. Thankfully, some of the longer commands come with a short-form usage. The command
api-resources lists all available commands plus their short names:
$ kubectl api-resources NAME SHORTNAMES APIGROUP NAMESPACED KIND ... persistentvolumeclaims pvc true PersistentVolumeClaim ...
pvc instead of
persistentvolumeclaims results in a much more concise and expressive command execution, as shown here:
$ kubectl describe pvc my-claim
Practicing and Practice Exams
Hands-on practice is extremely important when it comes to passing the exam. For that purpose, you’ll need a functioning Kubernetes cluster environment. The following options stand out:
I found it useful to run one or many virtual machines using Vagrant and VirtualBox. Those tools help with creating an isolated Kubernetes environment that is easy to bootstrap and dispose on demand. Some of the practice exercises in this book use this setup as their starting point.
It is relatively easy to install a simple Kubernetes cluster on your developer machine. The Kubernetes documentation provides various installation options, depending on your operating system. Minikube is useful when it comes to experimenting with more advanced features like Ingress or storage classes, as it provides the necessary functionality as add-ons that can be installed with a single command.
If you’re a subscriber to the O’Reilly Learning Platform, you have unlimited access to scenarios running a Kubernetes sandbox environment. In addition, you can test your knowledge with the help of the CKAD practice test in the form of interactive labs.
You may also want to try one of the following commercial learning and practice resources:
Killer Shell is a simulator with sample exercises for all Kubernetes certifications. If you purchased a voucher for the exam, you will be allowed two sessions for free.
Other online training providers offer video courses for the exam, some of which include an integrated Kubernetes practice environment. I would like to mention KodeKloud and A Cloud Guru. You’ll need to purchase a subscription to access the content for each course individually.
The exam is a completely hands-on test that requires you to solve problems in multiple Kubernetes clusters. You’re expected to understand, use, and configure the Kubernetes primitives relevant to application developers. The exam curriculum subdivides those focus areas and puts different weights on topics, which determines their contributions to the overall score. Even though focus areas are grouped in a meaningful fashion, the curriculum doesn’t necessarily follow a natural learning path, so it’s helpful to cross-reference chapters in the book in preparation for the exam.
In this chapter, we discussed the exam environment and how to navigate it. The key to acing the exam is intense practice of
kubectl to solve real-world scenarios. The next two chapters in Part I will provide a jump start to Kubernetes.
All chapters that discuss domain details give you an opportunity to practice hands-on. You with find sample exercises at the end of each chapter.