Chapter 1. Exam Details and Resources

In this introductory chapter, I want to address the most burning questions frequently asked by candidates planning to prepare and successfully pass the Certified Kubernetes Application Developer (CKAD) exam. We won’t discuss the actual Kubernetes concepts or how to apply them yet, but rather talk about the certification and the necessary skills at a high level.

Exam Objectives

More and more application developers find themselves in projects transitioning from a monolithic architectural model to bite-sized, cohesive, and containerized microservices. There are pros and cons to both approaches, but we can’t deny that Kubernetes has become the de facto runtime platform for deploying and operating applications without needing to worry about the underlying physical infrastructure.

Nowadays, it’s no longer the exclusive responsibility of an administrator or release manager to deploy and monitor their applications in target runtime environments. Application developers need to see their applications through from development to operation. Some organizations like Netflix live and breathe this culture, so you, the application developer, are fully responsible for making design decisions as well as fixing issues in production. It’s more important than ever to understand the capabilities of Kubernetes, how to apply the relevant concepts properly, and how to interact with the platform.

The CKAD exam has been designed specifically for application developers who need to design, build, configure, and manage cloud native applications on Kubernetes.

Kubernetes version used during the exam

At the time of writing, the exam is based on Kubernetes 1.19. All content in this book will follow the features, APIs, and command-line support for that specific version. It’s certainly possible that future versions will break backward compatibility. While preparing for the certification, review the Kubernetes release notes and practice with the Kubernetes version used during the exam to avoid unpleasant surprises.

Curriculum

At a high level, the curriculum covers the following topics. Each topic carries a different weight when it comes to the overall score:

  • 13% – Core Concepts

  • 18% – Configuration

  • 10% – Multi-Container Pods

  • 18% – Observability

  • 20% – Pod Design

  • 13% – Services & Networking

  • 8% – State Persistence

Note

The outline of the book follows the CKAD curriculum to a tee. While there might be a more natural, didactical organization structure to learn Kubernetes in general, the curriculum outline will help test takers with preparing for the exam by focusing on specific topics. As a result, you will find yourself cross-referencing other chapters of the book depending on your existing knowledge level.

Let’s break down each domain in detail and identify what they actually entail.

Core Concepts

The Kubernetes environment is defined by a collection of objects, also called primitives. Each Kubernetes object represents a specific functionality of the system. Why are they called “objects,” you might ask? In the very early days of Kubernetes, the source code was implemented in Java, which has the concept of classes to represent specific types in the system. The code has since been written in Go, but the terminology remained. This portion of the exam covers the general structure of a Kubernetes object and its representation in YAML. You’ll need to be familiar with the different ways to create, delete, and modify a Kubernetes object from the command line. The most important object in the Kubernetes object model is a Pod. A Pod is what you use to deploy an application and run it in a container. This section focuses on the basics of Pod management: creating, configuring, and inspecting Pods.

Configuration

This section of the exam drills into the advanced configuration options for Pods, primarily with the help of other Kubernetes objects. ConfigMaps and Secrets help with centralizing configuration data needed by a Pod at runtime. You will have to understand how to create and use both concepts. Furthermore, this section covers the ins and outs of defining privileges and access control for containers using a security context. A ResourceQuota limits the amount of resources like CPU and memory granted to a namespace. As part of the exam, you will need to know how to define such a resource limit as well as minimum and maximum resource boundaries for a container. Finally, this section covers Service Accounts, the Kubernetes objects that allow defining the identities for processes running in a Pod.

Multi-Container Pods

Oftentimes, Pods only contain a single container. There are viable use cases that require running multiple containers in a Pod. For the exam, you will need to understand init containers and the various established patterns for multi-container Pods. The curriculum explicitly spells out three patterns you need to be familiar with: the sidecar pattern, the adapter pattern, and the ambassador pattern.

Observability

Containers don’t always walk the happy path. Like in real life, things can go wrong, and that’s OK; however, we’ll need to be able to deal with it appropriately. Kubernetes provides readiness, liveness, and startup probes that can identify the health state of the application running in the container and potentially act accordingly to correct a failure situation. Sometimes, there’s no way around digging deep. You will have to understand how to debug containers that failed with proven mitigation strategies. While this section also covers monitoring, it’s not very high on the list of exam topics, as it requires the use of commercial products. Its relevance to the exam is likely insignificant.

Pod Design

Labels are an integral concept in Kubernetes. They are key-value pairs used for querying, sorting, and filtering Kubernetes objects. While annotations look similar to labels on the surface, they serve a different purpose. For the exam, you will need to understand labels and annotations and how to apply the concepts to solve different use cases. This section also covers Deployments, so make sure you fully understand the replication and scalability features of a Deployment. Moreover, practice the use of Jobs for running batch-processing operations and CronJobs for operations that should run at specific times.

Services & Networking

A services is an abstraction layer on top of a set of Pods that provides a single interface for defining the network communication. You will need to understand how to create such a Service, its port-mapping mechanism, as well as the different types of Services. Network policies describe the access rules for incoming and outgoing traffic for Pods. In the context of defining network policies, get a good handle on label selectors, port rules, and the typical use cases that may benefit from applying the network policies to strengthen security.

State Persistence

Applications in a container perform file I/O only to the container’s file system. If the read/write location is not associated to an external mount, then the files are lost at the end of the container’s life. This section covers the different types of volumes for reading and writing data. Learn how to create and configure them. Persistent Volumes ensure permanent data persistence even beyond a cluster node restart. You will need to be familiar with the mechanics and how to mount a Persistent Volume to a path in a container.

The main purpose of the exam is to test your practical knowledge of Kubernetes primitives. It is to be expected that the exam combines multiple concepts in a single problem. Refer to Figure 1-1 as a rough guide to the applicable Kubernetes resources and their relationships.

You might have noticed that the exam does not cover all the Kubernetes resources you would have expected to find in the diagram. Certain Kubernetes primitives like ReplicaSet, StatefulSet, or Ingress did not find their way into the curriculum, which means do you not necessarily have to study them. Nevertheless, it’s a good idea to get a good lay of the land and understand the most prominent concepts at a high level.

While this book covers all Kubernetes resources shown in the diagram, it’s almost impossible to explain all imaginable scenarios and configuration options. Use the information explained in the following chapters as a starting point to dive deeper. Don’t be afraid to explore uncharted territory!

cksg 0101
Figure 1-1. Kubernetes primitives relevant to the exam

Exam Environment and Tips

The exam is conducted and proctored online. As a result, you can register and take the exam from the comfort of your home. It’s recommended that you clear your desk and ensure a silent environment by preventing any interruptions by other people or distracting noises. An exam representative will watch over you via video and audio. Cheating attempts will result in your exam being terminated prematurely.

The exam consists of practical problems you have to solve within a two-hour time frame. You will work on a preconfigured set of Kubernetes clusters. The focus of the exercises is to simulate typical situations you would encounter as an application developer using Kubernetes.

Once you enter the exam environment, you are presented with a web-based command-line environment. Most of your interaction happens inside of that terminal. I personally felt that the terminal was a bit laggy—whatever I typed didn’t show up on screen until a split second later. Be aware that the terminal does not provide any sophisticated auto-completion functionality for kubectl commands.

You are permitted to access and browse the Kubernetes documentation in single browser tab. In preparation for the exam, read through the bulk of the information at least once. While you can reference anything in the documentation, know where and how to find relevant iinformation to avoid spending too much time browsing. Do not open links to external web pages, even if they’re referenced in the Kubernetes documentation. I made heavy use of the documentation page’s search functionality, which helped me find the right information based on search terms quickly. Additionally, I would like to point you to two gems in the documentation: the kubectl cheat sheet and the API reference. Both pages might come in handy as quick reference guides. You can’t print these out beforehand, but you can have one tab open during the exam. For more information about the exam environment, see the Frequently Asked Questions for the certification program.

Candidate Skills

The certification assumes that you already have a basic understanding of Kubernetes. You should be familiar with Kubernetes internals, its core concepts, and the command-line tool kubectl. The CNCF offers a free “Introduction to Kubernetes” course for beginners to Kubernetes.

Your background is likely more on the end of an application developer, although it doesn’t really matter which programming language you’re most accustomed to. Here’s a brief overview of the background knowledge you should bring to the table to increase your likelihood of passing the exam:

Kubernetes architecture and concepts

The CKAD exam won’t ask you to install a Kubernetes cluster from scratch. Read up on the basics of Kubernetes and its architectural components. Don’t expect to encounter any multiple-choice questions during the exam.

The kubectl CLI tool

The kubectl command-line tool is the central tool you will use during the exam to interact with the Kubernetes cluster. Even if you only have a little time to prepare for the exam, it’s essential to practice how to operate kubectl, as well as its commands and their relevant options. You will have no access to the web dashboard UI during the exam.

Working knowledge of Docker

Kubernetes uses Docker by default for managing images. You are not expected to run Docker commands, though it’s useful to understand its basic concepts and know how to operate it from the command line. At a minimum, understand Dockerfiles, images, containers, and their corresponding CLI commands.

Other relevant tools

Kubernetes objects are represented by YAML or JSON. The content of this book will only use examples in YAML, as it is more commonly used than JSON in the Kubernetes world. You will have to edit YAML during the exam to create a new object declaratively or when modifying the configuration of a live object. Ensure that you have a good handle on basic YAML syntax, data types, and indentation conforming to the specification. How do you edit the YAML definitions, you may ask? From the terminal, of course. The exam terminal environment comes with the tools vi and vim preinstalled. Practice the keyboard shortcuts for common operations, (especially how to exit the editor). The last tool I want to mention is GNU Bash. It’s imperative that you understand the basic syntax and operators of the scripting language. It’s absolutely possible that you may have read, modify, or even extend a multiline Bash command running in a container.

Time Management

I mentioned earlier that you’ll have two hours to solve the problems presented to you. While two hours sounds like a long time, in reality, it isn’t. To be precise, you have an average of 6.4 minutes per problem. The exam is very time constrained on purpose. It’s designed to put you under pressure to ensure that your knowledge of Kubernetes has been deeply ingrained into muscle memory.

I can provide you with a couple of time-management tips that helped me get the most out of my alloted time. The exam presents you with a mix of questions with varying degrees of complexity. It’s a good idea to start with question one. If you can’t solve the issue right away or only partially, move on to the next question. Sooner or later you will encounter a problem you can solve quickly and confidently. Solving easy problems first will help you score the points you need to pass.

There’s no value in getting stuck on a hard question and wasting too much time. When taking the exam myself, I left one question completely unsolved and one question only partially solved before I ran out of time. Nevertheless, I passed, which speaks to staying laser-focused on scoring points.

Taking notes

The exam environment provides a little notepad you can use to track unsolved problems. Simply mark down the questions you are planning to revisit later.

Command Line Tips and Tricks

Let me give you some additional tips and tricks for operating the command line. Not only did they help me with time management, but also with avoiding missteps during the exam.

Setting a Context and Namespace

Every question in the exam will ask you to operate on the exam-provided Kubernetes cluster and namespace. The introductory text of the question clearly states the command you need to run. Don’t forget to execute the command, especially if you are rapidly jumping back and forth between different questions.

You may not be working with namespaces in Kubernetes on a day-to-day basis, especially in smaller organizations, which may simply manage Kubernetes objects in the default namespace. The exam makes heavy use of custom namespaces. You can decide to spell out the namespace for every single command while working through the exam; however, this mode of operation comes at the risk of forgetting to set the namespace.

To avoid issues, run the following command once before working through the steps of a question. The command sets the context and the namespace at the same time:

$ kubectl config set-context <context-of-question> \
  --namespace=<namespace-of-question>

Using an Alias for kubectl

The kubectl command-line tool is your primary interface to the Kubernetes cluster. For every command you need to execute, you will have to type kubectl in the terminal. No big deal, you might say. Do yourself a favor and define a shell alias as a shortcut to reference the kubectl command. I personally prefer to use the single letter command, k. You will only need to set the alias once at the beginning of the exam to shave off a couple of seconds for every command you run going forward:

$ alias k=kubectl
$ k version

I’m going to continue to use the full kubectl command throughout the other chapters to avoid confusing those who didn’t reference this particular section.

Internalize Resource Short Names

Some Kubernetes resources have excruciatingly long names. Just imagine having to type persistentvolumeclaims every time you need to reference the Kubernetes resource Persistent Volume Claim. Thankfully, kubectl provides short names for some of the resources. The following command lists all of them in the terminal:

$ kubectl api-resources
NAME                    SHORTNAMES  APIGROUP  NAMESPACED  KIND
...
persistentvolumeclaims  pvc                   true        PersistentVolumeClaim
...

You can see in the output that persistentvolumeclaims offers the short name pvc. Consequently, a command that interacts with a Persistent Volume Claim could look as simple as this:

$ kubectl describe pvc my-claim

Deleting Kubernetes Objects

It’s inevitable that you will make mistakes during the exam. For example, you might create Kubernetes objects with incorrect configuration, or you may simply want to start a question over from scratch. By default, Kubernetes tries to delete objects gracefully, which can can take up to 30 seconds. Given that we’re dealing with a test environment, there’s no point in waiting. Use the command line option --grace-period=0 and --force to send a SIGKILL signal. The signal will delete a Kubernetes object immediately:

$ kubectl delete pod nginx --grace-period=0 --force

Finding Object Information

Some questions in the exam present you with an existing setup of Kubernetes objects. Don’t be surprised to find that the context you’re working in already contains a couple of Pods with non-trivial configuration. As part of the question, you may be asked to identify specific Kubernetes objects and continue to work on those.

You can always inspect Kubernetes objects one by one, but again, this would be a major time sink. It is helpful to remember that you can combine a kubectl command with other Unix commands using a pipe call. For example, you could run a describe pods command and then filter the output with the grep command to find assigned labels. The -C command-line option helps with rendering the lines before and after the search term:

$ kubectl describe pods | grep -C 10 "author=John Doe"
$ kubectl get pods -o yaml | grep -C 5 labels:

Discovering Command Options

Even though you have access to the Kubernetes documentation, you might not be able to find the exact information you’re looking for right away. The kubectl command has help functionality built in. The option --help works for every command available and renders details on subcommands, command-line options, and usage examples. The following command demonstrates its use for the create command:

$ kubectl create --help
Create a resource from a file or from stdin.

JSON and YAML formats are accepted.

Examples:
  ...

Available Commands:
  ...

Options:
  ...

Furthermore, you can explore the fields of every Kubernetes resource from the command line with the explain command. As a parameter, you have to provide the JSONPath for the field of interest. For example, say you wanted to list all fields of a Pod’s spec; you would use the following command:

$ kubectl explain pods.spec
KIND:     Pod
VERSION:  v1

RESOURCE: spec <Object>

DESCRIPTION:
  ...

FIELDS:
  ...

Practicing and Practice Exams

In preparation for the exam, it’s essential to practice using kubectl. You’ll need to have access to a Kubernetes cluster and kubectl preinstalled. Consider the following options:

  • Find out if your employer already has a Kubernetes cluster set up and will allow you to use it to practice.

  • Installing Kubernetes on your developer machine is an easy and fast way to get set up. The Kubernetes documentation provides various installation options, depending on your operating system. At some point during my Kubernetes learning journey, I installed Kubernetes on four Raspberry Pis, which turned out to be a fun and exciting hobby project. You can find information on how to get started on the Kubernetes blog.

  • If you’re a subscriber to the O’Reilly Learning Platform, you have unlimited access to scenarios running a Kubernetes environment in Katacoda.

In addition, you may also want to try out one of the following free or paid practice exams:

Summary

The CKAD exam is a completely hands-on test that requires you to solve problems in multiple Kubernetes clusters. You’re expected to understand, use, and configure the Kubernetes primitives relevant to application developers. The exam curriculum subdivides those focus areas and puts different weights on topics, which determines their contributions to the overall score. Even though focus areas are grouped in a meaningful fashion, the curriculum doesn’t necessarily follow a natural learning path, so it’s helpful to cross-reference chapters in the book in preparation for the exam.

In this chapter, we discussed the exam environment and how to navigate it. We also went over tips and tricks that can help you save time. In preparation for the exam, explore the architectural basics of Docker and Kubernetes. The key to acing the exam is intense practice of kubectl to solve real-world scenarios. The following chapters will provide you with sample exam exercises. For full exposure, reference the resources provided in “Practicing and Practice Exams”.

Get Certified Kubernetes Application Developer (CKAD) Study Guide now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial