Chapter 1. Exam Details and Resources

This chapter addresses the most frequently asked questions by candidates preparing to successfully pass the Certified Kubernetes Application Developer (CKAD) exam. Later chapters will give you a summary of Kubernetes’ benefits and architecture and how to interact with a Kubernetes cluster using kubectl.

Kubernetes Certification Learning Path

The CNCF offers four different Kubernetes certifications. Figure 1-1 categorizes each of them by target audience.

ckd2 0101
Figure 1-1. Kubernetes certifications learning path

The target audience for associate-level certifications is beginners to the cloud and Kubernetes. Associate-level certification exams use a multiple-choice format. You will not have to interact with a Kubernetes cluster in an interactive environment.

Practitioner-level certifications are meant for developers and administrators with preexisting Kubernetes experience. Exams in this category require you to solve problems in multiple Kubernetes environments hands-on. You will find that the CKAD is geared to application developers and does not require any other certification as a prerequisite.

Let’s have a brief look at each certification to see if the CKAD is the right fit for you.

Kubernetes and Cloud Native Associate (KCNA)

KCNA is an entry-level certification program for anyone interested in cloud-native application development, runtime environments, and tooling. While the exam does cover Kubernetes, it does not expect you to interact with a cluster hands-on. This exam consists of multiple-choice questions and is suitable to candidates interested in the topic with a broad exposure to the ecosystem.

Kubernetes and Cloud Native Security Associate (KCSA)

This certification focuses on basic knowledge of security concepts and their application in a Kubernetes cluster. The breadth, depth, and format of the program is comparable to the KCNA.

Certified Kubernetes Application Developer (CKAD)

The CKAD exam focuses on verifying your ability to build, configure, and deploy a microservices-based application to Kubernetes. You are not expected to actually implement an application; however, the exam is suitable for developers familiar with topics like application architecture, runtimes, and programming languages.

Certified Kubernetes Administrator (CKA)

The target audience for the CKA exam are DevOps practitioners, system administrators, and site reliability engineers. This exam tests your ability to perform in the role of a Kubernetes administrator, which includes tasks like cluster, network, storage, and beginner-level security management, with emphasis on troubleshooting scenarios.

Certified Kubernetes Security Specialist (CKS)

The CKS exam expands on the topics verified by the CKA exam. Passing the CKA is a prerequisite before you can sign up for the CKS exam. For this certification, you are expected to have a deeper knowledge of Kubernetes security. The curriculum covers topics like applying best practices for building containerized applications and ensuring a secure Kubernetes runtime environment.

Exam Objectives

This book focuses on getting you ready for the CKAD exam. I will give a little bit of background on why Kubernetes is important to application developers before dissecting the topics important to the exam.

More and more application developers find themselves in projects transitioning from a monolithic architectural model to bite-sized, cohesive, and containerized microservices. There are pros and cons to both approaches, but Kubernetes has become the de facto runtime platform for deploying and operating applications without needing to worry about the underlying physical infrastructure.

It is no longer the exclusive responsibility of an administrator or release manager to deploy and monitor their applications in target runtime environments. Application developers need to see their applications through from development to operation. Some organizations like Netflix live and breathe this culture, so you, the application developer, are fully responsible for making design decisions as well as fixing issues in production. It’s more important than ever to understand the capabilities of Kubernetes, how to apply the relevant concepts properly, and how to interact with the platform.

The exam is designed specifically for application developers who need to design, build, configure, and manage cloud native applications on Kubernetes.

Kubernetes version used during the exam

At the time of writing, the exam is based on Kubernetes 1.28. All content in this book will follow the features, APIs, and command-line support for that version. It’s possible that future versions will break backward compatibility. While preparing for the certification, review the Kubernetes release notes and practice with the Kubernetes version used during the exam to avoid unpleasant surprises. The exam environment will be aligned with the most recent Kubernetes minor version within approximately four to eight weeks of the Kubernetes release date.

Curriculum

The following overview lists the high-level sections, or domains, of the exam and their scoring weights:

The next sections detail each domain.

Application Design and Build

The first domain of the curriculum covers designing and building a containerized application and operating it in Kubernetes. You will need to be familiar with basic container concepts and how to define a container inside of a Pod. In addition, the domain covers more advanced use cases and Kubernetes concepts: the use of storage in Pods, the need for defining multiple containers inside of a Pod, and how to define and execute batch and periodic workloads.

Application Deployment

This domain primarily focuses on the Kubernetes primitive Deployment. A Deployment helps with scaling Pods with the same definition, so-called replicas, and managing the configuration across all replicas it controls. You need to understand managing deployments including strategies helpful for rolling out new versions of an application to replicas in a controlled fashion. Finally, you will need to be familiar with Helm, an open source tool for managing a set of manifests required to deploy and configure an application stack.

Application Observability and Maintenance

Deploying an application to Kubernetes is only the first step. You need to be able to monitor, inspect, and potentially debug Kubernetes objects. Probes are an important concept covered by this domain: they define health checks for applications running in a Pod. Furthermore, you need to be confident with identifying runtime issues for workload and how to fix them.

Application Environment, Configuration, and Security

Kubernetes offers security and resource management features configurable for a Pod. This includes the security context and resource requirements/constraints covered in this domain. Furthermore, you need to be able to demonstrate the use of ConfigMaps and Secrets to inject configuration data into a Pod to control its runtime behavior. The domain also touches on the rudimentary concepts and functionality of role-based access control (RBAC) and CustomResourceDefinitions (CRDs).

Services and Networking

The last domain of the curriculum deals with providing network access to your application from within and outside of the cluster. For that purpose, you’ll need to demonstrate knowledge of Services and Ingresses. Finally, you’ll need a rough understanding of network policies, which are essentially rules that deny or permit Pod-to-Pod communication.

Involved Kubernetes Primitives

Some of the exam objectives can be covered by understanding the relevant core Kubernetes primitives. Be aware that the exam combines multiple concepts in a single problem. Refer to Figure 1-2 as a guide to the applicable Kubernetes resources and their relationships.

ckd2 0102
Figure 1-2. Kubernetes primitives relevant to the exam

Documentation

During the exam, you are permitted to open a well-defined list of web pages as a reference. You can freely browse those pages and copy-paste code to the exam terminal.

The official Kubernetes documentation includes the reference manual, the GitHub site, and the blog. In addition, you can also browse the Helm documentation.

Having the Kubernetes documentation pages at hand is extremely valuable, but make sure you know where to find the relevant information within those pages. In preparation for the test, read all the documentation pages from start to end at least once. Don’t forget the search functionality of the official documentation pages. For reference, Appendix B maps the exam objectives to the book chapters covering the topics and the relevant Kubernetes documentation pages.

Using the documentation efficiently

Using a search term will likely lead you to the right documentation pages quicker than navigating the menu items. Copying and pasting code snippets from the documentation into the console of the exam environment works reasonably well. You may have to adjust the YAML indentation manually as the proper formatting can get lost in the process.

Exam Environment and Tips

To take the exam, you must purchase a registration voucher, which can be acquired on the CNCF training and certification web page. On occasion, the CNCF offers discounts for the voucher (e.g., around the US Thanksgiving holiday). Those discount offers are often announced on the Linux Foundation LinkedIn page and the Twitter account @LF_Training.

After you purchase the voucher, you can schedule a time for the exam with PSI, the company conducting the test virtually. In-person exams at a testing facility are not available. On the day of your scheduled test, you’ll be asked to log into the test platform with a URL provided to you by email. You’ll be asked to enable the audio and video feed on your computer to discourage cheating. A proctor will oversee your actions via audio/video feed and terminate the session if they think you are not following the rules.

Exam attempts

The voucher you purchased grants two attempts to pass the exam. I recommend preparing reasonably well before taking the test on the first attempt. It will give you a fair chance to pass the test and provide a good impression of the exam environment and the complexity of the questions. Don’t sweat it if you do not pass the test on the first attempt. You’ve got another free shot.

The CKAD has a time limit of two hours. During that time, you’ll need to solve hands-on problems on a real, predefined Kubernetes cluster. Every question will state the cluster you need to work on. This practical approach to gauge a candidate’s skill set is superior to tests with multiple-choice questions, as you can translate the knowledge directly on tasks performed on the job.

I highly recommend reading the FAQ for the exam. You will find answers to most of your pressing questions there, including system requirements for your machine, scoring, certification renewal, and retake requirements.

Candidate Skills

The certification assumes that you have a basic understanding of Kubernetes. You should be familiar with Kubernetes internals, its core concepts, and the command-line tool kubectl. The CNCF offers a free “Introduction to Kubernetes” course for beginners to Kubernetes.

Your background is likely more on the end of an application developer, although it doesn’t really matter which programming language you’re most accustomed to. Here’s a brief overview of the background knowledge you need to increase your likelihood of passing the exam:

Kubernetes architecture and concepts

The exam won’t ask you to install a Kubernetes cluster from scratch. Read up on the basics of Kubernetes and its architectural components. Reference Chapter 2 for a jump start on Kubernetes’ architecture and concepts.

The kubectl CLI tool

The kubectl command-line tool is the central tool you will use during the exam to interact with the Kubernetes cluster. Even if you have only a little time to prepare for the exam, it’s essential to practice how to operate kubectl, as well as its commands and their relevant options. You will have no access to the web dashboard UI during the exam. Chapter 3 provides a short summary of the most important ways of interacting with a Kubernetes cluster.

Working knowledge of a container runtime engine

Kubernetes uses a container runtime engine for managing images. A widely used container runtime engine is Docker Engine. At a minimum, understand container files, container images, containers, and relevant CLI commands. Chapter 4 explains all you need to know about containers for the exam.

Other relevant tools

Kubernetes objects are represented by YAML or JSON. The content of this book will use examples in YAML, as it is more commonly used than JSON in the Kubernetes world. You will have to edit YAML during the exam to create a new object declaratively or when modifying the configuration of a live object. Ensure that you have a good handle on basic YAML syntax, data types, and indentation conforming to the specification. How do you edit the YAML definitions, you may ask? From the terminal, of course. The exam terminal environment comes with the tools vi and vim preinstalled. Practice the keyboard shortcuts for common operations, (especially how to exit the editor). The last tool I want to mention is GNU Bash. It’s imperative that you understand the basic syntax and operators of the scripting language. It’s absolutely possible that you may have to read, modify, or even extend a multiline Bash command running in a container.

Time Management

Candidates have two hours to complete the exam, and 66% of the answers to the questions need to be correct to pass. Many questions consist of multiple steps. Although the Linux Foundation doesn’t provide a scoring breakdown, I’d assume that partially correct answers will score a portion of the points.

When taking the test, you will notice that the given time limit will put you under a lot of pressure. That’s intentional. The Linux Foundation expects Kubernetes practitioners to be able to apply their knowledge to real-world scenarios by finding solutions to problems in a timely fashion.

The exam will present you with a mix of problems. Some are short and easy to solve; others require more context and take more time. Personally, I tried to tackle the easy problems first to score as many points as possible without getting stuck on the harder questions. I marked any questions I could not solve immediately in the notepad functionality integrated in the exam environment. During the second pass, revisit the questions you skipped and try to solve them as well. Optimally, you will be able to work through all the problems in the allotted time.

Command-Line Tips and Tricks

Given that the command line is your solitary interface to the Kubernetes cluster, it’s essential that you become extremely familiar with the kubectl tool and its available options. This section provides tips and tricks for making their use more efficient and productive.

Setting a Context and Namespace

The exam environment comes with multiple Kubernetes clusters already set up for you. Take a look at the instructions for a high-level, technical overview of those clusters. Each of the exam exercises needs to be solved on a designated cluster, as outlined in its description. Furthermore, the instructions will ask you to work in a namespace other than default. Make sure to set the context and namespace as the first course of action before working on a question. The following command sets the context and the namespace as a one-time action:

$ kubectl config set-context <context-of-question> \
  --namespace=<namespace-of-question>
$ kubectl config use-context <context-of-question>

You can find a more detailed discussion of the context concept and the corresponding kubectl commands in “Authentication with kubectl”.

Using the Alias for kubectl

In the course of the exam, you will have to execute the kubectl command tens or even hundreds of times. You might be an extremely fast typist; however, there’s no point in fully spelling out the executable over and over again. The exam environment already sets up the alias k for the kubectl command.

In preparation for the exam, you can set up the same behavior on your machine. The following alias command maps the letter k to the full kubectl command:

$ alias k=kubectl
$ k version

Using kubectl Command Auto-Completion

Memorizing kubectl commands and command-line options takes a lot of practice. The exam environment comes with auto-completion enabled by default. You can find instructions for setting up auto-completion for the shell on your machine in the Kubernetes documentation.

Internalize Resource Short Names

Many of the kubectl commands can be quite lengthy. For example, the command for managing Persistent volume claims is persistentvolumeclaims. Spelling out the full command can be error-prone and time-consuming. Thankfully, some of the longer commands come with a short-form usage. The command api-resources lists all available commands plus their short names:

$ kubectl api-resources
NAME                    SHORTNAMES  APIGROUP  NAMESPACED  KIND
...
persistentvolumeclaims  pvc                   true        PersistentVolumeClaim
...

Using pvc instead of persistentvolumeclaims results in a more concise and expressive command execution, as shown here:

$ kubectl describe pvc my-claim

Practicing and Practice Exams

Hands-on practice is extremely important when it comes to passing the exam. For that purpose, you’ll need a functioning Kubernetes cluster environment. The following options stand out:

  • I found it useful to run one or many virtual machines using Vagrant and VirtualBox. Those tools help with creating an isolated Kubernetes environment that is easy to bootstrap and dispose on demand.

  • It is relatively easy to install a simple Kubernetes cluster on your developer machine. The Kubernetes documentation provides various installation options, depending on your operating system. Minikube is useful when it comes to experimenting with more advanced features like Ingress or storage classes, as it provides the necessary functionality as add-ons that can be installed with a single command. Alternatively, you can also give kind a try, another tool for running local Kubernetes clusters.

  • If you’re a subscriber to the O’Reilly Learning Platform, you have unlimited access to scenarios running a Kubernetes sandbox environment. In addition, you can test your knowledge with the help of the CKAD practice test in the form of interactive labs.

You may also want to try one of the following commercial learning and practice resources:

  • Killer Shell is a simulator with sample exercises for all Kubernetes certifications. If you purchase a voucher for the exam, you will be allowed two free sessions.

  • Other online training providers offer video courses for the exam, some of which include an integrated Kubernetes practice environment. I would like to mention KodeKloud and A Cloud Guru. You’ll need to purchase a subscription to access the content for each course individually.

Summary

The exam is a completely hands-on test that requires you to solve problems in multiple Kubernetes clusters. You’re expected to understand, use, and configure the Kubernetes primitives relevant to application developers. The exam curriculum subdivides those focus areas and puts different weights on topics, which determines their contributions to the overall score. Even though focus areas are grouped meaningfully, the curriculum doesn’t necessarily follow a natural learning path, so it’s helpful to cross-reference chapters in the book in preparation for the exam.

In this chapter, we discussed the exam environment and how to navigate it. The key to acing the exam is intense practice of kubectl to solve real-world scenarios. The next two chapters in Part I will provide a jump start to Kubernetes.

All chapters that discuss domain details give you an opportunity to practice hands-on. You will find sample exercises at the end of each chapter.

Get Certified Kubernetes Application Developer (CKAD) Study Guide, 2nd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial