Certified Kubernetes Application Developer CKAD Learning Path

Finally moving a bit away from the Clouds (AWS and GCP) and as my involvement grew more with Kubernetes, I decided to challenge myself for the Kubernetes certification. I started with the Certified Kubernetes Application Developer and am happy to share that I cleared it in the first attempt with 84%.

• CKAD is more of an open book test, where you have access to the official Kubernetes documentation exam, but it focuses more on hands-on experience.
• CKAD focuses on “Using a Kubernetes cluster once already provisioned“
• Unlike AWS and GCP certifications, you would be required to solve, debug actual problems, and provision resources on a live Kubernetes cluster.
• It is surely one of the most challenging exams, I have appeared for in recent times.
• Even though it is an open book test, you need to know where the information is.
• Trust me, if you are not prepared this time is not going to be sufficient.

CKAD Exam Pattern

• CKAD exam curriculum includes these general domains and their weights on the exam:
  • Application Design and Build – 20%
  • Application Environment, Configuration and Security – 25%
  • Application Deployment – 20%
  • Services & Networking – 20%
  • Application observability and maintenance – 15%
• CKA requires you to solve 24 questions in 3 hours.
• CKAD exam has been upgraded and requires you to solve 15-18 questions in 2 hours
• CKAD was already upgraded to use the k8s 1.22 version.
• You are allowed to open another browser tab which can be from kubernetes.io or other products documentation like Falco. Do not open any other windows.
• Exam questions can be attempted in any order and don’t have to be sequential. So be sure to move ahead and come back later.

CKAD Exam Preparation and Tips

• I used the courses from KodeKloud for practicing and it would good enough to cover what is required for the exam.
• When you book your exam, there are 2 exam simulator sessions provided by killer.sh. These mock exams are VERY tough as compared to the actual exams, as they mention, but do provide a great learning experience. Do not get demotivated if you flunk badly on time on this one :).
• I was not stretched for time for CKAD and had much time to review.
  
• Each exam question carries weight so be sure you attempt the exams with higher weights before focusing on the lower ones. So target the ones with higher weights and quicker solutions like debugging ones.
• The exam is provided by killer.sh with 6-8 different preconfigured K8s clusters. Each question refers to a different Kubernetes cluster, and the context needs to be switched. Be sure to execute the kubectl use context command, which is available with every question and you just need to copy-paste it.
• Check for the namespace mentioned in the question, to find resources and create resources. Use the -n <namespace>
• You would be performing most of the interaction from the client node. However, pay attention to the node (master or worker) you need to execute the exams and make sure you return back to the base node.
• With CKS is important to move the master node for any changes to the cluster kube-apiserver .
• SSH to nodes and gaining root access is allowed if needed.
• Read carefully the Information provided within the questions with the i mark. They would provide very useful hints in addressing the question and save time. for e.g. namespaces to look into. for a failed pod, what has already been created like configmap, secrets, network policies so that you do not create the same.
• Make sure you know the imperative commands to create resources, as you won’t have much time to create and edit YAML files.
• If you need to edit further use --dry-run -o yaml to get a headstart with the YAML spec file and edit the same.
• I personally use alias kk=kubectl to avoid typing kubectl

CKAD Resources

• Go through the CKAD Curriculum
• Mumshad Mannambeth KodeKloud or Udemy Kubernetes Certified Application Developer (CKAD) with Tests
  • Excellent course which covers the right topics required for the CKAD exam
  • It also provides hands-on labs for each of the topics, giving you actual experience working on the Kubernetes cluster
• Udemy Certified Kubernetes Application Developer by Zeal Vora
• Practice CKAD Exercises
• Cover kubectl Cheatsheet for commands
• Cover Tasks from Kubernetes documentation

CKAD Key Topics

Application Design and Build – 20%

• Practice CKAD Exercises – Application Design and Build
• Define, build and modify container images
• Understand Jobs and CronJobs
  • Know how to Create Cron Jobs with recurring frequency and set a time limit for completion.
• Understand multi-container Pod design patterns (e.g. sidecar, init, and others)
  • Understand Init Containers and usage
  • Know how to Create a multi-container pod
• Utilize persistent and ephemeral volumes
  • Practice Configure Pod Container Persistent Volume Storage

Application Environment, Configuration and Security – 25%

• Practice CKAD Exercises – Application Environment, Configuration and Security
• Discover and use resources that extend Kubernetes (CRD)
  • Understand Custom Resources
• Understand authentication, authorization, and admission control
  • Authentication using Certificates and Service Accounts
  • Authorization using Node and RBAC
  • Admission controllers
    1. can be used for validating configurations as well as mutating the configurations.
    2. Mutating controllers are triggered before validating controllers.
    3. Allows extension by adding custom controllers using MutatingAdmissionWebhook and ValidatingAdmissionWebhook.
• Understanding and defining resource requirements, limits, and quotas
  • Know how to assign consumed CPU and Memory resources
  • Exam Tip: Know how to configure pods with requests and limits.
• Understand ConfigMaps
  • ConfigMaps are used to store non-confidential data in key-value pairs.
  • Task Create a ConfigMap and mount it as a volume.
  • Exam Tip: Know how to create ConfigMaps and mount the same on the pods.
• Create & consume Secrets
  • Know how to Manage Kubernetes secrets
  • Task Create Secrets and refer to them in a Pod.
  • Exam Tip: Know how to read secret values, create secrets and mount the same on the pods.
• Understand ServiceAccounts
  • Understand Service Accounts  & Managing Service Accounts
  • Task Create Service Account and configure a pod to run with it.
  • Exam tip: Know how to create Service Accounts, Roles, and Cluster Roles and associate them together using Role Binding and Cluster Role Binding.
• Understand SecurityContexts
  • Pod Security Contexts help define security for pods and containers at the pod or at the container level. Capabilities can be added at the container level only.
  • Task Configure pod container security context
  • Exam tip: Know how to run containers using different users and groups and add capabilities to the containers.

Application Deployment – 20%

• Practice CKAD Exercises – Application Deployment
• Use Kubernetes primitives to implement common deployment strategies (e.g. blue/green or canary)
  • Kubernetes supports only Recreate and Rolling deployments within the same cluster.
  • A service mesh like Istio can be used for traffic management and canary deployments.
• Understand Deployments and how to perform rolling updates
  • Understand Deployments & Create deployments, update deployments, rollback deployments.
  • Task Stateless Application Deployment
  • Exam tip: Know how to create and update pods and deployments
  • NOTE – Unlike Pods, Deployments can be edited inline and the Pods are recreated.
• Use the Helm package manager to deploy existing packages

Services & Networking – 20%

• Practice CKAD Exercise – Application Deployment
• Demonstrate basic understanding of NetworkPolicies
  • Understand Network Policies & Use Network security policies to restrict cluster level access
  • Task Declare Network Policy.
  • Exam tip: Know how to create Network Policies using proper selectors
• Provide and troubleshoot access to applications via services
  • Understand Services & Connecting applications with Services
  • Task Access Application Cluster using Service
  • Exam tip: Know how to expose a port for a pod, expose a service for a deployment
• Use Ingress rules to expose applications
  • Understand Ingress
  • Task Access Application Cluster using Ingress

Application observability and maintenance – 15%

• Practice CKAD Exercise – Application Observability and Maintenance
• Understand API deprecations
  • Know Kubernetes Deprecation Policy
• Implement probes and health checks
  • Know the difference between Liveness and Readiness. Readiness provides an indication of when the pod is ready and liveness provides an indication if the pod is healthy.
  • Task Configure liveness readiness startup probes
• Use provided tools to monitor Kubernetes applications
• Utilize container logs
  • Know Kubernetes Logging Architecture
  • Know how to check logs for Pods. kubectl logs pod_name
• Debugging in Kubernetes

CKAD General information and practices

• The exam can be taken online from anywhere.
• Make sure you have prepared your workspace well before the exams.
• Make sure you have a valid government-issued ID card as it would be checked.
• You are not allowed to have anything around you and no one should enter the room.
• The exam proctor will be watching you always, so refrain from doing any other activities. Your screen is also always shared.
• Copy + Paste works fine.
• You will have an online notepad on the right corner to note down. I hardly used it, but it can be useful to type and modify text instead of using VI editor.

All the Best …