How2CKAD — Tips and Tricks for the Certified Kubernetes Application Developer exam

Published in

comsystoreply

18 min readFeb 6, 2024

1. Introduction

Having recently attained the CKAD (Certified Kubernetes Application Developer), I decided I had to write something about my experience - because I did many things wrong in my preparation, mistakes I think I could have easily avoided with the right advice.

It seems that many people who did this certification feel the same — there are already quite a few articles out there on the net (see References at the end of this post), articles that I found quite helpful. Yet, some details and good practices I had to learn for myself, and I want to share those with you.

Note: There is an NDA associated with the exam, so I won’t disclose any details about the actual tasks you’ll have to do to get the certification. What’s more important, however, is that you know how to prepare for the exam and how to manage the actual exam situation.

1.1. What is Kubernetes?

Kubernetes, short K8s, is a platform for managing clusters of containerized applications on multiple machines, automating their lifecycle, deployment, scaling, and management. K8s was originally developed by Google but today is an open-source project maintained by CNCF (Cloud Native Computing Foundation).

Kubernetes is not a traditional, all-inclusive Platform as a Service (PaaS) system. Instead, it provides declarative cluster management independently of the actual platform to which the cluster is deployed — be it e.g. Google Cloud Engine, Microsoft Azure, Amazon AWS, or good old on-premises systems.

Some call it ‘The Operating System of the Cloud’. You could also call it a lingua franca that can be used in any cloud environment.

A Kubernetes cluster consists of a control plane and multiple worker nodes that are configured through YAML files. — Figure 1: A Kubernetes cluster

Figure 1 shows a highly simplified K8s cluster. The control plane manages the state of the cluster, including scheduling applications, maintaining the desired state, scaling applications, and rolling out new updates. Key components of the control plane include the kube-apiserver, etcd, kube-scheduler, and kube-controller-manager.

Worker nodes run the applications and workloads. Each worker node has a kubelet, which is an agent for managing the state of the node and ensuring that containers are running as expected. Nodes also have a container runtime (like Docker, CRI-O, or containerd) to run containers grouped to so-called ‘Pods’, and kube-proxy to maintain network rules on nodes, enabling network communication across the cluster.

Every object is defined using a declarative configuration that’s usually written as a YAML file. This YAML is interpreted by K8s and any delta between the cluster’s actual and expected configuration is automatically resolved by the platform.

1.2. What is CKAD?

CKAD is short for ‘Certified Kubernetes Application Developer’. It is the official certification for people who want to develop applications to be deployed in a K8s cluster in the role of a DevOps engineer. CKAD is not the certification for full administration of large K8s clusters in production. If that’s your focus, CNCF offer also the CKA (‘Certified Kubernetes Administrator’) and the more specialized CKS (‘Certified Kubernetes Security Specialist’) certifications. See this article for a more thorough comparison: CKA vs CKAD vs CKS — Differences & Which Exam is Best For You?

2. Studying for the CKAD Exam

What you learn in official training (for example at Udemy or Linux Foundation) may be misleading concerning the certification. As is typical for such classes, they provide several lectures that contain lots of background information, along with a set of exercises to be executed by the students in a test environment. The intention of these exercises is that you learn to do things with kubectl, docker, and helm. This is very useful when you start learning Kubernetes from scratch, to get an overview of what’s possible.
However, these lectures may fail to make the point of what is required to pass the exam: speed.

The main requirement of the CKAD exam is speed.
To pass it, you have to exercise. A lot.

Let me press this: to pass the exam, you have to be able to enter the right commands, in the right order, in very little time. On average, you will have between 3 and 8 minutes per task to solve it.

There are certainly some tips that help you to be faster (I will come to that later), but no amount of time management will be enough if you do not know the right commands or cannot enter them quickly and correctly, without producing error messages.

You may be in the lucky situation that you have worked with K8s before, especially with the kubectl command line client, and know at least some of its ins and outs by heart. If you think you are fast enough already, you can skip the next sections and directly go to section 3.4. The training exam to validate your assumption. Otherwise, as it was with me, best prepare yourself for going to the K8s gym. Daily.

2.1. Finding your gym

The first and most important thing is to find an environment that you can use to train for the exam, because (of course) you need access to a Kubernetes cluster.

AI-generated illustration of a ‘Kubernetes gym’. — The K8s gym (by Dall-E)

There are several options to get your hands on one, the most likely being:

Online playgrounds
VMs hosted in the cloud
Local VMs
K8s playground on your machine

2.1.2. Online playgrounds

The easiest option alltogether are pre-configured online playgrounds. Searching for ‘kubernetes online playground’ on the net gives you several several options. Some of these providers are free (e.g. Killer Shell, see below), some of them require a paid plan, for example KodeCloud. Access to one of these providers may be included in your course package.

These playgrounds offer you an online terminal that you may use for hands-on experience with a small K8s cluster. The distinct advantage is that you don’t need to setup anything at all - just start working.

The disadvantage is that you have to use the terminal and the cluster ‘as is’ without the ability to change anything, at least not permanently. Some of the playgrounds will even log you out after a certain period of time — afterwards, you’ll have to start from scratch.

2.1.2. VMs hosted in the cloud

A somewhat obvious choice to run your gym cluster is the great cloud providers (AWS, GCP, MS Azure). All of them offer a managed K8s cluster that relieves you from the need to set it up yourself. As usual, you can try this service for free but need to provide payment details when creating the account, for the eventuality that you exceed the free plan’s limits.

Be warned that there is a real possibility that you get charged, so if that cost is not covered by your company or some other benefactor (and surprise bills are a problem for you), you may want to choose one of the other options to run your exercises.

2.1.3. Local VMs

Using local VMs (e.g. running in VirtualBox) is also a way to run a true K8s cluster.

Setting this up requires some prior knowledge about the VM tooling of your choice, Linux, and Linux Networking. You may also learn things about K8s and the kubeadm tool that are normally reserved for the CKA exam and not strictly needed for CKAD (but required for setting up a cluster).

To make things easier, there are some nice how-tos out there that will take you through the process step by step (see for example Create a Kubernetes Cluster using Virtualbox — The Hard Way), but it may take some time and debugging to get it up and running, so if this is a good choice depends on the preciousness of your time.

2.1.4. K8s playground on your machine

Running a local K8s cluster is possible using Minicube or Docker Desktop and is quite easy to set up.

My class teacher stated that it’s not possible to train effectively with a local playground, but I found that there are only a few things you can’t do with it — mostly relating to worker node selectors and taints (which is kind of obvious). This disadvantage may be negligible, but be aware of it.

All the other exercises can be run without issue, and the big plus is that you can do it directly on your machine, in your shell, with your tools and shortcuts.

2.1.6. Recommended training environment

At the time of writing, there is no obvious ‘best’ way to run the exercises, as it depends completely on your background and preferences:

If you have access to a cloud provider and either know how to avoid being charged or have someone who covers the cost, go for VMs hosted in the cloud.
If you know how to use VMs and know your way around Linux networking, you may want to opt for Local VMs.
If none of this applies to you, I recommend a combination of one of the online playgrounds (e.g. Killer Shell) and K8s playground on your machine, the first one to run any tasks that require multiple nodes, the second one to do all the rest using your shell and tooling of choice.

3. What to learn

The first and most obvious source that tells you what you need to learn is the CKAD Curriculum. Check here if you (or the class you are taking) have gaps on any important topics. You should also recheck the curriculum regularly while training because it may get updated anytime, without prior warning (e.g. when a new version of K8s is released).

Beyond the curriculum, you need exercises to do. The best sources are:

Killercoda Interactive Environments
Dimitris-Ilias Gkanatsios’ CKAD Exercises
Cilium Network policy editor
The training exam

3.1. Killercoda Interactive Environments

Killercoda / Killer shell not only provides a ready-to-use K8s cluster but also a very comprehensive set of exercises that are quite close to what’s required in the exam. It’s automatically scored and completely free to use, so you should do so repeatedly until you can do all the tasks easily on the first attempt.

Note: Killercoda is a great starting point for training, but it’s not exhaustive — you should get your hands on additional sets of exercises.

3.2. Dimitris-Ilias Gkanatsios’ CKAD Exercises

This GitHub page offers a great many exercises, plus solutions. This page covers most of the topics in the curriculum. Do them in your training environment and do them repeatedly until you feel completely comfortable.

3.3. Cilium Network policy editor

Network policies are very important for K8s cluster security, and one of the most complex topics present in the CKAD curriculum, but they are poorly covered in the sources mentioned so far. For the exam, however, you should make sure that you know how to write policies for a set of common scenarios.

To get a deeper understanding of network policies, you can use the convenient online Network Policy Editor, which will help you create the YAML for specific scenarios using a wizard. You can then view or download the generated YAML and use it for your training.

3.4. The training exam

When you register for certification, it includes limited access to a practice exam. This is your most valuable tool, both for training and for judging your abilities. The tasks presented are the closest to the real exam you’ll get. You should be fine if you pass the practice exam with, say, at least an 80% score in two hours. If you do not reach this goal, you may want to use the remainder of your access time to repeat the tasks multiple times until you can do them within less than two hours.

At the time of writing this post, the certification fee includes 2 units of:

2-hour practice exam that you can use to judge your skills.
34 hours subsequent access to the environment that you can (and should) use to:
- get familiar with the certification environment
- repeatedly execute the tasks for practice

Tip: If you can, start the practice exam at a time when you can use a larger part of the following 36 hours for training.

4. Strategies for passing the exam

The actual exam is supervised through your camera (laptop or external). Make sure that your environment meets the requirements and that you are there early (you are allowed to log in 30 minutes ahead of exam time). You will be authenticated by showing your identity and your face, and the proctor will ask you to move the camera around the room and to every nook and corner that might contain some hidden help for you (if you are about to attach your laptop to an external screen or cable-bound keyboard, it’s best to do so afterward).

AI-generated illustration of a developer working under time pressure. — Exam situation (by Dall-E)

As mentioned before, time management is important during the exam. When logged in, you will encounter a simulated Linux desktop that provides all the (basic) tools you need. However, the environment may be kind of slow because it is virtualized and completely remote. To work best with it, you should take some important rules to heart:

Prepare
Think before you type
Use shortcuts whenever you can
Type as little YAML as possible

4.1. Prepare

4.1.1. Before starting the exam

Use the test exam to make yourself familiar with the virtual environment. Prepare a layout of terminals, editors, and browser windows that works for you and that you can quickly reproduce when starting the exam. It will be worth your time!

What worked for me:

Two Terminals:
- A terminal for executing commands.
- Another terminal to edit files using vi/nano or to run kubectl explain.
A graphical editor (Mousepad) to use as a clipboard for often-needed commands or parts of commands. Some candidates are, for example:
--dry-run=client -o yaml k config set-context --current --namespace=
A web browser with the permitted sites opened in tabs. Make sure you know the websites you are allowed to use and have memorized their URLs since you are not permitted to use any search engines (!).
At the time of writing this blog post, these are:
https://kubernetes.io/docs
https://kubernetes.io/blog (I never used that one)
https://helm.sh/docs

Note: All terminals already have kubectl auto-completion enabled and should respond to the common alias ‘k’, so you are not required to include that in your preparation. The same holds for the recommended vim editor configuration.

4.1.2. Before working on a new task

Carefully read the task description. It is very easy to miss important details under stress.
Set the right namespace. This is helpful because if you do, you don’t have to include the respective parameter in every command. It is also very important because if your solution runs in the wrong namespace, it won’t be scored!

Tip: You can use this command to modify the currently used namespace:

k config set-context --current --namespace=...

Also, don’t forget to include the right namespace in any YAML specs required for the task, since kubectl create -f and kubectl apply -f ignore the namespace set using above command and always use the one in the submitted file!

4.2. Think before you type

Short but important: Don’t make the mistake of typing commands in a quick&dirty manner hoping you can easily correct mistakes. The environment is kind of sluggish and the roundtrips you’ll need to analyze errors and fix typos will be much longer than you’re used to.

4.3. Use shortcuts whenever you can

Use the k alias
Use the history

4.3.1. Use the k alias

This one’s simple. Get used to the (predefined) shortcut k instead of typing kubectl to save 6 hits on the keyboard per command entered.

4.3.2. Use the history

Working with kubectl, you’ll have to type the same — or very similar — commands again and again. This is a good time to remember the power of Unix shells to keep a history of all commands you entered. For the exam, it’s extremely valuable to know how to use this history, at least (and most importantly) the reverse search function:

Press Ctrl+R
Type a part of the command you want to search for
If the right command is displayed, adjust it to your needs and press Enter.
If another command is displayed, type Ctrl+R again until you find the one you need.

For more information on the history and the associated commands and shortcuts, please visit the Bash online documentation.

4.4. Type as little YAML as possible

Since you won’t be able to solve all the tasks alone with kubectl, you will be required to produce YAML specifications to be digested via kubectl create or kubectl apply. To create this specification — or at least, a baseline to modify — you have three options:

Dump an existing object as YAML.
Use kube-ctl’s dry-run capability.
Copy an example from the docs.

Warning: Never, ever, create a YAML specification from scratch during the exam. Typing YAML using the provided editors (e.g. vim, Nano, Mousepad) is cumbersome at best. You will make typos and indentation errors, resulting in debugging rounds that quickly use up your precious time.

4.4.1. Dump an existing object as YAML

If there is already an object in the environment that is of the same kind as the one you need to create, it might be a good idea to take this object and dump it to a YAML file that you can use as a starting point for your configuration:

k get deploy existing_deployment -o yaml > baseline.yaml

4.4.2. Copy an example from the docs

The exam is Open Book, so you’re allowed to copy and paste from the official documentation to your heart’s content. Many of the tasks in the exam will ask for YAML code that you can find in the examples in very similar form — if you know where to look for them.

Especially for the official Kubernetes documentation, its a good idea to take mental notes on where in the (huge) tree of documents the relevant examples can be found. This page created by Reeta Singh provides a curated list of bookmarks for interesting parts of the official docs.

Warning: Using the search function to find examples should be considered a last resort. As stated previously, the environment is quite slow. Often, a multitude of documents will pop up, and opening each of them and scrolling through them in search of examples will take forever unless you’re lucky.

4.4.3. Use kube-ctl’s dry-run capability

While kubectl cannot do everything, it can do a lot, and its dry-run capability will provide you with ready-to-use baselines for tasks that need only a little adjustment.

One of the most important things you should learn is what kind of objects and configurations can be created by kubectl and its countless subcommands and parameters, and what it can’t do for you. You will find that if you use its capabilities correctly, often you have to add or edit only a few lines of YAML to achieve your goals.

Example

Create a Nginx deployment with 3 replicas and a readiness probe checking http://localhost:8080/ready

You won’t be able to do this with kubectl alone, because probes are only configurable through YAML. Because of that, you may be tempted to write this YAML spec:

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx-readiness
  name: nginx-readiness
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx-readiness
  template:
    metadata:
      labels:
        app: nginx-readiness
    spec:
      containers:
        - image: nginx
          name: nginx
          readinessProbe:
            httpGet:
              path: /ready
              port: 8080
            initialDelaySeconds: 3
            periodSeconds: 5

You won’t do so, of course, since by now you understand this takes a lot of time. Instead, run this command:

> k create deploy nginx-readiness --image=nginx --replicas=3\
  --dry-run=client -o yaml > nginx-readiness.yaml

Open the file. You will find that kubectl has created everything for you except lines 20–25. To get those, it is best to copy them from the documentation examples in Kubernetes Documentation / Tasks / Configure Pods and Containers / Configure Liveness, Readiness and Startup Probes. Find the example for an HTTP liveness probe, copy and modify it as needed, and run:

> k create -f nginx-readiness.yaml

4.5. When you need help

At some point during the exam, you may encounter a situation when you don’t know what to do, can’t remember where a specific object’s configuration should be located, or your solution simply doesn’t work. Thankfully, there are some means you can employ to resolve such problems:

Use kubectl explain
Skip tasks or start a task from scratch

4.5.1. Use kubectl explain

Sometimes, you may not remember the exact YAML to type for a specific task, and while kubectl offers outstanding auto-completion, there is no integrated help or code completion for the YAML configuration files in any of the available editors. What is there, however, is kubectl explain. Behind this simple subcommand, you find a complete reference for everything in K8s YAML config files. It works in two different modes:

Recursive Overview
Field Details

4.5.1.1. Recursive Overview

This mode, triggered by the parameter --recursive, will show the complete subtree of the field specified. It doesn’t provide much detail for each field but is a great way to get an overview and locate specific fields when you don’t remember their exact location.

> k explain --recursive pod.spec.containers

KIND:       Pod
VERSION:    v1

FIELD: containers <[]Container>

DESCRIPTION:
    List of containers belonging to the pod. Containers cannot currently be
    added or removed. There must be at least one container in a Pod. Cannot be
    updated.
    A single application container that you want to run within a pod.

FIELDS:
  args  <[]string>
  command       <[]string>
  ...
  volumeMounts  <[]VolumeMount>
    mountPath   <string> -required-
    mountPropagation    <string>
    name        <string> -required-
    readOnly    <boolean>
    subPath     <string>
    subPathExpr <string>
  workingDir    <string>

Tip: Use k explain --recursive root | grep fieldname if there is too much output.

4.5.1.2. Field Detail

This version of the command provides you with a detailed description for a specific field. Of course, you have to know the exact path to specify — use the recursive mode to locate the field if not.

> k explain pod.spec.containers.volumeMounts

KIND:       Pod
VERSION:    v1

FIELD: volumeMounts <[]VolumeMount>

DESCRIPTION:
    Pod volumes to mount into the container's filesystem. Cannot be updated.
    VolumeMount describes a mounting of a Volume within a container.

FIELDS:
  mountPath     <string> -required-
    Path within the container at which the volume should be mounted.  Must not
    contain ':'.

  mountPropagation      <string>
    mountPropagation determines how mounts are propagated from the host to
    container and the other way around. When not set, MountPropagationNone is
    used. This field is beta in 1.10.

    ...

4.5.2. Skip tasks or start a task from scratch

Sometimes you don’t remember what the right command is to solve the task presented. Sometimes there is something wrong with a YAML config you created, and you are not able to find the reason for kubectl’s cryptic error messages. Sometimes you miss something small and can’t wrap your head around it.

If you get in a situation when things simply don’t work, you should stop wasting your time. It’s fine to skip difficult tasks and do them later.

I recommend doing this on purpose. Collect as much score as you can doing the tasks that you can solve quickly, and save the time-consuming ones for later. The environment helps you in doing this by letting you mark tasks as completed.

Also, don’t hesitate to restart a task from scratch if you get into an error loop — both with kubectl command line and the complex YAML files, it’s easy to get little things wrong that aren’t obvious under stress. Often, such issues simply vanish when you try again with a clean slate.

5. What’s next

When you are through with the exam, relax and don’t fret about it. Usually, you’ll be informed if you have achieved the required score in a time frame of 24 hours.

When you’ve earned the certification title, don’t forget to add the digital badge to your CV.

AI-generated illustration of a deveoper who successfully passed the exam. — Success (by Dall-E)

Note: As usual with such certifications, you’ll have to retake it after 3 years. Considering the speed at which Kubernetes and the surrounding ecosystem are evolving, that’s certainly a good idea.

6. Conclusion

After doing a certification like this one, with a lot of learning effort and stress during the exam, it’s kind of mandatory to ask yourself if it has been worth the effort.

I believe the answer is Yes. While the exam requirements are kind of extreme and unrealistic compared to normal day-to-day business, the necessary training has much more effect than mindlessly learning facts for multiple choice tests (yes, AWS, I mean you). If you start Kubernetes from scratch like I did, it catapults you to a much higher level of expertise than what could be achieved by learning some lectures and playing around with the tools.

If you take my advice, you will initially put more effort into practical training than in learning the theoretical concepts behind Kubernetes. Don’t forget, however, that these are important and that you may need them - for example, if you run into problems that cannot be solved using ‘standard’ procedures learned in exam preparation. So don’t read lectures, books and blogs about Kubernetes specifically to prepare for the exam, but read them for your daily work with K8s - to become an expert.

And the most important thing: Have fun learning!

This Blog Post is presented to you by Comsysto Reply.

Are you a developer with a passion for cutting-edge technology, seeking your next adventure? Visit our Career Opportunities page now, and discover how you can take your next step together with a team that celebrates innovation, growth, and collaboration.

Are you content where you are, but seek expert Software Engineering and DevOps support? Join forces with our passionate professionals to supercharge your project’s success. Contact us for innovative, custom solutions tailored to your needs. Let’s collaborate — your tech breakthrough starts here!