CKAD exam guide for experienced k8s users

In this post, I will be covering content that experienced k8s users who did not prepare for CKAD may not know and can quickly pick up to narrow their knowledge gap. In many ways, this is a guide I wish I had when I started preparing for the exam.

Due to the extensive availability of other guides that cover the CKAD curriculum, I will not be doing so in this post. That said, once you have completed all the free practice (covered below), you should have a good grasp of the curriculum.

For generic exam tactics for the CKAD exam, I recommend you read my post on CKA / CKAD exam tactics.

Free Practice

The most useful free practice (personally attempted all three):

• https://github.com/dgkanatsios/CKAD-exercises
• https://github.com/bbachi/CKAD-Practice-Questions
• https://codeburst.io/kubernetes-ckad-weekly-challenges-overview-and-tips-7282b36a2681

If you do not wish to spend money on paid courses to prepare for CKAD, I would say that having k8s experience outside of CKAD plus being able to do all the above exercises reasonably quickly should be sufficient for you to pass with a good score.

Paid course with lab practice

If you are willing to fork out a small amount of money, Mumshad’s Mannambeth’s CKAD course is great for CKAD preparation:

• https://www.udemy.com/course/certified-kubernetes-application-developer/

Useful commands you must know

If there is anything difficult about the CKAD exam, it is to complete everything within 2 hours. As such, speed of execution counts and there are several kubectl commands that can be used to create resources / perform other operations quickly.

In fact, this is one of my biggest takeaways from preparing for CKAD. The difference in speed can be quite astounding.

Please gain familiarity with all the commands here. You may also want to go through the official kubectl Cheat Sheet.

Quickly create Pods, Deployments and Services:

# Quickly create Pod. The `--restart=Never` is crucial.
kubectl run mypod --restart=Never --image busybox -- sleep 3600
# Quickly create Deployment
kubectl create deploy mydeploy --image nginx
# Quickly create a Service for a Deployment
kubectl expose deploy/mydeploy --type ClusterIP --port 80 --target-port 8080 --name myservice
# Quickly create a Service for a Pod
kubectl expose po mypod --type ClusterIP --port 80 --target-port 8080 --name myservice

Quickly create other resources:

# Quickly create ConfigMap from literal
kubectl create cm myconfigmap --from-literal=keyone=valone --from-literal=keytwo=valtwo
# Quickly create Secret from literal
kubectl create secret generic mysecret --from-literal=keyone=valone --from-literal=keytwo=valtwo
# Quickly create ServiceAccount
kubectl create sa mysa
# Quickly create Role
kubectl create role myrole --verb=list,get,update --resource=pods,secrets
# Quickly create RoleBinding
kubectl create rolebinding myrolebinding --role myrole --serviceaccount=mysa
# Quickly create Job manifest
kubectl create job myjob --image busybox --dry-run -o yaml >jobspec.yml
# Quickly create CronJob manifest
kubectl create cj mycj --image busybox --dry-run -o yaml >cjspec.yml

Quickly get information about resources (the flags apply not just for Pods, but also for Deployments, Services, etc):

# Quickly get Pod IP
kubectl get po -o wide
# Show all pod labels
kubectl get po --show-labels
# In addition to usual columns, also output values of specific labels (app in this case)
kubectl get po -L app
# Select Pods whose labels have certain values
kubectl get po -l 'env in (dev, prod)'

Quickly get summary of various resources (it also displays events associated with a resource):

kubectl describe deploy/mydeploy
kubectl describe cm/myconfigmap
kubectl describe netpol/mynetworkpolicy

Deploy new image for deployment, undo and see history:

# Use new image for Deployment
kubectl set image deploy/mydeploy '*=busybox:1.28'
# Same as above but add an annotation in the Deployment to record the change
kubectl set image deploy/mydeploy '*=busybox:1.28' --record
# See status of replacing Pods to use the new image
kubectl rollout status deploy/mydeploy
# Rollback to specific revision
kubectl rollout undo deploy/mydeploy --to-revision=3
# View details of a specific revision
kubectl rollout history deploy/mydeploy --revision=3

Getting documentation on various resources:

# Get docs on Pod Spec. Can be used for other resources too.
kubectl explain po.spec
# See high level overview of syntax for various resources; in this case for Pods.
kubectl explain po --recursive

Knowledge you must have

• The kubectl create family of commands. Most commonly used to create Deployment, (Cluster)Role, (Cluster)RoleBinding, ServiceAccount, Job, CronJob, etc.
• The kubectl rollout family of commands.
• The kubectl run command. Using --restart=Never will create a Pod. There’s also the --port flag to specify containerPort and --env to specify environment variable. Good for straightforward tasks.
  • One would do well to read through kubectl run -h several times to get a grasp of the available flags.
• Using the kubectl set image command to update Pod and/or Deployment image. As well as the --record flag which will create an annotation in the Pod / Deployment spec.
• Knowing about kubectl explain and how to use it.
• Knowing about and using the kubectl api-resources command to list supported k8s resources.
• Knowing that kubectl describe gives a good and short summary for some resources, especially ConfigMap, Role, RoleBinding. For Deployment and Pods, it also shows the associated events - invaluable.
• Using kubectl expose to quickly create a Service.
• kubectl get:
  • Using JSONPath to select specific fields and do filtering. The official docs covers it in depth: https://kubernetes.io/docs/reference/kubectl/jsonpath/
  • Using -o=custom-columns for getting customized output. Good coverage in official docs at: https://kubernetes.io/docs/reference/kubectl/overview/#custom-columns
  • Using -o wide flag to quickly get Pod IPs and node IPs.
  • Using --show-labels flag to quickly show labels.
• All about ConfigMap and Secret. As other guides have mentioned, they are featured extensively.
  • The various ways of using kubectl create to create them. Specifically: --from-literal, --from-file and --from-env-file.
  • Using ConfigMap and Secret as volumes in Pod / Deployment manifest files. You should practice this many times to become as familiar as possible to reduce the number of times you use kubectl explain.
  • Using ConfigMap and Secret in PodSpec -> containers env section, either using envFrom to source the entire Secret / ConfigMap or valueFrom to source from individual keys.
• Job spec: familiarize yourself with backoffLimit, completions, parallelism, activeDeadlineSeconds. These may be of use as part of the Job Spec in CronJob spec as well.
• The syntax for volumes and volumeMounts in PodSpec.
• PV, PVC, Ingress, Netpol. Personally, I do not use these much normally and had to make an effort to familiarize myself with them.

nginx ingress annotations:

• nginx.kubernetes.io/rewrite-target: "/". Without this, the ingress will not function correctly in terms of forwarding traffic on the domain name to the target service.

Useful documentation you should bookmark

• Ingress spec
• PersistentVolume spec
• PersistentVolumeClaim spec
• NetPol spec
• JSONPath Support
• kubectl get Custom columns

Having these as bookmarks enable you to copy and paste the Specs and save some typing, memorization, or running kubectl explain.

Other memorization work

Additional memorization I did and would recommend doing, though not strictly required especially if you have bookmarked the docs I listed above:

• Netpol spec
• Ingress spec
• PV spec
• PVC spec
• volumes and volumeMounts sections in Pod Spec.

Other things I knew / did to prepare the certification

This section contains ramblings that are irrelevant to most people. As per the usual style of my posts such as this, I present content relevant to most people at the top, then present my personal thoughts at the end.

Before I took the exam, I have about 1 year experience with k8s and 9 months production experience with it. In those 9 months, I was the maintainer of a few clusters and got to debug many issues (mostly not relevant to CKAD), so that helped lay a solid foundation.

Initially, I had no intention of quickly getting CKAD, but wanted to get it eventually, so I purchased Mumshad Mannambeth’s excellent CKAD course on Udemy to see what knowledge I lack. This is part of the new philosophy I have taken up in 2019, which is to spend some money on quality courses to speed up my learning - I’m glad to say this has helped tremendously and was money well spent.

To prepare for the exam, I completed all the labs in the course several times, focusing on the labs with k8s features that I don’t use much (or at all) at work (PV, PVC, Ingress, Netpol being the main culprits).

My opinion is that real world experience with k8s alone may not be sufficient for CKAD because like many exams, what you get tested on may not be an accurate reflection of skills used on the job. Main reasons:

• There are many commands that someone who prepares for CKAD will know that offers a very fast way to answer some questions. Someone who didn’t prepare for the cert will probably not know these commands and use manifest files instead (a good engineering practice). An experienced k8s user who does not prepare for the exam will eventually get the answer but may spend more time doing so (sometimes a lot more).
• CKAD tests on certain things that not every company uses because of various reasons, for instance practicality. For myself, PV, PVC, Ingress and Netpol are the features I do not use often and am less familiar with. Without deliberate practice, I would probably struggle with them in an exam setting.

Hence, even with work experience, one should spend time to prepare to maximize the probability of acing the exam on the first try.