This is the newest exam curriculum, effective since September 28, 2021 (see blog post ). There are many study guides and practice exams out there - most haven’t been updated to account for these changes.
The exam’s curriculum are listed in the Domains & Competencies section in the link above. As of April 2022 the topics are the following:
Click to expand
Application Design and Build
- Define, build and modify container images
- Understand Jobs and CronJobs
- Understand multi-container Pod design patterns (e.g. sidecar, init and others)
- Utilize persistent and ephemeral volumes
- Use Kubernetes primitives to implement common deployment strategies (e.g. blue/green or canary)
- Understand Deployments and how to perform rolling updates
- Use the Helm package manager to deploy existing packages
Application Observability and Maintenance
- Understand API deprecations
- Implement probes and health checks
- Use provided tools to monitor Kubernetes applications
- Utilize container logs
- Debugging in Kubernetes
Application Environment, Configuration and Security
- Discover and use resources that extend Kubernetes (CRD)
- Understand authentication, authorization and admission control
- Understanding and defining resource requirements, limits and quotas
- Understand ConfigMaps
- Create & consume Secrets
- Understand ServiceAccounts
- Understand SecurityContexts
Service and Networking
- Demonstrate basic understanding of NetworkPolicies
- Provide and troubleshoot access to applications via services
- Use Ingress rules to expose applications
A notable exclusion from the curriculum are ReplicaSets. ReplicaSets are an important primitive when deploying stateful, distributed workloads, such as databases or blockchains.
A notable inclusion with the recent update is Ingress. I cannot fathom why Ingress was not included before.
Kubernetes’ development is very active and therefore the tooling, API, and resources are still (2022) a moving target. Books tend to go out of date fast, either in whole or in part.
I will be adding these two books to my bookshelf in the next couple of articles.
Author: Marko Luksa
Date of publication: Jan 2018
No. of pages: 559
The quintessential book on Kubernetes; this is the gold standard. Though significantly outdated3, this book covers everything there is to know about k8s. I expect this book’s solid foundation to power a candidate through the CKA and CKS exams as well since it covers topics far and beyond what is required for the CKAD.
Author: Benjamin Muschko
Date of publication: Feb 2021
No. of pages: 165
This book is a highly focused and condensed walk-through of the topics required to pass the exam. As such, it doesn’t go into much depth on any of the topics. You can think of this book as a collection of summaries of the exam’s curriculum with pointers to external in-depth documentation. It also includes practice questions at the end of every chapter, which is very nice.
Despite the curriculum including Ingress resources, none of these resources included practice questions on them for some reason.
KodeKloud: Certified Kubernetes Application Developer (CKAD): One of the more popular courses out there. An excellent resource that I highly recommend. Plus, all their other courses are included in the price. Please be aware that their Game Of Pods lab is incomplete as of May 2022, which is a shame since it provides a decent challenge. KodeKloud is also available on Slack: kodekloud.slack.com.
dgkanatsios/CKAD-exercises: A commonly cited resource for practice.
OReilly’s KataKoda: Seemed pretty cool at first but then I realized:
- has not been updated with the curriculum’s latest changes
- does not work on Firefox
- env really slow
- env buggy: blocked from completing one section due to an error4
- one question marked as incorrect even though my solution and their solution was identical (Services&Networking/question 2): exposing a deployment on an arbitrary node port
- one solution doesn’t work (Services&Networking/question 3)
- specifically, the verification step
curl localhost:31888is incorrect as
curlneeds to be pointed to the node’s internal IP. Hence the question is marked as incorrect when in fact it works as designed.
- note: I had to map the node’s IP to
/etc/hosts!! This was not part of the solution. The manual test with
curlstill didn’t work though.
- specifically, the verification step
killer.sh: Likely the best exam emulator out there. At least it should be considering the CKAD exam fee includes two free sessions, making this pretty much the “official” exam simulator. There were strange omissions though - none of the following topics were included in the mock questions: pod affinity, CRDs, ResourceQuotas, HPAs.
Article on Medium: Kubernetes CKAD Exam Example Questions Practical Challenge Series: Written by Kim Wuestkamp (killercoda.com, killer.sh), this is a great set of challenges to test your knowledge on Kubernetes resources and the
kubectl CLI. A warning though: it hasn’t been updated with the latest curriculum.
Article on Medium: 150 Practice Questions for the CKAD Exam: Somewhat of a hidden gem; this article turned out to be pretty good practice given the sheer number of questions and the different twists that each introduces. The only slight problems are a) the solutions aren’t tucked away or hidden somewhere, and b) it hasn’t been updated with the latest curriculum (it was published in Nov 2019).
The CKAD exam is a proctored exam. I took it online. One very annoying thing was the security check the proctor goes through. You’ve probably read about it elsewhere: you are required to keep your desk clean and tidy, you will have to pan your web cam across your desk and around your room.
What I found annoying was the excessive panning I had to do around the room - I must have literally spent 5-10 minutes just spinning the webcam around the room.
Another annoying factor was during ID verification: the proctor asked me to bring my ID close to the camera to focus on my name details. The problem was my webcam cannot focus at that length. We lost at least 10 minutes while we attempted this with both of my IDs.
Overall the proctor’s checklist took around 20 minutes to complete; I was worried it was eating into the time allotted for the exam and I asked the proctor about it. Thankfully, the 2-hour timer starts after this ritual.
A few tips and tricks that can help you optimize your time during the exam; I was able to do a first pass with dozens of minutes to spare:
- know your concepts (duh)
- mind the question’s weighted score; flag it and move on if you cannot resolve it “fast enough”. I would say “fast enough” <= 60 seconds.
- many suggest you collect and optimize your bookmarks to k8s documentation and others. I propose you don’t waste much time on that and instead get very comfortable with
kubectl explain [--recursive] <topic>. Not only is it fast and tailored to the environment’s actual k8s version, but also there is no chance of you opening a link you shouldn’t be. This command should definitely suffice if you are comfortable with the exam’s concepts.
- like everyone says, make sure you execute the
kubectl contextstanza provided for you at the top of each question without fail.
- like everyone says, avoid writing specifications by hand and instead rely on
--dry-run=client -o yamlwhenever you can.
- some people suggest defining variables that stand in for things like
--dry-run=client -o yaml. I am decent with the keyboard; this was unnecessary for me.
alias k=kubectl, although like the prior point: if you are good with the keyboard then this may not be necessary.
- If I recall correctly, there are several text editors available and documented. Make sure you are extremely familiar with at least one of those.
vimis the only one I care about.
- Somewhere I read I should expect 20-22 questions. My exam had just 16, so each was worth more.
- No questions on Ingress resources.
- Some questions were of familiar topics covered by several of the resources listed above, but formulated in a different and confusing way.
- I was interrupted a handful of times by the proctor, who asked me to raise my hands and forearms to the camera. This was annoying.
helmare not equivalent.
helmhas a richer template syntax, and also acts as a package manager (called “helm charts”). ↩
Warning FailedCreatePodSandBox 10s kubelet Failed to create pod sandbox: rpc error: code = Unknown desc = [failed to set up sandbox container "a0c7e8b0ba7e7006e70dee1e648949f35682e680827775f8a00c55f8237b11a2" network for pod "myredis": networkPlugin cni failed to set up pod "myredis_default" network: unable to allocate IP address: Post "http://127.0.0.1:6784/ip/a0c7e8b0ba7e7006e70dee1e648949f35682e680827775f8a00c55f8237b11a2": dial tcp 127.0.0.1:6784: connect: connection refused, failed to clean up sandbox container "a0c7e8b0ba7e7006e70dee1e648949f35682e680827775f8a00c55f8237b11a2" network for pod "myredis": networkPlugin cni failed to teardown pod "myredis_default" network: Delete "http://127.0.0.1:6784/ip/a0c7e8b0ba7e7006e70dee1e648949f35682e680827775f8a00c55f8237b11a2": dial tcp 127.0.0.1:6784: connect: connection refused]↩