CKAD is the Certified Kubernetes Application Developer certification which mostly focuses on the development part of Kubernetes applications. It’s part of a program developed by the Cloud Native Computing Foundation (CNCF) to help expand the Kubernetes ecosystem through standardized training and certification. It is one of three CNCF Kubernetes certifications, with the others being Certified Kubernetes Administrator (CKA) and Certified Kubernetes Security Specialist (CKS).
But who are CNCF? They are an association that brings together the world’s top developers, end-users, and vendors, and run the largest open-source developer conferences. According to CNCF, passing the CKAD exam certifies and guarantees that a certification holder has the knowledge and practical experience on designing, building, configuring, and exposing cloud-native applications for Kubernetes. This leads to such developers being able to work with basic resources to create, monitor and troubleshoot applications in Kubernetes.
This can help you find a better-paid job or keep your skills relevant. This could represent a new project opportunity or a boost to your resume. Although you can attempt both exams, CKA is more suitable for administrators, while CKAD is more inclined towards developers. It’s up to you to decide and take the exam that you think will be of greater benefit to you. Of course, nothing is stopping you from trying both!
CKAD — main facts
1. It is a remotely proctored exam
CKAD is a fully online exam. During its time, you are monitored by a PSI proctor, who provides you with all the necessary information and controls what you do and how you behave. The availability of exam hours is determined by the availability of spare PSI proctors who can monitor the exam during this time.
You’ll need to take the exam in a quiet and private place, keep the camera on and share the screen all the time, and show the proctor your room before the exam begins, so that he/she can ensure that there is no conflict with the exam rules. All instructions for taking the exam can be found in the official certification documentation.
Note that you must read and accept all the rules before taking the certification and speaking with the proctor! The proctor only provides you with the shortened version of the rules in the chat. Also, note that even if you have a microphone, you should refrain from speaking to the proctor, either before or after the exam begins. The proctor can only message you via the chatbox and end the exam if you speak during the exam (you can’t even cover your mouth).
2. It has to be completed within 2 hours (120 minutes)
The estimated time to complete the exam is 2 hours. However, you can finish earlier and stop the exam with the appropriate button in the on-screen menu.
The proctor will let you know that you have 15 minutes left before the time ends.
3. It consists of 19 practical tasks
There are no true/false questions.
There are no multiple-choice questions.
There are no open-ended questions.
There is only YOU, the terminal, and kubectl.
The best thing about the exam is that it is completely hands-on. All you get is a VM with access to Kubernetes (K8s) clusters. You have the tasks written on the left, and the terminal on the right. You have admin rights on all machines and within the K8s contexts, so it’s all up to you what you do. Remember that YOU are responsible for completing your tasks on correct K8s clusters, contexts and namespaces!
Note that there is an official CKAD curriculum. According to the documentation, all subjects from the curriculum must be tested. The higher the weighting of the topic, the more likely it is that a very important question from this topic will appear on the exam. You can find the up-to-date curriculum on the CNCF GitHub.
4. The pass mark is 66%
On average, you have to answer 2 out of 3 questions correctly. In reality, it is not that simple, as questions can have different levels of complexity. You may feel that some questions are not weighted correctly, i.e. the easy questions are weighted higher, while long or difficult ones have less importance.
This is completely normal! Not everyone has the same knowledge as you. The weighting of the questions is usually between 3% and 13%. Looking at this from a time perspective, you will get around:
6 minutes per question
1 minute per 1%
(I like to round the time down so that at the end of the exam if I am on time, I get 20 more minutes). Assuming the questions are proportionally weighted, you will need to correctly complete approximately 13 questions to pass the exam. Please note that a partial assessment is possible. It means that for an incomplete task you can still get, for example, 3% out of a possible 8% for the task.
The key thing is to stay focused, and most importantly: be fast and don’t waste time!
5. It allows you to use your browser wisely
The entire exam is taken entirely in your browser. Surprisingly, the terminal provided is of high quality — it does not slow down, it does not disconnect, and the machines are good enough to work with kubectl with ease.
What’s worth noting is that you are allowed to open one additional tab, on which you can only refer to the official Kubernetes documentation. It contains information about everything you may need during the exam, i.e., many code samples you can copy, and theoretical information about every aspect of Kubernetes. For some of the Kubernetes topics, you don’t have to remember every little detail. For this, you just need to know how to quickly look it up in the documentation.
One of the most useful tricks is to set your bookmarks so that you can quickly get to the relevant part of the documentation. You can find a list of my bookmarks later in the article.
6. It provides you with a cert
After you complete the exam, you will receive a short survey about your experience during the exam, alongside information that it can take up to 36 hours to obtain the results.
You must register for the exam. It costs $375 and this price includes one retake in case you fail on your first attempt.
You need to prepare a suitable PC with a browser (Chromium-based), acquaint yourself with the rules, install the PSI extension, and pass the compatibility check on the PSI site.
You must choose the time for your exam and schedule it on the same site.
You cannot schedule the exam any earlier than 24 hours after the current time. So, for example, you can schedule the exam on Friday morning for Saturday morning, not earlier. This is explained by the fact that they have to prepare the infrastructure and find a proctor. Keep in mind that once you register, you have one whole year to schedule the exam.
When it comes to a strategy for approaching the exam, my recommendation would be to schedule it when you are ready. I scheduled it the day before in the afternoon, but everyone is different so choose the time that best suits you. Some may need to plan it months ahead so that they are motivated, some people think better in the mornings, etc. Ultimately, this is your exam so choose what works best for you.
Hints and tips for the exam
The most important things for the CKAD are:
knowledge of basic Kubernetes API objects
fluency with kubectl
fluency with a command-line editor
In other words, the time limit forces you to become familiar with standard Kubernetes objects (what they do, how to create them, their most popular keys/fields), and become fluent with kubectl and at least one command-line editor (Vim is recommended).
The main challenge of this exam is time management, so you have to manage it very well. This is the biggest struggle people have with their CKAD exam. You have to be able to work swiftly in the exam environment, yet without rushing and making reckless mistakes. You cannot use any IDEs with a GUI, like IntelliJ, Lens or Octant — it’s you and the command line. This is why you must learn to do everything with the CLI only.
The second most important thing is to not write YAML manifests from scratch. It is always faster to either use the kubectl run / kubectl create commands or copy the basic manifest from the documentation and tweak it. Doing this will save you valuable time during the exam.
To become proficient, you need to practice with the Kubernetes CLI a lot. You need to learn about all possible subcommands and flags. You need to know what flag can be used with which object so that you don’t lose time checking it in the documentation. Practice is the only thing that makes you get faster.
Learn Vim or an alternative editor. You will have to deal with a lot of YAML files in the exam and many of them will need editing. Remember that you have admin rights, so you can install whatever you want on the machines. I’d steer clear of using Vim unless you know your way around it. Using arrow keys and the spacebar dozens of times won’t pay off under time pressure. What you should do is read about using visual block mode (multiple-line edits), paste mode (auto-indent reset), finding strings within a file, cutting lines of text and pasting them. Don’t forget about indentation inside Vim — spaces and tabs are not the same! In fact, you are not supposed to use tabs at all.
You may also learn how to add new content by copying it straight from the documentation. You may use the cat EOF approach to save the content to a file or even apply it in one line. This is a superior option because you don’t even need to open Vim. For other purposes, except for cat, you may want to use Unix ls, tail, and grep commands.
You can also enable kubectl word completion to save you some time. Although many people recommend this, I haven’t used it myself. Writing kubectl in my case only takes a second, and in real-life you would use stuff like fish and fzf, so here it’s best to stick to kubectl.
Use the reference part of the documentation or kubectl explain to see what keys you can use inside your manifests. I preferred using the former method for the one tab that is allowed during the exam. It’s quick and clear, and if you have your bookmarks prepared — then it’s a killer feature for the exam.
Be sure to read the questions very carefully, and try to understand what exactly is required. Read the task description in full. Sometimes they point out that the YAML file is already prepared in a given path. Sometimes they tell you to put your answer in a given file. These things can be at the end of the question, so don’t start doing anything before having glanced through the whole task!
If you have any problems with the task, or you get stuck and don’t know what to do, you can just flag the question and move on. The same applies to very long and complex tasks and those related to parts of Kubernetes you don’t know much about. Remember that you have approximately 6 minutes per question, so try not to go beyond this! Don’t spend too much time on one question, but also try to avoid picking the most obvious questions for you too many times. You can always come back to flagged questions at the end.
Once you think you’ve solved the question, do a quick verification of your answer. Make sure that all aspects of the task have been addressed. Remember to check it quickly, as taking too much time for verification after attempting each question will slow you down. You should also reserve some spare time (at least 10–15 minutes) to verify all the answers again at the end of the exam.
Remember that every part of the question matters, and every word matters! You need to be sure you are working in the correct context and namespace. Make sure you copy-paste and run that kubectl context command at the beginning of the task before each question to ensure you won’t waste time carrying out the specified task in the wrong cluster. If they ask you to put the file in a certain location, you need to put it exactly there. If they don’t specify the namespace, you should use the default one, and if they tell you to create a Pod, do not create a Deployment.
At the end of your preparations, remember to test whether you can do typical tasks quickly. Check websites with sample exam questions and complete them. See if you’ve covered all of the material from the curriculum. You need to be sure you will not get surprised on the exam by something you haven’t come across before. Try to improvise in your free time, play around with kubectl to see what it can do. Who knows? Maybe you will discover something that will come in handy for the exam.
Familiarise yourself with the official Kubernetes documentation and be sure to practice all the questions using your bookmarks. This will speed you up during the exam since you will know where to find what you’re looking for. Be aware that you won’t be able to read all the documentation, even just that related to the curriculum — it’s just too broad.
There are 2 ways of creating Kubernetes objects. You can either do it in a declarative way, by writing the YAML manifests and applying them, or you can do it imperatively. The latter is much faster and is the recommended way of working during the CKAD exam. Thanks to this, you don’t have to necessarily write your YAML files.
However, you can combine this approach with the declarative method by creating dry-run manifests, updating them according to the task, and applying them as normal manifests. This idea to combine two approaches becomes a killer combo that lets you nail all the tasks easily. All you need are kubectl run, kubectl create, and kubectl apply commands.
In the picture above you can see the kubectl way of creating the “base” for our manifest. Isn’t it much easier to start adding our settings to this template, rather than writing it from scratch? It wouldn’t be possible if it hadn’t been for the — dry-run=client (makes it not apply to the cluster) and -o yaml (changes the output to yaml) flags. In this case, adding a second container or setting the correct probes becomes easier, as the main part of the task is already done by the CLI. Now all you have to do is to edit the file in a command-line editor like Vim and apply it with kubectl apply -f. This way, you can save a multitude of time compared to writing your files and it helps you avoid making any syntax errors.
If a Kubernetes API object already exists, you can edit it with kubectl edit and make changes in the editor (defaults to Vim). It either lets you save and overwrite the manifest or copy it to the /tmp directory, from which you will need to apply the new manifest (and sometimes delete the current one). Even though this approach doesn’t resemble real work at all, it still does the job for the exam and teaches you that you don’t need to write code from scratch.
kubectl expose deploy/test — port=80 — target-port=8000 — type NodePort
Remember that the kubectl expose command creates a new Service connected to the existing Deployment. You just need to specify the ports and the name of the creating Service. You can also provide the service type if needed. This is the preferred way of creating Services, as it takes away the need to check the correctness of labels and selectors — you select the Deployment that you want to expose and the CLI does it for you.
The kubectl create command is especially useful for creating new Secrets and ConfigMaps, no matter whether you create them with text or binary content. You can use it to create such manifests from the .env file, add the path to the binary file that you want to have, and name your keys appropriately without any need to mess with the manifest.
Also, bear in mind that nothing stops you from copying and pasting YAML files from the documentation website. However, given the time constraints involved, I would recommend optimizing this process a bit more.
Other subcommands worth mentioning that you should become familiar with are: kubectl set / label / annotate / scale / rollout / describe / logs. You will likely have to set an image or setresources for a Pod at least once during the exam. When it comes to changing labels and annotations, you should not change them manually but with kubectl subcommands. Scaling and rolling your Deployments back and forth is also meant to be done through the CLI. If you do not know the cause of an error from a Pod or Service, you can use describe to see the message errors, and/or logs to check any logging information. You can also use them to ensure that you have done your task correctly.
Changes in the CKAD 2021 Curriculum Q3 2021
The Linux Foundation has announced some major changes to the CKAD exam starting in Q3 2021. Although the release date of the new version of the exam is currently unknown, we are aware of the new content of the exam, as specified in the updated curriculum.
If you decide to take the exam, it is best to do so before September 2021, as this is a likely date for new changes to take effect. A new curriculum means new questions, which means a less predictable exam.
But what’s new?
Define, build and modify container images
The exam candidates may need to write Dockerfiles and build their images for use in the cluster. It is not explicitly stated that knowledge of Docker or a similar tool is required. It also says nothing about using custom image registries and using them within the cluster, but it doesn’t hurt to have such knowledge.
Use Kubernetes primitives to implement common deployment strategies (e.g. blue/green or canary)
The examinee may need to change labels and selectors within Pods and Services to behave like major deployment strategies. It doesn’t say whether knowledge of a service mesh like Istio or Linkerd is required, but learning at least one of them before taking this new version of the exam will likely pay off.
Use the Helm package manager to deploy existing packages
The examinee may need to use some official Helm Charts by, for example, adding existing repositories, installing new releases, listing releases, updating releases, or deleting releases. We don’t know if editing YAML manifests with Golang Templating will be required, but judging by the name of this point — it won’t be.
Understand API deprecations
Examinees may need to understand different API versions for popular API objects. This probably has a lot to do with introducing Ingress objects in the exam — in the past, there were 2 different versions of Ingress APIs (networking.k8s.io/v1 and extensions/v1beta1), which had some major differences when creating Ingress rules.
Use provided tools to monitor Kubernetes applications
The examinee may need a basic understanding of the Kubernetes dashboard, kube-state metrics, or in-depth knowledge of the kubectl logs/describe/get events commands.
Discover and use resources that extend Kubernetes (CRD)
The examinee may be required to apply Custom Resource Definition manifests, create objects of their type, and query them with kubectl.
Understand authentication, authorization and admission control
The examinee may need to demonstrate a basic understanding of the possible means of authentication as a specific group or user, such as X509 certificates or tokens. He may also need to prove his understanding of Role-Based Access Control (RBAC) concepts and configure the cluster’s access controllers.
Understanding and defining resource requirements, limits and quotas
Candidates may be required to set ResourceQuotas that limit the number of resources used, and the number of API resources created within a given namespace.
Use Ingress rules to expose applications
The exam candidates may need to create Ingress objects that control external access to the Services in a cluster using the HTTP or HTTPS protocol.
Creating Kubernetes API resources cheatsheet
It’s important to be familiar with the Kubernetes object’s short names! If you type kubectl api-resources, you will see a list of all API objects with their short names. This will save you a few seconds on each command, but adding all of them will save a good amount of time.
Below I present my cheat sheet list for all of the resources needed for CKAD, along with suggestions on how to deal with them. I’ve tagged all of the new aspects that will be evaluated on the upcoming new version of the exam with the colour blue.
Sources of knowledge and preparation
You may be wondering if you need experience working with Kubernetes to pass the exam. The more experienced you are, the better. To get high marks, you have to be aware of the whole complexity of Kubernetes, and also have some contact with it first — it certainly helps.
Although CKAD is a completely practical exam, knowing some theory and perfectly knowing the latest versions of kubectl CLI (with all the details) can bring you the desired success. For me, the exam was quite easy as I didn’t have to study much. Don’t worry, the same level I’ve reached is achievable for you too! All you need is to learn, study and practice!
That said, I believe that you can just practice for the exam by yourself. It is quite easy to set up your small local Kubernetes cluster like k3d. It only takes two lines of code to have a fully working cluster, provided you have Docker installed. If you’re already familiar with the basics of Kubernetes, but still not sure where to start, there are plenty of free or paid courses.
The place with the environment that resembles the real exam the most is supposedly the https://killer.sh/ simulator. According to this announcement, the Linux Foundation now grants access to two attempts for those who have decided to sit one of their three Kubernetes certification exams. I didn’t try this simulator as it wasn’t such a big thing back in the days I was taking the exam, but looking at how it has developed, it seems that it’s a must-have to complete before taking the real exam.
Other sources that prepare specially for CKAD are A Cloud Guru courses, Udemy courses, edX courses, the TechWorld with Nana YouTube channel, etc. Also, watching Vim tutorials on YouTube in the last 3 days before the exam may save you a lot of time during the exam itself.
The most important thing for you is to learn step by step. You shouldn’t jump right into the deep end after you begin your Kubernetes journey. For example, don’t bother learning the details of storage classes until you understand the need for persisting the state of your ephemeral containers. Moreover, if you know and understand everything from the exam curriculum, it means that you are ready to take it!
While you have access to the Kubernetes documentation, time is a big challenge, so I’d wager that you won’t have enough time to read it thoroughly. Therefore, familiarize yourself with the structure of the documentation, including the sample code, so that you can copy and paste it to your terminal with minimal adjustments. One thing that can be especially helpful is using bookmarks. With the link below, you can find the list of bookmarks that I used during my exam. Please, note that you can use their names as helpers even if you are not going to open these websites.
Once you’ve completed one of the online courses, try to find practice/mock exams to test yourself, just as if you were taking the exam, and remember to do this a few times if possible. If you have problems with some aspects, don’t rush, but spend a little more time getting the hang of this topic.
You can start the exam 15 minutes before the scheduled time, which is the time it takes to talk to the proctor. Make sure your desk is clean on exam day. You have to activate your camera, show your surroundings to the proctor, and share your screen. You will also have to keep sharing your camera throughout the exam.
Remember which node you are in and what the selected namespace is so you don’t get confused. Always check if you are performing the task in the correct context.
Time management is the most important consideration. Don’t spend any more than 6 minutes on a single question.
Use the kubectl + Vim combination wisely. Try to do as little manual work as possible.
Remember about using your bookmarks. They can be like cheats if used properly.
That’s all I have to say. I hope you enjoyed reading this article and that it proves to be helpful. Don’t forget that these exams require a lot of practical skills and a fresh mind. Even if you don’t make it on your first attempt, there is one free resit possible.
Take it easy and good luck!
Share this post
A passionate Big Data Engineer who strives for perfection and the use of state-of-the-art tech. Big fan of Kubernetes and Google Cloud.
Get to know us, discover our interests, projects and training courses.
A rapidly expanding e-commerce platform harnessing the power of Apache Airflow, taking charge of its vast data landscape, enhancing operational efficiency, and empowering its team to make insightful, data-driven decisions that drive growth and innovation.
Getting familiar with Krew plugins. Part I. Do you like using Kubernetes but the endless struggle with kubectl stops you from fully enjoying this fantastic technology? In this article, you will find the solution to all your problems and will be able to finally experience K8S the right way.