I took the Certified Kubernetes Application Developer (CKAD) exam on Feb 4 and passed it with a 75% score. The passing score is 66%. The exam is organized by the Linux Foundation, a non-profit technology consortium founded in 2000 as a merger between Open Source Development Labs and the Free Standards Group to standardize Linux, support its growth, and promote its commercial adoption. It also hosts and promotes the collaborative development of open source software projects such as Kubernetes, NodeJS, Let’s Encrypt and others. The foundation also organizes vendor neutral training and certification programs in cloud and container technology, blockchain, Linux kernel development, system administration etc. The CKAD exam is one of its most popular and industry-recognized certifications for Kubernetes, a technology open-sourced by Google a few years ago that has rapidly become the standard for deploying and managing containerized applications on a distributed compute cluster. I won’t go into any further details about Kubernetes itself in this blog post, because I assume if you are reading this post, you are already familiar with Kubernetes. In this post, I’ll focus on how I prepared for the exam and the exam experience.
The CKAD exam is a hands-on, not a multiple-choice exam. You are given access to a Kubernetes cluster via a web browser and asked to perform a set of tasks – eg., create a pod that uses the nginx image of a certain tag and exposes port 8080. You have to perform 19 such tasks in 2 hours. The tasks vary in weight (number of points) and complexity. Importantly, the most complex tasks don’t carry the most points, so you must pick the tasks wisely. Eg., on my exam, a task very similar to one I outlined above carried a 13% weight, while another much more complex task that involved creating a configmap, creating multiple volumes and mounting them into separate containers, exposing some of the configmap keys as environment variables carried only a 4% weight. I didn’t even bother to fully read that one.
Preparing for the exam
Several blog posts about preparing for the CKAD exam do a good job with how to prepare. I generally followed their advice. My main training resources were:
- “Kubernetes Certified Application Developer (CKAD) with Tests” course on Udemy, given by Mumshad Mannambeth, plus the exercises on KodeKloud.
- The certification course offered by the Linux Foundation. The Linux Foundation offers a bundle of the exam + course for $499. You may think that this course must be the one to take, because it is offered by the same foundation that offers the test. However the course explicitly mentions that the testing arm of the Linux Foundation is kept separate from the certification course to mitigate bias. That way, certification courses offered by third party companies such as Udemy that are unaffiliated with the Linux Foundation are not at a disadvantage. That said, one of the questions on the exam related to logging using fluentd was very similar to one of the exercises in the Linux Foundation course. The Linux Foundation course also provides an excellent overview of the origin and basic architecture of Kubernetes.
- These exercises
- Practice questions by Liptan Biswas. The web interface offered by his test environment is the most similar to what you’ll encounter in the actual exam. You’ll have the question in the left side bar and console window in the middle. You can easily click and paste the names of namespaces, images, tags etc., without switching tabs on the browser.
I recommend starting with Mumshad’s Udemy course and going through all the sections. If you have prior Kubernetes experience, you’ll find the concepts already familiar. If not, you’ll learn a lot of interesting and useful material, good not only for preparing for the exam but useful knowledge in general. After going through the sections, attempt one of the practice exams. If you don’t have significant prior Kubernetes experience, you’d likely find the exams difficult to finish on time. The first time I took one of the lightning tests, I could barely finish 2 of the 5 problems and ended the exam muttering to myself – “there is no way anyone can finish this in 30 min!” 🙂
The trick is to get really good at using the kubernetes imperative commands and then editing the resulting yaml files as needed. For example, if you are asked to create a deployment named dep1 with 4 replicas in namespace n1 that uses the image nginx, you can either copy and paste a standard deployment template from the kubernetes documentation into Vim and edit the fields, or you can simply do:
1 |
kubectl create deployment dep1 -n n1 --replicas=3 --image=nginx |
Using the imperative command is significantly faster than copying and pasting a standard deployment template and editing and also less error prone. Being really good at using imperative commands is the key to finishing the CKAD exam on time.
What if you need to do something more complex (eg., create a deployment with two containers or provide a custom value for the maxSurge field of the rollingUpdate strategy) than what is exposed in the imperative commands? There are two options:
- You can create a simple deployment that sets some of the properties and edit the others that are not exposed by the imperative command. So, to set the maxSurge field to 15% from the default value of 25%, you’d open the yaml file for the deployment, edit the maxSurge property and save the modified yaml. Then you’d delete the existing deployment and create a new one using the new yaml file.
1kubectl edit deployment dep1
12kubectl delete deployment dep1 --forcekubectl create -f new-dep.yaml - Create a deployment definition template rather than the deployment resource itself and edit the template. Then create a deployment using the modified template
12kubectl create deployment dep1 -n n1 --replicas=3 --image=nginx --dry-run=client -o=yaml > new-dep.yaml# Now open new-dep.yaml in Vim and edit it.
You’ll be using both these patterns extensively during the exam, so you must get proficient at using the imperative commands. You can create most kubernetes resources – pods, deployment, services, jobs, cronjobs, configmaps, secrets, perform rollbacks, scaling using the imperative commands. Notable exceptions are PersistentVolumes, PersistentVolumeClaims, Ingress and NetworkPolicies. A great way to practice is to go through these exercises. I recommend doing these at least 2-3 times until you are confident using imperative commands.
Note that you will not be allowed to bring any notes during the exam whatsoever. Does that mean you have to memorize all the imperative commands? Thankfully, the answer is no. Kubernetes CLI help is a great resource. Let’s say you are asked to create a cronjob named my-cron-job that uses the busybox image and runs every second (I got a nearly identical question on the actual exam). You just type:
1 |
kubectl create cronjob -h |
kubectl shows several examples of how to create different type of cronjobs. Many times, you can just cut and paste the example shown by the help and change some of the parameters.
Several blog posts about the CKAD exam recommend setting up a long list of aliases to reduce the number of characters you have to type. I found just one alias: alias k=kubectl sufficient. Note that when you set this up, kubectl autocomplete will not work anymore. To enable autocomplete while using the alias, do the following:
1 |
source <(kubectl completion bash | sed 's/kubectl/k/g' ) # so completion works with the alias "k" |
The catch of course is that you’ll have to remember the command for the exam, because you are not allowed to bring notes. I ended up just setting the alias k=kubectl. Note that you many need to switch to a new cluster for some questions. The command to switch will be provided, but you’ll need to set the alias on the new cluster.
How much Vim/Vi do I need to know?
You are limited to using text based editors such as vi/vim, pico, nano etc., in the exam. I’m not going to wade into the debate about the pros/cons of these editors. I’m personally a GUI person and hate text editors that make you memorize new keyboard shortcuts. While preparing for the exam, I enjoyed learning about kubernetes but resented being forced to use vim. Thankfully, you only need to know very basic vim commands for the exam.
- opening a file in vim, editing it and saving the changes (to the same file or to another file)
- deleting a line or block of lines
- cutting and pasting text
- enabling/disabling line numbers
Sometimes kubectl complains about tab characters in the template file while creating a resource. Use this to convert tab characters automatically to spaces:
1 2 3 4 5 |
vi ~/.vimrc # then add these two lines to the file set tabstop=2 set expandtab # use spaces for tabs source ~/.vimrc |
Thankfully, this was already set during the exam, and I was able to use the tab key in vim without issues without making any modifications to .vimrc.
How do I know I’m ready to take the exam?
I struggled with this one for a while. Unlike Certified Secure Software Engineer (CSSE) exam, which can be taken several times, you only get one free retry for CKAD if you fail to pass the first time. If you fail again, you’d need to repay for the exam. So how do you know when you are ready to take the exam? A good benchmark is:
- You can complete both of Mumshad’s mock exams with at least a 80% score comfortably in the allotted time
- You can complete both lightning tests in ~35-40 min with a 80% or higher score (this one is the most challenging).
- You can comfortably do these exercises
Most of the questions on the actual test are similar to the exercises and few are more challenging, similar to the lightning labs. So being able to do all three tasks listed above means you have both sufficient mastery of the exam syllabus and sufficient speed.
The exam
Several existing blog posts accurately describe the exam environment. Ensure your web cam is connected and working (I did a quick zoom call with a friend before the exam to ensure Chrome was able to access my webcam). They are serious about ensuring that there is nothing on your desk when you are taking the exam (other than a clear liquid in a clear container), so clear your desk in advance. The questions are not in order of difficulty nor do more difficult questions necessarily carry more points. So do a first pass through the exam to answer the easier questions that carry the most weight and mark the difficult ones for a second pass (the exam interface allows you to flag questions for review). Going through the easier questions will also help you settle down and get over exam jitters. Double check your results (specially for the easier questions that carry more points); for example check that your pods are actually running, configmap parameters are exposed as environment variables etc. Ensure you are working on the correct cluster (the exam will give you the command to switch clusters that you can cut and paste).
I found it helpful to tag the yaml files by the question number (pod8.yaml for question #8, cj10.yaml for a cronjob created for question #10 etc). This makes it easy to identify which files need to be edited during your second pass.
Most of the questions during the exam were very similar to those I had seen during my preparation. Two questions were difficult – one related to logging and another about NetworkPolicies (a pod definition had to be modified to use an existing NetworkPolicy, rather than create a new NetworkPolicy).
You’ll get your results roughly 36 hours after the exam. The FAQ on LinuxFoundation website suggests that grading is based on results, implying there is no partial credit.
Hope you found this helpful and good luck!
Leave a Reply