Passing the CKAD

Introduction

#

I earned the CKAD (Certified Kubernetes Application Developer) in June 2021 and completed renewals in April 2024 and March 2026. This post provides feedback on this developer-focused certification. It is particularly engaging because it focuses on practical application through labs instead of multiple-choice questions.

The advice and tips shared throughout this article relate to Kubernetes version 1.35, the version used during my exam preparation.

The objective is not to list information found in the official documentation but to provide a personal perspective on how I approached the certification.

The various topics covered

#

Unlike the initial version of this article, several topics are now included, such as Helm and container image creation.

Below is the list of domains included in the certification along with the weighting for each chapter:

• Application Design and Build (20%): Creating container images using Docker or Podman, managing Jobs and CronJobs, using init-containers and sidecars, plus persistent storage management inside a Pod;

• Application Deployment (20%): Proficiency in various deployment strategies such as blue/green or canary, creating Deployments, and using Helm to deploy objects as packages within Kubernetes;

• Application Observability and Maintenance (15%): Handling API deprecations, implementing probes to monitor container health, managing Pods logs, and debugging containers;

• Application Environment, Configuration and Security (25%): Integrating and creating CustomResourceDefinition (CRD) objects, managing permissions and access via RBAC, configuring resources (CPU and RAM) and quotas, managing Secrets for sensitive data and ConfigMaps for application configuration, using a ServiceAccount within a Pod, and implementing SecurityContext to reduce the attack surface;

• Services & Networking (20%*): Using NetworkPolicy to restrict network traffic, exposing applications inside the cluster with Services and externally using Ingress;

Mastering these numerous themes and components requires effort. The next section contains links to explore these areas effectively.

Links and resources used

#

For those unfamiliar with daily Kubernetes operations, starting with imperative kubectl commands via the CKAD-exercises repository is recommended.

This resource provides many exercises and solutions to help practise and learn command arguments.

It becomes apparent quickly that kubectl cannot create every resource. Some objects require snippets from the documentation, such as the PersistentVolume or PersistentVolumeClaim. These are discussed further in the “How to use the documentation” section.

Another vital tool for exercise practice is kind. This tool enables rapid Kubernetes cluster deployment within Docker on any operating system, bypassing the complexity of manual infrastructure setup.

Beyond the GitHub repository, other helpful resources include:

• killercoda.com: A free simulator providing an exam preview. Exercises here closely match the CKAD content.

• killer.sh: A paid simulator providing insight into the expected difficulty. This simulator is significantly harder than the actual exam and represents the best preparation method. Purchasing the CKAD certification includes two sessions on this platform.

I strongly recommend that you use both of the platforms mentioned above, particularly to work on your reflexes and speed of execution.

Please don’t hesitate to go back and practise the areas where you didn’t score full marks, so you can try again in a second attempt. Bear in mind that you can easily download the exam papers and answer keys from killer.sh to do them again in your own environment!

Exam environment

#

The exam environment has changed significantly in the meantime; I already had the chance to show you around it when I updated the article on the CKS under the “The exam interface” section.

Now it’s time to move on to the section containing my various tips…

My tips

#

In general

#

The CKAD is an exam that can prove quite challenging if you are not properly prepared. In fact, the real difficulty of the exam lies in time management. You will have two hours to complete between 15 and 20 questions, with varying degrees of weighting.

Generally speaking, the greater the weighting of a question, the longer it will take to complete.

Given the stress of taking the exam, two hours may seem too short or just enough to complete the exam and go back over two or three questions you got wrong.

Before registering for the exam, I read a number of articles advising to prioritise questions with high weightings and set aside those with lower weightings.

Personally, I didn’t use this technique; instead, I completed all the questions I was able to finish quickly so I could go back to the areas I found more difficult.

Finally, if you find you can’t solve a question, skip it and come back to it later, otherwise you risk not being able to complete the exam in its entirety.

How to use the documentation

#

During the exam, you are permitted to use reference materials, meaning you can open a web browser and browse authorised links such as https://github.com/kubernetes or https://kubernetes.io/fr/docs, for instance.

It is important to know the relevant keywords so that you can find the “right pages” that will enable you to solve the exercises very quickly.

For example, if you are asked to create a PersistentVolume and a PersistentVolumeClaim and you use the keywords: ‘persistent volume’, you will not, from the very first link, come across code snippets that are easy to reuse to complete your exercise.

On the other hand, the words “persistent volume pod” lead to a first result showing all the steps to create a PersistentVolume, a PersistentVolumeClaim, and to link it to a Pod. It’s much easier that way, isn’t it?

That’s why, when practising, I recommend selecting the documentation pages you’ve used and trying to remember the keywords so you can find them quickly.

Here are some other sections of the documentation that I personally use:

• Distribute Credentials Securely Using Secrets: This page explains all the ways to use Secrets, whether as environment variables or volumes;

• Configure a Pod to Use a ConfigMap: Similar to secrets, but for ConfigMaps;

• Configure a Security Context for a Pod or Container: Whether for a Pod or a container, it’s never easy to memorise the syntax. On this page, you’ll find some code examples to copy and paste;

• Network Policies: You’ll find all the default policies to deploy and a fairly comprehensive NetworkPolicy that you can adapt to suit your needs.

The command line

#

When doing the exercises, you’ll need to use the kubectl tool over and over again. As the alias k and autocomplete are already set up, this saves us time!

However, two further shortcuts can be configured in your ~/.bashrc file:

• export do="--dry-run=client -o yaml: This will save you from having to repeatedly enter these two arguments to generate your Kubernetes objects;

• export fg="–force --grace-period=0": To terminate a Pod as quickly as possible using the kubectl delete pod command.

Using them couldn’t be simpler; here are a few examples:

# Creating a Deployment
kubectl create deploy nginx --image nginx:latest --replicas 3 $do > nginx.yaml

# Deleting a Pod
kubectl delete pod httpd $fg

Once you’ve finished your exercises, you may need to use a debug pod to check the configuration of your NetworkPolicy, for example.

To do this, I recommend you memorise this command:

kubectl run debug --image=nginx:alpine --restart=Never --rm -i -- curl -m 1 [IP or URL]:[PORT]

The nginx:alpine image contains cURL, the tool that lets you check whether or not you can access a web page.

The -m 1 parameter sets the maximum wait time to one second, avoiding the default 30-second timeout.

Furthermore, the --rm parameter removes the Pod once the command has finished running.

And finally, don’t forget to include --restart=Never, otherwise your Pod may restart in a loop if the command returns an error.

File editing

#

To edit your files, you will have access to vim, so it is best to familiarise yourself with the basic commands of this editor to work efficiently.

I recommend taking a look at this documentation.

However, if you’re not comfortable with this type of editor, you can use VSCodium, which is now installed by default. This version is a free, telemetry-free and fully open-source alternative to the very popular Visual Studio Code. However, it is not currently permitted to add extensions.

Using the notepad

#

During the exam, you can use the notepad (or VSCodium) to add any commands you wish to keep, or to adapt useful snippets of code.

For example, you can save the command that allows you to change the namespace so that you don’t have to use -n namespace if the aim of the exercise is to create objects in a specific namespace:

kubectl config set-context --current --namespace=[your namespace]

Make sure you get into the habit of reusing this command at the start of each exercise to ensure you’re in the right place!

A final word

#

As mentioned above, the CKAD is a timed exam; if you are well prepared and have a good grasp of kubectl commands as well as the various areas covered in the exam, you shouldn’t have any trouble passing the certification.

Don’t forget to familiarise yourself with the documentation pages you feel most comfortable with.

I hope this information will help you when you take the exam!

Good luck to everyone aiming to pass this certification. :)