The CKAD exam
Yesterday, I passed the Certified Kubernetes Application Developer exam - in this post, I’ll give a brief overview of the experience.
This exam is a hands-on, performance-based test. This means that there are no multiple choice questions - there are practical tasks to accomplish, deployments to debug and fix, logs to collect, releases to roll out - all this in an actual Kubernetes cluster. I really liked this format due to its similarity to a real life working environment. I found the tasks to be realistic, and I think that the certification shows that you have at least a baseline knowledge of Kubernetes in practice.
# Exam basics
- performance based exam - debug, deploy, fix things in a web terminal
- there are a few different clusters in which to solve the problems
- there are different namespaces in which you have to operate
- you can use the Kubernetes documentation: you can have exactly one tab open, in which you can read the docs, but nothing else
- there is a basic notepad integrated into the exam UI which you can use to scribble down some stuff
- you are given a set of tasks (15-20), weighing different percentages in your final exam score
- the exam lasts for 2 hours, and time is absolutely a limiting factor
# Where to practice?
I suggest using GKE (Google Kubernetes Engine) for practicing. As of January 2021, Google Cloud Platform has a 300 USD credit free tier - this plenty to play around with the k8s engine. Since this is a full-blown, production-ready cloud offering, I think it is superior to any simplified version of Kubernetes that you might find online (though I’m sure those can also be great for the exam).
Note that in GKE, you will have to enable the network policy addon for your cluster in order to get handy with writing network policies
# How much to study
How much you have to study for this exam depends a lot on your background, so I can only speak for my case, so take this with a pinch of salt.
I had a moderate exposure to Kubernetes. By that I mean that I was working with it for about a year and a half, rolling out deployments, writing cronjobs, scaling things up/down and in/out, hunting for bugs, collecting logs then staring at them, editing configuration, and so on. I had a usable, practical knowledge, but some bits (even important bits, related to networking, persistence, and multi-container pods) were missing. So I would say that my knowledge was moderately deep and narrow.
With this in mind, in the end I studied for about net ~12 hours for the exam overall, which included reading the Kubernetes Book by Nigel Poulton as a basic refresher, reading the documentation, watching videos, and most importantly, tinkering with my own cluster in Google Cloud.
# Assorted tips
The Linux Foundation website and PSI’s (the exam provider’s) site are terrible. Get a nice hot beverage before you sit down to book your timeslot for the exam because (ironically) their website is awfully slow.
During the exam, don’t forget to switch to the right namespace before you start working on the given task!
If no namespace is mentioned, the task is to be done in the default namespace, so you have to switch back to that.
The --dry-run=client
flag is your friend, as well as -o yaml
, which can be used together to get a scaffold YAML up for a pod/deployment. As in:
Then you can edit the resulting deployment.yaml
file to suit your needs.
Labels can only be strings, not booleans. So, for instance, if you’re defining a network policy, when you’re using a podSelector
with matchLabel
on access: "true"
, don’t forget those quotes (like I did).
By far the most valuable learning resources is the Tasks section of the k8s docs, where they take you through practical examples.
In addition to the above, I can recommend some sections of the Kubernetes Patterns book, which has a corresponding Github repository with example YAMLs for the patterns.
HPA/VPA is not asked on the exam (in my experience).
Extended resources are not generally a subject on the exam (in my experience).
Practice some YAML - even if you are working with it, a refresher never hurts (for instance, this is a concise source). For instance, the following to snippets belong to a network policy. However, they do very different things, even though they only differ in a single character:
ingress:
- from:
- namespaceSelector:
matchLabels:
user: alice
podSelector:
matchLabels:
role: client
ingress:
- from:
- namespaceSelector:
matchLabels:
user: alice
- podSelector:
matchLabels:
role: client
(check this page out for the answer)
# Summary
Those were my thoughts and tips for the exam. You will find all kinds of important material for online so I thought I would just summarise what I personally recommend watching out for.
# Is it worth taking it?
Yes, definitely.