Tips and exercises for preparing to CKAD exam.
The CKAD exam is an online proctored exam that consists of completing a set of problems using the command line. The exam has a duration of 2 hours to complete 15-20 questions, so at worst you only have 6 minutes per question.
Being as fast as possible is the key to pass this exam, so as a general tip, practice a LOT of the command line and use as much as possible abbreviations and aliases to commands.
In the next section, I will do my best to compile important exam information.
I recommend that you read the up-to-date official exam documentation for completeness and correctness.
You can use the browser within the VM to access the documentation from:
Subdomains and language translations of those websites are also allowed.
Adapted from the documentation:
- Root privileges can be obtained by running 'sudo โi'.
- You must NOT reboot the base node (hostname node-1). Rebooting the base node will NOT restart your exam environment.
- Do not stop or tamper with the certerminal process as this will END YOUR EXAM SESSION.
- Do not block incoming ports 8080/tcp, 4505/tcp and 4506/tcp. This includes firewall rules that are found within the distribution's default firewall configuration files as well as interactive firewall commands.
- Use Ctrl+Alt+W instead of Ctrl+W (this is a shortcut that closes current tab on Google Chrome).
- To copy & paste within the Linux Terminal you need to use LINUX shortcuts:
- copy --> Ctrl+Shift+C
- paste --> Ctrl+Shift+V
- OR use the Right Click Context Menu and select Copy or Paste
- INSERT key is prohibited, use i for insert mode in VIM and ESC to get out of insert mode
Adapted from the documentation:
- Each task on this exam must be completed on a designated cluster/configuration context.
- An infobox at the start of each task provides you with the cluster name/context information.
- Nodes making up each cluster can be reached via ssh, using a command such as the following: ssh
- You must return to base node (hostname node-1) after completing each task.
- Nested-ssh is not supported.
- Root privileges can be obtained on any node with 'sudo -i'
- You can also use sudo to execute commands with elevated permissions
- You can use kubectl and the appropriate context to work on any cluster from the base node. When connected to a cluster member via ssh, you will only be able to work on that particular cluster via kubectl.
- For convenience, all environments have 'kubectl' with 'k' alias and bash autocompletion, 'jq', 'tmux', 'curl', 'wget' and 'man' tools pre-installed and configured
- Instructions for connecting to cluster nodes are provided in appropriate tasks
- If you need to destroy/recreate a resource to perform a certain task, it is your responsibility to back up the resource definition appropriately prior to destroying the resource.-
- The CKAD environment is currently running Kubernetes v1.28 and etcd v3.5
The environment will look like the following image:
The exam tests for the following domains and competencies:
- Application Design and Build (20%)
- Define, build and modify container images
- Understand Jobs and CronJobs
- Understand multi-container pod design patterns (sidecar, init etc)
- Utilize persistent and ephemeral volumes
- Application Deployment (20%)
- Use Kubernetes primitives to implement common deployment strategies (blue/green, canary)
- Understand Deployments and how to perform rolling updates
- Use the Helm package manage to deploy existing packages
- Application Observability and Maintenance (15%)
- Understand API deprecations
- Implement probes and health checks
- Use built-in CLI tools to monitor kubernetes applications
- Utilize container logs
- Debugging in Kubernetes
- Application Environment, Configuration and Security (25%)
- Discover and use resources that extend Kubernetes (CRD, Operators)
- Understand authentication, authorization and admission control
- Understand request, limits, quotas
- Understand ConfigMaps
- Define resource requirements
- Create and consume secrets
- Understand ServiceAccounts
- Understand Application Security (SecurityContexts, Capabilities)
- Services and Networking (20%)
- Demonstrate basic understanding of NetworkPolicies
- Provide and troubleshoot access to applications via services
- Use Ingress rules to expose applications
I have relied heavily on already created exercises and added a few exercises on my own. Please give these amazing repositories a star and suport them: