Chapter 1. Exam Details and Resources

In this introductory chapter, I want to address the most burning questions frequently asked by candidates planning to prepare and successfully pass the Certified Kubernetes Application Developer (CKAD) exam. Here, we will not discuss the actual Kubernetes concepts yet or how to apply them but rather talk about the certification and the necessary skills on a high-level.

Introduction

Microservices architecture is one of the hottest areas of application development today, particularly for cloud-based enterprise-scale applications. The benefits of building applications using small, single-purpose services are well documented. But, managing what can sometimes be enormous numbers of containerized services is no easy task and requires the addition of an “orchestrator” to keep it all together. Kubernetes is among the most popular and broadly used tools for this job. So it’s no surprise that the ability to use, troubleshoot, and monitor Kubernetes as an application developer is in high demand. To help job seekers and employers have a standard means to demonstrate and evaluate proficiency in operating a Kubernetes environment, the Cloud Native Computing Foundation (CNCF) developed the Certified Kubernetes Application Developer certification. And to achieve this certification, you need to pass an exam.

In this study guide, I will explore the topics covered in the CKAD exam to fully prepare you to pass the certification exam. We’ll look at determining when and how you should apply the core concepts of Kubernetes to manage an application. We’ll also examine the kubectl command-line tool, a mainstay of the Kubernetes engineer. I will also offer tips to help you better prepare for the exam and share my personal experience with getting ready for all aspects of the exam.

The CKAD is different from the typical multiple choice format of other certifications. It’s completely performance based and requires deep knowledge of the tasks at hand under immense time pressure. Are you ready to pass the test on the first go?

Exam Objectives

More and more application developers find themselves in projects transitioning from an monolitic architectural model to bite-sized, cohesive and containerized microservices. There are pros and cons for both approaches but we can’t deny that Kubernetes has become the de-facto runtime platform for deploying and operating applications without needing to worry about the underlying physical infrastructure.

Nowadays, it is not the exclusive responsibility of an administrator or release manager to deploy and monitor your application in target runtime environments anymore. Application developers need to see through the application from development to operation. Some organizations like Netflix live and breathe this culture so you, the application developer, is fully responsible for making design decisions as well as fixing issues in production. It’s more important than ever to understand the capabilities of Kubernetes, how to apply the relevant concepts properly and how to interact with the platform.

The CKAD exam has been designed specifically for application developers who need to design, build, configure and manage cloud-native applications on Kubernetes.

Kubernetes version used during the exam

At the time of writing, the exam is based on Kubernetes 1.18. All content in this book will follow the features, APIs and command line support for that specific version. It’s certainly possible that future versions will break backward-compatibility. While preparing for the certification, review the Kubernetes release notes and practice with the Kubernetes version used during the exam to avoid unpleasant surprises.

Curriculum

On a high-level, the curriculum of the exam covers the below topics. Each topic carries a different weight when it comes to the overall score.

  • 13% – Core Concepts

  • 18% – Configuration

  • 10% – Multi-Container Pods

  • 18% – Observability

  • 20% – Pod Design

  • 13% – Services & Networking

  • 8% – State Persistence

Let’s break down each domain in detail and identify what they actually entail.

Core Concepts

The Kubernetes environment is defined by a collection of objects, also called primitives. Each Kubernetes object represents the specific functionality of the system. Why are they called “objects” you might ask? Originally, Kubernetes was implemented in Java which has the concept of classes to represent specific types in the system. The system has since been rewritten in Go but the terminology stayed. This portion of the exam covers the general structure of a Kubernetes object and its represented in YAML. You’ll need to be familiar with the different ways to create, delete and modify a Kubernetes object from the command line. The most important object in the Kubernetes object model is a Pod. A Pod is the concept you use to deploy an application and run it in a container. This section focuses on the basics of Pod management. That is creating, configuring and inspecting Pods.

Configuration

This section of the exam drills into the advanced configuration options for Pods primarily with the help of other Kubernetes objects. ConfigMaps and Secrets help with centralizing configuration data needed by a Pod at runtime. You will have to understand how to create and consume both concepts. Furthermore, this section covers the ins and outs of defining privileges and access control for containers using a Security Context. A resource quota limits the amount of resources like CPU and memory granted to a namespace. As part of the exam, you will need to know how to define such a resource limit as well as a minimum and maximum resource boundaries for a container. Finally, this section also covers Service Accounts, the Kubernetes object that allows defining the identity for processes running in a Pod.

Multi-Container Pods

Often times, Pods only define a single container. There are viable use cases that require running multiple containers in a Pod. For the exam, you will need to understand init containers and the various established patterns for multi-container Pods. The curriculum explicitly spells out three patterns you need to be familiar with: the Sidecar pattern, the Adapter pattern and the Ambassador pattern.

Observability

Containers don’t always walk the happy path. Like in real life things can go wrong and that’s OK, however, we’ll need to be able to deal with it appropriately. Kubernetes provides the concept of readiness and liveness probes that can identify the health state and potentially act accordingly to correct a failure situation. Sometimes, there’s no way around digging deep. You will have to understand how to debug containers that failed with proven mitigation strategies. While this section also covers monitoring, it’s not very high on the list of exam topics as it requires the use of commercial products. Its relevance to the exam is likely insignificant.

Pod Design

Labels represent an integral concept in Kubernetes. They are key-value pairs used for querying, sorting and filtering Kubernetes objects. While annotations look similar to labels on the surface, they serve a different purpose. For the exam, you will need to understand labels and annotations, and how to apply the concepts to solve different use cases. This section also covers Deployments. Make sure you fully understand the replication and scalibility features of a Deployment. Moreover, practice the use of Jobs for running batch processing operations and CronJobs for operations that should run at specific times.

Services & Networking

Services are an abstraction layer on top of a set of Pods that provide a central interface for network communication. You will need to understand how to create such a Service, its port mapping mechanism as well as the different types of Services. Network policies describe the access rules for incoming and outgoing traffic for Pods. In the context of defining network policies, get a good handle on labels selectors, port rules and the typical use cases that may benefit from the applying network policies to harden security concerns.

State Persistence

Containers do not persist data beyond a restart. This section covers the different types of volumes for reading and writing data. Learn how to create and configure them. Persistent Volumes ensure permanent data persistence even beyond a cluster node restart. You will need to be familiar with the mechanics and how to mount a Persistant Volume to a path in a container.

The main purpose of the exam is to test your practical knowledge of Kubernetes resources. It is to be expected that the exam combines multiple concepts in a single problem. To summarize, refer to Figure 1-1 as a rough guide on the applicable Kubernetes resources and their relationships.

kubernetes resources
Figure 1-1. Kubernetes resources relevant to the exam

You might have noticed that the exam does not cover all Kubernetes resources you potentially would have expected to find the diagram. Certain Kubernetes concepts like ReplicaSet, StatefulSet or Ingress did not find their way into the curriculum which means do you not necessarily have to study them. Nevertheless, it’s a good idea to get a good lay of the land and understand the most prominent concepts on a high-level.

While this book covers all Kubernetes resources shown in the diagram, it’s almost impossible to explain all imaginable scenarios and configuration options. Use the information explained in the following chapters as a starting point to dive deeper. Don’t be afraid to explore uncharted territory!

Exam Environment and Tips

The exam is conducted and proctored online. As a result, you can register and take the exam from the comfort of your home. It’s recommended to clear your desk and ensure a silent environment to prevent any interruptions by other people or obstructive noises. An exam representative will watch over you via video camera and audio signal. Avoid cheating as it can result in your exam being terminated prematurely.

The exam consists of 19 practical problems you have to solve within a two hour timeframe. You will work on a pre-configured Kubernetes clusters. The focus of the exercises is to simulate typical situations you would encounter as an application developer using Kubernetes.

Once you enter the test environment, you are presented with a web-based command-line environment. Most of your interaction happens inside of that terminal. I personally felt that the terminal reacted a little bit laggy so whatever I typed did not show up on screen until a split second later. Be aware that the terminal does not provide any sophisticated auto-completion functionality for kubectl commands.

You are permitted to access and browse the Kubernetes documentation in single browser tab. In preparation for the exam, read through the bulk of the information at least once. While you can reference anything in the documentation, know where and how to find relevant documentation to avoid spending too much time on browsing. Do not open links to external web pages even if they are referenced in the Kubernetes documentation. I used the search functionality of the documentation page heavily. It helped me find the right information based on search terms quickly. Additionally, I would like to point you to two gems in the documentation: the kubectl cheat sheet and the API reference. Both pages might come in handy as quick reference guides.

Candidate Skills

The certification assumes that you already acquired a basic understanding of Kubernetes. You should be familiar with Kubernetes internals, its core concepts and the command line tool kubectl. The Cloud Native Computing Foundation (CNCF) offers a free “Introduction to Kubernetes” course for beginners to Kubernetes.

Your background is likely more on the end of an application developer, though it doesn’t really matter which programming language you are most accustomed to. The next paragraph briefly touches on the background knowledge you should bring to the table to increase your success in passing the exam.

Kubernetes Architecture & Concepts

The CKAD exam won’t ask you to install a Kubernetes cluster from scratch. Read up on the basics of Kubernetes and its architectural components. Don’t expect to encounter any multiple choice questions during the exam.

The kubectl CLI Tool

The kubectl command line tool is the central tool you will use during the exam to interact with the Kubernetes cluster. Even if you only have a little time to prepare for the exam, it’s essential to practice how to operate kubectl, its commands and their relevant options. You will have no access to the web dashboard UI during the exam.

Working Knowledge of Docker

Kubernetes uses Docker by default for managing images. You are not expected to run Docker commands, though it’s useful to understand its basic concepts and know how to operate it from the command line. At a minimum, understand Dockerfiles, images, containers and their corresponding CLI commands.

Other Relevant Tools

Kubernetes objects are represented by YAML. You will have to edit YAML during the exam to either create a new object declaratively or when modifying the configuration of a live object. Ensure that you have a good handle on basic YAML syntax, data types and indentation conforming to the specification. How do you edit the YAML definitions you may ask? Of course from the terminal. The exam terminal environment comes with the tools vi and vim preinstalled. Practice the keyboard shortcuts for common operations, especially how to exit the editor. ;-) The last tool I want to mention is GNU Bash. It’s imperative that you understand the basic syntax and operators of the scripting language. It’s absolutely possible that you may have read, modify or even extend a multiline Bash command running in a container.

Time Management

I mentioned earlier that you’ll have two hours to solve the problems presented to you. While two hours sounds like a long time, in reality it isn’t. On average, you have about 6.4 minutes per problem, to be precise. The exam is very time-constrained on purpose. It’s designed to put you under pressure to ensure that your knowledge of Kubernetes has been deeply engrained into muscle memory.

I can provide you with a couple of time management tips that helped me get the most out my alotted time. The exam presents you with a mix of questions with a varying degree of complexity. It’s a good idea to start directly with question one. If you can’t solve the issue right away or only partially, move on to the next question. Sooner or later you will encounter an easy enough problem you can to solve quickly and confidently. Solving easy problems first will help you score the points you need to pass.

Taking notes

The exam environment provides a little notepad you can use to track unsolved problems. Simply mark down the questions you are planning to revisit later.

There’s no value in getting stuck on a hard question and wasting too much time. When taking the exam myself, I left one question completely unsolved and one question only partially solved before I ran out of time. Nevertheless, I passed, which speaks to staying laser-focused on scoring points.

Command Line Tips and Tricks

Let me give you some additional tips & tricks for operating the command line. Not only did they help me with time management but with avoiding missteps during the exam.

Setting a Context & Namespace

Every question in the exam will ask you to operate on the specific Kubernetes cluster and namespace. The introductory text of the question clearly states the command you need to run. Don’t forget to execute the command, especially if you are rapidly jumping back and forth between different questions.

You may not be working with namespaces in Kubernetes explicitly on a day by day basis. Especially smaller organizations may simply manage Kubernetes objects in the default namespace. The exam makes heavy use of custom namespaces. You can decide to spell out the namespace for every single command while working through exam, however, this mode of operation comes at the risk of forgetting to set the namespace.

To avoid issues, run the following command once before working through the steps of a question. The command sets the context and the namespace at the same time.

$ kubectl config set-context <context-of-question> 
  --namespace=<namespace-of-question>

Using an Alias for kubectl

The kubectl command line tool is your primary interface to the Kubernetes cluster. For every command you need to execute, you will have to type kubectl in the terminal. No big deal, you might say. Do yourself a favor and define a shell alias as a shortcut to reference the kubectl command. I personally prefer to use the single letter command k. You will only need to set the alias once at the beginning of the exam to shave off a couple of seconds for every command you run going forward.

$ alias k=kubectl
$ k version

I am going to continue to use the full kubectl throughout the other chapters of the book to avoid confusing those of you that didn’t reference this particular section.

Internalize Resource Short Names

Some Kubernetes resources have excruciatingly long names. Just imagine having to type persistentvolumeclaims every time you need to reference the Kubernetes resource Persistent Volume Claim. Thankfully, kubectl provides short names for some of the resources. The following command lists all of them in the terminal.

$ kubectl api-resources
NAME                    SHORTNAMES  APIGROUP  NAMESPACED  KIND
...
persistentvolumeclaims  pvc                   true        PersistentVolumeClaim
...

You can see in the output that persistentvolumeclaims offers the short name pvc. Consequently, a command that interacts with a Persistent Volume Claim could look as simple as the one below.

$ kubectl describe pvc my-claim

Deleting Kubernetes Objects

It’s inevitable that you will make mistakes during the exam. For example, you might create Kubernetes objects with incorrect configuration or you simply want to start a question from scratch. By default, Kubernetes tries to delete objects gracefully which can can take a couple of seconds. Given that we are dealing with a test environment, there’s no point in waiting. Use the command line option --grace-period=0 and --force to send a SIGKILL signal. The signal will delete a Kubernetes object immediately.

$ kubectl delete pod nginx --grace-period=0 --force

Finding Object Information

Some questions in the exam present you with an existing setup of Kubernetes objects. Don’t be surprised to find that the context you are working in already contains a couple of Pods with non-trivial configuration. As part of the question, you may be asked to identify specific Kubernetes objects and continue to work on those.

You can always inspect Kubernetes objects one by one but again this would be a major time sink. It is helpful to remember that you can combine a kubectl command with other Unix commands using a pipe call. For example, you could run a describe pods command and then filter the output with the grep command to find assigned labels. The -C command line option helps with rendering the lines before and after the search term.

$ kubectl describe pods | grep -C 10 "author=John Doe"
$ kubectl get pods -o yaml | grep -C 5 labels:

Discovering Command Options

Even though you have access to the Kubernetes documentation, you might not be able to find the exact information you are looking for right away. The kubectl command has help functionality built-in. The option --help works for every command available and renders details on subcommands, command line options plus usage examples. The following command demonstrates its use for the create command.

$ kubectl create --help
Create a resource from a file or from stdin.

JSON and YAML formats are accepted.

Examples:
  ...

Available Commands:
  ...

Options:
  ...

Furthermore, you can explore the fields of every Kubernetes resource from the command line with the explain command. As a parameter, you have to provide the JSONPath for the field of interest. For example, say you wanted to list all fields of a Pod’s spec, then you use the following command.

$ kubectl explain pods.spec
KIND:     Pod
VERSION:  v1

RESOURCE: spec <Object>

DESCRIPTION:
  ...

FIELDS:
  ...

Practicing and Practice Exams

In preparation for the exam, it’s essential to practice the use of kubectl. You’ll need to have access to a Kubernetes cluster and kubectl preinstalled. Consider the following options:

  • Your employer already has a Kubernetes cluster set up and allows you to use it to practice.

  • Installing Kubernetes on your developer machine is an easy and fast way to get set up. Depending on your operating system, you can entertain various options. The Kubernetes documentation provides various installation options. At some point during my Kubernetes learning journey, I installed Kubernetes on four Raspberry Pis which turned out to be a fun and exciting hobby project. You can find information on how to get started on the Kubernetes blog.

  • If you are a subscriber to the O’Reilly Learning Platform, you have unlimited access to scenarios running a Kubernetes environment in Katacoda.

In addition, you may also want to try out one of the following free or commercial practice exams.

  • Certified Kubernetes Application Developer (CKAD) Prep Course: A video-based Learning Path on the O’Reilly Learning Platform created by yours truely.

  • CKAD Exercises: A GitHub repository containing a variety of free exercises that span all topics relevant to the curriculum.

  • Video courses offered by cloud learning platforms: Other online training providers offer video courses for the CKAD, some of which include an integrated Kubernetes practice environment. I would like to mention KodeKloud and Linux Academy. You’ll need to purchase a subscription to access the content for each course individually.

Summary

The CKAD exam is a completely hands-on test that requires you to solve problems in an existing Kubernetes cluster. You are expected to understand, use and configure the Kubernetes primitives relevant to application developers. The exam curriculum subdivides those focus areas and puts different weights on topics contributing to the overall score.

We discussed the exam environment and how to navigate it. Moreover, we went over tips and tricks that can help you to save time. In preparation for the exam, explore the architectural basics of Docker and Kubernetes. The key to acing the exam is intense practice of kubectl to solve real-world scenarios. The following chapters will provide you with sample exam exercises. In addition, reference the resources provided at the end of this chapter for full exposure.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
44.204.65.189