• Sébastien Féré

Kubernetes - tips for your CKAD exam by CNCF

Updated: Nov 11, 2020

A few days ago, I passed the CKAD exam - the Certified Kubernetes Application Developer - and scored a respectable 95% and also got rewarded with the CKAD badge!

I hope my story will help you either in getting your certification or in giving you the desire to pass one of the CNCF certifications - good luck! 🙂

For me, this is now time to sail towards the CKA - Certified Kubernetes Administrator!

source: oysteryachts.com

Inception and figures

It has been a couple of months since I registered to pass the CKAD exam. Like many people, I used to fall into the trap of procrastination. Of course, as a DevOps Lead at Sokube, I can hide myself behind business activities and customer projects, and at some point this is quite easy as there’s a lot to do in a small company.

As I would have to pass it again in 2 years in order to maintain active certification, I was smartly postponing until the moment I really need it from a professional perspective. The certification was indeed initially valid for 2 years, before it was extended to 3 years in January to match other CNCF and Linux Foundation certifications.

To be honest, something else made me postponing this task indefinitely - the CKAD and CKA exams are known to be very hard. I guess I was a bit scared by various posts on the Internet, telling how hard it is… and this is eventually hard! This is a thing to pass a an online multiple choice quizz with the option to answer randomly if you have absolutely no clue about the answer. This is totally different with a hands-on and command-line environment. There’s just no room for bluffing…

And figures don’t lie! In January 2020, the CNCF announced 5,300 individuals had registered for the CKAD exam and since its creation in May 2018. However, only 2,400 had achieved the certification - so about 45% - which is very few for a professional certification.

So yes, CNCF certifications are a huge piece of work and a great experience!

Sharing my experience

As part of our open approach to technology and experience at SoKube, this is now my turn to share about that great experience. I say great because beyond cramming for the exam, the whole preparation is a real journey - a journey to get deeper knowledge about Docker containers, orchestration and internals the Kubernetes engine.

Like many people, I trained myself thanks to an online course and there are plenty out there. However I want to highlight the course provided by Mumshad Mannambeth on Udemy as it combines theory and practice with dozens of hands-on practice labs, as well as lightning labs to increase speed at command-line and mock exams - all powered by the KodeKloud platform.

The exam

The boot time - procedure with the Proctor

You can access the exam environment 15 minutes before the time you actually scheduled the exam. Take this time to perform the procedure with the Proctor, as this take some time especially if you have an external monitor.

The Proctor has a very scripted procedure, so that I asked myself if he/she was an AI 😉

  • Put your speaker volume to 0, as the Proctor only interacts through the chat window. This will prevent from nasty sound feedback.

  • Chrome browser - this is the only application you will be allowed to use during the exam. Forget about Safari and other browsers.

  • You will be asked to show the place where you are seated with a slow 360° presentation of the room - this is better to be in a small and quiet room with nothing on the walls.

  • You should also have a perfectly clean desk, with your laptop, monitor, power supply, and additional keyboard & mouse - keep everything else out of the room, including your watch, smartphone, papers, headset, …

  • Don’t forget a bottle on water (or your favorite drink) without anything written on it. Even if the weather is not very hot, your brain is gonna produce heat, a lot of…

  • You can remove VS Code icon from your launch bar and other IDE icons I guess

  • Take also some time to get familiar with the exam environment - there’s a guided tour!

  • The last point, be prepared for two hours… this would be a pity to ask for an “AFK bio” and loose precious minutes.

The exam environment is very convenient by the way: questions on the left and a big shell window with nice copy/paste integration. You can indeed copy/paste data from the question statement directly into your config files. You can also easily navigate through the questions and flag the ones on which you’d like to come back at the end… if you have some spare time…

The exam time

The exam is composed of 19 labs - it is really intense and you need to be non-stop focussed during 2 hours. This is perhaps the biggest challenge 😉

I had completed the first ten questions in roughly 45min - there’s no precise count-down, just a green gauge that turns orange and a message from the Proctor for the last 15 minutes. Then I was expecting to finish 10 to 20 minutes before the end, but it took me all the time to complete the remaining questions. I also had time to come back to one question I flagged and make the fix on my YAML configuration.

You will have to be rigorous and methodical in your approach to answering questions, especially if you would like to come back on some of them. The basic scheme looks like this:

# start with a clean console

# set your kubernetes context
kubectl config use-context ...

# read the question, till the end

# create the Kubernetes resources with imperative commands
kubectl run pod / create deploy ... --dry-run=client -o yaml > 12.yaml

# make additional configuration - use copy/paste for complex structures
vi 12.yaml

# apply
kubectl apply -f 12.yaml

# check!
kubectl get/describe deploy
kubectl get/describe po

The pro tips

Fasten your seat belt

The CKAD is a question of speed, this is not about hastiness. So before jumping into the labs, take a small amount of time to boost your shell console!

# k is better than kubectl
alias k='kubectl'

# keep completion
source <(kubectl completion bash | sed 's/kubectl/k/g')

# speed up imperative commands
export dy="--dry-run=client -o yaml"

# now you can create Kubernetes resources very quickly and without typo...
k run ckad --image=copy-paste:from-statement $dy > 03.yaml

Read the question

This sounds like a no-brainer, but when you’re under time pressure, you’ll probably make mistakes. Most of the questions are linear from a statement perspective, however there is sometimes crucial information at the end:

  • the name of the namespace

  • the resources that have already been created

  • the resources you shall not modify at all

This is why it is important to read the statement until the end.

Your two best friends

YAML & vi are your two best friends during the exam! For a majority of questions, you can’t answer just by typing a Kubectl command. You need to write some YAML and configure your Kubernetes resources.

You definitely won’t have the time, nor the energy to type the entire Kubernetes resources by hand. The tips are to use:

  • imperative commands, despite the change applied to Kubernetes 1.18 about kubectl run

  • the Kubernetes documentation, which provides convenient code snippets

There has been a lot of noise and - from my point of view - complex tips about the change in the kubectl run command since Kubernetes 1.18. To me, this is a great thing as the “kubectl run” now looks like the “docker run” command and it doesn't take much time to create Deployments, Jobs and CronJobs thanks to the “kubectl create” command.

kubectl - Kubernetes the Imperative way

In your life of Developer, you will use a bit the kubectl command and more likely Helm charts and your CI/CD pipeline to interact with your Kubernetes cluster.

The CKAD exam doesn’t require to have a exhaustive knowledge of the kubectl command, however you’ll definitely need to know some commands from the kubectl cheat sheet and a few others - these are my preferred ones:

# create a ConfigMap
kubectl create cm --from-literal=<key>=<value>
kubectl create cm --from-file=/path/to/file

# create a Secret
kubectl create secret generic --from-literal=<key>=<value>

# create a pod
kubectl run <pod-name> --image=... \
  --env="<key>=<value>" \
  --labels="<key>=<value>" \
  --requests='cpu=100m,memory=256Mi' \
  --limits='cpu=200m,memory=512Mi' \

# delete a resource without waiting
kubectl delete po <pod-name> --wait=false

# search in all namespaces (--all-namespaces)
kubectl get pods -A

# create resources from a YAML manifest
kubectl apply -f /path/to/file

# show pod labels for pod selector patterns
kubectl get po --show-labels

# add a label on a Kubernetes resource (pod, node, ...)
kubectl label ...

# change the image on a deployment
kubectl set image deploy/<deployment-name> <container-name>=<new-image-name:tag>

# never use "kubectl create service" to create a ClusterIP or NodePort service
kubectl expose ...

# troubleshoot a container
kubectl exec -it <pod-name> [-c <container-name>] -- sh

# check logs
kubectl logs <pod-name> [-c <container-name>]

# check metrics
kubectl top node <node-name>

Number your config files

This one also sounds like an obvious advice. As said, you will have to produce YAML files, first with the help of imperative commands, second with your preferred editor to customize them. For some questions, I had to create two files, for instance:

  • 06.yaml

  • 06-svc.yaml – you can also append to the first one

If you would like to come back to the question 11 after having completed or skipped the 19 labs, you’ll be delighted to be able to edit again the file named “11.yaml”, instead of looking for pod.yaml, deploy.yaml or nginx.yaml 😉

The Third Man

In the exam, there are yourself, the proctor, … and the Kubernetes community! You have access to the entire kubernetes.io website and a few other domains.

Use it wisely! You don’t have time to read entire sections of the Kubernetes documentation, but you can grab code snippets for Persistence, Probes, Tolerations, NodeAffinity, etc.

Here is a list of my bookmarks to avoid searching into the Kubernetes documentation:

Pod Configuration

Kubernetes resources

Check! check! check it again!

There’s nothing more annoying than a typo… So check everything and pay attention to the details:

  • check your commands (at the end, I was trying to execute “kubectl run 18.yaml” 😣)

  • check your YAML files with regards to the question statement

  • check the status of your Kubernetes resources, either Pods, Deployments, Services, Endpoints, …

  • check again the description (“kubectl describe”) of Kubernetes resources with regards to the question statement

I can assure you this is not a lack of time.

Chasing the 100%

Getting certified only requires 66% for the CKAD. With a bit of practice and a methodical approach, I guess that getting the CKAD certification is within the realm of the possible.

But for those like me who are chasing the 100%, you will have to practise a lot as there’s no room for improvisation. Real experience with the Kubernetes platform is also definitely a great help – considering you don’t use specific CRDs from vendors – because you’ll get accustomed to troubleshooting and look at the right place.

36 hours

36 hours is an instant compared to a lifetime. However, after passing the exam, you will perhaps feel this is a long long time. You will perhaps find yourself frenetically checking the email inbox every hour, or worse every 10 minutes...

Nothing to expect the first 24 hours after the exam - you can start looking at your emails from 28/30 hours post-exam…

1,450 views0 comments

Recent Posts

See All