Skip to content

Certification Prep: CKAD — Certified Kubernetes Application Developer

Metadata

Field Value
Issuer CNCF (Cloud Native Computing Foundation)
Exam Code CKAD
Format Performance-based (live cluster tasks)
Duration 2 hours
Passing Score 66%
Cost $395 USD
Retake Policy One free retake included
Kubernetes Version Current stable (check CNCF site)
Wiki Coverage ~75%

Exam Domains & Wiki Mapping

Application Design and Build (20%)

Objective Topic Pack Coverage
Define, build, and modify container images docker, container-images ✅ Full
Choose and use the right workload resource (Deployment, StatefulSet, DaemonSet, Job, CronJob) k8s-ops ✅ Full
Understand multi-container Pod design patterns (sidecar, init, adapter, ambassador) k8s-pods-and-scheduling ✅ Full
Utilize persistent and ephemeral volumes k8s-storage ✅ Full
Define resource requirements (requests, limits) k8s-pods-and-scheduling ✅ Full
Create and consume ConfigMaps and Secrets k8s-ops, secrets-management ✅ Full
Understand ServiceAccount and token projection k8s-rbac ⚠️ Partial

Application Deployment (20%)

Objective Topic Pack Coverage
Use Kubernetes primitives to implement deployment strategies (rolling, recreate) k8s-ops, progressive-delivery ✅ Full
Implement blue/green and canary deployments progressive-delivery ⚠️ Partial
Use Helm to package and deploy applications helm ✅ Full
Understand Kustomize overlays and patches kustomize ✅ Full
Use kubectl rollout to manage rollouts and rollbacks k8s-ops ✅ Full
Implement autoscaling with HPA k8s-ops (HPA) ✅ Full

Application Observability and Maintenance (15%)

Objective Topic Pack Coverage
Understand API deprecations and version changes k8s-ecosystem ⚠️ Partial
Implement probes (readiness, liveness, startup) k8s-ops (Probes) ✅ Full
Use built-in logging and monitoring monitoring-fundamentals, linux-logging ✅ Full
Debug container and Pod issues k8s-debugging-playbook, crashloopbackoff ✅ Full
Understand resource utilization with metrics-server k8s-ops (HPA), monitoring-fundamentals ⚠️ Partial
Troubleshoot application failures using logs, events, describe k8s-debugging-playbook ✅ Full

Application Environment, Configuration & Security (25%)

Objective Topic Pack Coverage
Discover and use CRDs and Operators k8s-ecosystem ✅ Full
Understand authentication, authorization, admission control k8s-rbac, policy-engines ✅ Full
Use RBAC to define and apply least-privilege Roles k8s-rbac ✅ Full
Understand SecurityContexts and Pod security standards k8s-rbac, linux-hardening ⚠️ Partial
Use ServiceAccounts to control Pod identity k8s-rbac ✅ Full
Understand resource quotas and LimitRanges k8s-pods-and-scheduling, multi-tenancy ✅ Full
Manage environment variables, ConfigMaps, Secrets securely secrets-management ✅ Full

Services & Networking (20%)

Objective Topic Pack Coverage
Demonstrate understanding of NetworkPolicies k8s-networking, policy-engines ✅ Full
Provide and troubleshoot access to applications via Services k8s-services-and-ingress ✅ Full
Use Ingress rules to expose applications k8s-services-and-ingress ✅ Full
Understand DNS for Services and Pods k8s-networking, dns-ops ✅ Full
Troubleshoot service connectivity networking-troubleshooting, k8s-debugging-playbook ✅ Full

Study Plan

Phase 1: Foundations (Weeks 1–2)

Goal: Fluent with core workloads, containers, and app configuration.

  • Week 1: Container fundamentals and workload resources
  • Read: docker — Dockerfiles, multi-stage builds, image layers
  • Read: container-images — reducing image size, security scanning
  • Read: k8s-ops — Deployments, StatefulSets, Jobs, CronJobs
  • Practice: Build optimized container images, push to a registry
  • Practice: Deploy all workload types, observe lifecycle behavior

  • Practice: Create multi-container Pods (init container + sidecar patterns)

  • Week 2: Configuration, storage, and security

  • Read: k8s-pods-and-scheduling — resource requests/limits, quotas, LimitRanges
  • Read: secrets-management — ConfigMaps, Secrets, volume mounts vs env vars
  • Read: k8s-storage — PVs, PVCs, ephemeral volumes
  • Read: k8s-rbac — ServiceAccounts, Roles, SecurityContexts
  • Practice: Mount ConfigMaps and Secrets as volumes and env vars
  • Practice: Apply resource quotas and watch pod admission failures

Phase 2: Deep Dive (Weeks 3–4)

Goal: Deployment strategies, observability, networking, and debugging.

  • Week 3: Deployments, observability, and Helm
  • Read: helm — chart structure, values, install/upgrade/rollback
  • Read: kustomize — bases, overlays, strategic merge patches
  • Read: k8s-ops (Probes) — liveness, readiness, startup probes
  • Read: k8s-ops (HPA) — HorizontalPodAutoscaler, metrics-server
  • Practice: Deploy a Helm chart, customize values, perform rollback
  • Practice: Configure probes, observe pod restart behavior on failure

  • Practice: Set up HPA, generate load, watch scaling events

  • Week 4: Networking, CRDs, and troubleshooting

  • Read: k8s-services-and-ingress — Service types, Ingress rules, TLS termination
  • Read: k8s-networking — NetworkPolicies, DNS resolution
  • Read: k8s-ecosystem — CRDs, operator patterns
  • Read: k8s-debugging-playbook — systematic troubleshooting
  • Practice: Create and test NetworkPolicies for pod-to-pod isolation
  • Practice: Debug broken services: wrong selectors, port mismatches, DNS failures
  • Practice: Timed exercises — create a full app stack in under 15 minutes

Phase 3: Exam Simulation (Week 5)

Goal: Build speed and accuracy under timed conditions.

  • Take full-length practice exams (killer.sh included with registration)
  • Time yourself: ~7 minutes per task
  • Drill imperative kubectl commands — creating resources from the CLI is faster than writing YAML
  • Review: probes configuration, NetworkPolicy syntax, Helm upgrade/rollback
  • Practice switching contexts rapidly (required for every question)

Gap Analysis

Gap Exam Weight Recommended External Resource
Blue/green and canary deployment patterns (hands-on) Medium (within 20%) Argo Rollouts documentation, Flagger tutorials
API deprecation tracking and migration Low (within 15%) kubernetes.io deprecated API migration guide
Pod Security Standards (Restricted, Baseline, Privileged) Medium (within 25%) Pod Security Admission docs on kubernetes.io
Metrics-server installation and custom metrics Low (within 15%) metrics-server GitHub repo, custom metrics API docs
Token projection and bound service account tokens Low (within 25%) Kubernetes service account token volume projection docs

Exam-Day Strategy

Environment Setup (First 2 Minutes)

# Aliases — set these before anything else
alias k=kubectl
alias kn='kubectl config set-context --current --namespace'
export do='--dry-run=client -o yaml'

# Verify cluster access
kubectl get nodes
kubectl config get-contexts

Time Management

  • ~17 tasks in 120 minutes = ~7 min per task
  • CKAD rewards speed with imperative commands — don't write YAML from scratch
  • Flag low-weight (2–3%) questions and return later
  • Leave 10 minutes for review

Question Triage

  1. Read the full question; note context, namespace, and expected outcome
  2. Switch context immediately: kubectl config use-context <name>
  3. Set namespace: kn <namespace>
  4. For create tasks: kubectl create deployment/run/expose imperatively
  5. For debug tasks: kubectl describe, kubectl logs, kubectl get events

Common Traps

  • Wrong namespace — always set it before starting the task
  • Forgetting to use the correct container name in multi-container pods for logs
  • Helm: forgetting --namespace flag during install
  • NetworkPolicy: default deny must be explicit — empty podSelector + empty ingress means deny all
  • Probes: mixing up initialDelaySeconds, periodSeconds, and failureThreshold

If You're Stuck

  • kubectl explain pod.spec.containers.livenessProbe — instant field reference
  • kubectl create --help — shows all imperative creation options
  • Generate YAML: kubectl run nginx --image=nginx --dry-run=client -o yaml
  • Skip, flag, move on — one skipped 2% question is better than losing 10 minutes

Cross-References