Certified Kubernetes A/AD: My take
3rd week of January, 2020 has been quite productive. I managed to clear both Kubernetes certifications offered by the Cloud Native Computing Foundation (CNCF); Certified Kubernetes Application Developer (CKAD) & Certified Kubernetes Administrator (CKA).
Both these exams are quite different from other industry certifications; mainly due to the fact that both are performance-based exams & will test your problem-solving skills while debugging real issues. There are NO multiple-choice questions & each exercise requires you to interact with the Kubernetes cluster in some way.
Ever since I posted on LinkedIn, some of my connections wanted to understand how I managed to clear both exams within a week. So, I thought I’ll publish this blog to help candidates tackle two of the most intensive & popular DevOps certifications available today.
My experience with Kubernetes…
It dates back to 2017, where I was working in the OpenContrail (now Tungsten Fabric) business unit at Juniper Networks. The Kubernetes project was still quite new & we were developing a high-performance network plugin (CNI). My mentors were kind enough to let me explore this new domain & within a couple of months, I gained enough hands-on experience to build & operate a Kubernetes cluster.
In 2018, I moved to Tesla Motors, where I led a project to build & operate a geo-distributed control-plane for our next generation networking stack running on Kubernetes. During this process, we built custom controllers, tweaked Kubernetes’ source-code to meet our requirements. This made me realize how flexible & modular Kubernetes was & how seamlessly it could scale to serve Tesla’s massive network infrastructure needs. I’m currently doing similar work at Salesforce.
So overall, I have about 3 years of Kubernetes experience & about 2.5 years running it in production. Since I’ve been working on this platform for the last 2.5 years, I didn’t have to prepare much for these two exams, but YMMV.
About the exams…
CNCF along with Linux Foundation currently offers these Kubernetes certification exams; although both of them are quite similar with respect to the topics they cover, CKA delves into the deeper end & is considered tougher than CKAD.
Now, let’s learn more about these exams,
- Certified Kubernetes Applications Developer (CKAD)
- This certification is geared to be more developer-centric & validates the skills required to develop, run & troubleshoot applications on Kubernetes
- Requires candidates to demonstrate their competence in a hands-on, command-line environment
- Solve 19 problems in 2 hours using 4 clusters
- Proctored & can be administered remotely
- Requires 66% or greater to pass
- $300 fee (use DCUBEOFFER for $45 off)
- Easy-Medium difficulty, I had about 30 minutes left to review my answers
- Register here
CKAD curriculum includes below general topics & their weights on the exam:
- 13% — Core Concepts (API concepts, Pods, Services, etc)
- 18% — Configuration (ConfigMaps, Secrets, Volumes, etc)
- 10% — Multi-Container Pods (InitContainers, SideCars, Ambassadors, etc)
- 18% — Observability (Liveness/Readiness probes, Logging, etc)
- 20% — Pod Design (Labels, Annotations, Jobs, Rolling Deploy, etc)
- 13% — Services & Networking (LoadBalancers, Network Policies, etc)
- 8% — State Persistence (Persistent Volumes, Claims, etc)
2. Certified Kubernetes Administrator (CKA)
- Big-brother of CKAD, this certification is geared towards system-administrators & validates the skills required to build, run & troubleshoot Kubernetes clusters
- Requires candidates to demonstrate their competence in a hands-on, command-line environment
- Solve 24 problems in 3 hours using 6 clusters
- Proctored & can be administered remotely
- Requires 74% or greater to pass
- $300 fee (use DCUBEOFFER for $45 off)
- Medium difficulty, I had a good 70 minutes left for reviewing my answers
- Register here
CKA curriculum includes below general topics & their weights on the exam:
- 8% — Application Lifecycle Management (Rolling Deploy, Scaling, etc)
- 12% — Installation, Configuration & Validation (Cluster management, etc)
- 19% — Core Concepts (API concepts, Pods, Services, etc)
- 11% — Networking (NetworkPolicy, CNI, Ingress, LoadBalancers, etc)
- 5% — Scheduling (Taints, Tolerations, NodeSelectors, Labels, etc)
- 12% — Security (SecurityContexts, Secrets, TLS bootstrapping, etc)
- 11% — Cluster Maintenance (Upgrade, Backup, Restore, etc)
- 5% — Logging / Monitoring (Logging, Probes, System logs, etc)
- 7% — Storage (Persistent Volumes, Claims, Volumes, ConfigMaps, etc)
- 10% — Troubleshooting (Cluster & Application debug, etc)
Scheduling the exam…
After registering for the exam,
- You will get an email within 24 hours asking you to schedule your exam. Clicking on the link will take you to My Portal. From here you can schedule for the exam (which in turn takes you to a third-party portal that is super-slow to respond & will test your patience)
- After finalizing a date/time, schedule the exam. Remember to pick a schedule such that, you have sufficient time to prepare for the exam
- Remember to check the handbook, tips & tricks, FAQs to get more details about the certification
- Install exam plugin which will share your browser window, webcam, microphone with the proctor during the exam. Remember that this exam can be administered remotely & you don’t need to visit an exam center
- Finally, make sure you have checked all the tasks in the portal
NOTE: You have 12 months from the registration date to schedule your exam & rescheduling is allowed (> 24 hours from exam start)
Preparing for the exam…
Although there’s NO need for any prior practical experience to pass these exams, I highly recommend getting hands-on experience with building & operating Kubernetes clusters. This will help you deep-dive into Kubernetes concepts & understand how they can be applied in real-world scenarios.
Below are some free training/tutorials, that I found useful when I started exploring Kubernetes.
NOTE: There are some paid Kubernetes courses offered by Udemy & Linux Foundation which looks promising, but since I haven’t enrolled in any of the paid ones, I won’t be able to recommend them
Training & Tutorials (CKAD & CKA):
- Kubernetes project website has a tutorials section which covers almost all core topics
https://kubernetes.io/docs/tutorials/ - Katacoda has a bunch of interesting interactive tutorials
https://www.katacoda.com/courses/kubernetes - Kubernetes academy by VMware
https://kube.academy/ - Getting started with Kubernetes by Instruqt
https://play.instruqt.com/public/topics/getting-started-with-kubernetes
Once you are comfortable with the core concepts, venture into more advanced topics listed below (Sign up for free tier)
- Learn Google Cloud Kubernetes Engine (GKE)
https://cloud.google.com/kubernetes-engine/docs/tutorials/ - Learn Amazon Web Services (AWS) Elastic Kubernetes Service (EKS)
https://eksworkshop.com/ - Learn how to build clusters using Kubeadm
https://kubernetes.io/docs/setup/production-environment/tools/kubeadm/install-kubeadm/
For CKA only:
Since CKA’s focus is more on cluster creation & maintenance, you might be asked to build a new cluster or debug an existing problem within a cluster.
Hence, it’s important to have a good understanding of cluster components such as the API-server, kube-controller-manager, kube-scheduler, kube-proxy, kubelet, etcd, container runtime, systemd etc., & also how TLS bootstrapping is done.
One such resource/guide, which helps you understand cluster components the best, is written by Kelsey Hightower. If you want to ace the exam, remember to go through the exercises in this guide at least once.
- Learn Kubernetes the hard way
https://github.com/kelseyhightower/kubernetes-the-hard-way
It’s also equally important to understand systemd & how to debug unit failures. Below is an article which provides a good understanding of systemd.
- Systemd essentials by DigitalOcean
https://www.digitalocean.com/community/tutorials/systemd-essentials-working-with-services-units-and-the-journal
Tips & tricks:
- During the exam, you will be allowed to open a single tab pointing to either https://kubernetes.io/ or https://github.com/kubernetes & their sub-domains
- During both my exams, I had the
kubectlcheat-sheet page open in the other tab. This proved to be useful during the CKAD exam as I could just perform a quick search to find the commands I needed - Get familiarized with all
kubectlcommands listed here - DO NOT try to construct YAMLs from scratch during the exam. Instead, use the CLI to generate a boiler-plate template & modify it accordingly
- Reuse files generated from the previous exercises
- Below are some handy commands which will help you ace the exam
# CREATE A POD
$ kubectl run --generator=run-pod/v1 <NAME-OF-THE-POD> \
--image=<IMAGE-NAME> \
--dry-run -o yaml \
> pod.yaml$ kubectl apply -f pod.yaml--------------------------------------------------------------------# CREATE A DEPLOYMENT
$ kubectl create deployment <DEPLOYMENT-NAME> \
--image=<IMAGE-NAME> \
--dry-run -o yaml \
> deployment.yaml$ kubectl apply -f deployment.yaml--------------------------------------------------------------------# EXPOSE A DEPLOYMENT THROUGH A SERVICE
$ kubectl expose deployment <DEPLOYMENT-NAME> \
--name <SERVICE-NAME>
--port <SERVICE-PORT>
--target-port <TARGET-PORT>
--type <NodePort,LoadBalancer,ClusterIP>--------------------------------------------------------------------# GENERATE YAML FROM A RUNNING POD,SVC
$ kubectl get <POD-NAME> -n <NAMESPACE> -o yaml --export > pod.yaml
$ kubectl get <SVC-NAME> -n <NAMESPACE> -o yaml --export > svc.yaml--------------------------------------------------------------------# DISPLAY PODS SORTED BY THEIR CREATION TIME
$ kubectl get pods --sort-by=metadata.creationTimestamp--------------------------------------------------------------------# DISPLAY ONLY PODS NAME & ITS CREATION TIMESTAMP
$ kubectl get pods --all-namespaces -o \
custom-columns="POD_NAME:metadata.name, \
CREATION_TIME:metadata.creationTimestamp"--------------------------------------------------------------------# GET HELP
$ kubectl <RESOURCE-NAME> --help
- Become familiar with text editors such as
vim, vi& other *nix utilities such assort, grep, awk, nslookup, dig, ifconfigetc. - Use the
dns-utilpod to troubleshoot DNS related exercises
$ kubectl apply -f https://k8s.io/examples/admin/dns/dnsutils.yaml$ kubectl exec -it dnsutils -- nslookup kubernetes.default
- If you are struggling to tackle a problem, DO NOT waste time modifying the template. Instead, use
kubectl explain <RESOURCE-NAME>to describe the resource manifest
# LEARN ABOUT POD LIVENESS PROBES
$ kubectl explain pod.spec.containers.livenessProbe- Or search for the topic on the Kubernetes project site. Sometimes, this is much quicker than all other methods I’ve listed above
- Practice, practice & practice…….
On the day of the exam…
I had scheduled both my exams during the later part of the day & since both of them are pretty long brain-crunching exams, I suggest to keep yourself well fed & hydrated before you start.
T-minus 30: Reboot your mind & relax
T-minus 15: You can start the exam 15 minutes early if you wish
T-minus 0:
- The exams are proctored remotely by a CNCF employee who will communicate with you using a chat window
- You will be asked to share your webcam, screen & microphone
- You will be asked to display a valid Government issued ID
- You will be asked to quit all other running applications
- You are allowed to have a label-free clear glass of water
- You are allowed to take breaks (the timer won’t stop)
- You must be alone in the room with no background noises
- You will be asked to pan the camera & show your surroundings
- You are not allowed to have electronic devices on or around you
- You are not allowed to talk or whisper during the exam; not allowed to cover your mouth
- You will be allowed to open one more tab pointing to either https://kubernetes.io/ or https://github.com/kubernetes & their sub-domains
- You will be allowed to take notes using the built-in notepad in the exam console
- Try to solve exercises which have higher weightage first
- You can chat with the proctor if you experience any problems with the exam environment
- Remember to set context before solving each question
$ kubectl config use-context <CLUSTER-NAME>- Remember to keep a watch on the timer; time flies
- If you complete solving all the exercises early, review again & notify the proctor. You will be asked to click on “request to end exam” button
Waiting for exam results…
Exams are scored automatically & within 36 hours, results will be emailed to you. It will also be made available on My Portal.
NOTE:
- When I got certified, both CKAD & CKA environments were running Kubernetes v1.16
- Exams are updated every quarter, to align with Kubernetes releases
- Certifications are valid for 3 years
- One free retake per exam purchase will be granted in the event that a passing score is not achieved
I hope this post was helpful!!! Good luck & if you fail on your first attempt, don’t be disheartened, there’s always one more try to get it right.
Feel free to shoot a message on LinkedIn if you have any questions…
Join FAUN!
Subscribe to FAUN topics and get your weekly dose of the must-read tech stories, news, and tutorials 🗞️
Follow us on Twitter 🐦 and Facebook 👥 and Instagram 📷 and join our Facebook and Linkedin Groups 💬
