Skip to content
GitHub

Module 0.1: CKAD Overview & Strategy

Hands-On Lab Available
K8s Cluster intermediate 30 min
Launch Lab ↗

Opens in Killercoda in a new tab

Complexity: [QUICK] - Orientation and strategy

Time to Complete: 20-30 minutes

Prerequisites: CKA curriculum completed (recommended) or Kubernetes fundamentals

Learning Outcomes

Section titled “Learning Outcomes”

After completing this module, you will be able to:

  • Explain the CKAD exam structure, domains, and how it differs from CKA
  • Create a personalized study plan based on domain weights and your existing strengths
  • Deploy a practice environment with all tools needed for CKAD preparation
  • Debug common exam-environment pitfalls such as context switching and time management

Why This Module Matters

Section titled “Why This Module Matters”

The CKAD (Certified Kubernetes Application Developer) certification proves you can design, build, configure, and expose cloud-native applications for Kubernetes. Unlike the CKA which focuses on cluster administration, the CKAD is all about the developer experience—how to package, deploy, debug, and run applications.

If you’ve completed the CKA curriculum, you already know about 60% of what’s on the CKAD. This certification takes that foundation and zooms in on the developer-facing aspects: multi-container pod patterns, probes, Jobs, debugging, and API deprecation awareness.

The Chef vs Restaurant Manager Analogy

CKA is like being a restaurant manager—you ensure the kitchen works (cluster), the staff is scheduled (nodes), supplies are stocked (storage), and customers can reach you (networking). CKAD is like being the chef—you focus on creating the dishes (applications), getting ingredients (configuration), timing everything perfectly (probes), and handling special orders (Jobs). Both need to understand the kitchen, but from different perspectives.

CKAD vs CKA: Key Differences

Section titled “CKAD vs CKA: Key Differences”
AspectCKACKAD
FocusCluster administrationApplication development
PerspectiveOps/Platform teamDev/Application team
Exam Duration2 hours2 hours
Passing Score66%66%
Questions~15-20 tasks~15-20 tasks
ClustersMultiple contextsMultiple contexts

What’s Shared (~60%)

Section titled “What’s Shared (~60%)”

If you did the CKA, you can breeze through:

  • Pods, Deployments, ReplicaSets
  • Services (ClusterIP, NodePort, LoadBalancer)
  • ConfigMaps and Secrets
  • PersistentVolumes and PersistentVolumeClaims
  • Basic Networking and NetworkPolicies
  • Helm and Kustomize basics
  • RBAC fundamentals

Pause and predict: You already know ~60% of CKAD content from CKA. Before looking at the table below, list three topics you think the CKAD emphasizes MORE than the CKA. Then check your intuition against the comparison.

What’s New/Emphasized in CKAD

Section titled “What’s New/Emphasized in CKAD”

The CKAD puts extra weight on developer-specific topics:

TopicCKA CoverageCKAD Coverage
Multi-container podsMentionedDeep focus
Init containersMentionedEssential skill
Probes (liveness/readiness/startup)BasicDetailed
Jobs & CronJobsCoveredDeveloper focus
Container image buildingNot coveredImportant
API deprecationsNot coveredExam topic
Debugging applicationsFrom admin viewFrom dev view
Deployment strategiesRolling updatesBlue/green, canary

CKAD Exam Domains (2025)

Section titled “CKAD Exam Domains (2025)”

The exam is divided into five weighted domains:

┌──────────────────────────────────────────────────────────────────┐
│                    CKAD Exam Breakdown                           │
├──────────────────────────────────────────────────────────────────┤
│                                                                  │
│  ┌──────────────────────────────────────────────────────────┐   │
│  │ Application Environment, Configuration & Security   25%  │   │
│  └──────────────────────────────────────────────────────────┘   │
│                                                                  │
│  ┌────────────────────────────┐ ┌───────────────────────────┐   │
│  │ Application Design & Build │ │ Application Deployment    │   │
│  │            20%             │ │           20%             │   │
│  └────────────────────────────┘ └───────────────────────────┘   │
│                                                                  │
│  ┌────────────────────────────┐ ┌───────────────────────────┐   │
│  │ Services & Networking      │ │ Observability/Maintenance │   │
│  │            20%             │ │           15%             │   │
│  └────────────────────────────┘ └───────────────────────────┘   │
│                                                                  │
└──────────────────────────────────────────────────────────────────┘

Domain 1: Application Design and Build (20%)

Section titled “Domain 1: Application Design and Build (20%)”
  • Define, build, and modify container images
  • Jobs and CronJobs
  • Multi-container pod design patterns
  • Utilize persistent and ephemeral volumes

Domain 2: Application Deployment (20%)

Section titled “Domain 2: Application Deployment (20%)”
  • Deployments and rolling updates/rollbacks
  • Use Helm package manager
  • Use Kustomize
  • Understand deployment strategies (blue/green, canary)

Domain 3: Application Observability and Maintenance (15%)

Section titled “Domain 3: Application Observability and Maintenance (15%)”
  • Understand API deprecations
  • Implement probes and health checks
  • Use built-in CLI tools to monitor applications
  • Utilize container logs
  • Debug in Kubernetes

Domain 4: Application Environment, Configuration and Security (25%)

Section titled “Domain 4: Application Environment, Configuration and Security (25%)”
  • Discover and use CRDs
  • Use ConfigMaps and Secrets
  • Understand ServiceAccounts
  • Understand application resource requirements
  • Create and use SecurityContexts

Domain 5: Services and Networking (20%)

Section titled “Domain 5: Services and Networking (20%)”
  • Demonstrate understanding of Services and NetworkPolicies
  • Expose applications using Services
  • Use Ingress rules to expose applications

The Three-Pass Strategy (Same as CKA)

Section titled “The Three-Pass Strategy (Same as CKA)”

Time is your enemy. The same strategy applies:

┌─────────────────────────────────────────────────────────────────┐
│                    CKAD Three-Pass Method                       │
├─────────────────────────────────────────────────────────────────┤
│                                                                 │
│  Pass 1: Quick Wins (40-50 min)                                │
│  ┌─────────────────────────────────────────────────────────┐   │
│  │ • Create pod/deployment/service (imperative commands)   │   │
│  │ • Add labels, annotations                               │   │
│  │ • Expose a deployment                                   │   │
│  │ • Simple ConfigMap/Secret creation                      │   │
│  └─────────────────────────────────────────────────────────┘   │
│                                                                 │
│  Pass 2: Medium Tasks (40-50 min)                              │
│  ┌─────────────────────────────────────────────────────────┐   │
│  │ • Add probes to pods                                    │   │
│  │ • Create multi-container pods                           │   │
│  │ • Jobs and CronJobs                                     │   │
│  │ • Network policies                                      │   │
│  └─────────────────────────────────────────────────────────┘   │
│                                                                 │
│  Pass 3: Complex Tasks (20-30 min)                             │
│  ┌─────────────────────────────────────────────────────────┐   │
│  │ • Debugging failing applications                        │   │
│  │ • Complex multi-container patterns                      │   │
│  │ • Helm charts with values                               │   │
│  │ • Troubleshooting scenarios                             │   │
│  └─────────────────────────────────────────────────────────┘   │
│                                                                 │
└─────────────────────────────────────────────────────────────────┘

Stop and think: The three-pass strategy says to tackle “quick wins” first. Which of these tasks would you classify as a quick win vs a medium task: creating a NetworkPolicy, running a pod with a specific image, adding a sidecar container, exposing a deployment? Categorize them before reading the speed tips.

CKAD-Specific Speed Tips

Section titled “CKAD-Specific Speed Tips”

  1. Master imperative commands for common tasks:

    Terminal window
    # These should be muscle memory
    k run nginx --image=nginx
    k create deploy web --image=nginx --replicas=3
    k expose deploy web --port=80 --target-port=8080
    k create job backup --image=busybox -- /bin/sh -c "echo done"
    k create cronjob cleanup --image=busybox --schedule="*/5 * * * *" -- /bin/sh -c "echo cleanup"

  2. Know the —dry-run pattern for YAML generation:

    Terminal window
    k run nginx --image=nginx --dry-run=client -o yaml > pod.yaml

  3. Memorize probe syntax—you’ll add them repeatedly:

    livenessProbe:
      httpGet:
        path: /healthz
        port: 8080
      initialDelaySeconds: 5
      periodSeconds: 10

  4. Practice multi-container pod patterns until they’re automatic

What You’ll Learn in This Curriculum

Section titled “What You’ll Learn in This Curriculum”

Part 0: Environment Setup (This Part)

Section titled “Part 0: Environment Setup (This Part)”
  • CKAD overview and exam strategy
  • Developer workflow optimization

Part 1: Application Design and Build (20%)

Section titled “Part 1: Application Design and Build (20%)”
  • Container images
  • Jobs and CronJobs (developer perspective)
  • Multi-container pod patterns (sidecar, init, ambassador)
  • Volumes for developers

Part 2: Application Deployment (20%)

Section titled “Part 2: Application Deployment (20%)”
  • Deployments deep dive
  • Helm for developers
  • Kustomize for developers
  • Deployment strategies

Part 3: Application Observability and Maintenance (15%)

Section titled “Part 3: Application Observability and Maintenance (15%)”
  • Probes (liveness, readiness, startup)
  • Container logging
  • Debugging applications
  • API deprecations

Part 4: Application Environment, Configuration and Security (25%)

Section titled “Part 4: Application Environment, Configuration and Security (25%)”
  • ConfigMaps and Secrets (advanced patterns)
  • ServiceAccounts for applications
  • Resource management
  • SecurityContexts
  • Working with CRDs

Part 5: Services and Networking (20%)

Section titled “Part 5: Services and Networking (20%)”
  • Service types and patterns
  • Ingress
  • NetworkPolicies for applications

Part 6: Mock Exams

Section titled “Part 6: Mock Exams”
  • Timed practice scenarios
  • Speed drills

Did You Know?

Section titled “Did You Know?”

  • CKAD was the first Kubernetes certification (launched 2017), followed by CKA later that year. It was designed specifically for developers who deploy to Kubernetes but don’t manage clusters.

  • The CKAD pass rate is slightly higher than CKA because developers often find the hands-on format more intuitive—it mirrors their daily work of creating and debugging applications.

  • Multi-container pods are a CKAD signature topic. While CKA mentions them, CKAD expects you to implement sidecar, init, and ambassador patterns from memory. You’ll see at least 2-3 questions requiring this skill.

Common Mistakes

Section titled “Common Mistakes”
MistakeWhy It HurtsSolution
Focusing too much on cluster adminCKAD tests app dev, not cluster setupReview domain weights above
Ignoring init containersThey appear in ~15% of questionsPractice until automatic
Not knowing probe syntaxYou’ll add probes to multiple podsMemorize the YAML structure
Skipping Jobs/CronJobsThey’re weighted heavilyPractice all Job patterns
Only using kubectl applyImperative commands save timeLearn kubectl create/run

Quick Reference: CKAD vs CKA Commands

Section titled “Quick Reference: CKAD vs CKA Commands”

Commands you’ll use more in CKAD:

Terminal window
# Jobs and CronJobs
k create job myjob --image=busybox -- echo "hello"
k create cronjob mycron --schedule="* * * * *" --image=busybox -- date


# Generate multi-container pod YAML
k run multi --image=nginx --dry-run=client -o yaml > multi.yaml
# Then edit to add sidecar


# Debugging
k logs pod-name -c container-name
k exec -it pod-name -c container-name -- sh
k debug pod-name --image=busybox --target=container-name


# Quick testing
k run test --image=busybox --rm -it --restart=Never -- wget -qO- http://service

Stop and think: You spend your first 30 minutes on complex debugging tasks and leave simple pod creation for the end. How would that affect your score compared to using the three-pass method?

Quiz

Section titled “Quiz”

  1. You have just started the CKAD exam. You have 2 hours and 17 tasks to complete. A colleague previously suggested spending equal time on each task (about 7 minutes per task) and working through them sequentially. Why is this a poor strategy for this specific exam, and how should you approach the task list instead to maximize your chances of passing?

    Answer Equal time allocation is a poor strategy because exam tasks vary significantly in both complexity and their point value. If you spend 10 minutes struggling with a low-point complex debugging task early on, you might run out of time to complete several high-point, simple tasks later in the exam. Instead, you should employ a three-pass strategy where you tackle quick-win tasks first, regardless of their domain or sequence. This approach ensures you secure easy points early, builds your confidence, and leaves the remaining time dedicated entirely to the more complex, time-consuming challenges without the pressure of unfinished easy tasks.

  2. A platform engineer on your team just passed the CKA certification. They are now tasked with mentoring junior application developers on Kubernetes best practices and assume their CKA knowledge is sufficient. As someone studying for the CKAD, what specific developer-centric topics would you warn the platform engineer that they need to learn to effectively mentor the developers?

    Answer While the platform engineer understands cluster administration, they likely lack deep knowledge of multi-container pod patterns such as sidecars, init containers, and ambassadors, which are essential for developer workflows but barely covered in the CKA. Furthermore, they need to study application-level deployment strategies, such as blue/green and canary deployments, which go beyond the basic rolling updates. Finally, the CKAD heavily emphasizes application observability from a developer's perspective, including detailed probe configurations and API deprecation awareness. Mentoring developers requires understanding how to build and debug applications within the cluster, not just how to maintain the cluster infrastructure itself.

  3. During the CKAD exam, you encounter a heavily weighted task requiring you to design a pod with an init container that waits for a database, a main container running the primary application, and a sidecar container shipping logs to a central server. You estimate it will take you 8-10 minutes to write and troubleshoot the YAML. You have 45 minutes left in the exam and 5 tasks remaining. What is the most strategic course of action?

    Answer The most strategic action is to skip this complex multi-container task for now and immediately scan the remaining four tasks for quicker wins. Multi-container patterns with multiple distinct responsibilities are typically Pass 3 material and are prone to syntax errors that consume valuable troubleshooting time. With 45 minutes and 5 tasks left, you likely have simpler, imperative-driven tasks available that yield more points per minute of effort. You should complete those simpler tasks first to secure their points, and then return to this complex pod design with whatever time remains.

  4. Your organization is adopting a “shift-left” security and configuration model, requiring application developers to define their own resource constraints, secure their pod environments, and manage their own application configuration via Kubernetes native resources. A junior developer is studying for the CKAD and asks which exam domain is most relevant to this new company policy. Which domain should they prioritize, and why?

    Answer The junior developer should heavily prioritize the "Application Environment, Configuration and Security" domain, which accounts for 25% of the exam weight. This domain directly addresses the shift-left model by testing the developer's ability to use ConfigMaps and Secrets to decouple configuration from container images. Furthermore, it covers how to define application resource requirements to prevent node starvation and how to implement SecurityContexts and ServiceAccounts to restrict pod privileges. Mastering this specific domain is crucial because it bridges the gap between writing application code and securely operating that code within a shared Kubernetes cluster environment.

Hands-On Exercise

Section titled “Hands-On Exercise”

Task: Verify you have the CKA fundamentals needed for CKAD.

Success Criteria: Complete these tasks in under 5 minutes total:

Terminal window
# 1. Create a deployment with 3 replicas
k create deploy ckad-test --image=nginx --replicas=3


# 2. Expose it as a ClusterIP service
k expose deploy ckad-test --port=80


# 3. Create a ConfigMap
k create configmap app-config --from-literal=env=production


# 4. Create a Secret
k create secret generic app-secret --from-literal=password=secret123


# 5. Verify everything
k get deploy,svc,cm,secret | grep ckad

If you struggled with any of these, review the relevant CKA modules before continuing.

Cleanup:

Terminal window
k delete deploy ckad-test
k delete svc ckad-test
k delete cm app-config
k delete secret app-secret

Practice Drills

Section titled “Practice Drills”

Drill 1: Imperative Speed Test (Target: 3 minutes)

Section titled “Drill 1: Imperative Speed Test (Target: 3 minutes)”

Create the following resources using only imperative commands (no YAML files):

Terminal window
# 1. Pod named 'web' with nginx image
k run web --image=nginx


# 2. Deployment named 'api' with 2 replicas of httpd
k create deploy api --image=httpd --replicas=2


# 3. Service exposing the api deployment on port 8080
k expose deploy api --port=8080 --target-port=80


# 4. Job named 'backup' that runs busybox and echoes "done"
k create job backup --image=busybox -- echo "done"


# 5. CronJob named 'hourly' running every hour
k create cronjob hourly --image=busybox --schedule="0 * * * *" -- date


# Verify
k get pod,deploy,svc,job,cronjob


# Cleanup
k delete pod web
k delete deploy api
k delete svc api
k delete job backup
k delete cronjob hourly

Drill 2: YAML Generation (Target: 2 minutes)

Section titled “Drill 2: YAML Generation (Target: 2 minutes)”

Generate YAML templates using —dry-run:

Terminal window
# Generate pod YAML
k run nginx --image=nginx --dry-run=client -o yaml > /tmp/pod.yaml


# Generate deployment YAML
k create deploy web --image=nginx --dry-run=client -o yaml > /tmp/deploy.yaml


# Generate service YAML
k create svc clusterip mysvc --tcp=80:80 --dry-run=client -o yaml > /tmp/svc.yaml


# Verify files exist and are valid
cat /tmp/pod.yaml | head -10
cat /tmp/deploy.yaml | head -10

Drill 3: Context Switching (Target: 2 minutes)

Section titled “Drill 3: Context Switching (Target: 2 minutes)”

The CKAD exam uses multiple cluster contexts. Practice switching:

Terminal window
# List available contexts
k config get-contexts


# Switch context (use your actual context names)
k config use-context kind-kind


# Verify current context
k config current-context


# Quick shortcut: set namespace for context
k config set-context --current --namespace=default

Drill 4: Probe Syntax Memorization (Target: 3 minutes)

Section titled “Drill 4: Probe Syntax Memorization (Target: 3 minutes)”

Write probe YAML from memory—you’ll need this repeatedly:

Terminal window
# Create a pod YAML with all three probe types
cat << 'EOF' > /tmp/probed-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: probed-app
spec:
  containers:
  - name: app
    image: nginx
    ports:
    - containerPort: 80
    livenessProbe:
      httpGet:
        path: /
        port: 80
      initialDelaySeconds: 5
      periodSeconds: 10
    readinessProbe:
      httpGet:
        path: /
        port: 80
      initialDelaySeconds: 3
      periodSeconds: 5
    startupProbe:
      httpGet:
        path: /
        port: 80
      failureThreshold: 30
      periodSeconds: 10
EOF


# Apply and verify
k apply -f /tmp/probed-pod.yaml
k describe pod probed-app | grep -A5 "Liveness\|Readiness\|Startup"


# Cleanup
k delete pod probed-app

Drill 5: Multi-Container Pattern Recognition (Target: 2 minutes)

Section titled “Drill 5: Multi-Container Pattern Recognition (Target: 2 minutes)”

Identify which pattern each scenario requires:

Scenario 1: Download config before app starts
Answer: Init container


Scenario 2: Ship logs to Elasticsearch alongside main app
Answer: Sidecar


Scenario 3: Wait for database to be ready
Answer: Init container


Scenario 4: Proxy database connections through localhost
Answer: Ambassador


Scenario 5: Monitor and reload config on change
Answer: Sidecar

Drill 6: Domain Weight Recall (Target: 1 minute)

Section titled “Drill 6: Domain Weight Recall (Target: 1 minute)”

Without looking, write down the five CKAD domains and their weights:

1. Application Design and Build - 20%
2. Application Deployment - 20%
3. Application Observability and Maintenance - 15%
4. Application Environment, Configuration and Security - 25%
5. Services and Networking - 20%

Verify your answers match the domain breakdown above. This helps you prioritize study time.

Next Module

Section titled “Next Module”

Module 0.2: Developer Workflow - Optimize your kubectl patterns for CKAD speed.