Study Guide
Certified Kubernetes Application Developer Study Guide
Use the saved domain outline to connect application design and build, application deployment and workloads, application environment, configuration, and security, services, networking, and service discovery to scenario-based questions and explanations.
How the Exam Is Structured
Certified Kubernetes Application Developer (CKAD) validates application design and build, application deployment and workloads, application environment, configuration, and security, services, networking, and service discovery. The ExamPal practice bank includes 247 premium questions and 40 free questions mapped across the official blueprint.
| Domain | Weight | Focus |
|---|---|---|
| Domain 1: Application Design and Build | 27% | Task 1.1: Define and create Pods and basic workload resources; Create Pods imperatively and declaratively using YAML manifests |
| Domain 2: Application Deployment and Workloads | 25% | Task 2.1: Create and manage Deployments; Create Deployments with replica counts, selectors, and Pod templates |
| Domain 3: Application Environment, Configuration, and Security | 18% | Task 3.1: Manage ServiceAccounts and workload identity; Create and assign ServiceAccounts to Pods and Deployments |
| Domain 4: Services, Networking, and Service Discovery | 15% | Task 4.1: Expose applications with Services; Create Services to expose Pods on stable virtual IPs and ports |
| Domain 5: Observability, Troubleshooting, and Maintenance | 15% | Task 5.1: Inspect workload health and diagnose startup issues; Use kubectl describe to identify scheduling, image, and runtime problems |
27% of exam
Domain 1: Application Design and Build
Covers core skills for designing and building Kubernetes application resources, including Pods, multi-container patterns, configuration injection, local container tooling, Helm packaging, and metadata design. This domain emphasizes creating valid manifests, validating resources, and preparing applications for deployment.
25% of exam
Domain 2: Application Deployment and Workloads
Covers workload controllers and lifecycle management, including Deployments, rollouts, Jobs, CronJobs, autoscaling, and progressive delivery patterns. This domain focuses on creating, updating, observing, and controlling application workloads.
18% of exam
Domain 3: Application Environment, Configuration, and Security
Covers workload identity, resource governance, security context settings, scheduling placement controls, and extensibility-related resources. This domain emphasizes configuring workloads safely and ensuring they comply with cluster policies and placement requirements.
15% of exam
Domain 4: Services, Networking, and Service Discovery
Covers exposing applications with Services, in-cluster communication, DNS-based discovery, backend selection, and default networking behavior. This domain focuses on how workloads communicate and how traffic is routed within the cluster.
15% of exam
Domain 5: Observability, Troubleshooting, and Maintenance
Covers diagnosing workload problems, collecting logs, executing commands for live debugging, monitoring resource state, and performing cleanup and verification. This domain emphasizes operational troubleshooting and maintaining healthy cluster resources.
Key Terms to Know
These terms are loaded from the shared terminology pack and appear across the question explanations.
- --dry-run=client
- A kubectl flag that simulates resource creation locally without submitting the object to the API server.
- --restart=Never
- A kubectl run flag that creates a standalone Pod instead of a higher-level controller such as a Deployment.
- --set
- A Helm flag used to override chart values from the command line during installation or upgrade.
- BusyBox
- A minimal container image commonly used for debugging and simple utility tasks in Kubernetes.
- ConfigMap
- A Kubernetes object used to store non-confidential configuration data as key-value pairs or files.
- CrashLoopBackOff
- A Pod state indicating that a container repeatedly starts, exits, and is backed off before restart attempts.
- Custom Resource Definition (CRD)
- An extension mechanism that adds a new custom resource type to the Kubernetes API.
- Deployment
- A Kubernetes workload resource that manages stateless application Pods and supports rolling updates and scaling.
- Egress
- Outbound network traffic from a Pod, often restricted using a NetworkPolicy.
- Helm
- A package manager for Kubernetes used to install, configure, and manage applications as charts.
- Job
- A Kubernetes workload resource designed to run Pods until a task completes successfully.
- NetworkPolicy
- A Kubernetes resource that controls allowed ingress and egress network traffic for selected Pods.
- Pod spec
- The YAML or JSON configuration section that defines how a Pod should run, including containers, probes, and restart behavior.
- Recreate
- A Deployment update strategy that deletes existing Pods before creating replacement Pods.
- ResourceQuota
- A namespace-level policy that limits aggregate resource consumption such as CPU, memory, and object counts.
- RollingUpdate
- A Deployment strategy that gradually replaces old Pods with new ones while keeping the application available.
- TTL after finished
- A Job cleanup feature that automatically deletes completed Jobs and their Pods after a specified time.
- YAML manifest
- A YAML-formatted resource definition file that declares the desired state of a Kubernetes object.
Official Materials and Guidance
This page is built from Linux Foundation official materials and ExamPal shared release pack, the shared syllabus, topic tree, terminology pack, free pack, and premium pack.
- -Guidance: Linux Foundation exam page, curriculum, handbook, simulator
- -Domain outline: Application Design/Build 20%; Deployment 20%; Observability/Maintenance 15%; Environment/Config/Security 25%; Services/Networking 20%.