🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
CKAD
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
CKAD Cloud Native Computing Foundation (CNCF) / Linux Foundation Coming Soon

CKAD Certified Kubernetes® Application Developer

The Certified Kubernetes Application Developer program teaches developers how to design, build, deploy, and secure containerized applications on Kubernetes, emphasizing best‑practice patterns and observability to deliver reliable, scalable services.

120
Minutes
66/100
Passing Score
$395
Exam Cost
3
Languages

Who Should Take This

Software engineers, DevOps specialists, and cloud developers who have at least one year of experience writing code for containerized environments and want to validate their ability to create production‑grade Kubernetes applications should take this exam. They aim to deepen their design, deployment, and security skills to advance their careers.

What's Covered

1 Define, build, and modify container images. Choose and use the right workload resource (Deployment, Job, CronJob). Understand multi-container pod design patterns.
2 Use Kubernetes primitives to implement common deployment strategies. Use Helm and Kustomize for templated deployments.
3 Understand API deprecations. Implement probes and health checks. Use built-in CLI tools to monitor and debug applications.
4 Use ConfigMaps, Secrets, and SecurityContexts. Understand ServiceAccounts. Manage compute resource requirements.
5 Demonstrate understanding of NetworkPolicies. Provide and troubleshoot access to applications via Services and Ingress.

Exam Structure

Question Types

  • Performance-Based Tasks In A Live Kubernetes Environment

Scoring Method

Percentage-based, 66% to pass. Tasks scored on correct end-state.

Delivery Method

Online proctored via PSI, live Kubernetes environment with browser-based terminal

Recertification

Valid for 2 years. Recertify by passing the current exam version.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

66 learning goals
1 Application Design and Build
3 topics

Container Images and Dockerfiles

  • Describe the OCI container image specification and explain how container layers, base images, and tags affect image size and build reproducibility
  • Implement multi-stage Dockerfiles to build optimized container images that separate build dependencies from runtime artifacts
  • Configure image pull policies including Always, IfNotPresent, and Never and implement private registry authentication using imagePullSecrets
  • Analyze container image vulnerabilities and recommend best practices for minimizing attack surface including non-root users and distroless base images
  • Implement container image tagging strategies including semantic versioning and digest pinning to ensure deployment reproducibility and rollback capability

Workload Resources

  • Implement Deployments to manage stateless application replicas with declarative update strategies and revision history
  • Implement Jobs for batch processing with configurable completions, parallelism, backoff limits, and active deadline seconds
  • Implement CronJobs for scheduled workloads with cron syntax, concurrency policies, and failed job history retention limits
  • Analyze when to use Deployments versus StatefulSets versus DaemonSets versus Jobs based on workload characteristics and ordering requirements
  • Implement StatefulSets for stateful applications requiring stable network identities, ordered deployment, and persistent storage per replica
  • Implement DaemonSets to run exactly one pod per node for cluster-wide agents such as log collectors and monitoring exporters

Multi-Container Pod Patterns

  • Describe the sidecar, ambassador, and adapter multi-container pod design patterns and explain when each pattern is appropriate
  • Implement sidecar containers for logging, proxying, or configuration refresh that share volumes and network namespace with the main application container
  • Implement init containers to perform setup tasks including database migrations, configuration generation, and dependency health checks before application startup
  • Evaluate the trade-offs between multi-container pods and separate deployments for auxiliary functions considering resource overhead, lifecycle coupling, and operational complexity
  • Implement ambassador containers to proxy and simplify external service access from the main application container through localhost connections
  • Implement adapter containers to standardize heterogeneous log formats or metrics output from the main container for consumption by centralized monitoring systems
2 Application Deployment
2 topics

Deployment Strategies

  • Implement rolling update deployments with maxSurge and maxUnavailable parameters to achieve zero-downtime application updates
  • Implement blue-green deployment patterns using multiple Deployments and Service selector switching to enable instant rollback
  • Implement canary deployment patterns by running multiple ReplicaSets with weighted traffic distribution to validate new versions incrementally
  • Implement deployment rollbacks using kubectl rollout undo and inspect rollout history to recover from failed application updates
  • Analyze deployment strategy trade-offs including resource overhead, rollback speed, and risk exposure to recommend the appropriate strategy for a given application
  • Implement pod disruption budgets to ensure minimum availability during voluntary disruptions such as node drains and cluster upgrades

Helm and Kustomize

  • Describe Helm chart structure including Chart.yaml, values.yaml, and templates directory and explain how Helm manages releases and revisions
  • Implement Helm install, upgrade, and rollback operations to manage application lifecycle using parameterized chart values
  • Implement Kustomize overlays to customize base Kubernetes manifests for different environments without modifying original YAML files
  • Evaluate when to use Helm versus Kustomize versus raw manifests based on template complexity, environment variance, and team workflow preferences
  • Implement Helm value overrides using multiple values files and command-line set flags to customize deployments for staging and production environments
3 Application Observability and Maintenance
3 topics

Probes and Health Checks

  • Describe the three probe types including liveness, readiness, and startup probes and explain how each affects pod lifecycle and service endpoint membership
  • Implement HTTP, TCP, and exec-based probe configurations with appropriate initial delay, period, threshold, and timeout settings
  • Analyze probe misconfiguration symptoms including unnecessary restarts, premature traffic routing, and slow startup cascading failures
  • Implement startup probes for slow-starting applications to prevent liveness probe failures during initialization while maintaining fast failure detection after startup

Logging and Debugging

  • Implement kubectl logs with container selection, follow mode, previous container, and since-time options to inspect application output
  • Implement kubectl exec and kubectl debug to attach to running containers and ephemeral debug containers for interactive troubleshooting
  • Analyze pod events, container status, and resource metrics using kubectl describe and kubectl top to diagnose performance degradation
  • Implement resource monitoring using kubectl top pods and kubectl top nodes to identify memory leaks and CPU throttling in application containers
  • Analyze container restart reasons including OOMKilled, CrashLoopBackOff, and failed probes to determine root causes and implement corrective measures

API Deprecations and Versioning

  • Describe the Kubernetes API versioning scheme including alpha, beta, and stable stages and explain the deprecation policy for API resources
  • Implement manifest migrations from deprecated API versions using kubectl convert or manual updates to maintain compatibility with cluster upgrades
  • Analyze the impact of Kubernetes version upgrades on application manifests and recommend a proactive deprecation monitoring strategy
4 Application Environment, Configuration & Security
3 topics

ConfigMaps and Secrets

  • Implement ConfigMaps from literal values, files, and directories and mount them as environment variables or volume files in pod specifications
  • Implement Secrets for sensitive data including opaque, docker-registry, and TLS secret types with base64 encoding and volume mount options
  • Configure automatic ConfigMap and Secret updates in pods using volume mounts and explain why environment variable injection does not support hot-reload
  • Analyze security implications of Kubernetes Secret storage including etcd encryption at rest, RBAC restrictions, and external secret management integration
  • Implement projected volumes to combine ConfigMaps, Secrets, downward API, and service account tokens into a single volume mount for complex configuration scenarios

Security Contexts and Service Accounts

  • Implement SecurityContext settings including runAsUser, runAsNonRoot, readOnlyRootFilesystem, and capability drop/add to harden container runtime security
  • Configure ServiceAccounts for pods and explain how automounted tokens enable or restrict Kubernetes API access from within containers
  • Implement pod security standards using namespace labels to enforce restricted, baseline, or privileged security profiles across workloads
  • Analyze the principle of least privilege applied to Kubernetes workloads and evaluate security context configurations that minimize container escape risk
  • Implement role-based access control for application service accounts using Roles and RoleBindings to restrict API operations to minimum required permissions

Resource Management

  • Implement resource requests and limits for CPU and memory on containers and explain how they affect scheduling, QoS class assignment, and pod eviction priority
  • Implement LimitRanges to set default and maximum resource constraints for containers within a namespace
  • Implement ResourceQuotas to limit aggregate resource consumption including CPU, memory, and object counts per namespace
  • Analyze the impact of resource configuration on pod scheduling and eviction by comparing Guaranteed, Burstable, and BestEffort QoS classes
  • Implement horizontal pod autoscaling based on CPU utilization metrics to dynamically scale application replicas in response to load changes
5 Services & Networking
2 topics

Services and Service Discovery

  • Describe Kubernetes service types including ClusterIP, NodePort, LoadBalancer, and ExternalName and explain how label selectors associate services with backend pods
  • Implement services to expose application workloads and configure named ports, session affinity, and external traffic policies
  • Implement DNS-based service discovery to enable inter-service communication using fully qualified domain names across namespaces
  • Analyze service endpoint status and selector matching to troubleshoot connectivity failures between application components
  • Implement headless services for StatefulSets and explain how per-pod DNS records enable direct pod-to-pod communication for clustered applications

Ingress and Network Policies

  • Implement Ingress resources with host-based and path-based routing rules to expose HTTP/HTTPS applications to external traffic
  • Configure TLS termination on Ingress resources using Kubernetes TLS Secrets for secure external access to applications
  • Implement NetworkPolicy resources to restrict pod ingress and egress traffic based on pod labels, namespace selectors, and IP CIDR blocks
  • Analyze the combined effect of multiple NetworkPolicies on pod traffic flow and evaluate default-deny versus default-allow postures for application namespaces
  • Implement Ingress path type configurations including Exact, Prefix, and ImplementationSpecific and explain their matching behavior differences
  • Analyze application accessibility issues caused by missing Ingress controller, incorrect backend service references, or certificate validation failures

Hands-On Labs

15 labs ~365 min total Console Simulator

Practice in a simulated cloud console or Python code sandbox — no account needed. Each lab runs entirely in your browser.

Certification Benefits

Salary Impact

$140,000
Average Salary

Related Job Roles

Kubernetes Developer Cloud Native Developer DevOps Engineer Platform Engineer Backend Engineer

Industry Recognition

The CKAD validates hands-on Kubernetes application development skills and is widely recognized for developer-focused cloud native roles.

Scope

Included Topics

  • Certified Kubernetes Application Developer (CKAD) exam domains: application design and build (20%) including container images, Jobs, and multi-container pods; application deployment (20%) including Deployments, rolling updates, Helm, and Kustomize; application observability and maintenance (15%) including probes, logging, and debugging; application environment configuration and security (25%) including ConfigMaps, Secrets, SecurityContexts, ServiceAccounts, and resource requirements; services and networking (20%) including Services, Ingress, and NetworkPolicy. Covers Kubernetes v1.29+.

Not Covered

  • Cluster administration and kubeadm operations
  • etcd backup and restore procedures
  • Control plane component management
  • Node-level troubleshooting and kubelet configuration
  • Custom Resource Definitions and operator development
  • Service mesh configuration (Istio, Linkerd)
  • Cloud-provider-specific Kubernetes features

Official Exam Page

Learn more at Cloud Native Computing Foundation (CNCF) / Linux Foundation

Visit

CKAD is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified

Trademark Notice

Kubernetes® and the Kubernetes logo are registered trademarks of The Linux Foundation. Linux Foundation certifications (CKA, CKAD, CKS, KCNA) are issued by The Linux Foundation.

CNCF® and the Cloud Native Computing Foundation are registered trademarks of The Linux Foundation. The Linux Foundation does not endorse this product.

AccelaStudy® and Renkara® are registered trademarks of Renkara Media Group, Inc. All third-party marks are the property of their respective owners and are used for nominative identification only.