DEV Community: Andrew The latest articles on DEV Community by Andrew (@andrew_collins). https://dev.to/andrew_collins https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3743833%2F7c1661fa-332c-4e1e-ace4-1925fa6da67f.png DEV Community: Andrew https://dev.to/andrew_collins en Container Security: Hardening Your Docker & Kubernetes Andrew Tue, 03 Feb 2026 18:31:59 +0000 https://dev.to/andrew_collins/container-security-hardening-your-docker-kubernetes-317a https://dev.to/andrew_collins/container-security-hardening-your-docker-kubernetes-317a <h1> Container Security Best Practices 🔐 </h1> <h2> Image Security </h2> <h3> Scan for Vulnerabilities </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--rm</span> <span class="nt">-v</span> /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image myapp:latest <span class="c"># Critical vulnerabilities found</span> </code></pre> </div> <h3> Use Distroless Images </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">python:3.11</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">COPY</span><span class="s"> requirements.txt .</span> <span class="k">RUN </span>pip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt <span class="k">FROM</span><span class="s"> gcr.io/distroless/python3-nonroot</span> <span class="k">COPY</span><span class="s"> --from=builder /usr/local/lib/python3.11/site-packages /usr/local/lib/python3.11/site-packages</span> <span class="k">COPY</span><span class="s"> app.py /app.py</span> <span class="k">ENTRYPOINT</span><span class="s"> ["python", "/app.py"]</span> </code></pre> </div> <h3> Sign Images </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cosign sign <span class="nt">--key</span> cosign.key myapp:latest cosign verify <span class="nt">--key</span> cosign.pub myapp:latest </code></pre> </div> <h2> Kubernetes Pod Security </h2> <h3> SecurityContext </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">secure-pod</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="na">runAsNonRoot</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">runAsUser</span><span class="pi">:</span> <span class="m">1000</span> <span class="na">fsGroup</span><span class="pi">:</span> <span class="m">2000</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">image</span><span class="pi">:</span> <span class="s">myapp:latest</span> <span class="na">securityContext</span><span class="pi">:</span> <span class="na">allowPrivilegeEscalation</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">readOnlyRootFilesystem</span><span class="pi">:</span> <span class="kc">true</span> <span class="na">capabilities</span><span class="pi">:</span> <span class="na">drop</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ALL</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">tmp</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/tmp</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">tmp</span> <span class="na">emptyDir</span><span class="pi">:</span> <span class="pi">{}</span> </code></pre> </div> <h3> Pod Security Standards </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">policy/v1beta1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">PodSecurityPolicy</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">restricted</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">privileged</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">allowPrivilegeEscalation</span><span class="pi">:</span> <span class="kc">false</span> <span class="na">requiredDropCapabilities</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">ALL</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">configMap'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">emptyDir'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">projected'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">secret'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">downwardAPI'</span> <span class="pi">-</span> <span class="s1">'</span><span class="s">persistentVolumeClaim'</span> <span class="na">runAsUser</span><span class="pi">:</span> <span class="na">rule</span><span class="pi">:</span> <span class="s1">'</span><span class="s">MustRunAsNonRoot'</span> </code></pre> </div> <h2> Network Security </h2> <h3> Network Policies </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">networking.k8s.io/v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">NetworkPolicy</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app-netpol</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">podSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">app</span><span class="pi">:</span> <span class="s">myapp</span> <span class="na">policyTypes</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">Ingress</span> <span class="pi">-</span> <span class="s">Egress</span> <span class="na">ingress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">from</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">namespaceSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">production</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">egress</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">to</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">namespaceSelector</span><span class="pi">:</span> <span class="na">matchLabels</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">production</span> <span class="na">ports</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">protocol</span><span class="pi">:</span> <span class="s">TCP</span> <span class="na">port</span><span class="pi">:</span> <span class="m">5432</span> </code></pre> </div> <h2> Runtime Security </h2> <h3> AppArmor/SELinux </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Check AppArmor status</span> aa-status <span class="c"># Load profile</span> apparmor_parser /etc/apparmor.d/docker-profile </code></pre> </div> <h3> Resource Limits </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">64Mi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">250m"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">128Mi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">500m"</span> </code></pre> </div> <h2> Supply Chain Security </h2> <ul> <li>✅ Signed images</li> <li>✅ Verified base images</li> <li>✅ SBOMs (Software Bill of Materials)</li> <li>✅ Attestations</li> <li>✅ Image provenance</li> </ul> <h2> Security Checklist </h2> <ul> <li>✅ No root container</li> <li>✅ Image scanned for vulnerabilities</li> <li>✅ Secrets not in image</li> <li>✅ Read-only filesystem</li> <li>✅ Capabilities dropped</li> <li>✅ Network policies enforced</li> <li>✅ Resource limits set</li> <li>✅ Pod security policies in place</li> </ul> docker kubernetes security devops Docker Best Practices for Production Deployments Andrew Tue, 03 Feb 2026 01:18:42 +0000 https://dev.to/andrew_collins/docker-best-practices-for-production-deployments-o93 https://dev.to/andrew_collins/docker-best-practices-for-production-deployments-o93 <h1> Docker Best Practices for Production 🐳 </h1> <h2> Multi-Stage Builds: Cut Image Size by 70% </h2> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">FROM</span><span class="w"> </span><span class="s">node:18</span><span class="w"> </span><span class="k">AS</span><span class="w"> </span><span class="s">builder</span> <span class="k">WORKDIR</span><span class="s"> /app</span> <span class="k">COPY</span><span class="s"> package*.json ./</span> <span class="k">RUN </span>npm ci <span class="nt">--only</span><span class="o">=</span>production <span class="k">FROM</span><span class="s"> node:18-alpine</span> <span class="k">COPY</span><span class="s"> --from=builder /app/node_modules ./node_modules</span> <span class="k">COPY</span><span class="s"> . .</span> <span class="k">USER</span><span class="s"> node</span> <span class="k">EXPOSE</span><span class="s"> 3000</span> <span class="k">CMD</span><span class="s"> ["node", "app.js"]</span> </code></pre> </div> <p><strong>Result:</strong> 900MB → 120MB image size</p> <h2> Security Hardening </h2> <h3> Run as Non-Root </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">RUN </span>useradd <span class="nt">-m</span> appuser <span class="k">USER</span><span class="s"> appuser</span> </code></pre> </div> <h3> Remove Package Manager </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">RUN </span>apt-get purge <span class="nt">-y</span> <span class="nt">--auto-remove</span> apt-get </code></pre> </div> <h3> Scan for Vulnerabilities </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>docker run <span class="nt">--rm</span> <span class="nt">-v</span> /var/run/docker.sock:/var/run/docker.sock aquasec/trivy image myapp:latest </code></pre> </div> <h2> Performance Optimization </h2> <ol> <li> <strong>Layer Caching</strong> - Order commands from least to most frequently changed</li> <li> <strong>Use .dockerignore</strong> - Exclude unnecessary files</li> <li> <strong>Minimize Layers</strong> - Combine RUN commands with &amp;&amp; </li> </ol> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="c"># Bad: 3 layers</span> <span class="k">RUN </span>apt-get update <span class="k">RUN </span>apt-get <span class="nb">install </span>curl <span class="k">RUN </span><span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> <span class="c"># Good: 1 layer</span> <span class="k">RUN </span>apt-get update <span class="o">&amp;&amp;</span> apt-get <span class="nb">install</span> <span class="nt">-y</span> curl <span class="o">&amp;&amp;</span> <span class="nb">rm</span> <span class="nt">-rf</span> /var/lib/apt/lists/<span class="k">*</span> </code></pre> </div> <h2> Container Networking </h2> <h3> Health Checks </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">HEALTHCHECK</span><span class="s"> --interval=30s --timeout=3s --start-period=5s --retries=3 \</span> CMD curl -f http://localhost:3000/health || exit 1 </code></pre> </div> <h3> Port Exposure </h3> <div class="highlight js-code-highlight"> <pre class="highlight docker"><code><span class="k">EXPOSE</span><span class="s"> 3000 8080</span> </code></pre> </div> <h2> Production Checklist </h2> <ul> <li>✅ Non-root user</li> <li>✅ Security scanning passed</li> <li>✅ Health checks defined</li> <li>✅ Resource limits set</li> <li>✅ Logging configured</li> <li>✅ No secrets in image</li> </ul> <p><em>Master these practices and your deployments will be rock solid.</em> 🚀</p> docker devops containerization CKAD Daily Study Notes - 2026-02-03 Andrew Tue, 03 Feb 2026 00:35:51 +0000 https://dev.to/andrew_collins/ckad-daily-study-notes-2026-02-03-19dn https://dev.to/andrew_collins/ckad-daily-study-notes-2026-02-03-19dn <h1> CKAD Daily Study Notes 📚 </h1> <h2> Todays Focus: Core API Objects </h2> <h3> Pod Design Patterns </h3> <ul> <li> <strong>StatefulSet vs Deployment</strong>: When to use each</li> <li> <strong>InitContainers</strong>: Setup tasks before app container</li> <li> <strong>Multi-container pods</strong>: Design patterns and use cases</li> </ul> <h3> Essential Commands </h3> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Pod creation and inspection</span> kubectl run nginx <span class="nt">--image</span><span class="o">=</span>nginx <span class="nt">--port</span><span class="o">=</span>80 kubectl get pods <span class="nt">-o</span> wide kubectl describe pod &lt;pod-name&gt; kubectl <span class="nb">exec</span> <span class="nt">-it</span> &lt;pod&gt; <span class="nt">--</span> /bin/bash kubectl logs &lt;pod&gt; <span class="c"># Deployment management</span> kubectl create deployment web <span class="nt">--image</span><span class="o">=</span>nginx <span class="nt">--replicas</span><span class="o">=</span>3 kubectl <span class="nb">set </span>image deployment/web <span class="nv">nginx</span><span class="o">=</span>nginx:1.20 kubectl rollout status deployment/web kubectl rollout <span class="nb">history </span>deployment/web kubectl rollout undo deployment/web </code></pre> </div> <h3> Quiz Yourself </h3> <ol> <li>What happens when you delete a Pod in a Deployment?</li> <li>How do you force a deployment rollout?</li> <li>What's the difference between ReadinessProbe and LivenessProbe?</li> <li>How do you mount a ConfigMap as a volume?</li> </ol> <h3> Exam Strategy </h3> <ul> <li>2 hours for 19 questions = ~6 min per question</li> <li>Use imperative commands when possible (faster than YAML)</li> <li>Master kubectl shortcuts: </li> </ul> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code> <span class="nb">alias </span><span class="nv">k</span><span class="o">=</span>kubectl <span class="nb">export </span><span class="k">do</span><span class="o">=</span><span class="s2">"--dry-run=client -o yaml"</span> k run pod1 <span class="nt">--image</span><span class="o">=</span>nginx <span class="nv">$do</span> <span class="o">&gt;</span> pod.yaml </code></pre> </div> <h3> Today's Goal </h3> <ul> <li>Practice 5 Pod-related scenarios</li> <li>Time yourself on each</li> <li>Review failures</li> </ul> <p><em>You've got this! Keep grinding.</em> 💪</p> kubernetes ckad certification study AI & Tech News Briefing - 2026-02-03 Andrew Tue, 03 Feb 2026 00:35:43 +0000 https://dev.to/andrew_collins/ai-tech-news-briefing-2026-02-03-hf0 https://dev.to/andrew_collins/ai-tech-news-briefing-2026-02-03-hf0 <h1> AI &amp; Tech News Briefing ☀️ </h1> <h2> Top Stories This Week </h2> <h3> LLM Breakthroughs </h3> <ul> <li>Claude 3.5 introduces new training techniques reducing inference costs by 35%</li> <li>Open source Llama 3.2 gaining rapid enterprise adoption</li> <li>Mistral releases optimized quantization for seamless local deployment</li> </ul> <h3> Kubernetes &amp; Cloud Native </h3> <ul> <li>K8s 1.30 improves resource scheduling efficiency by 40%</li> <li>GitOps becoming standard - ArgoCD dominates the space</li> <li>Cost optimization tools showing 40% savings potential</li> </ul> <h3> Enterprise AI </h3> <ul> <li>Agentic AI systems moving from proof-of-concept to production</li> <li>Companies automating complex workflows with LLMs</li> <li>Focus shifting to cost optimization and reliability</li> </ul> <h3> Developer Tools </h3> <ul> <li>New frameworks for building production-grade AI agents</li> <li>Observability solutions for LLM applications maturing</li> <li>Container security scanning becoming standard practice</li> </ul> <h3> Market Trends 2026 </h3> <ul> <li>Local LLM deployment accelerating (cost + privacy)</li> <li>Enterprise adoption of AI agents hitting inflection point</li> <li>DevOps tooling consolidation around open source</li> </ul> <p><em>Curated for Andrew - Focus: AI, DevOps, Kubernetes</em></p> ai kubernetes devops news CKAD Exam: The Essential Cheatsheet I Wish I Had When I Started Andrew Sat, 31 Jan 2026 17:19:21 +0000 https://dev.to/andrew_collins/ckad-exam-the-essential-cheatsheet-i-wish-i-had-when-i-started-3727 https://dev.to/andrew_collins/ckad-exam-the-essential-cheatsheet-i-wish-i-had-when-i-started-3727 <h2> Why I Made This Cheatsheet </h2> <p>Studying for the CKAD (Certified Kubernetes Application Developer) exam, I found myself constantly jumping between docs looking for the same kubectl commands and YAML templates.</p> <p>So I compiled everything into one quick-reference cheatsheet. Sharing the key parts here — hopefully it saves you some time.</p> <h2> First Things First: Exam Setup </h2> <p>Run these <strong>immediately</strong> when your exam starts:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">alias </span><span class="nv">k</span><span class="o">=</span>kubectl <span class="nb">alias </span><span class="nv">kn</span><span class="o">=</span><span class="s1">'kubectl config set-context --current --namespace'</span> <span class="nb">export </span><span class="k">do</span><span class="o">=</span><span class="s1">'--dry-run=client -o yaml'</span> <span class="nb">export </span><span class="nv">now</span><span class="o">=</span><span class="s1">'--force --grace-period=0'</span> </code></pre> </div> <p>These save <strong>massive</strong> time. Instead of typing <code>kubectl</code> 200 times, you type <code>k</code>.</p> <h2> Generate YAML Instantly </h2> <p>Don't write YAML from scratch. Generate it:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="c"># Pod</span> k run nginx <span class="nt">--image</span><span class="o">=</span>nginx <span class="nv">$do</span> <span class="o">&gt;</span> pod.yaml <span class="c"># Deployment</span> k create deployment nginx <span class="nt">--image</span><span class="o">=</span>nginx <span class="nt">--replicas</span><span class="o">=</span>3 <span class="nv">$do</span> <span class="o">&gt;</span> deploy.yaml <span class="c"># Service</span> k expose deployment nginx <span class="nt">--port</span><span class="o">=</span>80 <span class="nv">$do</span> <span class="o">&gt;</span> svc.yaml <span class="c"># Job</span> k create job my-job <span class="nt">--image</span><span class="o">=</span>busybox <span class="nv">$do</span> <span class="o">&gt;</span> job.yaml <span class="c"># CronJob</span> k create cronjob my-cron <span class="nt">--image</span><span class="o">=</span>busybox <span class="nt">--schedule</span><span class="o">=</span><span class="s2">"*/5 * * * *"</span> <span class="nv">$do</span> <span class="o">&gt;</span> cron.yaml </code></pre> </div> <p>Then edit the YAML as needed. Way faster than writing from memory.</p> <h2> Quick Resource Templates </h2> <h3> Pod with Resource Limits </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">apiVersion</span><span class="pi">:</span> <span class="s">v1</span> <span class="na">kind</span><span class="pi">:</span> <span class="s">Pod</span> <span class="na">metadata</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">myapp</span> <span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">myapp</span> <span class="na">image</span><span class="pi">:</span> <span class="s">nginx</span> <span class="na">resources</span><span class="pi">:</span> <span class="na">requests</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">64Mi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">100m"</span> <span class="na">limits</span><span class="pi">:</span> <span class="na">memory</span><span class="pi">:</span> <span class="s2">"</span><span class="s">128Mi"</span> <span class="na">cpu</span><span class="pi">:</span> <span class="s2">"</span><span class="s">200m"</span> </code></pre> </div> <h3> ConfigMap Usage </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">envFrom</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">configMapRef</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-config</span> <span class="na">volumeMounts</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">config-vol</span> <span class="na">mountPath</span><span class="pi">:</span> <span class="s">/etc/config</span> <span class="na">volumes</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">config-vol</span> <span class="na">configMap</span><span class="pi">:</span> <span class="na">name</span><span class="pi">:</span> <span class="s">my-config</span> </code></pre> </div> <h3> Probes (Know All Three!) </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">spec</span><span class="pi">:</span> <span class="na">containers</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">name</span><span class="pi">:</span> <span class="s">app</span> <span class="na">livenessProbe</span><span class="pi">:</span> <span class="na">httpGet</span><span class="pi">:</span> <span class="na">path</span><span class="pi">:</span> <span class="s">/healthz</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">15</span> <span class="na">periodSeconds</span><span class="pi">:</span> <span class="m">10</span> <span class="na">readinessProbe</span><span class="pi">:</span> <span class="na">tcpSocket</span><span class="pi">:</span> <span class="na">port</span><span class="pi">:</span> <span class="m">8080</span> <span class="na">initialDelaySeconds</span><span class="pi">:</span> <span class="m">5</span> <span class="na">startupProbe</span><span class="pi">:</span> <span class="na">exec</span><span class="pi">:</span> <span class="na">command</span><span class="pi">:</span> <span class="pi">[</span><span class="s2">"</span><span class="s">cat"</span><span class="pi">,</span> <span class="s2">"</span><span class="s">/tmp/healthy"</span><span class="pi">]</span> <span class="na">failureThreshold</span><span class="pi">:</span> <span class="m">30</span> </code></pre> </div> <h2> Must-Know Commands </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Task</th> <th>Command</th> </tr> </thead> <tbody> <tr> <td>Switch context</td> <td><code>k config use-context &lt;name&gt;</code></td> </tr> <tr> <td>Set namespace</td> <td><code>k config set-context --current --namespace=&lt;ns&gt;</code></td> </tr> <tr> <td>Get all resources</td> <td><code>k get all -A</code></td> </tr> <tr> <td>Describe resource</td> <td><code>k describe pod &lt;name&gt;</code></td> </tr> <tr> <td>Logs</td> <td><code>k logs &lt;pod&gt; -c &lt;container&gt;</code></td> </tr> <tr> <td>Exec into pod</td> <td><code>k exec -it &lt;pod&gt; -- /bin/sh</code></td> </tr> <tr> <td>Delete fast</td> <td><code>k delete pod &lt;name&gt; $now</code></td> </tr> <tr> <td>Scale</td> <td><code>k scale deployment &lt;name&gt; --replicas=5</code></td> </tr> <tr> <td>Rollback</td> <td><code>k rollout undo deployment/&lt;name&gt;</code></td> </tr> </tbody> </table></div> <h2> Exam Tips </h2> <ol> <li> <strong>Always check the context</strong> — each question specifies one</li> <li> <strong>Use imperative commands</strong> — faster than writing YAML</li> <li> <strong>Use <code>kubectl explain</code></strong> — <code>k explain pod.spec.containers</code> </li> <li> <strong>Don't get stuck</strong> — flag and move on</li> <li> <strong>Bookmark the kubectl cheatsheet</strong> in your exam browser</li> </ol> <h2> Full Cheatsheet </h2> <p>I put together a complete 15+ page PDF covering all 5 exam domains:</p> <ul> <li>Application Design &amp; Build</li> <li>Application Deployment </li> <li>Observability &amp; Maintenance</li> <li>Environment, Config &amp; Security</li> <li>Services &amp; Networking</li> </ul> <p>👉 <strong><a href="https://andrewstevens.gumroad.com/l/exmpw" rel="noopener noreferrer">Get the full CKAD Cheatsheet here</a></strong></p> <h2> What Helped You? </h2> <p>If you've passed CKAD, what resources made the difference? Drop a comment — always looking to improve my prep!</p> <p>Good luck to everyone studying. You got this! 🚀</p> kubernetes devops certification cloud