Kubernetes CKAD Lab Workbook: Kubernetes CKAD Lab Workbook Certified Kubernetes Applica...

Kubernetes CKAD Lab Workbook (Certified Kubernetes Application Developer)

Build production-ready Kubernetes applications with this hands-on lab workbook for the CKAD exam. Unlike the CKA which focuses on cluster administration, the CKAD tests your ability to design, build, and deploy applications on Kubernetes. This workbook provides structured exercises covering pod design patterns, configuration management, multi-container pods, service networking, observability, and deployment strategies. Every lab is designed to be completed in the time constraints of the real exam — because the CKAD gives you just 2 hours for 15-20 tasks, and speed comes only from practice.

Key Features

• Application-focused labs aligned to the CKAD exam curriculum
• Pod design patterns including sidecar, init container, and ambassador patterns
• Configuration management with ConfigMaps, Secrets, environment variables, and volume mounts
• Service networking covering Services, Ingress, and NetworkPolicies from an app developer perspective
• Observability with readiness probes, liveness probes, startup probes, and container logging
• Deployment strategies including rolling updates, blue/green, and canary patterns
• Helm fundamentals for packaging and deploying applications
• Speed-building exercises with timed practice sessions

Study Plan

Week 1-2: Application Design and Build (20% of exam)

• Container image creation with Dockerfiles and build optimization
• Pod resource requirements, limits, and quality of service classes
• Multi-container pod patterns: sidecar, init, adapter, ambassador
• Jobs and CronJobs for batch processing
• Persistent storage with PVCs from an application perspective

Week 3-4: Application Deployment (20% of exam)

• Deployments: rolling updates, rollback, and scaling
• Blue/green and canary deployment strategies with labels
• Helm chart basics: install, upgrade, rollback, template rendering
• Kustomize for environment-specific overlays

Week 5-6: Application Observability and Maintenance (15% of exam)

• Liveness probes: HTTP, TCP, and exec probes with tuning parameters
• Readiness probes and startup probes for slow-starting containers
• Container logging: stdout/stderr, log aggregation patterns
• Debugging with kubectl exec, logs, describe, and events
• Resource monitoring and metric collection

Week 7-8: Application Environment, Configuration, and Security (25% of exam)

• ConfigMaps: creation from literals, files, and directories
• Secrets: creation, mounting as volumes, and environment variable injection
• SecurityContexts: runAsUser, runAsNonRoot, readOnlyRootFilesystem
• ServiceAccounts and RBAC from the application developer perspective
• Resource requests, limits, and LimitRanges

Week 9-10: Services and Networking (20% of exam)

• Service types: ClusterIP, NodePort, LoadBalancer, ExternalName
• Ingress resources with path-based and host-based routing
• NetworkPolicies: ingress and egress rules for application isolation
• DNS for Services and Pods within the cluster

Key Topics

Domain	Weight	Focus Areas
Application Design and Build	20%	Images, multi-container, Jobs
Application Deployment	20%	Deployments, Helm, rollouts
Observability and Maintenance	15%	Probes, logging, debugging
Configuration and Security	25%	ConfigMaps, Secrets, RBAC
Services and Networking	20%	Services, Ingress, NetworkPolicy

Practice Questions

Q1: Create a pod with two containers sharing a log file via an emptyDir volume. The main container writes logs; the sidecar streams them to stdout.

A1: Create a pod spec with two containers both mounting the same emptyDir volume at /var/log. The app container writes with echo "$(date)" >> /var/log/app.log in a loop. The log-shipper container runs tail -f /var/log/app.log. The emptyDir volume is the key — it enables sidecar patterns by sharing filesystem between containers in the same pod.

Q2: Perform a rolling update on Deployment web-app from nginx:1.24 to nginx:1.25, maintaining 75% availability.

A2:

kubectl patch deployment web-app -p '{"spec":{"strategy":{"rollingUpdate":{"maxUnavailable":"25%","maxSurge":1}}}}'
kubectl set image deployment/web-app nginx=nginx:1.25
kubectl rollout status deployment/web-app
# Rollback if needed: kubectl rollout undo deployment/web-app

Q3: Create a ConfigMap and Secret, then mount the ConfigMap as env vars and the Secret as a file volume in a pod.

A3:

kubectl create configmap app-config --from-literal=APP_MODE=production
kubectl create secret generic app-secret --from-literal=DB_PASSWORD=s3cureP@ss
# In pod spec: use envFrom with configMapRef for env vars
# Use volumes with secret type and volumeMounts at /etc/secrets for file mount
# Secret files appear as individual files named by their keys

Lab Exercises

Lab 1: Multi-Container Pod with Init Container

# Generate the base pod YAML, then add initContainers and probes
kubectl run web-with-init --image=nginx --dry-run=client -o yaml > pod.yaml
# Edit pod.yaml to add:
#   initContainers: [{name: wait-for-db, image: busybox,
#     command: ['sh','-c','until nslookup db-service; do sleep 2; done']}]
#   readinessProbe: {httpGet: {path: /, port: 80}, initialDelaySeconds: 5}
#   livenessProbe: {httpGet: {path: /, port: 80}, initialDelaySeconds: 15}
kubectl apply -f pod.yaml

Lab 2: Ingress with Path-Based Routing

kubectl create deployment frontend --image=nginx --replicas=2
kubectl expose deployment frontend --port=80
kubectl create deployment api --image=nginx --replicas=2
kubectl expose deployment api --port=80
# Create Ingress routing app.example.com/ -> frontend, /api -> api
# Use pathType: Prefix for both rules
kubectl create ingress app-ingress --rule="app.example.com/=frontend:80" \
  --rule="app.example.com/api=api:80"

Lab 3: NetworkPolicy for Application Isolation

# Create a NetworkPolicy allowing only frontend->backend on port 8080
# podSelector targets app=backend, ingress from app=frontend on TCP/8080
kubectl apply -f - <<EOF
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: backend-policy
spec:
  podSelector: {matchLabels: {app: backend}}
  policyTypes: [Ingress]
  ingress:
  - from: [{podSelector: {matchLabels: {app: frontend}}}]
    ports: [{protocol: TCP, port: 8080}]
EOF

Exam Tips

1. Configuration and Security is 25% — master ConfigMaps, Secrets, and SecurityContexts; these are the highest-weighted topics
2. Imperative commands save time — kubectl run, kubectl create, kubectl expose with --dry-run=client -o yaml for quick manifest generation
3. Set up aliases immediately — alias k=kubectl, export do="--dry-run=client -o yaml" at the start of your exam session
4. Multi-container patterns — sidecar shares data via volumes, init runs before main, ambassador proxies connections
5. Probe parameters matter — know initialDelaySeconds, periodSeconds, failureThreshold and when to use each probe type
6. Practice with a timer — set 6-8 minutes per task and stick to it; skip hard tasks and return later
7. YAML indentation — a single space error fails the entire resource; use kubectl apply --dry-run=server to validate before submitting

Resources

• CKAD Exam Curriculum
• Kubernetes Documentation
• kubectl Quick Reference
• Kubernetes API Reference

---

This is 1 of 11 resources in the Certification Prep Pro toolkit. Get the complete [Kubernetes CKAD Lab Workbook] with all files, templates, and documentation for $69.

Get the Full Kit →

Or grab the entire Certification Prep Pro bundle (11 products) for $249 — save 30%.

Get the Complete Bundle →

---

Related Articles

• AWS DevOps Professional Guide: AWS DevOps Professional Exam Guide DOP-C02
• AWS SA Associate Study Guide: AWS Solutions Architect Associate Exam Guide SAA-C03
• Azure Administrator (AZ-104) Guide: Azure Administrator Exam Guide AZ-104