Every task in the CKAD lab maps to a domain in the official Certified Kubernetes Application Developer curriculum. Below is the full list — what you'll practice, what each task tests, and how it maps to the exam blueprint.
Define pods and multi-container patterns, build and run container images, and create jobs and cronjobs.
Create a CronJob named backup-job in namespace default with the following specifications: Schedule: Run every 30 minutes (*/30 * * * *) Image: busybox:latest Container command: echo "Backup completed" Set…
docs · k8s.io/docs/concepts/workloads/controllers/cron-jobsOn the node, directory /root/app-source contains a valid Dockerfile.
docs · docs.podman.ioFile /root/broken-deploy.yaml contains a Deployment manifest that fails to apply. The file has the following issues: 1. Uses deprecated API version 2. Missing required selector field 3. Selector doesn't match template labels
docs · k8s.io/docs/concepts/workloads/controllers/deploymentRoll out and update deployments, run canary and blue-green release strategies, and manage rollouts.
In namespace default, the following resources exist: Deployment web-app with 5 replicas, labels app=webapp, version=v1 Service web-service with selector app=webapp
docs · k8s.io/docs/concepts/workloads/controllers/deploymentIn namespace default, Deployment app-v1 exists with image nginx:1.20.
docs · k8s.io/docs/concepts/workloads/controllers/deploymentIn namespace prod, a ResourceQuota exists that sets resource limits for the namespace.
docs · k8s.io/docs/concepts/policy/resource-quotasConfigure liveness, readiness, and startup probes, read logs, and debug running workloads.
In namespace default, Deployment api-deploy exists with a container listening on port 8080.
docs · k8s.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probesIn namespace default, Deployment web-app exists with Pods labeled app=webapp, tier=frontend. Service web-svc exists but has incorrect selector app=wrongapp.
docs · k8s.io/docs/concepts/services-networking/serviceWire up configmaps, secrets, service accounts, RBAC, securityContext, and resource requests and limits.
In namespace default, Deployment api-server exists with hard-coded environment variables: DB_USER=admin DB_PASS=Secret123!
docs · k8s.io/docs/concepts/configuration/secretIn namespace audit, Pod log-collector exists but is failing with authorization errors. Check the Pod logs to identify what permissions are needed: bash kubectl logs -n audit log-collector The logs show: User…
docs · k8s.io/docs/reference/access-authn-authz/rbacIn namespace monitoring, Pod metrics-pod is using ServiceAccount wrong-sa and receiving authorization errors. Multiple ServiceAccounts, Roles, and RoleBindings already exist in the namespace: ServiceAccounts: monitor-sa,…
docs · k8s.io/docs/concepts/security/service-accountsIn namespace default, Deployment secure-app exists without any security context.
docs · k8s.io/docs/tasks/configure-pod-container/security-contextExpose workloads with services and ingress, and restrict traffic with network policies.
In namespace network-demo, three Pods exist: frontend with label role=wrong-frontend backend with label role=wrong-backend database with label role=wrong-db Three NetworkPolicies exist: deny-all (default deny)…
docs · k8s.io/docs/concepts/services-networking/network-policiesIn namespace default, Deployment api-server exists with Pods labeled app=api and container port 9090.
docs · k8s.io/docs/concepts/services-networking/serviceIn namespace default, the following resources exist: Deployment web-deploy with Pods labeled app=web Service web-svc with selector app=web on port 8080
docs · k8s.io/docs/concepts/services-networking/ingressFile /root/fix-ingress.yaml contains an Ingress manifest that fails to apply due to an invalid pathType value.
docs · k8s.io/docs/concepts/services-networking/ingress