CKA vs CKAD vs CKS ====== ###### tags: `k8s` `certification` > CNCF和Linux基金會聯合推出的K8S考試認證。委託給 PSI 來進行監督考試[color=#907bf7] > > All the exam costs $399, with one free retake. > > 難易度：CKAD -> CKA -> CKS ## CKA > Have the skills, knowledge, and competency to perform the responsibilities of Kubernetes administrators. + **Certified Kubernetes Administrator** + focuses on testing the **knowledge** and **skills** of a candidate in the field of `all aspects of Kubernetes cluster concepts` + ==managing and operating== the Kubernetes cluster + it involves everything from **`creating`**, **`managing`**, and **`troubleshooting`** a cluster + Now, after September 2020 CNCF has reduced the course curriculum and has decreased the duration to **2 hours**. + The exam is based on Kubernetes **v1.28** + Certification Valid for 3 Years ### cka curriculum + *==25%==* - ***Cluster Architecture, Installation & Configuration*** + Manage role based access control (RBAC) + Use Kubeadm to install a basic cluster + Manage a highly-available Kubernetes cluster + Provision underlying infrastructure to deploy a Kubernetes cluster + Perform a version upgrade on a Kubernetes cluster using Kubeadm + Implement etcd backup and restore + *==15%==* - ***Workloads & Scheduling*** + Understand deployments and how to perform rolling update and rollbacks + Use ConfigMaps and Secrets to configure applications + Know how to scale applications + Understand the primitives used to create robust, self-healing, application deployments + Understand how resource limits can affect Pod scheduling + Awareness of manifest management and common templating tools + *==20%==* - ***Services & Networking*** + Understand host networking configuration on the cluster nodes + Understand connectivity between Pods + Understand ClusterIP, NodePort, LoadBalancer service types and endpoints + Know how to use Ingress controllers and Ingress resources + Know how to configure and use CoreDNS + Choose an appropriate container network interface plugin + *==10%==* - ***Storage*** + Understand storage classes, persistent volumes + Understand volume mode, access modes and reclaim policies for volumes + Understand persistent volume claims primitive + Know how to configure applications with persistent storage + *==30%==* - ***Troubleshooting*** + Evaluate cluster and node logging + Understand how to monitor applications + Manage container stdout & stderr logs + Troubleshoot application failure + Troubleshoot cluster component failure + Troubleshoot networking ## CKAD > Can design, build and deploy cloud-native applications for Kubernetes. + **Certified Kubernetes Application Developer** + ==managing and deploying== applications to the Kubernetes cluster + It emphasizes only the topics required for application **`development`**, **`deployment`**, and **`management`** ### ckad curriculum + *==20%==* - ***Application Design and Build*** + Define, build and modify container images + Choose and use the right workload resource (Deployment, DaemonSet, CronJob, etc.) + Understand multi-container Pod design patterns (e.g. sidecar, init and others) + Utilize persistent and ephemeral volumes + *==20%==* - ***Application Deployment*** + Use Kubernetes primitives to implement common deployment strategies (e.g. blue/green or canary) + Understand Deployments and how to perform rolling updates + Use the Helm package manager to deploy existing packages + Kustomize + *==15%==* - ***Application Observability and Maintenance*** + Understand API deprecations + Implement probes and health checks + Use built-in CLI tools to monitor Kubernetes applications + Utilize container logs + Debugging in Kubernetes + *==25%==* - ***Application Environment, Configuration and Security*** + Discover and use resources that extend Kubernetes (CRD, Operators) + Understand authentication, authorization and admission control + Understand requests, limits, quotas + Understand ConfigMaps + Define resource requirements + Create & consume Secrets + Understand ServiceAccounts + Understand Application Security (SecurityContexts, Capabilities, etc.) + *==20%==* - ***Services and Networking*** + Demonstrate basic understanding of NetworkPolicies + Provide and troubleshoot access to applications via services + Use Ingress rules to expose applications ## CKS > has the skills, knowledge, and competence on a broad range of best practices for securing container-based applications and Kubernetes platforms during build, deployment and runtime + **Certified Kubernetes Security Specialis** + consist of a **`performance-based`** certification exam and + has the skills, knowledge, and competence on a broad range of best practices for **`securing`** container-based applications and Kubernetes platforms during **`build`**, **`deployment`**, and **`runtime`**. ### cks curriculum + *==10%==* - ***Cluster Setup*** + *==15%==* - ***Cluster Hardening*** + *==15%==* - ***System Hardening*** + *==20%==* - ***Minimize Microservice Vulnerabilities*** + *==20%==* - ***Supply Chain Security*** + *==20%==* - ***Monitoring, Logging and Runtime Security*** ## 考生心得 + CKA會考etcd和k8s部署相關的內容，CKAD不會涉及 + CKAD會有cronjob和ha的內容，CKA不會涉及 + CKAD比CKA難度更大一些 ## resource + [CKA vs CKAD vs CKS – What is the Difference](https://k21academy.com/docker-kubernetes/cka-v-s-ckad-v-s-cks/) + [cncf/curriculum](https://github.com/cncf/curriculum)