My CKAD Certification experience: Tips and tricks

I have passed CKAD (Certifies Kubernetes Application Developer) exam in June’2020! It was really a race against time! It’s a fast pace, online coding exam!
In this blog, I will share my exam experience, hope it will be helpful for you.

It’s an open book exam, however you can only browse Kubernetes official website and their related blogs. You can’t Google search and find the answers. You can copy and paste YAML based code from K8s official portal only.

Exam Prepration

I have started preparation with CKAD Udemy online course of Mumshad Mannambeth. It’s an awesome online tutorial with real lab environment, where you will be given readymade Kubernetes cluster lab KodeKloud platfrom, It’s superb! Here, you can write code in K8s yaml files and run instantly without any K8s cluster configuration. It’s also creates K8s resources for you and also validates your answers.

Other Resources:

It would be great to setup a MiniKube or Kind ( Kubernetes in Docker) K8s cluster on your laptop/computer to practice more questions. I have used these resources to practice the exam-

D-Day (Exam-Day):

It’s a tough exam where you have to read, understand, code and verify in 6 minutes. There will be 19 questions and passing marks are 67%. It’ very difficult to complete all the questions in 2 hours. These are tips I have followed to do time management:

It’s 2 hours online coding exam where a human exam proctor will keep an eye on you for this duration by looking at you thru Web Camera and your monitor screen thru screen sharing!

Tips to save time and attempt most of the questios:

  • Practice, practice, practice so that your finger remembers popular commands and syntax!
  • Don’t try to create YAML file manually during exam! Use Kubectl imperative commands to generate yaml. Export yaml file by –dry-run -o yaml>pod.yaml and then edit this YAML file in vi editor. Once, you are confident, then save
  • They provide vim/nano. I prefer vi, it’s simple.
  • Always verify K8s objects status and logs after K8s object creating command. It will give you confidence!
  • Hit easy questions with high weight first: >10% and get back later for question with weight: 2–3% or those questions which are big and complex, and you are not sure.
  • Use exam console’s NotePad to track all your questions. Write all questions in new rows and write weightage and mark if you have completed. You can also click on a button to mark your questions which you want to return later. You can also shuffle easy and high score questions on the top and low marks and complex questions at the bottom. e.g: Here d means “done”
    • 1-13-d
    • 2-9-d
    • 3-7-p
  • Save important bookmarks and use as boomark tool bar to save time in searching bookmark links. You can download this bookmark which I have used from Github.
  • Create aliases before starting the exam and save it on Notebook which will be provided on exam console. You can’t use your personal Notepad or any copy-paste from your local computer to exam console browser’s windows. I have just used these aliases:
$ alias k=kubectl
$ alias kx="kubectl config current-context"
$ alias kn="kubectl config use-context"
$ alias kall="kubectl get all"
$ alias kc="kubectl create -f"

All the best!

About Founder – Rajiv Srivastava

Rajiv Srivastava is the founder of https://cloudificationzone.com/, which is a cloud-native modern application blog site for cloud-native developers, architects, and enthusiasts who are interested in end-to-end design and development of cloud-based modern applications by using build, run, monitor, secure, and manage approaches with modern technologies.

He is working as a Principal Engineer & Architect (Application Modernization Cloud Native Solution Architect) with Wells Fargo, a blogger, author, a passionate technologist, Java/Spring/Kubernetes developer, and architect.

He has 16+ years of work experience in development and design solution architecture. He has expertise in modern application, cloud migration, Kubernetes platform, event sourcing architecture, NodeJS, Tanzu, cloud, docker, API Gateway, Service Mesh, CI/CD, containerization, GCP, AWS, open-sources, distributed, serverless, Microservices, REST APIs, Spring, Caching, Kafka, RabbitMQ, SQL/No-SQL, MongoDB, ElasticSearch, enterprise integration, unit/integration and performance testing, code profiling, etc.

Location: He is based in Gurgaon (New Delhi NCR) India

Certifications:

  1. TOGAF 9 certified enterprise architect
  2. AWS Certified Solution Architect Associate, 2021
  3. Certified Kubernetes Application developer (CKAD), 2020
  4. Sun Certified Java Professional (SCJP, 2006
  5. Other Certifications: ElasticSearch, Spring Cloud data Flow, ITIL, Six Sigma White, SNIA etc.

Work Experience:

He has worked with these companies from past 15+ yrs:

  • Wells Fargo (Current Company)
  • VMware
  • GlobalLogic
  • Wipro
  • Infogain
  • COLT
  • Sapient
  • Dell EMC

He has worked with these clients:

  • Kohls, USA
  • Apple, USA
  • Fedex, USA
  • AT&T, USA
  • Sprint Telecom, USA
  • Commercial clients etc.

Academics:

  • PGP Cloud Computing from Caltech (California Institute of Technology, USA) in 2022.
  • MCA (Masters of Computer Applications/Master of Computer Science) from Bangalore University, India in 2004.
  • BCA (Bachelors of Computer Applications.
  • DST (Diploma in Software Technology) from CMC Ltd.

Skill Set and hand on technical expertise:


Experience in cloud migration, app modernization, Tazu products, Core Java, JEE, SpringBoot (Cloud, DI/IOC, MVC, AOP,Integration, REST Web Services, Security), Kubernetes, Redis, Kafka, RabbitMQ, framework, ArgoCD, Docker, Harbor, Docker Concourse,Grafana, Prometheus, JProfiler, Cucumber, Hibernate, JMS,Tomcat, ElasicSearch, MongoDB, MySQL, EFK, Splunk.

Domain Expertise:

  • E-Commerce/Retail applications.
  • Order management (Telecom)
  • Search Engine
  • Storage domains
  • Technical: Cloud, No-SQL and Storage.

Book Author

His Technical Social profile:

WhitePapers:

  1. https://www.hcltech.com/white-papers/digital-analytics/accelerating-application-transformation

Work Profile:

# A passionate technologist, a cloud-native application solution architect and API/Microservices developer, blogger, from a rich development background of Java, Python, NodeJS, SpringBoot, REST API, Caching, messaging, No-SQL and MicroServices, Event sourcing architecture, Integration Architecture, unit , integration testing, GCP, AWS, Tanzu products, cloud architecture and open source technologies.
# Overall 16+ years of software of development, designing, and implementing Distributed, Cloud-native -based microservices, Client-Server, and Web-based enterprise applications using Java, Microservices, and open source technologies for B2B, B2C projects enterprise-grade production applications.
# 5+ years of cloud and microservice experience in AWS, GCP, OpenShift (PAAS), Cloud Foundry (PAAS).
# 6+ years of deep eCommerce experience for USA’s top 5 companies – Apple and Kohls and exposure of online shopping, cart checkout, catalog, retail orders, inventory, MDM, product launch, mobile commerce, omnichannel, wallet and promotions, fraud detection, security issues of eCommerce apps etc.
# Excel in building quick Proof Of Concepts (POC), Proof of Technology (POT).
# Cloud migration of Java enterprise application, Kubernetes on-prem, private and public cloud (AWS,GCP) using Micro-Services architecture. CI/CD pipeline. Design new cloud applications
# Design Patterns and Methodologies: Good Understanding of MicroServices architecture, GOF patterns, Core Java/J2EE Patterns, OOPS, MVC. Agile, SDLC,TDD in multi-project implementations.

Rajiv

Step by Step: Create a SpringBoot Microservice, dockerize, run on docker and deploy on Kubernetes

Disclaimer: This blog content has been taken from my latest book:

“Cloud Native Microservices with Spring and Kubernetes”

This blog has simple step by step info to build, containerize and run a microservice. I have written detail separate blogs for all the following steps. This blog is just an index or reference to those blogs at one place:

Tanzu Build Service (TBS) based on BuildPack(CNB) and kPack : Use Cases and Solutions

What is Tanzu Build Service (TBS)?

Tanzu Build Service automates container creation, management, and governance at enterprise scale

https://tanzu.vmware.com/build-service

It’s an automated tool based on open sources BuildPack (CNB) and kPack, which builds portable OCI docker images from the source code and push to the image registry (Docker-Hub/Registry/jFrog etc.). It also keep on refreshing image registry with the latest builds. It boost security and reduce risk from CVE and follow cloud native model. It auto injects dependent libraries, OS image config with source code without maintaining docker files. It scans source code configuration files and build scripts and auto inject/download required libraries to run on any platform.

Why Tanzu Build Service( TBS)?

  1. Save time to re-build, re-test and re-deploy during patching hundreds of containers.
  2. It auto scans source code configuration and language and inject dependencies into docker image that will be required to compile and/or run the app on container/K8s.
  3. Faster build and patching on hundreds of containers.
  4. Faster developer productivity by setting local build on developer’s machine and sync with source code repo like GutHub etc.
  5. Manage common project dependencies for dev teams and sync all developers code with single git branch to avoid any code conflict/sync issues.
  6. Maintain latest image in image registry.
  7. OCI docker image support, build and run anywhere!

In this blog, I will cover a couple of TBS use cases and real challenges which can be solved using this :

TBS use cases

  • Build OCI secure image from the source code automatically
  • Save time to re-build, re-test and re-deploy when patching hundreds of containers and build images
  • Boost developer/operator productivity
  • Maintain latest and greatest docker images in image registry
  • CI/CD build and deploy pipeline integration with Concourse ( in-build support) and Jenkin ( need additional configuration)
  • Better experience when promote apps between Non-PROD and PROD environments
  • Support for polyglot applications for multiple programming languages. Currently, Tanzu Build Service (TBS) v1.0 GA supports these languages:
    • Java
    • NodeJS
    • .NET Core (supports Windows DotNet App)
    • Python
    • Golang
    • PHP
    • HTTPD
    • NGINX
  • Hard to build, update and manage many OCI compliant secure docker images
  • Manual dependency of dependent libraries
  • Dependency on OS bases images
  • Common security vulnerabilities and exposures (CVE) issues in docker image
  • Use build-packs in my local dev environment

Refer my this blog to install and use TBS with your Kubernetes cluster

https://cloudificationzone.com/2020/06/15/build-docker-image-using-tanzu-build-service-on-kubernetes-using-dockerhub/

References

TBS Demo Video

Setup K8s Admin Dashboard UI – Octant and Proxy

Disclaimer: This blog content has been taken from my latest book:

“Cloud Native Microservices with Spring and Kubernetes”

A. Setup Octant K8s Dashboard UI

To visualize, monitor and inspect TKG Kubernetes clusters. Install Octant UI dashboard. Octant should immediately launch your default web browser on http://127.0.0.1:7777/#/cluster-overview

$ octant

Note: Or to run it on a specific host and fixed port:

OCTANT_LISTENER_ADDR=0.0.0.0:8900 octant

B. Setup K8s Proxy dashboard UI

This blog will cover popular Proxy K8s admin dashboards.

Run this command:

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0/aio/deploy/recommended.yaml

Then, run this command on CLI-

kubectl proxy

Hit this URL on browser –

http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/overview?namespace=default

Note: You need to provide user token of your K8s cluster from .kube/config file from your home K8s path Or path of this K8s config file.

Monitor your apps and infrastructure with WaveFront (beyond APM): Use Cases and Solutions

In this blog, I will cover a quick introduction of WaveFront/Tanzu Observability (TO) and a couple of use cases and real challenges which can be solved using this:

What is WaveFront Tanzu Observability (TO)?

Monitor full-stack applications to cloud infrastructures with metrics, traces, span logs, and analytics. It provides extra features beyond any other APM tool

https://tanzu.vmware.com/observability

WaveFront is an APM tool and provides additional features beyond APM for monitoring your modern cloud native microservice applications, infrastructure, VMs, K8s clusters, and alerting in real-time, across multi-cloud, Kubernetes clusters, and on-prem at any scale. Traditional  tools and environments make it challenging and time consuming to correlate data and get visibility thru a single plane of the glass or dashboard needed to resolve incidents in seconds in critical production environment. It’s a unified solution with analytics (including AI) that ingests visualizes, and  analyses metrics, traces, histograms and span logs.  So you can resolve incidents  faster across cloud applications.

Features:

  • It can work with existing monitoring solutions open-sources like Prometheus, Grafana, Graphite
  • It has integration almost all popular monitoring solutions on VM and containers, SpringBoot, Kubernetes, messaging platforms, RabbiMQ, Databases etc.
  • It monitors containers and VMs stats
  • It captures all microservices APIs traces, usage and performance with topology view by it’s powerful service discovery features
  •  It maintains versions of charts and dashboards
  • Currently it stores and archive old monitoring data for analytics purposes

High Level Technical Architecture

WaveFront use cases:

  • Multicloud visibility (mostly data center, moving to public cloud)
  • Application monitoring (+ tooling for Dev and Ops visibility)
  • Service performance and reliability optimization (assess-verify)
  • Observability and diagnostics of multi-cloud and on-prem K8s clusters
  • Business service performance & KPIs
  • App metrics: from New Relic, Prometheus and Splunk
  • Multicloud metrics: from vSphere, AWS, Kubernetes
  • All data center metrics: from compute, network, storage
  • Reliability and high availability operations
  • App and Infrastructure monitoring , analytics dashboards
  • Auto alerting mechanism for any production bug or high usage of infrastructure (CPU, RAM, Storage)
  • Instrument and monitor your Spring Boot application in Kubernetes
  • Other Tanzu products monitoring
  • System-wide monitoring and incident response – cut MTTR
  • Shared visibility across biz, app, cloud/infra, device metrics
  • IoT optimization with automated analytics on device metrics
  • Microservices monitoring and troubleshooting
  • Accelerated anomaly detection
  • Visibility across Kubernetes at all levels
  • Solving cardinality limitations of graphite
  • Easy adoption across hundreds of developers
  • System-wide monitoring and incident response – cut MTTR
  • Shared visibility across biz, app, cloud/infra, device metrics
  • IoT optimization with automated analytics on device metrics
  • AWS infrastructure visibility (cost and performance)
  • Kubernetes monitoring
  • Visualizing serverless workloads
  • Solving Day 2 Operations for production issues and DevOps/DevSecOps
  • Finding hidden problems early and increase SLA for service ticket resolution
  • Application and microservices API monitoring
  • Performance analytics
  • Monitoring CI/CD like Jenkins Environment with Wavefront

Live WaveFront Dashboard

References

Generic Demo Video -1

MicroServices Observability with WaveFront Demo Video -2

Tanzu Service Mesh (TSM) based on Istio : Use Cases & Solutions

In this blog, I will cover a quick introduction of TSM and a couple of use cases and real challenges which can be solved using this :

What is Tanzu Service Mesh (TSM)?

Radically simplify the process of connecting, protecting, and monitoring your microservices across any runtime and any cloud with VMware Tanzu Service Mesh. Provide a common policy and infrastructure for your modern distributed applications and unify operations for Application Owners, DevOps/SREs and SecOps without disrupting developer workflows.

https://www.vmware.com/in/products/tanzu-service-mesh.html

Tanzu Service Mesh is K8s operator side microservice orchestration tool to manage service discovery, traffic, mTLS secure payload, rate limiting, telemetry, observability of VM, microservices and circuit breaker across multi-clouds. Open-source service mesh technologies like Istio exist to help overcome some of the challenges around building microservices such as service discovery, mutualTLS (mTLS), resiliency, and visibility. However, maintaining and managing a service mesh like Istio is challenging, especially at scale.


It provides unified management, global policies, and seamless connectivity across complex, multi-cluster mesh topologies managed by disparate teams. It provides app-level observability across services deployed to different clusters, complementing/integrating into modern observability tools you use or are considering.

TSM Global NameSpace Architecture

As of now, only this enterprise product has this powerful feature to provide a global namespace for multi K8s clusters across multi-clouds . Istio open source doesn’t provide this feature.

TSM use Cases

  • Service discovery for multi Kubernetes clusters in different namespaces or multi-cloud using GNS
  • Distributed Microservice Discovery on multi-cloud
  • Traffic Monitoring and API communication tracing
  • Logging and K8s Infra Monitoring with admin dashboard visualization
  • Rate Limiting with the help of Redis
  • Business Continuity (BI)
  • Developer is responsible to provide all service- related configuration thru boiler-plate code
  • Secure Payload
  • Netflix OSS APIs (Eureka service discovery, Zuul API gateway, Ribbon- Load balancing, caching etc) , Hystrix (Circuit breaker) are legacy and no enterprise support, also its tightly coupled with application development source code
  • Open source Istio has no enterprise support as of now
  • Visibility for DevOps and DevSecOps

References

  1. Doc – https://docs.pivotal.io/pks/1-7/nsxt-service-mesh.html
  2. Public doc- https://tanzu.vmware.com/service-mesh

Demo  for Microservices:

Tanzu Mission Control (TMC) for multi-cloud: Use Cases & Solutions

In this blog, I will cover a quick introduction of TMC and a couple of use cases and real challenges which can be solved using this :

What is Tanzu Mission Control (TMC)?

Operate and secure your Kubernetes infrastructure and modern apps across teams and multi clouds (on-prem, private, public, hybrid Kubernetes clusters.

https://tanzu.vmware.com/mission-control

VMware Tanzu Mission Control provides a single control glass of plane to easily provision and manage Kubernetes clusters and operate modern, containerized applications across multiple clouds and clusters. It works as a management cluster or Kubernetes control plane which provision and manage multi-clusters worker/data nodes including deploying and upgrading clusters, setting RBAC, security and other policies and configurations, monitor the health of clusters (VMs and K8s ) and provide the root cause of underlying production issues.

TMC Use Cases

  • Multi-cloud management of on-prem, public, hybrid cloud
  • Centralized Control Plane for provisioning K8s cluster for public cloud and on-prem
  • Centrally operates and manages all your Kubernetes clusters and applications at scale
  • App and service management
  • Enables developers with self-service access to Kubernetes for running and deploying applications
  • Manage security and configuration easily and efficiently through powerful policy engine like RBAC and inspection

References

Demo Video

Scale Spring Batch, comparison with Spring Cloud Task & best practices of Spring Batch!

Disclaimer: This blog content has been taken from my latest book:

“Cloud Native Microservices with Spring and Kubernetes”

Comparison Spring Cloud Task vs Spring Batch

  • Spring Cloud Task is complimentary of Spring Batch.
  • Spring Batch can be exposed as a Cloud Cloud Task.
  • Spring Cloud Task makes life easy to run and Java/Spring microservice application that do not need the robustness of the Spring Batch APIs.
  • Spring Cloud Task has good integration with Spring Batch and Spring Cloud Data Flow (SCDF). SCDF provides feature of batch orchestration, and UI dashboard to monitor Spring Cloud Task.
  • In nutshell, all Spring Batch services can be exposed/registered as Spring Cloud Task to have better control, monitoring, and manageability.

Best practices for Spring Batch:

  1. Use an external file system (Volume Services) for persistence of large files  with PCF/PAS due to the file system limitations. Refer to this link.
  2. Always use SCDF abstraction layer with UI dashboard to manage, orchestrate, and monitor Spring Batch applications.
  3. Always use Spring Cloud Task with Spring Batch for additional batch functionality.
  4. Always register and implement vanilla Spring Batch applications as Spring Cloud Task in SCDF.
  5. Use Spring Cloud Task when you need to run a finite workload via a simple Java micro-service.
  6. For High Availability (HA), implement best suited horizontal scaling technique from the top scaling techniques based on the use cases on containers (K8s).
  7. For large PROD system, use SCDF as an orchestration layer with Spring Cloud Task to manage large number of batches for large data sets.
  8. App data and batch repo should live in the same schema for transaction synchronization.

 Spring Batch Auto-scaling (both vertically and horizontally)

  • Vertical Scaling: No issue with that. H/w or POD size can be increased any time based on the usage of CPU and RAM for better performance and reliability. As you give the process more RAM, you can typically increase the chunk size which will typically increase overall throughput, but it doesn’t happen automatically.
  • Horizontal Scaling: There are  popular techniques, watch this YouTube video for detail and refer this GitHub code –
  1. Multi-threaded Steps – Each transaction/chunk executed by its separate threads, state is not persisted, only an option if u don’t need non-restartibility. 
  2. Parallel steps – Multiple independent steps run  in parallel via threads.
  3. Single JVM Async Item Writer/Item Processor. ItemProcessor calls are executed within a Java Future. The AsyncItemWriter unwrapps the result of the Future and passes it to a configured delegate to write.
  4. Partitioning – Data is partitioned then assigned to n workers that are being executed either within the same JVM via threads or in external JVMs launched dynamically when using Spring Cloud Task’s partition extensions. A good option when restartability is needed.
  5. Remote Chunking- Mostly I/O bound, sometimes when you need more processing power beyond the single JVM. It sends actual data remotely, only useful when processing is the bottleneck. Durable middleware is required for this option.

 Spring Batch Orchestration and Composition

SCDF doesn’t watch the jobs. It just shares the same DB as the batch job does so you can view the results. Once a job is launched via SCDF, SCDF itself has no interaction with the job. You can compose and orchestrate jobs by drag and drop and set dependency between jobs, which jobs should run in parallel and which one in sequence, execution order can also be set for multiple jobs scheduling.

 Achieve Active-Active operation for High Availability(HA) between two Data Centers/AZs

There are two standard ways:

  1. Place a shard Spring Batch Job repository between two active-active DC/AZs. Parallel sync happens in the job repository database. App data and batch repo should in the same schema for better synchronization as noted above. Transaction  isolation level set by default, so that one of active DC can run the job and other job should be failed when it tries to re-run the same job with same parameter. 
  2. Spring Cloud Task has this built-in functionality to restrict Spring Cloud Task Instances- https://docs.spring.io/spring-cloud-task/docs/2.2.3.RELEASE/reference/#features-single-instance-enabled

 Alerts and Monitoring of Spring Cloud Task and Spring Batch

  • Spring Cloud Task includes Micrometer health check and metrics  API out of the box.
  • Plain Prometheus is not suitable for jobs, because it uses pull mechanism and it won’t tell when job has finished or has some issues. If you want to use Prometheus for application metrics with Grafana visualization then follow this Prometheus rsocket-proxy API- https://github.com/micrometer-metrics/prometheus-rsocket-proxy

More References:

Kubernetes Orchestration using Tanzu Kubernetes Grid (TKG) : Use Cases & Solutions

In this blog, I will cover a quick introduction of TKG and a couple of use cases and real challenges which can be solved using this :

What is Tanzu Kubernetes Grid (TKG)?

Streamline operations across multi-cloud infrastructure.

https://tanzu.vmware.com/kubernetes-grid
  • TKG is an enterprise Kubernetes Orchestration library to manage container and other Kubernetes cluster objects and lifecycle of K8s cluser of clusters .
  • TKG uses latest Kubernetes upstream Cluster API which manages multiple K8s clusters lifecycle.
  • It can spawn to multi nodes/VMs.
  • Running K8s containers at scale in production – especially for mission critical workloads in day 2 operation- gets very complex.  Hard to manage a Kubernetes runtime consistently and securely, especially if you are running in multiple DCs / AZs on cloud.
  • TKG provides enterprises with a consistent, upstream aligned, automated multi-cluster operations across SDDC, Public Cloud, and Edge environments that is ready for end-user workloads and ecosystem integrations.
  • TKG does for Kubernetes what Kubernetes does for your containers.
  • It provides integrations with public cloud like AWS and also open sources support:
    • Harbor – Image Registry
    • Concourse – CI/CD pipeline tool
    • Velero – K8s backup
    • Contour – K8s Ingress Controller
    • KubeAdm – Manage cluster lifecycle
    • dex – idP Authentication/ UAA
    • Sonobuoy – diagnostic tool
    • WaveFront (TO)
    • APMs- Prometheus with Grafana, Wavefront and other APM tools,ELK, FluentBit
    • Calico CNI with NSX-T for VM

TKG use cases

  • Kubernetes Orchestration for multi-cloud and multi-clusters and manage life cycle of multiple clusters
  • Platform Automation of managing cluster of K8s clusters
  • High Availability, Auto-scalability
  • Consistent Kubernetes across environments
  • Kubernetes open source alone is not enough
  • Day2 Operations Patching, Upgrade etc.
  • Overhead of access, networking, security policies applied cluster-by-cluster
  • Public cloud vendor lock-in
  • Manual configuration and management, siloed by environment on-prem and public cloud
  • On-prem management is critical

References

Ref Doc- https://docs.vmware.com/en/VMware-Tanzu-Kubernetes-Grid/index.html