CKAD Exam Tips and kubectl Aliases

May 22, 2026

Session setup (do this first, every time)

alias k=kubectl
export do='--dry-run=client -o yaml'
export now='--grace-period=0 --force'
source <(kubectl completion bash)
complete -F __start_kubectl k

Kill sheet (revise before exam)

Debug triggers

Symptom	First checks
Pending	`describe pod` → Events
CrashLoopBackOff	`logs` → command / probes
Service no traffic	endpoints / selector / labels
DNS fail	`nslookup` inside pod

Core commands

kubectl describe pod <p>
kubectl logs -f <p> [-c c]
kubectl exec -it <p> -- sh
kubectl get events --sort-by=.metadata.creationTimestamp
kubectl explain pod.spec.containers.resources   # in-exam API reference

YAML speed

kubectl create deployment d --image=nginx --dry-run=client -o yaml > d.yaml
# or with alias:
k create deployment d --image=nginx $do > d.yaml

Always scan generated YAML first before adding fields by hand: the scaffold often already has resources, ports, labels, probes, or serviceAccountName. Edit in place instead of duplicating keys.
On apply errors, check the line above the reported line: Kubernetes often points at the symptom, not the typo (missing :, space before :, bad indent, duplicate key).

Fast creation

kubectl create deployment d --image=nginx
kubectl expose deployment d --port=80 --target-port=80
kubectl run bb --image=busybox -it --rm -- sh
kubectl create job j --image=busybox -- echo hi
kubectl create cronjob cj --schedule="*/1 * * * *" --image=busybox -- echo hi

Common failures

Symptom	Cause
HPA no scale	No CPU requests
Deployment no pods	Selector mismatch (immutable)
Readiness wrong	No traffic
Liveness wrong	CrashLoopBackOff
PVC Pending	No StorageClass / mismatch
`CreateContainerConfigError`	Missing/wrong ConfigMap or Secret name

kubectl short names

Resource	Short
pods	`po`
replicasets	`rs`
deployments	`deploy`
services	`svc`
namespaces	`ns`
networkpolicies	`netpol`
persistentvolumes	`pv`
persistentvolumeclaims	`pvc`
serviceaccounts	`sa`
configmaps	`cm`
horizontalpodautoscalers	`hpa`
ingresses	`ing`
nodes	`no`

Time management (2h, ~15-20 tasks)

Average: 6-8 min per task; cap hard tasks at 10 min
Answer any order: easy questions first, then hard/debug tasks
Don't get stuck: mark for review after 2 failed attempts or 3 min with no progress
Imperative first: kubectl run, create, expose: faster than YAML from scratch
--dry-run=client -o yaml: generate YAML only when you need custom fields
Set namespace once: kubectl config set-context --current --namespace=<ns>
Delete fast in exam: kubectl delete pod <n> --now (not for production)
Verify before moving on: kubectl get / describe every answer

Per-question loop

Read twice → set context/namespace → create/fix → verify → move on

Phase	Budget
Read + identify resource	1 min
Create / patch / edit	4 min
Verify	1 min
Fix obvious issue	1-2 min

Skip if syntax keeps failing, the root cause is not obvious, or you are rereading the same output without a new hypothesis.

vim shortcuts

gg / G: top / bottom of file
dd: delete line; yy + p: copy/paste line
Shift + D: deletes everything from cursor position to end of line
:set paste: before pasting from clipboard (avoid broken indent)
:set expandtab tabstop=2 shiftwidth=2: YAML-safe indentation

kubectl explain (use in exam instead of guessing field names)

kubectl explain pod.spec.containers
kubectl explain pod.spec.containers.resources
kubectl explain pod.spec.securityContext
kubectl explain deployment.spec.strategy
kubectl explain networkpolicy.spec.ingress
kubectl explain pvc.spec.accessModes
kubectl explain cronjob.spec.jobTemplate

2026 focus areas

Higher than expected	What to drill
NetworkPolicy	Egress, DNS, AND/OR selector logic
Service debugging	Endpoints, selectors, `port` vs `targetPort`
RBAC + troubleshooting	`auth can-i`, `pods/log`, cross-namespace access
Helm basics	`show values`, `--set`, `-f`, `upgrade --reuse-values`
Gateway API	HTTPRoute shape and `parentRefs`

Study paths

Timeline	Focus
1 week	Six patterns, timed drills, one mock, common mistakes
2 weeks	Six patterns twice, exercises, two mocks, weak-area review
3-4 weeks	All exercises, troubleshooting, mocks, repeat slow domains

Targets: mock exam 65-75% = likely pass, 75%+ = strong confidence, below 65% = review before scheduling.

Exam tips

Always check which namespace the question specifies
Verify with kubectl get / describe before moving on
Generated YAML first: reuse fields from kubectl create … $do; do not rewrite blocks that are already correct
YAML syntax errors: read the line before the error (key value vs key: value, trailing tab, wrong list indent under containers:)
-- separates kubectl flags from in-container command
k logs -p for CrashLoopBackOff: gets previous container logs
Ingress backend port = Service port, not targetPort
NetworkPolicy egress deny breaks DNS unless you allow UDP/TCP 53
ServiceAccount auth string: system:serviceaccount:<namespace>:<name>
Helm --set a=b,c=d needs comma-separated values; inspect keys with helm show values