Certifications for Kubernetes are fairly new with only two currently available. However, like in the case of OpenShift, there are still certifications for technologies that run on top of it even if the end user might not be aware of the underlying technology. For now, I’m going to focus on the two certifications that are actually for Kubernetes. The first we’ll discuss is the Certified Kubernetes Administrator (CKA), given by the Cloud Native Computing Foundation (CNCF), which is a sub-foundation of the Linux Foundation. The second we’ll be discussing is the KCM100, given by Marantis. Finally, we’ll do a comparison of the two.
Certified Kubernetes Administrator
The CNCF created the CKA program to help develop the Kubernetes ecosystem by providing a way to acknowledge that those people that pass the exam have the skills, knowledge, and competency to perform the tasks needed of a Kubernetes administrator. So let’s go ahead and look at the objectives and their place within the exam.
8% of the exam is on application lifecycle management. To meet this requirement, administrators are expected to understand deployments and how to do rolling upgrades, as well as how to rollback a deployment when necessary. In addition, they should understand how to configure and scale applications and the basics of how to create a self-healing application.
12% of the exam is installation, configuration and validation. Administrators are expected to have a wide breadth knowledge for this objective, starting from designing a Kubernetes cluster and it’s installation, including masters and nodes with TLS bootstrapping. They will also need to utilize secure cluster communications, as well as know how to configure this to be highly available. They also need to know where to get the binaries, how to decide on the underlying infrastructure, and how to deploy that infrastructure and select network solutions. Lastly, they need to be able to run and analyze end-to-end tests on the cluster and run end-to-end tests on your nodes.
Core concepts makes up the largest percentage of the exam at 19%. Administrators will need to understand the basics of Kubernetes APIs and cluster architecture, as well as services and networking.
5% of the exam will cover scheduling, with administrators expected to know how to use label selectors to schedule pods, understand the role of DaemonSets and how resource limits can affect how pods are scheduled. In addition, administrators should know how to configure and run multiple schedulers and be able to configure pods to use them, manually be able to schedule a pod, and be able to display events from the scheduler.
Security is an important aspect of both infrastructure and applications and makes up 12% of the exam. It covers the configuration of authentication and authorization, basics of Kubernetes security, and network policies. This section also covers the creation and management of TLS certificates for cluster components, as well as working with images securely. Lastly, this section covers defining security contexts, secure persistent key value stores, and working with role-based access controls.
Cluster maintenance makes up 11% of the exam covering the Kubernetes cluster upgrade process, how operating aystem upgrades are performed, and finally how to implement backups and perform restores.
Logging and monitoring make up 5% of the objectives and covers monitoring all cluster components and applications, as well as the logging of cluster components and managing application logs.
The storage objective makes up 7% of the exam and requires an understanding of persistent volumes and how to create them, access modes for volumes, and the basics of persistent volume claims. In addition, this section covers the understanding of Kubernetes storage objects as well as how to configure application to use persistent storage.
The last section of the certification is troubleshooting, which makes up 10% of the exam objectives. Administrators will need to know how to troubleshoot applications, control plane and worker node failures, and also troubleshoot networking issues.
One extra thing to note about the CKA certification is that if a company has three or more employees who have passed the CKA, is active in the community and contribute, and have a business model to support enterprise end users (including putting engineers at a customer site), they can qualify for the Kubernetes Certified Service Provider (KCSP) title.
Mirantis Kubernetes and Docker KCM100
Now moving to the Mirantis Kubernetes and Docker KCM100 certification. It is important to note there is a different focus to the exam, as it covers Docker as well as Kubernetes. There are four objectives covering Docker, each making up 5% of the exam, with the remaining 80% being the six Kubernetes related objectives.
The first Docker objective is Docker Basics, which covers using the Docker command line client and starting and managing a container.
The second Docker objective is Docker Images. which requires the ability to write a Dockerfile and build a new Docker image.
The third Docker objective is Docker Networking. which includes the creating a Docker network, connecting a container to a network and exposing a container’s port.
The final Docker objective is Docker Data Volumes, which requires the ability to use a data volume and a data volume container.
So now let’s take a look at the six Kubernetes objectives for the KCM100, with the first objective being Kubernetes Basics at 10%, which will cover the Kubernetes command line client and the ability to use and create a Kubernetes namespace.
One of the two highest percentage objectives, at 20%, is Kubernetes Resources. For this objective, the administrator will need to be able to define a Kubernetes pod, replication controller, service, and deployment using YAML. The administrator will also need to be able to create and manage these along with creating Kubernetes secrets.
The next objective is Kubernetes Resource Management, which is 10% of the exam. To accomplish this the administrator has to be able to use Kubernetes labels and selectors, be able to resize a replication controller, and rollout and rollback a deployment.
10% of the exam will cover Kubernetes Networking, including setting a service type and exposing a deployment.
An additional 10% of the exam will cover Kubernetes Persistent Volumes, with the administrator being able to use both persistent volumes and persistent volume claims.
And finally, the last 20% of the exam will cover the Multi-Container Apps with Kubernetes objective by discovering a service using environment variables and using Kubernetes secrets.
From going over the two sets of objectives, it is easy to see that the CKA is definitely the more advanced certification given the assumption of some experience in the Application Development and Management realm, as well the need to able to design and implement the architecture; while the KCM100 just requires a working knowledge of Docker and Kubernetes command line tools. Both exams will touch on networking and volumes beyond the basics of being able to create pods that can be verified for basic functionality.