CKAD theory
CKAD20% of the exam

Application Deployment

Roll apps out and back safely using Deployments, update strategies, and packaging tools.

The full loop: understand → drill the commands → prove it under the clock. Every objective below is taught here and practised in the drills.

1Understand it

Deployments & ReplicaSets

A Deployment runs an app reliably: you declare the desired state, "3 copies of this image", and Kubernetes keeps it true, replacing failed Pods. It manages a ReplicaSet, which actually keeps the right number of Pods running.

You set a thermostat to the temperature you want (desired state); it constantly works to keep the room there.
  • Declarative: you describe the end state, not the steps.
  • replicas sets how many Pod copies run.
  • Deployment → manages ReplicaSet → manages Pods.
Exam tip: kubectl create deploy web --image=nginx --replicas=3 --dry-run=client -o yaml · kubectl scale deploy/web --replicas=5
Rolling updates & rollbacks

Changing a Deployment's image triggers a rolling update by default: new Pods come up and old ones leave gradually, so there's no downtime. If the new version is bad, roll back to the previous revision with one command.

Replacing the tyres on a moving car one at a time, so it never has to stop.
  • set image triggers a rolling update.
  • rollout status / history / undo to watch, inspect, revert.
  • maxSurge and maxUnavailable tune rollout aggressiveness.

Update, watch, and roll back

kubectl set image deploy/web web=nginx:1.26   # trigger update
kubectl rollout status deploy/web             # watch it
kubectl rollout undo deploy/web               # revert to previous
Exam tip: kubectl rollout undo deploy/web is the fastest fix when a rollout goes bad.
Deployment strategies

RollingUpdate (default) replaces Pods gradually. Recreate kills all old Pods then starts new ones, simple but with downtime. Blue-green and canary (two Deployments + a Service or mesh) test a new version on some traffic before full cutover.

Rolling = swap staff one shift at a time. Recreate = close the shop to re-staff. Canary = let a few customers try the new menu first.
  • RollingUpdate: zero downtime, but old + new run together briefly.
  • Recreate: downtime, but no version overlap (use for incompatible changes).
  • Canary/blue-green: shift a fraction of traffic to validate before promoting.
Exam tip: strategy.type is RollingUpdate or Recreate in the Deployment spec.
Helm & Kustomize (packaging)

Real apps are many YAML files. Helm packages them as a reusable chart with values you override per environment. Kustomize layers patches on a base without templating. Both avoid copy-pasting YAML across dev/staging/prod.

Helm is a fill-in-the-blanks template with a values form. Kustomize is a base document plus sticky-note edits per environment.
  • Helm: charts + values.yaml; helm install / upgrade / rollback.
  • Kustomize: base + overlays; kubectl apply -k ./overlay.
  • Helm templates; Kustomize patches, different philosophies.
Exam tip: kubectl apply -k is built in, no extra binary needed for Kustomize.

2 Drill the commands & prove it

Mastery, 0/6 objectives

An objective turns green only when you've solved every drill in it, not just one.

  • Create Deployments imperatively and scale replicas0/3
  • Drive rollouts: status, history, undo, restart, pause/resume0/9
  • Update container images with kubectl set image and edit/patch0/2
  • Expose Deployments as Services0/4
  • Inspect and tune RollingUpdate strategy (maxSurge/maxUnavailable)0/3
  • Package and ship with Kustomize and Helm0/4
Drill · 1 / 250 solved
Command

Create a Deployment named web running image nginx:1.25 with 3 replicas, in one command.

$

Drills check the command pattern deterministically, there is often more than one correct form. For full fidelity, pair this with real-cluster reps (the killer.sh simulator is included free with your exam registration).