🧩 Understanding “Don’t Delete This Deployment” in CKAD¶
💡 Why This Matters¶
In CKAD and CKA exams, some tasks explicitly state:
“Don’t delete this Deployment.”
This instruction is critical — the exam’s auto-grader tracks Kubernetes objects using their UID (a unique internal identifier).
If that UID changes, the grader no longer recognizes your object and you lose all marks, even if your YAML is perfect.
⚙️ Safe vs Unsafe Commands¶
| Command | Action Type | UID | Safe for CKAD? | Notes |
|---|---|---|---|---|
kubectl edit | In-place patch | ✅ Preserved | ✅ Yes | Safest — directly edits the live object |
kubectl apply -f file.yaml | Server-side patch | ✅ Preserved | ✅ Yes | Ideal for YAML-based edits |
kubectl replace -f file.yaml | Full replacement (no delete) | ✅ Preserved | ✅ Yes | Works fine for mutable fields |
kubectl replace --force -f file.yaml | Delete + Create | ❌ New UID | ❌ No | Grader loses link → zero marks |
kubectl delete && kubectl create | Delete + Create | ❌ New UID | ❌ No | Same UID loss, marks lost |
🧠 Mutable vs Immutable Fields¶
Some Deployment fields are immutable and cannot be changed directly: - .spec.selector - .spec.template.metadata.labels (if it breaks the selector match) - .spec.strategy.type - Certain pod template parameters depending on the API version
If you try to edit these, Kubernetes rejects the update and shows:
error: Field is immutable
A copy of your changes has been stored to /tmp/kubectl-edit-xxxx.yaml
This means you edited an immutable field.
Never use --force to apply that temp file — it deletes and recreates the Deployment, causing a new UID.
🧩 Correct Approach¶
- Always prefer
kubectl editorkubectl apply -f. - If you see the immutable-field error, it means you’re touching something the question didn’t intend.
- Only recreate (
--forceor delete + create) if the question explicitly allows deletion.
✅ Typical CKAD Targets (Safe Fields)¶
These fields are safe to edit and will not trigger UID changes: - resources (CPU/Memory requests & limits) - env variables - replicas - image - readinessProbe / livenessProbe - Pod template labels (as long as selectors stay the same)
🧾 Quick Example¶
kubectl get deploy nginx -o jsonpath='{.metadata.uid}'
# 3a4b-2d6e-...
kubectl edit deploy nginx # Add resources, change image, etc.
kubectl get deploy nginx -o jsonpath='{.metadata.uid}'
# Same UID → Safe ✅
kubectl replace --force -f nginx.yaml
kubectl get deploy nginx -o jsonpath='{.metadata.uid}'
# Different UID → Grader won’t recognize ❌
🧭 Final Takeaway¶
In CKAD, your mission is to update, not recreate. Use
editorapply— avoidreplace --force.