Configuration
Updated Dec 29, 2023 ·
Some of the scenario questions here are based on Kodekloud's CKAD course labs.
NOTE
CKAD and CKA can have similar scenario questions. It is recommended to go through the CKA practice tests.
Shortcuts
First run the two commands below for shortcuts.
export do="--dry-run=client -o yaml"
export now="--force --grace-period=0"
Questions
-
Create a pod with the ubuntu image to run a container to sleep for 5000 seconds.
Answer
## ubuntu-sleeper-2.yml
apiVersion: v1
kind: Pod
metadata:
name: ubuntu-sleeper-2
spec:
containers:
- name: ubuntu
image: ubuntu
command:
- sleep
- "5000"controlplane ~ ➜ k apply -f ubuntu-sleeper-2.yaml
pod/ubuntu-sleeper-2 created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
ubuntu-sleeper 1/1 Running 0 86s
ubuntu-sleeper-2 1/1 Running 0 7s -
Inspect the file Dockerfile2 given at /root/webapp-color directory. What command is run at container startup?
FROM python:3.6-alpine
RUN pip install flask
COPY . /opt/
EXPOSE 8080
WORKDIR /opt
ENTRYPOINT ["python", "app.py"]
CMD ["--color", "red"]Answer
oython app.py --color red -
Inspect the two files under directory webapp-color-2. What command is run at container startup?
controlplane ~ ➜ ls -l webapp-color-2/
total 8
-rw-r--r-- 1 root root 144 Jan 5 12:34 Dockerfile
-rw-rw-rw- 1 root root 205 Dec 13 10:39 webapp-color-pod.yaml
controlplane ~ ➜ cat webapp-color-2/Dockerfile
FROM python:3.6-alpine
RUN pip install flask
COPY . /opt/
EXPOSE 8080
WORKDIR /opt
ENTRYPOINT ["python", "app.py"]
CMD ["--color", "red"]
controlplane ~ ➜ cat webapp-color-2/webapp-color-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: webapp-green
labels:
name: webapp-green
spec:
containers:
- name: simple-webapp
image: kodekloud/webapp-color
command: ["--color","green"]Answer
--color green -
Create a pod with the given specifications. By default it displays a blue background. Set the given command line arguments to change it to green.
Answer
controlplane ~ ➜ k run webapp-green --image kodekloud/webapp-color --dry-run=client -o yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: webapp-green
name: webapp-green
spec:
containers:
- image: kodekloud/webapp-color
name: webapp-green
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
controlplane ~ ➜ k run webapp-green --image kodekloud/webapp-color --dry-run=client -o yaml > webapp-green.ymlModify the YAML file.
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: webapp-green
name: webapp-green
spec:
containers:
- image: kodekloud/webapp-color
name: webapp-green
resources: {}
args: ["--color","green"]
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
ubuntu-sleeper 1/1 Running 0 9m28s
ubuntu-sleeper-2 1/1 Running 0 8m9s
ubuntu-sleeper-3 1/1 Running 0 5m52s
webapp-green 1/1 Running 0 14s -
What is the environment variable name set on the container in the pod?
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
webapp-color 1/1 Running 0 6sAnswer
controlplane ~ ➜ k get po webapp-color -o yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2024-01-05T12:46:37Z"
labels:
name: webapp-color
name: webapp-color
namespace: default
resourceVersion: "727"
uid: 575e946a-f8e7-4a45-81af-be9e1e168b8c
spec:
containers:
- env:
- name: APP_COLOR
value: pink -
Identify the database host from the config map db-config.
controlplane ~ ➜ k get cm
NAME DATA AGE
kube-root-ca.crt 1 6m51s
db-config 3 5sAnswer
controlplane ~ ➜ k describe cm db-config
Name: db-config
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
DB_HOST:
----
SQL01.example.com
DB_NAME:
----
SQL01
DB_PORT:
----
3306
BinaryData
====
Events: <none> -
Create a new ConfigMap for the webapp-color POD. Use the spec given below.
-
ConfigMap Name: webapp-config-map
-
Data: APP_COLOR=darkblue
-
Data: APP_OTHER=disregard
Answer
controlplane ~ ➜ k create cm webapp-config-map $do
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: webapp-config-map
controlplane ~ ➜ k create cm webapp-config-map $do > webapp-color-cm.ymlModify the YAML file.
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: webapp-config-map
data:
APP_COLOR: "darkblue"
APP_OTHER: "disregard"controlplane ~ ➜ k apply -f webapp-color-cm.yml
configmap/webapp-config-map created
controlplane ~ ➜ k get cm
NAME DATA AGE
kube-root-ca.crt 1 15m
db-config 3 8m42s
webapp-config-map 2 3s
controlplane ~ ➜ k describe cm webapp-config-map
Name: webapp-config-map
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
APP_COLOR:
----
darkblue
APP_OTHER:
----
disregard
BinaryData
====
Events: <none> -
-
Update the environment variable on the POD to use only the APP_COLOR key from the newly created ConfigMap.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
webapp-color 1/1 Running 0 10m
controlplane ~ ➜ k get cm
NAME DATA AGE
kube-root-ca.crt 1 16m
db-config 3 10m
webapp-config-map 2 92s
controlplane ~ ➜ k describe cm webapp-config-map
Name: webapp-config-map
Namespace: default
Labels: <none>
Annotations: <none>
Data
====
APP_COLOR:
----
darkblue
APP_OTHER:
----
disregard
BinaryData
====
Events: <none>Answer
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
webapp-color 1/1 Running 0 11m
controlplane ~ ➜ k get po webapp-color -o yaml > webcolor.yml
controlplane ~ ➜ k delete po webapp-color $now
Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "webapp-color" force deleted
controlplane ~ ➜ k get po
No resources found in default namespace.apiVersion: v1
kind: Pod
metadata:
labels:
name: webapp-color
name: webapp-color
namespace: default
spec:
containers:
- env:
- name: APP_COLOR
value: green
image: kodekloud/webapp-color
env:
- name: APP_COLOR
valueFrom:
configMapKeyRef:
name: webapp-config-map
key: APP_COLOR
imagePullPolicy: Always
name: webapp-color
resources: {}
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-9ggzh
readOnly: truecontrolplane ~ ➜ k apply -f webcolor.yml
pod/webapp-color created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
webapp-color 1/1 Running 0 2s -
What type is secret dashboard-token?
controlplane ~ ➜ k get secrets
NAME TYPE DATA AGE
dashboard-token kubernetes.io/service-account-token 3 16sAnswer
controlplane ~ ➜ k describe secrets dashboard-token
Name: dashboard-token
Namespace: default
Labels: <none>
Annotations: kubernetes.io/service-account.name: dashboard-sa
kubernetes.io/service-account.uid: 4c24689d-326b-4273-8955-5168cd3e2031
Type: kubernetes.io/service-account-token -
Create a new secret named db-secret with the data given below.
- DB_Host=sql01
- DB_User=root
- DB_Password=password123
Configure webapp-pod to load environment variables from the newly created secret.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
webapp-pod 1/1 Running 0 26s
mysql 1/1 Running 0 26s
controlplane ~ ➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.43.0.1 <none> 443/TCP 8m56s
webapp-service NodePort 10.43.24.106 <none> 8080:30080/TCP 29s
sql01 ClusterIP 10.43.130.206 <none> 3306/TCP 29sAnswer
controlplane ~ ➜ k create secret generic db-secret \
> --from-literal=DB_Host=sql01 \
> --from-literal=DB_User=root \
> --from-literal=DB_Password=password123
secret/db-secret created
controlplane ~ ➜ k get secrets
NAME TYPE DATA AGE
dashboard-token kubernetes.io/service-account-token 3 20m
db-secret Opaque 3 5s
controlplane ~ ➜ k describe secrets db-secret
Name: db-secret
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
DB_Host: 5 bytes
DB_Password: 11 bytes
DB_User: 4 bytesNext, configure webapp pod.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
webapp-pod 1/1 Running 0 19m
mysql 1/1 Running 0 19m
controlplane ~ ➜ k get po webapp-pod -o yaml > web-app.yml
controlplane ~ ➜ k delete po webapp-pod $now
Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "webapp-pod" force deleted
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
mysql 1/1 Running 0 20m## web-app.yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2024-01-05T13:13:46Z"
labels:
name: webapp-pod
name: webapp-pod
namespace: default
resourceVersion: "780"
uid: 0691854a-31b3-407b-ad10-cabe6cdd1c35
spec:
containers:
- image: kodekloud/simple-webapp-mysql
imagePullPolicy: Always
name: webapp
envFrom:
- secretRef:
name: db-secretcontrolplane ~ ➜ k apply -f web-app.yml
pod/webapp-pod created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
mysql 1/1 Running 0 24m
webapp-pod 1/1 Running 0 7s
controlplane ~ ➜ k exec -it webapp-pod -- printenv | grep DB
DB_Host=sql01
DB_Password=password123
DB_User=root -
What is the user used to execute the sleep process within the ubuntu-sleeper pod?
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
ubuntu-sleeper 1/1 Running 0 19sAnswer
controlplane ~ ➜ k exec -it ubuntu-sleeper -- whoami
root -
Edit the pod ubuntu-sleeper to run the sleep process with user ID 1010.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
ubuntu-sleeper 1/1 Running 0 19sAnswer
controlplane ~ ➜ k get po ubuntu-sleeper -o yaml > ubuntu-sleeper.yml
controlplane ~ ➜ k delete po ubuntu-sleeper $now
Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "ubuntu-sleeper" force deleted
controlplane ~ ➜ k get po
No resources found in default namespace.Modify the YAML file.
---
apiVersion: v1
kind: Pod
metadata:
name: ubuntu-sleeper
namespace: default
spec:
securityContext:
runAsUser: 1010
containers:
- command:
- sleep
- "4800"
image: ubuntu
name: ubuntu-sleepercontrolplane ~ ➜ k apply -f ubuntu-sleeper.yml
pod/ubuntu-sleeper created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
ubuntu-sleeper 1/1 Running 0 2s
controlplane ~ ➜ k exec -it ubuntu-sleeper -- whoami
whoami: cannot find name for user ID 1010
command terminated with exit code 1 -
A Pod definition file named multi-pod.yaml is given. With what user are the processes in the web container started?
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
ubuntu-sleeper 1/1 Running 0 58s
multi-pod 2/2 Running 0 7sAnswer
controlplane ~ ✖ k exec -it multi-pod -c web -- whoami
whoami: cannot find name for user ID 1002
command terminated with exit code 1 -
Create pod ubuntu-sleeper to run as Root user and with the SYS_TIME capability.
Answer
## ubuntu-sleeper.yaml
apiVersion: v1
kind: Pod
metadata:
name: ubuntu-sleeper
namespace: default
spec:
containers:
- command:
- sleep
- "4800"
image: ubuntu
imagePullPolicy: Always
name: ubuntu-sleeper
securityContext:
capabilities:
add: ["SYS_TIME"]
resources: {}controlplane ~ ➜ k apply -f ubuntu-sleeper.yml
pod/ubuntu-sleeper created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
multi-pod 2/2 Running 0 6m27s
ubuntu-sleeper 1/1 Running 0 3s -
The elephant pod is not running. Fix it.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
elephant 0/1 OOMKilled 1 (2s ago) 5sAnswer
The elephant pod runs a process that consumes 15Mi of memory. Increase the limit of the elephant pod to 20Mi.
controlplane ~ ➜ k get po elephant -o yaml >elephant.yml
controlplane ~ ➜ k delete po elephant $now
Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "elephant" force deleted
controlplane ~ ➜ k get po
No resources found in default namespace.apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2024-01-05T13:59:37Z"
name: elephant
namespace: default
resourceVersion: "796"
uid: 67ed2482-fcee-43be-a1b9-adb6b36448ff
spec:
containers:
- args:
- --vm
- "1"
- --vm-bytes
- 15M
- --vm-hang
- "1"
command:
- stress
image: polinux/stress
imagePullPolicy: Always
name: mem-stress
resources:
limits:
memory: 20Mi
requests:
memory: 5Micontrolplane ~ ➜ k apply -f elephant.yml
pod/elephant created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
elephant 1/1 Running 0 3s -
Inspect the Dashboard Application POD and identify the Service Account mounted on it.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
web-dashboard-97c9c59f6-p9gvc 1/1 Running 0 69sAnswer
controlplane ~ ➜ k get po -o yaml | grep -i service
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
enableServiceLinks: true
serviceAccount: default
serviceAccountName: default
- serviceAccountToken: -
Create a taint on node01 with key of spray, value of mortein and effect of NoSchedule.
controlplane ~ ➜ k get no
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 3m50s v1.27.0
node01 Ready <none> 3m18s v1.27.0Answer
controlplane ~ ➜ k taint node node01 spray=mortein:NoSchedule
node/node01 tainted
controlplane ~ ➜ k describe nodes node01 | grep -i taints
Taints: spray=mortein:NoSchedule -
Remove the taint on controlplane, which currently has the taint effect of NoSchedule
controlplane ~ ➜ k get no
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 8m59s v1.27.0
node01 Ready <none> 8m27s v1.27.0Answer
controlplane ~ ➜ k describe nodes controlplane | grep -i tain
kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.sock
Taints: node-role.kubernetes.io/control-plane:NoSchedule
Container Runtime Version: containerd://1.6.6
controlplane ~ ➜ k get no
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 8m59s v1.27.0
node01 Ready <none> 8m27s v1.27.0
controlplane ~ ➜ k taint node controlplane node-role.kubernetes.io/control-plane:NoSchedule-
node/controlplane untainted
controlplane ~ ➜ k describe nodes controlplane | grep -i tain
kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.sock
Taints: <none>
Container Runtime Version: containerd://1.6.6 -
What is the value set to the label key beta.kubernetes.io/arch on node01?
controlplane ~ ➜ k get nodes
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 3m v1.27.0
node01 Ready <none> 2m31s v1.27.0Answer
controlplane ~ ➜ k get nodes
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 3m v1.27.0
node01 Ready <none> 2m31s v1.27.0
controlplane ~ ➜ k get nodes node01 -o yaml
apiVersion: v1
kind: Node
metadata:
annotations:
flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"16:ff:13:00:fc:f2"}'
flannel.alpha.coreos.com/backend-type: vxlan
flannel.alpha.coreos.com/kube-subnet-manager: "true"
flannel.alpha.coreos.com/public-ip: 192.32.16.6
kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.sock
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2024-01-05T14:15:24Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/os: linux
kubernetes.io/arch: amd64
kubernetes.io/hostname: node01
kubernetes.io/os: linux -
Apply a label color=blue to node node01.
controlplane ~ ➜ k get no
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 4m2s v1.27.0
node01 Ready <none> 3m33s v1.27.0Answer
ontrolplane ~ ➜ k label nodes node01 color=blue
node/node01 labeled
controlplane ~ ➜ k get nodes node01 -o yaml
apiVersion: v1
kind: Node
metadata:
annotations:
flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"16:ff:13:00:fc:f2"}'
flannel.alpha.coreos.com/backend-type: vxlan
flannel.alpha.coreos.com/kube-subnet-manager: "true"
flannel.alpha.coreos.com/public-ip: 192.32.16.6
kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.sock
node.alpha.kubernetes.io/ttl: "0"
volumes.kubernetes.io/controller-managed-attach-detach: "true"
creationTimestamp: "2024-01-05T14:15:24Z"
labels:
beta.kubernetes.io/arch: amd64
beta.kubernetes.io/os: linux
color: blue
kubernetes.io/arch: amd64
kubernetes.io/hostname: node01
kubernetes.io/os: linux -
Set Node Affinity to the deployment to place the pods on node01 only.
controlplane ~ ➜ k get no
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 6m27s v1.27.0
node01 Ready <none> 5m58s v1.27.0
controlplane ~ ➜ k get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
blue 3/3 3 3 59sAnswer
controlplane ~ ➜ k get deployments.apps blue -o yaml > dep1.yml
controlplane ~ ➜ k delete -f dep1.yml
deployment.apps "blue" deletedModify the YAML file.
apiVersion: apps/v1
kind: Deployment
metadata:
annotations:
deployment.kubernetes.io/revision: "2"
creationTimestamp: "2024-01-05T14:20:26Z"
generation: 2
labels:
app: blue
name: blue
namespace: default
resourceVersion: "1394"
uid: 2df39c10-43d6-4a8d-bacb-2b440e90f166
spec:
progressDeadlineSeconds: 600
replicas: 3
revisionHistoryLimit: 10
selector:
matchLabels:
app: blue
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 25%
type: RollingUpdate
template:
metadata:
creationTimestamp: null
labels:
app: blue
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: color
operator: In
values:
- blue
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: Filecontrolplane ~ ➜ k apply -f dep1.yml
deployment.apps/blue created
controlplane ~ ➜ k get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
blue 2/3 3 2 4s
controlplane ~ ➜ k get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
blue-f69d4c887-46xgc 1/1 Running 0 8s 10.244.1.9 node01 <none> <none>
blue-f69d4c887-6qb8w 1/1 Running 0 8s 10.244.1.8 node01 <none> <none>
blue-f69d4c887-ktl6r 1/1 Running 0 8s 10.244.1.10 node01 <none> <none> -
Create a new deployment named red with the nginx image and 2 replicas, and ensure it gets placed on the controlplane node only.
Use the label key - node-role.kubernetes.io/control-plane - which is already set on the controlplane node.
-
NodeAffinity: requiredDuringSchedulingIgnoredDuringExecution
-
Key: node-role.kubernetes.io/control-plane
controlplane ~ ➜ k get no
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 17m v1.27.0
node01 Ready <none> 16m v1.27.0Answer
controlplane ~ ➜ k describe no controlplane
Name: controlplane
Roles: control-plane
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=controlplane
kubernetes.io/os=linux
node-role.kubernetes.io/control-plane=
node.kubernetes.io/exclude-from-external-load-balancers=
controlplane ~ ➜ k create deployment red --image nginx --replicas 2 $do > red.yml## red,yml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: red
name: red
spec:
replicas: 2
selector:
matchLabels:
app: red
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: red
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: node-role.kubernetes.io/control-plane
operator: Exists
containers:
- image: nginx
name: nginx
resources: {}
status: {}controlplane ~ ➜ k apply -f red.yml
deployment.apps/red created
controlplane ~ ➜ k get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
blue 3/3 3 3 10m
red 2/2 2 2 20s -