Configuration
Some of the scenario questions here are based on Kodekloud's CKAD course labs.
CKAD and CKA can have similar scenario questions. It is recommended to go through the CKA practice tests.
Shortcuts
First run the two commands below for shortcuts.
export do="--dry-run=client -o yaml"
export now="--force --grace-period=0"
Questions
-
Create a pod with the ubuntu image to run a container to sleep for 5000 seconds.
Answer
## ubuntu-sleeper-2.ymlapiVersion: v1kind: Podmetadata:name: ubuntu-sleeper-2spec:containers:- name: ubuntuimage: ubuntucommand:- sleep- "5000"controlplane ~ ➜ k apply -f ubuntu-sleeper-2.yamlpod/ubuntu-sleeper-2 createdcontrolplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEubuntu-sleeper 1/1 Running 0 86subuntu-sleeper-2 1/1 Running 0 7s -
Inspect the file Dockerfile2 given at /root/webapp-color directory. What command is run at container startup?
FROM python:3.6-alpineRUN pip install flaskCOPY . /opt/EXPOSE 8080WORKDIR /optENTRYPOINT ["python", "app.py"]CMD ["--color", "red"]Answer
oython app.py --color red -
Inspect the two files under directory webapp-color-2. What command is run at container startup?
controlplane ~ ➜ ls -l webapp-color-2/total 8-rw-r--r-- 1 root root 144 Jan 5 12:34 Dockerfile-rw-rw-rw- 1 root root 205 Dec 13 10:39 webapp-color-pod.yamlcontrolplane ~ ➜ cat webapp-color-2/DockerfileFROM python:3.6-alpineRUN pip install flaskCOPY . /opt/EXPOSE 8080WORKDIR /optENTRYPOINT ["python", "app.py"]CMD ["--color", "red"]controlplane ~ ➜ cat webapp-color-2/webapp-color-pod.yamlapiVersion: v1kind: Podmetadata:name: webapp-greenlabels:name: webapp-greenspec:containers:- name: simple-webappimage: kodekloud/webapp-colorcommand: ["--color","green"]Answer
--color green -
Create a pod with the given specifications. By default it displays a blue background. Set the given command line arguments to change it to green.
Answer
controlplane ~ ➜ k run webapp-green --image kodekloud/webapp-color --dry-run=client -o yamlapiVersion: v1kind: Podmetadata:creationTimestamp: nulllabels:run: webapp-greenname: webapp-greenspec:containers:- image: kodekloud/webapp-colorname: webapp-greenresources: {}dnsPolicy: ClusterFirstrestartPolicy: Alwaysstatus: {}controlplane ~ ➜ k run webapp-green --image kodekloud/webapp-color --dry-run=client -o yaml > webapp-green.ymlModify the YAML file.
apiVersion: v1kind: Podmetadata:creationTimestamp: nulllabels:run: webapp-greenname: webapp-greenspec:containers:- image: kodekloud/webapp-colorname: webapp-greenresources: {}args: ["--color","green"]dnsPolicy: ClusterFirstrestartPolicy: Alwaysstatus: {}controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEubuntu-sleeper 1/1 Running 0 9m28subuntu-sleeper-2 1/1 Running 0 8m9subuntu-sleeper-3 1/1 Running 0 5m52swebapp-green 1/1 Running 0 14s -
What is the environment variable name set on the container in the pod?
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEwebapp-color 1/1 Running 0 6sAnswer
controlplane ~ ➜ k get po webapp-color -o yamlapiVersion: v1kind: Podmetadata:creationTimestamp: "2024-01-05T12:46:37Z"labels:name: webapp-colorname: webapp-colornamespace: defaultresourceVersion: "727"uid: 575e946a-f8e7-4a45-81af-be9e1e168b8cspec:containers:- env:- name: APP_COLORvalue: pink -
Identify the database host from the config map db-config.
controlplane ~ ➜ k get cmNAME DATA AGEkube-root-ca.crt 1 6m51sdb-config 3 5sAnswer
controlplane ~ ➜ k describe cm db-configName: db-configNamespace: defaultLabels: <none>Annotations: <none>Data====DB_HOST:----SQL01.example.comDB_NAME:----SQL01DB_PORT:----3306BinaryData====Events: <none> -
Create a new ConfigMap for the webapp-color POD. Use the spec given below.
-
ConfigMap Name: webapp-config-map
-
Data: APP_COLOR=darkblue
-
Data: APP_OTHER=disregard
Answer
controlplane ~ ➜ k create cm webapp-config-map $doapiVersion: v1kind: ConfigMapmetadata:creationTimestamp: nullname: webapp-config-mapcontrolplane ~ ➜ k create cm webapp-config-map $do > webapp-color-cm.ymlModify the YAML file.
apiVersion: v1kind: ConfigMapmetadata:creationTimestamp: nullname: webapp-config-mapdata:APP_COLOR: "darkblue"APP_OTHER: "disregard"controlplane ~ ➜ k apply -f webapp-color-cm.ymlconfigmap/webapp-config-map createdcontrolplane ~ ➜ k get cmNAME DATA AGEkube-root-ca.crt 1 15mdb-config 3 8m42swebapp-config-map 2 3scontrolplane ~ ➜ k describe cm webapp-config-mapName: webapp-config-mapNamespace: defaultLabels: <none>Annotations: <none>Data====APP_COLOR:----darkblueAPP_OTHER:----disregardBinaryData====Events: <none> -
-
Update the environment variable on the POD to use only the APP_COLOR key from the newly created ConfigMap.
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEwebapp-color 1/1 Running 0 10mcontrolplane ~ ➜ k get cmNAME DATA AGEkube-root-ca.crt 1 16mdb-config 3 10mwebapp-config-map 2 92scontrolplane ~ ➜ k describe cm webapp-config-mapName: webapp-config-mapNamespace: defaultLabels: <none>Annotations: <none>Data====APP_COLOR:----darkblueAPP_OTHER:----disregardBinaryData====Events: <none>Answer
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEwebapp-color 1/1 Running 0 11mcontrolplane ~ ➜ k get po webapp-color -o yaml > webcolor.ymlcontrolplane ~ ➜ k delete po webapp-color $nowWarning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.pod "webapp-color" force deletedcontrolplane ~ ➜ k get poNo resources found in default namespace.apiVersion: v1kind: Podmetadata:labels:name: webapp-colorname: webapp-colornamespace: defaultspec:containers:- env:- name: APP_COLORvalue: greenimage: kodekloud/webapp-colorenv:- name: APP_COLORvalueFrom:configMapKeyRef:name: webapp-config-mapkey: APP_COLORimagePullPolicy: Alwaysname: webapp-colorresources: {}volumeMounts:- mountPath: /var/run/secrets/kubernetes.io/serviceaccountname: kube-api-access-9ggzhreadOnly: truecontrolplane ~ ➜ k apply -f webcolor.ymlpod/webapp-color createdcontrolplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEwebapp-color 1/1 Running 0 2s -
What type is secret dashboard-token?
controlplane ~ ➜ k get secretsNAME TYPE DATA AGEdashboard-token kubernetes.io/service-account-token 3 16sAnswer
controlplane ~ ➜ k describe secrets dashboard-tokenName: dashboard-tokenNamespace: defaultLabels: <none>Annotations: kubernetes.io/service-account.name: dashboard-sakubernetes.io/service-account.uid: 4c24689d-326b-4273-8955-5168cd3e2031Type: kubernetes.io/service-account-token -
Create a new secret named db-secret with the data given below.
- DB_Host=sql01
- DB_User=root
- DB_Password=password123
Configure webapp-pod to load environment variables from the newly created secret.
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEwebapp-pod 1/1 Running 0 26smysql 1/1 Running 0 26scontrolplane ~ ➜ k get svcNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGEkubernetes ClusterIP 10.43.0.1 <none> 443/TCP 8m56swebapp-service NodePort 10.43.24.106 <none> 8080:30080/TCP 29ssql01 ClusterIP 10.43.130.206 <none> 3306/TCP 29sAnswer
controlplane ~ ➜ k create secret generic db-secret \> --from-literal=DB_Host=sql01 \> --from-literal=DB_User=root \> --from-literal=DB_Password=password123secret/db-secret createdcontrolplane ~ ➜ k get secretsNAME TYPE DATA AGEdashboard-token kubernetes.io/service-account-token 3 20mdb-secret Opaque 3 5scontrolplane ~ ➜ k describe secrets db-secretName: db-secretNamespace: defaultLabels: <none>Annotations: <none>Type: OpaqueData====DB_Host: 5 bytesDB_Password: 11 bytesDB_User: 4 bytesNext, configure webapp pod.
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEwebapp-pod 1/1 Running 0 19mmysql 1/1 Running 0 19mcontrolplane ~ ➜ k get po webapp-pod -o yaml > web-app.ymlcontrolplane ~ ➜ k delete po webapp-pod $nowWarning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.pod "webapp-pod" force deletedcontrolplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEmysql 1/1 Running 0 20m## web-app.ymlapiVersion: v1kind: Podmetadata:creationTimestamp: "2024-01-05T13:13:46Z"labels:name: webapp-podname: webapp-podnamespace: defaultresourceVersion: "780"uid: 0691854a-31b3-407b-ad10-cabe6cdd1c35spec:containers:- image: kodekloud/simple-webapp-mysqlimagePullPolicy: Alwaysname: webappenvFrom:- secretRef:name: db-secretcontrolplane ~ ➜ k apply -f web-app.ymlpod/webapp-pod createdcontrolplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEmysql 1/1 Running 0 24mwebapp-pod 1/1 Running 0 7scontrolplane ~ ➜ k exec -it webapp-pod -- printenv | grep DBDB_Host=sql01DB_Password=password123DB_User=root -
What is the user used to execute the sleep process within the ubuntu-sleeper pod?
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEubuntu-sleeper 1/1 Running 0 19sAnswer
controlplane ~ ➜ k exec -it ubuntu-sleeper -- whoamiroot -
Edit the pod ubuntu-sleeper to run the sleep process with user ID 1010.
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEubuntu-sleeper 1/1 Running 0 19sAnswer
controlplane ~ ➜ k get po ubuntu-sleeper -o yaml > ubuntu-sleeper.ymlcontrolplane ~ ➜ k delete po ubuntu-sleeper $nowWarning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.pod "ubuntu-sleeper" force deletedcontrolplane ~ ➜ k get poNo resources found in default namespace.Modify the YAML file.
---apiVersion: v1kind: Podmetadata:name: ubuntu-sleepernamespace: defaultspec:securityContext:runAsUser: 1010containers:- command:- sleep- "4800"image: ubuntuname: ubuntu-sleepercontrolplane ~ ➜ k apply -f ubuntu-sleeper.ymlpod/ubuntu-sleeper createdcontrolplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEubuntu-sleeper 1/1 Running 0 2scontrolplane ~ ➜ k exec -it ubuntu-sleeper -- whoamiwhoami: cannot find name for user ID 1010command terminated with exit code 1 -
A Pod definition file named multi-pod.yaml is given. With what user are the processes in the web container started?
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEubuntu-sleeper 1/1 Running 0 58smulti-pod 2/2 Running 0 7sAnswer
controlplane ~ ✖ k exec -it multi-pod -c web -- whoamiwhoami: cannot find name for user ID 1002command terminated with exit code 1 -
Create pod ubuntu-sleeper to run as Root user and with the SYS_TIME capability.
Answer
## ubuntu-sleeper.yamlapiVersion: v1kind: Podmetadata:name: ubuntu-sleepernamespace: defaultspec:containers:- command:- sleep- "4800"image: ubuntuimagePullPolicy: Alwaysname: ubuntu-sleepersecurityContext:capabilities:add: ["SYS_TIME"]resources: {}controlplane ~ ➜ k apply -f ubuntu-sleeper.ymlpod/ubuntu-sleeper createdcontrolplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEmulti-pod 2/2 Running 0 6m27subuntu-sleeper 1/1 Running 0 3s -
The elephant pod is not running. Fix it.
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEelephant 0/1 OOMKilled 1 (2s ago) 5sAnswer
The elephant pod runs a process that consumes 15Mi of memory. Increase the limit of the elephant pod to 20Mi.
controlplane ~ ➜ k get po elephant -o yaml >elephant.ymlcontrolplane ~ ➜ k delete po elephant $nowWarning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.pod "elephant" force deletedcontrolplane ~ ➜ k get poNo resources found in default namespace.apiVersion: v1kind: Podmetadata:creationTimestamp: "2024-01-05T13:59:37Z"name: elephantnamespace: defaultresourceVersion: "796"uid: 67ed2482-fcee-43be-a1b9-adb6b36448ffspec:containers:- args:- --vm- "1"- --vm-bytes- 15M- --vm-hang- "1"command:- stressimage: polinux/stressimagePullPolicy: Alwaysname: mem-stressresources:limits:memory: 20Mirequests:memory: 5Micontrolplane ~ ➜ k apply -f elephant.ymlpod/elephant createdcontrolplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEelephant 1/1 Running 0 3s -
Inspect the Dashboard Application POD and identify the Service Account mounted on it.
controlplane ~ ➜ k get poNAME READY STATUS RESTARTS AGEweb-dashboard-97c9c59f6-p9gvc 1/1 Running 0 69sAnswer
controlplane ~ ➜ k get po -o yaml | grep -i service- mountPath: /var/run/secrets/kubernetes.io/serviceaccountenableServiceLinks: trueserviceAccount: defaultserviceAccountName: default- serviceAccountToken: -
Create a taint on node01 with key of spray, value of mortein and effect of NoSchedule.
controlplane ~ ➜ k get noNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 3m50s v1.27.0node01 Ready <none> 3m18s v1.27.0Answer
controlplane ~ ➜ k taint node node01 spray=mortein:NoSchedulenode/node01 taintedcontrolplane ~ ➜ k describe nodes node01 | grep -i taintsTaints: spray=mortein:NoSchedule -
Remove the taint on controlplane, which currently has the taint effect of NoSchedule
controlplane ~ ➜ k get noNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 8m59s v1.27.0node01 Ready <none> 8m27s v1.27.0Answer
controlplane ~ ➜ k describe nodes controlplane | grep -i tainkubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.sockTaints: node-role.kubernetes.io/control-plane:NoScheduleContainer Runtime Version: containerd://1.6.6controlplane ~ ➜ k get noNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 8m59s v1.27.0node01 Ready <none> 8m27s v1.27.0controlplane ~ ➜ k taint node controlplane node-role.kubernetes.io/control-plane:NoSchedule-node/controlplane untaintedcontrolplane ~ ➜ k describe nodes controlplane | grep -i tainkubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.sockTaints: <none>Container Runtime Version: containerd://1.6.6 -
What is the value set to the label key beta.kubernetes.io/arch on node01?
controlplane ~ ➜ k get nodesNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 3m v1.27.0node01 Ready <none> 2m31s v1.27.0Answer
controlplane ~ ➜ k get nodesNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 3m v1.27.0node01 Ready <none> 2m31s v1.27.0controlplane ~ ➜ k get nodes node01 -o yamlapiVersion: v1kind: Nodemetadata:annotations:flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"16:ff:13:00:fc:f2"}'flannel.alpha.coreos.com/backend-type: vxlanflannel.alpha.coreos.com/kube-subnet-manager: "true"flannel.alpha.coreos.com/public-ip: 192.32.16.6kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.socknode.alpha.kubernetes.io/ttl: "0"volumes.kubernetes.io/controller-managed-attach-detach: "true"creationTimestamp: "2024-01-05T14:15:24Z"labels:beta.kubernetes.io/arch: amd64beta.kubernetes.io/os: linuxkubernetes.io/arch: amd64kubernetes.io/hostname: node01kubernetes.io/os: linux -
Apply a label color=blue to node node01.
controlplane ~ ➜ k get noNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 4m2s v1.27.0node01 Ready <none> 3m33s v1.27.0Answer
ontrolplane ~ ➜ k label nodes node01 color=bluenode/node01 labeledcontrolplane ~ ➜ k get nodes node01 -o yamlapiVersion: v1kind: Nodemetadata:annotations:flannel.alpha.coreos.com/backend-data: '{"VNI":1,"VtepMAC":"16:ff:13:00:fc:f2"}'flannel.alpha.coreos.com/backend-type: vxlanflannel.alpha.coreos.com/kube-subnet-manager: "true"flannel.alpha.coreos.com/public-ip: 192.32.16.6kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/containerd/containerd.socknode.alpha.kubernetes.io/ttl: "0"volumes.kubernetes.io/controller-managed-attach-detach: "true"creationTimestamp: "2024-01-05T14:15:24Z"labels:beta.kubernetes.io/arch: amd64beta.kubernetes.io/os: linuxcolor: bluekubernetes.io/arch: amd64kubernetes.io/hostname: node01kubernetes.io/os: linux -
Set Node Affinity to the deployment to place the pods on node01 only.
controlplane ~ ➜ k get noNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 6m27s v1.27.0node01 Ready <none> 5m58s v1.27.0controlplane ~ ➜ k get deployments.appsNAME READY UP-TO-DATE AVAILABLE AGEblue 3/3 3 3 59sAnswer
controlplane ~ ➜ k get deployments.apps blue -o yaml > dep1.ymlcontrolplane ~ ➜ k delete -f dep1.ymldeployment.apps "blue" deletedModify the YAML file.
apiVersion: apps/v1kind: Deploymentmetadata:annotations:deployment.kubernetes.io/revision: "2"creationTimestamp: "2024-01-05T14:20:26Z"generation: 2labels:app: bluename: bluenamespace: defaultresourceVersion: "1394"uid: 2df39c10-43d6-4a8d-bacb-2b440e90f166spec:progressDeadlineSeconds: 600replicas: 3revisionHistoryLimit: 10selector:matchLabels:app: bluestrategy:rollingUpdate:maxSurge: 25%maxUnavailable: 25%type: RollingUpdatetemplate:metadata:creationTimestamp: nulllabels:app: bluespec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: coloroperator: Invalues:- bluecontainers:- image: nginximagePullPolicy: Alwaysname: nginxresources: {}terminationMessagePath: /dev/termination-logterminationMessagePolicy: Filecontrolplane ~ ➜ k apply -f dep1.ymldeployment.apps/blue createdcontrolplane ~ ➜ k get deployments.appsNAME READY UP-TO-DATE AVAILABLE AGEblue 2/3 3 2 4scontrolplane ~ ➜ k get po -o wideNAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATESblue-f69d4c887-46xgc 1/1 Running 0 8s 10.244.1.9 node01 <none> <none>blue-f69d4c887-6qb8w 1/1 Running 0 8s 10.244.1.8 node01 <none> <none>blue-f69d4c887-ktl6r 1/1 Running 0 8s 10.244.1.10 node01 <none> <none> -
Create a new deployment named red with the nginx image and 2 replicas, and ensure it gets placed on the controlplane node only.
Use the label key - node-role.kubernetes.io/control-plane - which is already set on the controlplane node.
-
NodeAffinity: requiredDuringSchedulingIgnoredDuringExecution
-
Key: node-role.kubernetes.io/control-plane
controlplane ~ ➜ k get noNAME STATUS ROLES AGE VERSIONcontrolplane Ready control-plane 17m v1.27.0node01 Ready <none> 16m v1.27.0Answer
controlplane ~ ➜ k describe no controlplaneName: controlplaneRoles: control-planeLabels: beta.kubernetes.io/arch=amd64beta.kubernetes.io/os=linuxkubernetes.io/arch=amd64kubernetes.io/hostname=controlplanekubernetes.io/os=linuxnode-role.kubernetes.io/control-plane=node.kubernetes.io/exclude-from-external-load-balancers=controlplane ~ ➜ k create deployment red --image nginx --replicas 2 $do > red.yml## red,ymlapiVersion: apps/v1kind: Deploymentmetadata:creationTimestamp: nulllabels:app: redname: redspec:replicas: 2selector:matchLabels:app: redstrategy: {}template:metadata:creationTimestamp: nulllabels:app: redspec:affinity:nodeAffinity:requiredDuringSchedulingIgnoredDuringExecution:nodeSelectorTerms:- matchExpressions:- key: node-role.kubernetes.io/control-planeoperator: Existscontainers:- image: nginxname: nginxresources: {}status: {}controlplane ~ ➜ k apply -f red.ymldeployment.apps/red createdcontrolplane ~ ➜ k get deployments.appsNAME READY UP-TO-DATE AVAILABLE AGEblue 3/3 3 3 10mred 2/2 2 2 20s -