Mock Exams
Some of the scenario questions here are based on Kodekloud's CKAD course labs.
CKAD and CKA can have similar scenario questions. It is recommended to go through the CKA practice tests.
Shortcuts
First run the two commands below for shortcuts.
export do="--dry-run=client -o yaml"
export now="--force --grace-period=0"
Questions
-
Create a Persistent Volume called log-volume. It should make use of a storage class name manual. It should use RWX as the access mode and have a size of 1Gi. The volume should use the hostPath /opt/volume/nginx
Next, create a PVC called log-claim requesting a minimum of 200Mi of storage. This PVC should bind to log-volume.
Mount this in a pod called logger at the location /var/www/nginx. This pod should use the image nginx:alpine.
Answer
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
webapp-color 1/1 Running 0 75s
controlplane ~ ➜ k get sc
NAME PROVISIONER RECLAIMPOLICY VOLUMEBINDINGMODE ALLOWVOLUMEEXPANSION AGE
manual kubernetes.io/no-provisioner Delete Immediate false 77s
controlplane ~ ➜ k get pv
No resources found
controlplane ~ ➜ k get pvc
No resources found in default namespace.## pv.yml
apiVersion: v1
kind: PersistentVolume
metadata:
name: log-volume
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadWriteMany
storageClassName: manual
hostPath:
path: /opt/volume/nginx## pvc.yml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: log-claim
spec:
accessModes:
- ReadWriteMany
volumeMode: Filesystem
resources:
requests:
storage: 200Mi
storageClassName: manual## nginx.yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: logger
name: logger
spec:
containers:
- image: nginx:alpine
name: logger
resources: {}
volumeMounts:
- mountPath: /var/www/nginx
name: log-volume
readOnly: true
volumes:
- name: log-volume
emptyDir: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}controlplane ~ ➜ ls -l
total 12
-rw-r--r-- 1 root root 385 Jan 6 03:06 nginx.yml
-rw-r--r-- 1 root root 212 Jan 6 03:01 pvc.yml
-rw-r--r-- 1 root root 231 Jan 6 03:04 pv.yml
controlplane ~ ➜ k apply -f .
pod/logger created
persistentvolume/log-volume created
persistentvolumeclaim/log-claim createdcontrolplane ~ ➜ k get pv
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
log-volume 1Gi RWX Retain Bound default/log-claim manual 4s
controlplane ~ ➜ k get pvc
NAME STATUS VOLUME CAPACITY ACCESS MODES STORAGECLASS AGE
log-claim Bound log-volume 1Gi RWX manual 7s
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
logger 1/1 Running 0 10s
webapp-color 1/1 Running 0 14m
controlplane ~ ➜ k describe po logger | grep -A 10 Volumes:
Volumes:
log-volume:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset> -
We have deployed a new pod called secure-pod and a service called secure-service. Incoming or Outgoing connections to this pod are not working. Troubleshoot why this is happening.
-
Make sure that incoming connection from the pod webapp-color are successful.
-
Important: Don't delete any current objects deployed.
-
Create the necessary networking policy.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
logger 1/1 Running 0 27m
nginx-deploy-dcbd487f9-47592 1/1 Running 0 9m22s
nginx-deploy-dcbd487f9-9r8tc 1/1 Running 0 9m25s
nginx-deploy-dcbd487f9-r6tqp 1/1 Running 0 9m25s
nginx-deploy-dcbd487f9-srmtx 1/1 Running 0 9m25s
redis-77c4ffc68c-n4ndn 1/1 Running 0 3m52s
secure-pod 1/1 Running 0 25m
webapp-color 1/1 Running 0 32m
controlplane ~ ➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 112m
secure-service ClusterIP 10.101.166.125 <none> 80/TCP 25mAnswer
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-ingress
namespace: default
spec:
podSelector:
matchLabels:
run: secure-pod
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
name: webapp-color
ports:
- protocol: TCP
port: 80controlplane ~ ✦ ➜ k apply -f netpol.yml
networkpolicy.networking.k8s.io/test-network-policy created
controlplane ~ ✦ ➜ k get netpol
NAME POD-SELECTOR AGE
allow-ingress run=secure-pod 2m39s
default-deny <none> 33m
controlplane ~ ➜ k exec -it webapp-color -- nc -v -z secure-service 80
secure-service (10.100.140.194:80) open -
-
Create a pod called time-check in the dvl1987 namespace. This pod should run a container called time-check that uses the busybox image.
-
Create a config map called time-config with the data TIME_FREQ=10 in the same namespace.
-
The time-check container should run the command: while true; do date; sleep $TIME_FREQ;done and write the result to the location /opt/time/time-check.log.
-
The path /opt/time on the pod should mount a volume that lasts the lifetime of this pod.
Answer
controlplane ~ ✦ ➜ k create ns dvl1987
namespace/dvl1987 created
controlplane ~ ✦ ➜ k get ns
NAME STATUS AGE
default Active 139m
dvl1987 Active 4s
e-commerce Active 58m
kube-node-lease Active 139m
kube-public Active 139m
kube-system Active 139m
marketing Active 58m## time-check-cm.yml
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: time-config
namespace: dvl1987
data:
TIME_FREQ: "10"## time-check.yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: time-check
name: time-check
namespace: dvl1987
spec:
containers:
- image: busybox
name: time-check
resources: {}
command: ["sh","-c"]
args: ["while true; do date; sleep $TIME_FREQ;done > /opt/time/time-check.log"]
env:
- name: TIME_FREQ
valueFrom:
configMapKeyRef:
name: time-config
key: TIME_FREQ
volumeMounts:
- name: vol
mountPath: /opt/time
volumes:
- name: vol
emptyDir: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}controlplane ~ ✦2 ➜ ls -l
total 20
-rw-r--r-- 1 root root 132 Jan 6 03:20 time-check-cm.yml
-rw-r--r-- 1 root root 630 Jan 6 03:22 time-check.yml
controlplane ~ ✦2 ➜ k apply -f time-check-cm.yml
configmap/time-config created
controlplane ~ ✦3 ➜ k apply -f time-check.yml
pod/time-check created
controlplane ~ ✦3 ➜ k get -n dvl1987 cm
NAME DATA AGE
kube-root-ca.crt 1 4m59s
time-config 1 111s
controlplane ~ ➜ k describe -n dvl1987 po time-check | grep -A 10 Environment
Environment:
TIME_FREQ: <set to the key 'TIME_FREQ' of config map 'time-config'> Optional: false
controlplane ~ ➜ k describe -n dvl1987 po time-check | grep -A 10 Volumes:
Volumes:
vol:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset> -
-
Create a new deployment called nginx-deploy, with one single container called nginx, image nginx:1.16 and 4 replicas.
-
The deployment should use RollingUpdate strategy with maxSurge=1, and maxUnavailable=2.
-
Next upgrade the deployment to version 1.17.
-
Finally, once all pods are updated, undo the update and go back to the previous version.
Answer
## nginx-deploy.yml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx-deploy
name: nginx-deploy
spec:
replicas: 4
selector:
matchLabels:
app: nginx-deploy
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 2
maxSurge: 1
template:
metadata:
creationTimestamp: null
labels:
app: nginx-deploy
spec:
containers:
- image: nginx:1.16
name: nginx
resources: {}
status: {}controlplane ~ ➜ k apply -f nginx-deploy.yml
deployment.apps/nginx-deploy created
controlplane ~ ➜ k get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-deploy 4/4 4 4 30sNow upgrade the image:
controlplane ~ ✦ ➜ k edit deployments.apps nginx-deploy
deployment.apps/nginx-deploy editedspec:
containers:
- image: nginx:1.17controlplane ~ ✦ ➜ k describe deployments.apps nginx-deploy | grep -i image
Image: nginx:1.17controlplane ~ ✦ ➜ k rollout undo deployment nginx-deploy
deployment.apps/nginx-deploy rolled back
controlplane ~ ✦ ➜ k describe deployments.apps nginx-deploy | grep -i image
Image: nginx:1.16 -
-
Create a redis deployment with the following parameters:
-
Name of the deployment should be redis using the redis:alpine image. It should have exactly 1 replica.
-
The container should request for .2 CPU. It should use the label app=redis.
It should mount exactly 2 volumes.
-
An Empty directory volume called data at path /redis-master-data.
-
A configmap volume called redis-config at path /redis-master.
-
The container should expose the port 6379.
The configmap has already been created.
controlplane ~ ➜ k get cm
NAME DATA AGE
kube-root-ca.crt 1 128m
redis-config 1 7m10s
controlplane ~ ➜ k get cm redis-config -o yaml
apiVersion: v1
data:
redis-config: |
maxmemory 2mb
maxmemory-policy allkeys-lru
kind: ConfigMap
metadata:
creationTimestamp: "2024-01-06T08:32:05Z"
name: redis-config
namespace: default
resourceVersion: "10206"
uid: a378978a-d271-46dc-89e4-ea8d22551471Answer
## redis.yml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: redis
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: redis
spec:
containers:
- image: redis:alpine
name: redis
resources:
limits:
cpu: "1"
requests:
cpu: "0.2"
ports:
- containerPort: 6379
volumeMounts:
- name: data
mountPath: /redis-master-data
- name: redis-config
mountPath: /redis-master
volumes:
- name: data
emptyDir: {}
- name: redis-config
configMap:
name: redis-config
status: {}controlplane ~ ✦ ➜ k get po
NAME READY STATUS RESTARTS AGE
logger 1/1 Running 0 24m
nginx-deploy-dcbd487f9-47592 1/1 Running 0 6m16s
nginx-deploy-dcbd487f9-9r8tc 1/1 Running 0 6m19s
nginx-deploy-dcbd487f9-r6tqp 1/1 Running 0 6m19s
nginx-deploy-dcbd487f9-srmtx 1/1 Running 0 6m19s
redis-77c4ffc68c-n4ndn 1/1 Running 0 46s
secure-pod 1/1 Running 0 22m
webapp-color 1/1 Running 0 29m
controlplane ~ ✦ ➜ k describe po redis-77c4ffc68c-n4ndn | grep -A 10 Mounts:
Mounts:
/redis-master from redis-config (rw)
/redis-master-data from data (rw)
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-csrv6 (ro)
controlplane ~ ➜ k describe po redis-77c4ffc68c-n4ndn | grep -A 10 Volumes
Volumes:
data:
Type: EmptyDir (a temporary directory that shares a pod's lifetime)
Medium:
SizeLimit: <unset>
redis-config:
Type: ConfigMap (a volume populated by a ConfigMap)
Name: redis-config
Optional: false
kube-api-access-csrv6:
Type: Projected (a volume that contains injected data from multiple sources) -
-
We have deployed a few pods in this cluster in various namespaces. Inspect them and identify the pod which is not in a Ready state. Troubleshoot and fix the issue.
Next, add a check to restart the container on the same pod if the command ls /var/www/html/file_check fails. This check should start after a delay of 10 seconds and run every 60 seconds.
controlplane ~ ➜ k get po -n dev1401
NAME READY STATUS RESTARTS AGE
nginx1401 0/1 Running 0 30m
pod-kab87 1/1 Running 0 30mAnswer
controlplane ~ ➜ k get -n dev1401 po nginx1401 -o yaml > nginx1401.yml
controlplane ~ ✖ k delete po -n dev1401 nginx1401 $now
Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "nginx1401" force deleted
controlplane ~ ➜ k get po -n dev1401
NAME READY STATUS RESTARTS AGE
pod-kab87 1/1 Running 0 36m## nginx1401.yml
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx1401
namespace: dev1401
spec:
containers:
- image: kodekloud/nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 9080
protocol: TCP
readinessProbe:
httpGet:
path: /
port: 9080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
livenessProbe:
exec:
command:
- ls
- /var/www/html/file_check
initialDelaySeconds: 10
periodSeconds: 60controlplane ~ ➜ k apply -f nginx1401.yml
pod/nginx1401 created
controlplane ~ ➜ k get po -n dev1401
NAME READY STATUS RESTARTS AGE
nginx1401 1/1 Running 0 21s
pod-kab87 1/1 Running 0 36m -
Create a cronjob called dice that runs every one minute. Use the Pod template located at /root/throw-a-dice. The image throw-dice randomly returns a value between 1 and 6. The result of 6 is considered success and all others are failure.
-
The job should be non-parallel and complete the task once. Use a backoffLimit of 25.
-
If the task is not completed within 20 seconds the job should fail and pods should be terminated.
Answer
## cron-dice.yml
apiVersion: batch/v1
kind: CronJob
metadata:
name: dice
spec:
schedule: "1 * * * *"
jobTemplate:
spec:
backoffLimit: 25
activeDeadlineSeconds: 20
template:
spec:
containers:
- name: dice
image: throw-dice
imagePullPolicy: IfNotPresent
restartPolicy: Nevercontrolplane ~ ➜ k apply -f cron-dice.yml
cronjob.batch/dice created
controlplane ~ ➜ k get cj
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
dice 1 * * * * False 0 <none> 13s -
-
Create a pod called my-busybox in the dev2406 namespace using the busybox image. The container should be called secret and should sleep for 3600 seconds.
-
The container should mount a read-only secret volume called secret-volume at the path /etc/secret-volume.
-
The secret being mounted has already been created for you and is called dotfile-secret.
-
Make sure that the pod is scheduled on controlplane and no other node in the cluster.
Answer
Check the labels of the controlplane first. We'll use this label as nodeSelector for the pod.
controlplane ~ ➜ k get no controlplane --show-labels
NAME STATUS ROLES AGE VERSION LABELS
controlplane Ready control-plane 29m v1.27.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=controlplane,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=## my-busybox.yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: my-busybox
name: my-busybox
namespace: dev2406
spec:
nodeSelector:
kubernetes.io/hostname: controlplane
containers:
- image: busybox
name: secret
resources: {}
command:
- sleep
- "3600"
volumeMounts:
- name: secret-volume
mountPath: /etc/secret-volume
readOnly: true
volumes:
- name: secret-volume
secret:
secretName: dotfile-secret
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}controlplane ~ ➜ k apply -f my-busybox.yml
pod/my-busybox created
controlplane ~ ➜ k get -n dev2406 po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
my-busybox 1/1 Running 0 18s 10.244.0.5 controlplane <none> <none>
nginx2406 1/1 Running 0 21m 10.244.192.3 node01 <none> <none>
pod-var2016 1/1 Running 0 21m 10.244.192.5 node01 <none> <none> -
-
Create a single ingress resource called ingress-vh-routing. The resource should route HTTP traffic to multiple hostnames as specified below:
-
The service video-service should be accessible on http://watch.ecom-store.com:30093/video
-
The service apparels-service should be accessible on http://apparels.ecom-store.com:30093/wear
-
Here 30093 is the port used by the Ingress Controller
controlplane ~ ➜ k get po | grep web
webapp-apparels-56b6df9d5f-nrps8 1/1 Running 0 3m32s
webapp-color 1/1 Running 0 25m
webapp-video-55fcd88897-ljnpg 1/1 Running 0 3m32s
controlplane ~ ➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apparels-service ClusterIP 10.98.253.224 <none> 8080/TCP 3m35s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 37m
video-service ClusterIP 10.104.57.104 <none> 8080/TCP 3m35sAnswer
There is a trick here, specifically on the port used. The port 30093 is the port used by the Ingress Controller, but we should not specify it in the Ingress resource. Instead, we use the port specified in the service, which is 8080.
controlplane ~ ➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apparels-service ClusterIP 10.99.206.59 <none> 8080/TCP 9m14s
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 41m
video-service ClusterIP 10.107.72.29 <none> 8080/TCP 9m14sThe port numbers specified in the YAML file represent the target ports of the backend services, not the port used by the Ingress Controller itself.
-
If the services (video-service and apparels-service) are running on port 8080 within Kubernetes cluster, then we should keep the port field as number: 8080.
-
The port field under each backend service does not refer to the external port used by the Ingress Controller.
-
The external port (the one accessed from outside the cluster) is determined by the configuration of the Ingress Controller.
Create the YAML file.
## ingress-vh-routing.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-vh-routing
spec:
rules:
- host: "watch.ecom-store.com"
http:
paths:
- pathType: Prefix
path: "/video"
backend:
service:
name: video-service
port:
number: 8080
- host: "apparels.ecom-store.com"
http:
paths:
- pathType: Prefix
path: "/wear"
backend:
service:
name: apparels-service
port:
number: 8080controlplane ~ ➜ k apply -f ingress-vh-routing.yml
ingress.networking.k8s.io/ingress-vh-routing created
controlplane ~ ➜ k get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-vh-routing <none> watch.ecom-store.com,apparels.ecom-store.com 80 6s
controlplane ~ ➜ k describe ingress ingress-vh-routing
Name: ingress-vh-routing
Labels: <none>
Namespace: default
Address:
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
watch.ecom-store.com
/video video-service:8080 (10.244.192.13:8080)
apparels.ecom-store.com
/wear apparels-service:8080 (10.244.192.14:8080)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 15s nginx-ingress-controller Scheduled for sync -
-
A pod called dev-pod-dind-878516 has been deployed in the default namespace. Inspect the logs for the container called log-x and redirect the warnings to /opt/dind-878516_logs.txt on the controlplane node.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
dev-pod-dind-878516 3/3 Running 0 28mAnswer
controlplane ~ ➜ k logs dev-pod-dind-878516 -c log-x > /opt/dind-878516_logs.txt
controlplane ~ ➜ ls -l /opt/
total 204
drwxr-xr-x 1 root root 4096 Nov 2 11:33 cni
drwx--x--x 4 root root 4096 Nov 2 11:33 containerd
-rw-r--r-- 1 root root 192493 Jan 6 05:35 dind-878516_logs.txt
drwxr-xr-x 2 root root 4096 Jan 6 05:05 outputs -
Create a service messaging-service to expose the redis deployment in the marketing namespace within the cluster on port 6379.
Answer
controlplane ~ ➜ k expose -n marketing deploy redis --name messaging-service --port 6379 --type ClusterIP --target-port 6379 $do
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
name: messaging-service
namespace: marketing
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
name: redis-pod
type: ClusterIP
status:
loadBalancer: {}
controlplane ~ ➜ k expose -n marketing deploy redis --name messaging-service --port 6379 --type ClusterIP --target-port 6379
service/messaging-service exposed
controlplane ~ ➜ k get -n marketing po
NAME READY STATUS RESTARTS AGE
redis-798b49c867-82n5n 1/1 Running 0 5m28s
controlplane ~ ➜ k get -n marketing svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
messaging-service ClusterIP 10.111.52.207 <none> 6379/TCP 21s -
Create a new ConfigMap named cm-3392845. Use the spec given on the below.
-
Data: DB_NAME=SQL3322
-
Data: DB_HOST=sql322.mycompany.com
-
Data: DB_PORT=3306
Answer
controlplane ~ ➜ k create cm cm-3392845 $do
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: cm-3392845
controlplane ~ ➜ k create cm cm-3392845 $do > cm-3392845.yml## cm-3392845.yml
apiVersion: v1
kind: ConfigMap
metadata:
creationTimestamp: null
name: cm-3392845
data:
DB_NAME: "SQL3322"
DB_HOST: "sql322.mycompany.com"
DB_PORT: "3306"controlplane ~ ➜ k apply -f cm-3392845.yml
configmap/cm-3392845 created
controlplane ~ ➜ k get cm
NAME DATA AGE
cm-3392845 3 6s
kube-root-ca.crt 1 43m -
-
Create a new Secret named db-secret-xxdf with the data given (on the below).
-
Secret Name: db-secret-xxdf
-
Secret 1: DB_Host=sql01
-
Secret 2: DB_User=root
-
Secret 3: DB_Password=password123
Answer
controlplane ~ ➜ k create secret generic db-secret-xxdf --from-literal DB_Host=sql01 --from-literal DB_User=root --from-literal DB_Password=password123 $do
apiVersion: v1
data:
DB_Host: c3FsMDE=
DB_Password: cGFzc3dvcmQxMjM=
DB_User: cm9vdA==
kind: Secret
metadata:
creationTimestamp: null
name: db-secret-xxdf
controlplane ~ ➜ k create secret generic db-secret-xxdf --from-literal DB_Host=sql01 --from-literal DB_User=root --from-literal DB_Password=password123secret/db-secret-xxdf created
controlplane ~ ➜ k get secrets
NAME TYPE DATA AGE
db-secret-xxdf Opaque 3 4s
controlplane ~ ➜ k describe secrets db-secret-xxdf
Name: db-secret-xxdf
Namespace: default
Labels: <none>
Annotations: <none>
Type: Opaque
Data
====
DB_Host: 5 bytes
DB_Password: 11 bytes
DB_User: 4 bytes -
-
Update pod app-sec-kff3345 to run as Root user and with the SYS_TIME capability.
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
app-sec-kff3345 1/1 Running 0 14mAnswer
controlplane ~ ➜ k get po app-sec-kff3345 -o yaml > app-sec-kff3345.yml
controlplane ~ ➜ k delete po app-sec-kff3345 $now## app-sec-kff3345.yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: "2024-01-06T11:26:56Z"
name: app-sec-kff3345
namespace: default
resourceVersion: "4432"
uid: 6eee9699-6c12-4e8f-b579-0d2b19081d34
spec:
securityContext:
runAsUser: 0
containers:
- command:
- sleep
- "4800"
image: ubuntu
imagePullPolicy: Always
securityContext:
capabilities:
add: ["SYS_TIME"]controlplane ~ ➜ k apply -f app-sec-kff3345.yml
pod/app-sec-kff3345 created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
app-sec-kff3345 1/1 Running 0 3s
controlplane ~ ➜ k exec -it app-sec-kff3345 -- whoami
root -
Create a redis deployment using the image redis:alpine with 1 replica and label app=redis. Expose it via a ClusterIP service called redis on port 6379. Create a new Ingress Type NetworkPolicy called redis-access which allows only the pods with label access=redis to access the deployment.
Answer
controlplane ~ ➜ k create deployment redis --image redis:alpine --replicas 1 $do
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: redis
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: redis
spec:
containers:
- image: redis:alpine
name: redis
resources: {}
status: {}
controlplane ~ ➜ k create deployment redis --image redis:alpine --replicas 1 $do > redis.yml## redis.yml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: redis
name: redis
spec:
replicas: 1
selector:
matchLabels:
app: redis
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: redis
spec:
containers:
- image: redis:alpine
name: redis
resources: {}
status: {}controlplane ~ ➜ k apply -f redis.yml
deployment.apps/redis created
controlplane ~ ➜ k get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
httpd-frontend 3/3 3 3 20m
redis 1/1 1 1 3s
controlplane ~ ➜ k get po | grep redis
redis-78d4b8b77c-8gq9f 1/1 Running 0 9scontrolplane ~ ➜ k expose deployment redis --name redis --type ClusterIP --port 6379 --target-port 6379 $do
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: redis
name: redis
spec:
ports:
- port: 6379
protocol: TCP
targetPort: 6379
selector:
app: redis
type: ClusterIP
status:
loadBalancer: {}
controlplane ~ ➜ k expose deployment redis --name redis --type ClusterIP --port 6379 --target-port 6379
service/redis exposed
controlplane ~ ➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 58m
redis ClusterIP 10.108.162.236 <none> 6379/TCP 3s## netpol.yml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: redis-access
namespace: default
spec:
podSelector:
matchLabels:
app: redis
policyTypes:
- Ingress
ingress:
- from:
- podSelector:
matchLabels:
access: redis
ports:
- protocol: TCP
port: 6379controlplane ~ ➜ k apply -f netpol.yml
networkpolicy.networking.k8s.io/redis-access created
controlplane ~ ➜ k get netpol
NAME POD-SELECTOR AGE
redis-access <none> 3s -
Create a Pod called sega with two containers:
- Container 1: Name tails with image busybox and command: sleep 3600.
- Container 2: Name sonic with image nginx and Environment variable: NGINX_PORT with the value 8080.
Answer
controlplane ~ ➜ k run sega --image busybox $do
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: sega
name: sega
spec:
containers:
- image: busybox
name: sega
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
controlplane ~ ➜ k run sega --image busybox $do > sega.yml## sega.ymlcontrolplane ~ ➜ k apply -f sega.yml
pod/sega created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
app-sec-kff3345 1/1 Running 0 16m
httpd-frontend-5497fbb8f6-47zbb 1/1 Running 0 32m
httpd-frontend-5497fbb8f6-hpzpn 1/1 Running 0 32m
httpd-frontend-5497fbb8f6-xvc7b 1/1 Running 0 32m
messaging 1/1 Running 0 31m
nginx-448839 1/1 Running 0 32m
redis-78d4b8b77c-8gq9f 1/1 Running 0 11m
rs-d33393-2pnq4 1/1 Running 0 29m
rs-d33393-jnkb8 1/1 Running 0 29m
rs-d33393-mf62t 1/1 Running 0 29m
rs-d33393-z2782 1/1 Running 0 29m
sega 2/2 Running 0 46s
webapp-color 1/1 Running 0 26m -
Add a taint to the node node01 of the cluster. Use the specification below:
- key: app_type
- value: alpha
- effect: NoSchedule
Create a pod called alpha, image: redis with toleration to node01.
Answer
controlplane ~ ➜ k taint node node01 app_type=alpha:NoSchedule
node/node01 tainted
controlplane ~ ➜ k describe no node01 | grep -i taint
Taints: app_type=alpha:NoSchedule## alpha.yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: alpha
name: alpha
spec:
tolerations:
- key: "app_type"
operator: "Equal"
value: "alpha"
effect: "NoSchedule"
containers:
- image: redis
name: alpha
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}controlplane ~ ➜ k apply -f alpha.yml
controlplane ~ ➜ k get po -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
alpha 1/1 Running 0 7s 10.244.192.2 node01 <none> <none>
my-webapp-54b7444d85-79rl7 1/1 Running 0 7m5s 10.244.0.4 controlplane <none> <none>
my-webapp-54b7444d85-dls5v 1/1 Running 0 7m5s 10.244.192.1 node01 <none> <none> -
Apply a label app_type=beta to node controlplane. Create a new deployment called beta-apps with image: nginx and replicas: 3. Set Node Affinity to the deployment to place the PODs on controlplane only.
controlplane ~ ➜ k get no
NAME STATUS ROLES AGE VERSION
controlplane Ready control-plane 28m v1.27.0
node01 Ready <none> 27m v1.27.0Answer
controlplane ~ ➜ k get no --show-labels
NAME STATUS ROLES AGE VERSION LABELS
controlplane Ready control-plane 28m v1.27.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=controlplane,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=
controlplane ~ ➜ k label nodes controlplane app_type=beta
node/controlplane labeled
controlplane ~ ➜ k get no controlplane --show-labels
NAME STATUS ROLES AGE VERSION LABELS
controlplane Ready control-plane 29m v1.27.0 app_type=beta,beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=controlplane,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=controlplane ~ ➜ k create deployment beta-apps --image nginx --replicas 3 $do
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: beta-apps
name: beta-apps
spec:
replicas: 3
selector:
matchLabels:
app: beta-apps
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: beta-apps
spec:
containers:
- image: nginx
name: nginx
resources: {}
status: {}
controlplane ~ ➜ k create deployment beta-apps --image nginx --replicas 3 $do > nginx.yml## nginx.yml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: beta-apps
name: beta-apps
spec:
replicas: 3
selector:
matchLabels:
app: beta-apps
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: beta-apps
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: app_type
operator: In
values:
- beta
containers:
- image: nginx
name: nginx
resources: {}
status: {}controlplane ~ ➜ k get deployments.apps
NAME READY UP-TO-DATE AVAILABLE AGE
beta-apps 3/3 3 3 17s
my-webapp 2/2 2 2 14m
controlplane ~ ➜ k get po -o wide | grep beta
beta-apps-574fd8858c-2m8zj 1/1 Running 0 48s 10.244.0.7 controlplane <none> <none>
beta-apps-574fd8858c-chc5d 1/1 Running 0 48s 10.244.0.6 controlplane <none> <none>
beta-apps-574fd8858c-nlbh8 1/1 Running 0 48s 10.244.0.5 controlplane <none> <none> -
Create a new Ingress Resource for the service my-video-service to be made available at the URL: http://ckad-mock-exam-solution.com:30093/video.
To create an ingress resource, the following details are: -
-
annotation: nginx.ingress.kubernetes.io/rewrite-target: /
-
host: ckad-mock-exam-solution.com
-
path: /video
Once set up, the curl test of the URL from the nodes should be successful: HTTP 200
controlplane ~ ➜ k get po | grep video
webapp-video-55fcd88897-h49ft 1/1 Running 0 114s
controlplane ~ ➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
front-end-service NodePort 10.99.121.208 <none> 80:30083/TCP 15m
kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 35m
my-video-service ClusterIP 10.106.189.83 <none> 8080/TCP 116sAnswer
## ingress.yml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ingress-wildcard-host
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
rules:
- host: "ckad-mock-exam-solution.com"
http:
paths:
- pathType: Prefix
path: "/video"
backend:
service:
name: my-video-service
port:
number: 8080controlplane ~ ➜ k apply -f ingress.yml
ingress.networking.k8s.io/ingress-wildcard-host created
controlplane ~ ➜ k get ing
NAME CLASS HOSTS ADDRESS PORTS AGE
ingress-wildcard-host <none> ckad-mock-exam-solution.com 80 3s
controlplane ~ ➜ k describe ingress ingress-wildcard-host
Name: ingress-wildcard-host
Labels: <none>
Namespace: default
Address:
Ingress Class: <none>
Default backend: <default>
Rules:
Host Path Backends
---- ---- --------
ckad-mock-exam-solution.com
/video my-video-service:8080 (10.244.0.8:8080)
Annotations: nginx.ingress.kubernetes.io/rewrite-target: /
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Sync 12s nginx-ingress-controller Scheduled for sync
controlplane ~ ➜ curl -I http://ckad-mock-exam-solution.com:30093/video
HTTP/1.1 200 OK
Date: Sat, 06 Jan 2024 12:23:10 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 293
Connection: keep-alive -
-
We have deployed a new pod called pod-with-rprobe. This Pod has an initial delay before it is Ready. Update the newly created pod pod-with-rprobe with a readinessProbe using the given spec
-
httpGet path: /ready
-
httpGet port: 8080
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
alpha 1/1 Running 0 15m
beta-apps-574fd8858c-2m8zj 1/1 Running 0 8m21s
beta-apps-574fd8858c-chc5d 1/1 Running 0 8m21s
beta-apps-574fd8858c-nlbh8 1/1 Running 0 8m21s
my-webapp-54b7444d85-79rl7 1/1 Running 0 22m
my-webapp-54b7444d85-dls5v 1/1 Running 0 22m
pod-with-rprobe 1/1 Running 0 28s
webapp-video-55fcd88897-h49ft 1/1 Running 0 7m15sAnswer
controlplane ~ ➜ k get po pod-with-rprobe -o yaml > podprobe.yml
controlplane ~ ➜ k delete po pod-with-rprobe $now
Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "pod-with-rprobe" force deleted## podprobe.yml
apiVersion: v1
kind: Pod
metadata:
labels:
name: pod-with-rprobe
name: pod-with-rprobe
namespace: default
spec:
containers:
- env:
- name: APP_START_DELAY
value: "180"
image: kodekloud/webapp-delayed-start
readinessProbe:
httpGet:
path: /ready
port: 8080
initialDelaySeconds: 3
periodSeconds: 3
imagePullPolicy: Always
name: pod-with-rprobe
ports:
- containerPort: 8080
protocol: TCPcontrolplane ~ ➜ k apply -f podprobe.yml
pod/pod-with-rprobe created
controlplane ~ ➜ k get po
NAME READY STATUS RESTARTS AGE
alpha 1/1 Running 0 19m
beta-apps-574fd8858c-2m8zj 1/1 Running 0 12m
beta-apps-574fd8858c-chc5d 1/1 Running 0 12m
beta-apps-574fd8858c-nlbh8 1/1 Running 0 12m
my-webapp-54b7444d85-79rl7 1/1 Running 0 26m
my-webapp-54b7444d85-dls5v 1/1 Running 0 26m
pod-with-rprobe 1/1 Running 0 33s
webapp-video-55fcd88897-h49ft 1/1 Running 0 11m -
-
Create a new pod called nginx1401 in the default namespace with the image nginx. Add a livenessProbe to the container to restart it if the command ls /var/www/html/probe fails. This check should start after a delay of 10 seconds and run every 60 seconds.
Answer
controlplane ~ ➜ k run nginx1401 --image nginx $do
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx1401
name: nginx1401
spec:
containers:
- image: nginx
name: nginx1401
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
controlplane ~ ➜ k run nginx1401 --image nginx $do > nginx1401.yml## nginx1401.yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx1401
name: nginx1401
spec:
containers:
- image: nginx
name: nginx1401
livenessProbe:
exec:
command:
- ls
- /var/www/html/probe
initialDelaySeconds: 10
periodSeconds: 60
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}controlplane ~ ➜ k apply -f nginx
pod/nginx1401 created -
Create a job called whalesay with image docker/whalesay and command "cowsay I am going to ace CKAD!".
-
completions: 10
-
backoffLimit: 6
-
restartPolicy: Never
Answer
## job.yml
apiVersion: batch/v1
kind: Job
metadata:
name: whalesay
spec:
completions: 10
backoffLimit: 6
template:
metadata:
creationTimestamp: null
spec:
containers:
- command:
- sh
- -c
- "cowsay I am going to ace CKAD!"
image: docker/whalesay
name: whalesay
restartPolicy: Neverk apply -f job.yml -