  Linux Foundation CKA Certified Kubernetes Administrator (CKA) Program

  Linux Foundation - CKA Question #:1 Deployment a. Create a deployment of webapp with image nginx:1.17.1 with container port 80 and verify the image version See the solution below. Explanation // Create initial YAML file with –dry-run option kubectl create deploy webapp --image=nginx:1.17.1 --dryrun=client -o yaml > webapp.yaml vim webapp.yaml apiVersion: apps/v1 kind: Deployment metadata: labels: app: webapp name: webapp spec:replicas: 1selector:matchLabels:app: webapptemplate:metadata:labels:app: webappspec:containers:- image: nginx:1.17.1name: nginxkubectl create -f webapp.yaml –record=true//Verify Image Versionkubectl describe deploy webapp | grep -i "Image"Using JsonPathkubectl get deploy -o=jsonpath='{range.items [*]}{.[*]}{.metadata.name}{"\t"}{.spec.template.spec.containers[*].image}{"\n"}' Question #:2 Create an nginx pod and list the pod with different levels of verbosity See the solution below. Explanation // create a pod kubectl run nginx --image=nginx --restart=Never --port=80 // List the pod with different verbosity

  Linux Foundation - CKA kubectl get po nginx --v=7 kubectl get po nginx --v=8 kubectl get po nginx --v=9 Question #:3 Create a NetworkPolicy which denies all ingress traffic See the solution below. Explanation apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: default-deny spec: podSelector: {} policyTypes: - Ingress Question #:4 Create a ETCD backup of kubernetes cluster Note : You don't need to memorize command, refer - https://kubernetes.io/docs/tasks/administer-cluster/configureupgrade-etcd/ during exam See the solution below. Explanation ETCDCTL_API=3 etcdctl --endpoints=[ENDPOINT] --cacert=[CA CERT] --cert=[ETCD SERVER CERT] --key=[ETCD SERVER KEY] snapshot save [BACKUP FILE NAME] In exam, cluster setup is done with kubeadm , this means ETCD

  Linux Foundation - CKA used by the kubernetes cluster is coming from static pod. kubectl get pod -n kube-system kubectl describe pod etcd-master -n kube-system You can locate the information on endpoint: — advertise-client-urls= ca certificate: — trusted-cafile=/etc/kubernetes/pki/etcd/ca.crt server certificate : — certfile=/etc/kubernetes/pki/etcd/server.crt key: — key-file=/etc/kubernetes/pki/etcd/server.key To Create backup export ETCDCTL_API=3 (or) ETCDCTL_API=3 etcdctl ETCDCTL_API=3 etcdctl -- endpoints= -- cacert=/etc/kubernetes/pki/etcd/ca.crt -- cert=/etc/kubernetes/pki/etcd/server.crt -- key=/etc/kubernetes/pki/etcd/server.key snapshot save etcdsnapshot.db //Verify ETCDCTL_API=3 etcdctl --write-out=table snapshot status snapshot.db Question #:5 Change the label for one of the pod to env=uat and list all the pods to verify See the solution below. Explanation kubectl label pod/nginx-dev3 env=uat --overwrite kubectl get pods --show-labels

  Linux Foundation - CKA Question #:6 Resume the rollout of the deployment See the solution below. Explanation kubectl rollout resume deploy webapp Question #:7 Create 5 nginx pods in which two of them is labeled env=prod and three of them is labeled env=dev See the solution below. Explanation kubectl run nginx-dev1 --image=nginx --restart=Never -- labels=env=dev kubectl run nginx-dev2 --image=nginx --restart=Never -- labels=env=dev kubectl run nginx-dev3 --image=nginx --restart=Never -- labels=env=dev kubectl run nginx-prod1 --image=nginx --restart=Never -- labels=env=prod kubectl run nginx-prod2 --image=nginx --restart=Never -- labels=env=prod Question #:8 Evict all existing pods from a node-1 and make the node unschedulable for new pods. See the solution below. Explanation

  Linux Foundation - CKA kubectl get nodes kubectl drain node-1 #It will evict pods running on node-1 to other nodes in the cluster kubectl cordon node-1 # New pods cannot be scheduled to the node // Verify kubectl get no When you cordon a node, the status shows "SchedulingDisabled" Question #:9 Create an nginx pod with containerPort 80 and with a PersistentVolumeClaim "task-pv-claim" and has a mouth path "/usr/share/nginx/html" See the solution below. Explanation vim nginx-pvc-pod.yamlapiVersion: v1kind: Podmetadata:name: task-pv-podspec:volumes:- name: task-pv-storagepersistentVolumeClaim:claimName: task-pv-claimcontainers:- name: task-pv-containerimage: nginx ports: - containerPort: 80 name: "http" volumeMounts: - mountPath: "/usr/share/nginx/html" name: task-pv-storage kubectl apply -f nginx-pvc-pod.yaml // Verify kubectl describe po "POD-Name" | grep -i volumes -A5 Volumes:

  Linux Foundation - CKA task-pv-storage: Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace) ClaimName: task-pv-claim ReadOnly: false Question #:10 Create a busybox pod which executes this command sleep 3600 with the service account admin and verify See the solution below. Explanation kubectl run busybox --image=busybox --restart=Always --dry-run-o yaml -- /bin/sh -c "sleep 3600" > busybox.yml// Edit busybox.yaml fileapiVersion: v1kind: Podmetadata:creationTimestamp: nulllabels:run: busyboxname: busybox spec: serviceAccountName: admin containers: - args: - /bin/sh - -c - sleep 3600 image: busybox name: busybox restartPolicy: Always // verify K kubectl describe po busybox

