The Kubernetes CKA was created by the Linux Foundation and the Cloud Native Computing Foundation (CNCF) as a part of their ongoing effort to help develop the Kubernetes ecosystem. The exam is online, proctored, performance-based test that requires solving multiple tasks from a command line running Kubernetes. In this post, we will walk through 10 essential Kubernetes CKA exam sample questions, including how to manage Pods, Nodes, NetworkPolicies, ClusterRoles, and perform upgrades. Each task will include both imperative commands and YAML configurations to help you manage your Kubernetes resources more effectively.
Task 1: Create a New ClusterRole for a Deployment Pipeline
Create a new ClusterRole named deployment-clusterrole
, which only allows creating the following resource types: Deployment, StatefulSet, DaemonSet. Create a new ServiceAccount named cicd-token
in the existing namespace app-team1
. Bind the new ClusterRole deployment-clusterrole
to the new ServiceAccount cicd-token
, limited to the namespace app-team1
.
Solution
-
Create the ClusterRole:Â
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets
Â
-
Create the ServiceAccount:
kubectl create serviceaccount cicd-token -n app-team1
-
Bind the ClusterRole to the ServiceAccount:
kubectl create rolebinding deployment-rolebinding --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token -n app-team1
Task 2: Set a Node as Unavailable
Set the node named ek8s-node-0
as unavailable and reschedule all the Pods running on it.
Solution
-
Cordon the Node:
kubectl cordon ek8s-node-0
-
Drain the Node:
kubectl drain ek8s-node-0 --ignore-daemonsets --delete-local-data
Task 3: Upgrade Kubernetes Control Plane and Nodes
Given an existing Kubernetes cluster running version 1.22.1, upgrade all of the Kubernetes control plane and node components on the master node only to version 1.22.2. Be sure to drain the master node before upgrading it and uncordon it after the upgrade.
Solution
-
Drain the Node:
-
Upgrade
kubeadm
: -
Upgrade the Master Node:
-
Upgrade
kubectl
andkubelet
: -
Uncordon the Node:
Task 4: Create an etcd Snapshot
Create a snapshot of the existing etcd instance running at
https://127.0.0.1:2379
, saving the snapshot to/var/lib/backup/etcd-snapshot.db
.Solution
- Create the Snapshot:
Task 5: Create a NetworkPolicy
Create a new NetworkPolicy named
allow-port-from-namespace
in the existing namespacefubar
. Ensure that the new NetworkPolicy allows Pods in namespaceinternal
to connect to port 9000 of Pods in namespacefubar
. Further ensure that the new NetworkPolicy does not allow access to Pods which don’t listen on port 9000 or from Pods not in namespaceinternal
.Solution
YAML Configuration:
Apply the policy:
Task 6: Expose a Deployment Using NodePort
Original Question:
Reconfigure the existing deploymentfront-end
and add a port specification namedhttp
exposing port 80/tcp of the existing containernginx
. Create a new service namedfront-end-svc
exposing the container porthttp
. Configure the new service to also expose the individual Pods via a NodePort on the nodes on which they are scheduled.Solution
- Expose the Deployment:
Task 7: Schedule a Pod with a Node Selector
Schedule a Pod as follows: Name:
nginx-kusc00401
, Image:nginx
, Node selector:disk=ssd
.Solution
YAML Configuration:
Task 8: Count Ready Nodes
Check to see how many nodes are ready (not including nodes tainted
NoSchedule
) and write the number to/opt/KUSC00402/kusc00402.txt
.Solution
-
Count Ready Nodes:
kubectl get nodes --field-selector=status.conditions[type]=Ready --no-headers | grep -v NoSchedule | wc -l > /opt/KUSC00402/kusc00402.txt
Task 9: Schedule a Pod with Multiple Containers
Schedule a Pod as follows: Name:
kucc8
, App Containers: 2, Container Name/Images:nginx
andconsul
.Solution
YAML Configuration:
Task 10: Schedule Another Pod
Schedule a Pod as follows: Name:
nginx-kusc00401
, Image:nginx
, Node selector:disk=ssd
.Solution
YAML Configuration:
Apply the yaml pod configuration:
kubectl apply -f q10-pod.yaml
Conclusion
This post provides solutions to 10 common Kubernetes CKA exam questions, from creating ClusterRoles to scheduling Pods with specific configurations.
-