Certified Kubernetes Application Developer (CKAD) Program Questions and Answers
Context
You are asked to scale an existing application and expose it within your infrastructure.

First, update the Deployment nginx-deployment in the prod
namespace :
. to run 2 replicas of the Pod
. add the following label to the Pod :
role: webFrontEnd
Next, create a NodePort Service named rover in the prod namespace exposing the nginx-deployment Deployment 's Pods

Context
You have been tasked with scaling an existing deployment for availability, and creating a service to expose the deployment within your infrastructure.
Task
Start with the deployment named kdsn00101-deployment which has already been deployed to the namespace kdsn00101 . Edit it to:
• Add the func=webFrontEnd key/value label to the pod template metadata to identify the pod for the service definition
• Have 4 replicas
Next, create ana deploy in namespace kdsn00l01 a service that accomplishes the following:
• Exposes the service on TCP port 8080
• is mapped to me pods defined by the specification of kdsn00l01-deployment
• Is of type NodePort
• Has a name of cherry

Context
A project that you are working on has a requirement for persistent data to be available.
Task
To facilitate this, perform the following tasks:
• Create a file on node sk8s-node-0 at /opt/KDSP00101/data/index.html with the content Acct=Finance
• Create a PersistentVolume named task-pv-volume using hostPath and allocate 1Gi to it, specifying that the volume is at /opt/KDSP00101/data on the cluster's node. The configuration should specify the access mode of ReadWriteOnce . It should define the StorageClass name exam for the PersistentVolume , which will be used to bind PersistentVolumeClaim requests to this PersistenetVolume.
• Create a PefsissentVolumeClaim named task-pv-claim that requests a volume of at least 100Mi and specifies an access mode of ReadWriteOnce
• Create a pod that uses the PersistentVolmeClaim as a volume with a label app: my-storage-app mounting the resulting volume to a mountPath /usr/share/nginx/html inside the pod


You must connect to the correct host . Failure to do so may result in a zero score.
[candidate@base] $ ssh ckad00021
Task
Create a Cronjob named grep that executes a Pod running the following single container:
name: busybox
image: busybox:stable
command: ["grep", "-i", "nameserv
er", "/etc/resolv.conf"]
Configure the CronJob to:
execute Once every 30 minutes
keep 96 completed Job
keep 192 failed Job
never restart podsterminate pods after 8 seconds
Manually create and execute once job
named grep-test from the grep Cronjob

Set Configuration Context:
[student@node-1] $ | kubectl
Config use-context k8s
Task
You have rolled out a new pod to your infrastructure and now you need to allow it to communicate with the web and storage pods but nothing else. Given the running pod kdsn00201 -newpod edit it to use a network policy that will allow it to send and receive traffic only to and from the web and storage pods.



Set Configuration Context:
[student@node-1] $ | kubectl
Config use-context k8s
Context
A web application requires a specific version of redis to be used as a cache.
Task
Create a pod with the following characteristics, and leave it running when complete:
• The pod must run in the web namespace.
The namespace has already been created
• The name of the pod should be cache
• Use the Ifccncf/redis image with the 3.2 tag
• Expose port 6379
You must connect to the correct host . Failure to do so may result in a zero score.
[candidate@base] $ ssh ckad00027
Task
A Deployment named app-deployment in namespace prod runs a web application port 0001
A Deployment named app-deployment in namespace prod runs a web application
on port 8081.
The Deployment 's manifest files can be found at
/home/candidate/spicy-pikachu/app-deployment.yaml
Modify the Deployment specifying a readiness probe using path /healthz .
Set initialDelaySeconds to 6 and periodSeconds to 3.
Context
Anytime a team needs to run a container on Kubernetes they will need to define a pod within which to run the container.
Task
Please complete the following:
• Create a YAML formatted pod manifest
/opt/KDPD00101/podl.yml to create a pod named app1 that runs a container named app1cont using image Ifccncf/arg-output
with these command line arguments: -lines 56 -F
• Create the pod with the kubect1 command using the YAML file created in the previous step
• When the pod is running display summary data about the pod in JSON format using the kubect1 command and redirect the output to a file named /opt/KDPD00101/out1.json
• All of the files you need to work with have been created, empty, for your convenience

Context
You must connect to the correct host . Failure to do so may result in a zero score.
[candidate@base] $ ssh ckad00043
A Deployment needs specific RBAC permissions.
Task
First, find the RBAC permissions needed by the scraper Deployment running in the
cute-panda namespace .
it kubectl logs may help you to find the permissions it needs.
Next, create a new ServiceAccount named scraper in the namespace cute-panda.
You must connect to the correct host . Failure to do so may result in a zero score.
[candidate@base] $ ssh ckad00029
Task
Modify the existing Deployment named store-deployment, running in namespace
grubworm, so that its containers
run with user ID 10000 and
have the NET_BIND_SERVICE capability added
The store-deployment 's manifest file Click to copy
/home/candidate/daring-moccasin/store-deplovment.vaml

Context
Your application’s namespace requires a specific service account to be used.
Task
Update the app-a deployment in the production namespace to run as the restrictedservice service account. The service account has already been created.

Given a container that writes a log file in format A and a container that converts log files from format A to format B, create a deployment that runs both containers such that the log files from the first container are converted by the second container, emitting logs in format B.
Task:
• Create a deployment named deployment-xyz in the default namespace, that:
•Includes a primary
lfccncf/busybox:1 container, named logger-dev
•includes a sidecar Ifccncf/fluentd:v0.12 container, named adapter-zen
•Mounts a shared volume /tmp/log on both containers, which does not persist when the pod is deleted
•Instructs the logger-dev
container to run the command

which should output logs to /tmp/log/input.log in plain text format, with example values:

• The adapter-zen sidecar container should read /tmp/log/input.log and output the data to /tmp/log/output.* in Fluentd JSON format. Note that no knowledge of Fluentd is required to complete this task: all you will need to achieve this is to create the ConfigMap from the spec file provided at /opt/KDMC00102/fluentd-configma p.yaml , and mount that ConfigMap to /fluentd/etc in the adapter-zen sidecar container
You must connect to the correct host . Failure to do so may result in a zero score.
[candidate@base] $ ssh ckad00032
The Pod for the Deployment named nosql in the haddock namespace fails to start because its Container runs out of resources.
Update the nosql Deployment so that the Container :
requests 128Mi of memory
limits the memory to half the maximum memory constraint set for the haddock namespace

Set Configuration Context:
[student@node-1] $ | kubectl
Config use-context k8s
Context
A pod is running on the cluster but it is not responding.
Task
The desired behavior is to have Kubemetes restart the pod when an endpoint returns an HTTP 500 on the /healthz endpoint. The service, probe-pod, should never send traffic to the pod while it is failing. Please complete the following:
• The application has an endpoint, /started, that will indicate if it can accept traffic by returning an HTTP 200. If the endpoint returns an HTTP 500, the application has not yet finished initialization.
• The application has another endpoint /healthz that will indicate if the application is still working as expected by returning an HTTP 200. If the endpoint returns an HTTP 500 the application is no longer responsive.
• Configure the probe-pod pod provided to use these endpoints
• The probes should use port 8080



























