Linux Foundation CKA today updated questions - Verified by Linux Foundation Experts

Certified Kubernetes Administrator (CKA) Program Questions and Answers

Question 1

Create a pod as follows:

Name: non-persistent-redis

container Image: redis

Volume with name: cache-control

Mount path: /data/redis

The pod should launch in the staging namespace and the volume must not be persistent.

Options:

Question 2

Score:7%

Task

Create a new PersistentVolumeClaim

• Name: pv-volume

• Class: csi-hostpath-sc

• Capacity: 10Mi

Create a new Pod which mounts the PersistentVolumeClaim as a volume:

• Name: web-server

• Image: nginx

• Mount path: /usr/share/nginx/html

Configure the new Pod to have ReadWriteOnce access on the volume.

Finally, using kubectl edit or kubectl patch expand the PersistentVolumeClaim to a capacity of 70Mi and record that change.

Options:

Question 3

Score: 7%

Task

Create a new nginx Ingress resource as follows:

• Name: ping

• Namespace: ing-internal

• Exposing service hi on path /hi using service port 5678

Options:

Question 4

Task

Create a new Ingress resource as follows:

. Name: echo

. Namespace : sound-repeater

. Exposing Service echoserver-service on

http://example.org/echo using Service port 8080

The availability of Service

echoserver-service can be checked

using the following command, which should return 200 :

[candidate@cka000024] $ curl -o /de v/null -s -w "%{http_code}\n" http://example.org/echo

Options:

Question 5

Score:7%

Context

An existing Pod needs to be integrated into the Kubernetes built-in logging architecture (e. g. kubectl logs). Adding a streaming sidecar container is a good and common way to accomplish this requirement.

Task

Add a sidecar container named sidecar, using the busybox Image, to the existing Pod big-corp-app. The new sidecar container has to run the following command:

/bin/sh -c tail -n+1 -f /va r/log/big-corp-app.log

Use a Volume, mounted at /var/log, to make the log file big-corp-app.log available to the sidecar container.

Options:

Question 6

You must connect to the correct host.

Failure to do so may result in a zero score.

[candidate@base] $ ssh Cka000056

Task

Review and apply the appropriate NetworkPolicy from the provided YAML samples.

Ensure that the chosen NetworkPolicy is not overly permissive, but allows communication between the frontend and backend Deployments, which run in the frontend and backend namespaces respectively.

First, analyze the frontend and backend Deployments to determine the specific requirements for the NetworkPolicy that needs to be applied.

Next, examine the NetworkPolicy YAML samples located in the ~/netpol folder.

Failure to comply may result in a reduced score.

Do not delete or modify the provided samples. Only apply one of them.

Finally, apply the NetworkPolicy that enables communication between the frontend and backend Deployments, without being overly permissive.

Options:

Answer:

See the solution below.

Explanation:

Task Summary

Connect to host cka000056

Review existing frontend and backend Deployments

Choose one correct NetworkPolicy from the ~/netpol directory

The policy must:

Allow traffic only from the frontend Deployment to the backend Deployment

Avoid being overly permissive

Apply the correct NetworkPolicy without modifying any sample files

Step-by-Step Instructions

Step 1: SSH into the correct node

ssh cka000056

Step 2: Inspect the frontend Deployment

Check the labels used in the frontend Deployment:

kubectl get deployment -n frontend -o yaml

Look under metadata.labels or spec.template.metadata.labels. Note the app or similar label (e.g., app: frontend).

Step 3: Inspect the backend Deployment

kubectl get deployment -n backend -o yaml

Again, find the labels assigned to the pods (e.g., app: backend).

Step 4: List and review the provided NetworkPolicies

List the available files:

ls ~/netpol

Check the contents of each policy file:

cat ~/netpol/.yaml

Look for a policy that:

Has kind: NetworkPolicy

Applies to the backend namespace

Uses a podSelector that matches the backend pods

Includes an ingress.from rule that references the frontend namespace using a namespaceSelector (and optionally a podSelector)

Does not allow traffic from all namespaces or all pods

Here’s what to look for in a good match:

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

namespace: backend

spec:

podSelector:

matchLabels:

app: backend

ingress:

- from:

- namespaceSelector:

matchLabels:

Even better if the policy includes:

- namespaceSelector:

matchLabels:

podSelector:

matchLabels:

app: frontend

This limits access to pods in the frontend namespace with a specific label.

Step 5: Apply the correct NetworkPolicy

Once you’ve identified the best match, apply it:

kubectl apply -f ~/netpol/.yaml

Apply only one file. Do not alter or delete any existing sample.

ssh cka000056

kubectl get deployment -n frontend -o yaml

kubectl get deployment -n backend -o yaml

ls ~/netpol

cat ~/netpol/*.yaml # Review carefully

kubectl apply -f ~/netpol/.yaml

Command Summary

ssh cka000056

kubectl get deployment -n frontend -o yaml

kubectl get deployment -n backend -o yaml

ls ~/netpol

cat ~/netpol/*.yaml # Review carefully

kubectl apply -f ~/netpol/.yaml

Question 7

Configure the kubelet systemd- managed service, on the node labelled with name=wk8s-node-1, to launch a pod containing a single container of Image httpd named webtool automatically. Any spec files required should be placed in the /etc/kubernetes/manifests directory on the node.

You can ssh to the appropriate node using:

[student@node-1] $ ssh wk8s-node-1

You can assume elevated privileges on the node with the following command:

[student@wk8s-node-1] $ | sudo –i

Options:

Question 8

Score: 4%

Task

Scale the deployment presentation to 6 pods.

Options:

Question 9

List “nginx-dev” and “nginx-prod” pod and delete those pods

Options:

Question 10

Score: 4%

Task

Create a pod named kucc8 with a single app container for each of the following images running inside (there may be between 1 and 4 images specified): nginx + redis + memcached .

Options:

Question 11

You must connect to the correct host.

Failure to do so may result in a zero score.

[candidate@base] $ ssh Cka000046

Task

First, create a new StorageClass named local-path for an existing provisioner named rancher.io/local-path .

Set the volume binding mode to WaitForFirstConsumer .

Not setting the volume binding mode or setting it to anything other than WaitForFirstConsumer may result in a reduced score.

Next, configure the StorageClass local-path as the default StorageClass .

Options:

Question 12

Create a pod with environment variables as var1=value1.Check the environment variable in pod

Options:

Question 13

Create a file:

/opt/KUCC00302/kucc00302.txt that lists all pods that implement service baz in namespace development.

The format of the file should be one pod name per line.

Options:

Question 14

Create a pod named kucc8 with a single app container for each of the

following images running inside (there may be between 1 and 4 images specified):

nginx + redis + memcached.

Options:

Question 15

Score: 13%

Task

A Kubernetes worker node, named wk8s-node-0 is in state NotReady. Investigate why this is the case, and perform any appropriate steps to bring the node to a Ready state, ensuring that any changes are made permanent.

Options:

Question 16

Check the image version in pod without the describe command

Options:

Question 17

Quick Reference

ConfigMaps,

Documentation Deployments,

Namespace

You must connect to the correct host . Failure to do so may result in a zero score.

[candidate@base] $ ssh cka000048b

Task

An NGINX Deployment named nginx-static is running in the nginx-static namespace. It is configured using a ConfigMap named nginx-config .

First, update the nginx-config ConfigMap to also allow TLSv1.2. connections.

You may re-create, restart, or scale resources as necessary.

You can use the following command to test the changes:

[candidate@cka000048b] $ curl -- tls-max

1.2 https://web.k8s.local

Options:

Question 18

Create a busybox pod that runs the command “env” and save the output to “envpod” file

Options:

Question 19

Create a busybox pod and add “sleep 3600” command

Options:

Question 20

Create a namespace called 'development' and a pod with image nginx called nginx on this namespace.

Options:

Question 21

Score: 5%

Task

Monitor the logs of pod bar and:

• Extract log lines corresponding to error file-not-found

• Write them to /opt/KUTR00101/bar

Options:

Question 22

Score: 4%

Task

Create a persistent volume with name app-data , of capacity 1Gi and access mode ReadOnlyMany. The type of volume is hostPath and its location is /srv/app-data .

Options:

Load More CKA Questions

Weekend Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: 70percent

Linux Foundation CKA Certified Kubernetes Administrator (CKA) Program Exam Practice Test

Certified Kubernetes Administrator (CKA) Program Questions and Answers

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation:

Options:

Answer:

Explanation: