Scribd
Upload
1K views31 pages

CKA Exam - 28102022

Uploaded by

alex.petrovic777
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
1K views31 pages

CKA Exam - 28102022

Uploaded by

alex.petrovic777
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

- Expert Verified, Online, Free.

 Custom View Settings

Topic 1 - Single Topic


Question #1 Topic 1

SIMULATION -

Context -
You have been asked to create a new ClusterRole for a deployment pipeline and bind it to a specific ServiceAccount scoped to a specific
namespace.

Task -
Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types:
✑ Deployment
✑ Stateful Set
✑ DaemonSet
Create a new ServiceAccount named cicd-token in the existing namespace app-team1.
Bind the new ClusterRole deployment-clusterrole to the new ServiceAccount cicd-token, limited to the namespace app-team1.

Correct Answer: See explanation below.

  gcpengineer 1 week ago


for rolebinding, --namespace=app-team1?
upvoted 1 times

  Yahowmy 5 days ago


No, clusterroles works across cluster not bound to specific namspace.
upvoted 1 times
Question #2 Topic 1

SIMULATION -

Task -
Set the node named ek8s-node-0 as unavailable and reschedule all the pods running on it.

Correct Answer: See explanation below.

  gcpengineer 1 week, 5 days ago


isnt this should be node-0?
upvoted 1 times
Question #3 Topic 1

SIMULATION -

Task -
Given an existing Kubernetes cluster running version 1.22.1, upgrade all of the Kubernetes control plane and node components on the master
node only to version 1.22.2.
Be sure to drain the master node before upgrading it and uncordon it after the upgrade.

You are also expected to upgrade kubelet and kubectl on the master node.
Correct Answer: See explanation below.
Question #4 Topic 1

SIMULATION -

Task -
First, create a snapshot of the existing etcd instance running at https://127.0.0.1:2379, saving the snapshot to /var/lib/backup/etcd-snapshot.db.

Next, restore an existing, previous snapshot located at /var/lib/backup/etcd-snapshot-previous.db.


Correct Answer: See explanation below.
Question #5 Topic 1

SIMULATION -

Task -
Create a new NetworkPolicy named allow-port-from-namespace in the existing namespace fubar.
Ensure that the new NetworkPolicy allows Pods in namespace internal to connect to port 9000 of Pods in namespace fubar.
Further ensure that the new NetworkPolicy:
✑ does not allow access to Pods, which don't listen on port 9000
✑ does not allow access from Pods, which are not in namespace internal

Correct Answer: See explanation below.

  TemitopeWalker 5 days, 16 hours ago


@everlearn we dont need to create a netpol for the internal namespace
upvoted 1 times

  gcpengineer 5 days, 20 hours ago


is namespace named 'internal' and why we are web-app project?
upvoted 1 times

  4everLearn 1 month, 2 weeks ago


Should there be only one network policy for Fubar ns or more e.g. another in internal namespace?
upvoted 2 times
Question #6 Topic 1

SIMULATION -

Task -
Reconfigure the existing deployment front-end and add a port specification named http exposing port 80/tcp of the existing container nginx.
Create a new service named front-end-svc exposing the container port http.
Configure the new service to also expose the individual Pods via a NodePort on the nodes on which they are scheduled.

Correct Answer: See explanation below.


Question #7 Topic 1

SIMULATION -

Task -
Scale the deployment presentation to 3 pods.

Correct Answer: See explanation below.


Question #8 Topic 1

SIMULATION -

Task -
Schedule a pod as follows:
✑ Name: nginx-kusc00401
✑ Image: nginx
✑ Node selector: disk=ssd

Correct Answer: See explanation below.


Question #9 Topic 1

SIMULATION -

Task -
Check to see how many nodes are ready (not including nodes tainted NoSchedule) and write the number to /opt/KUSC00402/kusc00402.txt.

Correct Answer: See explanation below.

  SijoTharakan 4 days, 6 hours ago


kubectl get nodes -o=custom-
columns=NodeName:.metadata.name,TaintKey:.spec.taints[*].key,TaintValue:.spec.taints[*].value,TaintEffect:.spec.taints[*].effect

Reference:
https://kubernetes.io/docs/reference/kubectl/cheatsheet/#interacting-with-nodes-and-cluster
upvoted 1 times
Question #10 Topic 1

SIMULATION -

Task -
Schedule a Pod as follows:
✑ Name: kucc8
✑ App Containers: 2
✑ Container Name/Images:
- nginx
- consul

Correct Answer: See explanation below.


Question #11 Topic 1

SIMULATION -

Task -
Create a persistent volume with name app-data, of capacity 2Gi and access mode ReadOnlyMany. The type of volume is hostPath and its location
is /srv/app- data.

Correct Answer: See explanation below.


Question #12 Topic 1

SIMULATION -

Task -
Monitor the logs of pod foo and:
✑ Extract log lines corresponding to error file-not-found
✑ Write them to /opt/KUTR00101/foo

Correct Answer: See explanation below.


Question #13 Topic 1

SIMULATION -

Context -
An existing Pod needs to be integrated into the Kubernetes built-in logging architecture (e.g. kubectl logs). Adding a streaming sidecar container
is a good and common way to accomplish this requirement.

Task -
Add a sidecar container named sidecar, using the busybox image, to the existing Pod big-corp-app. The new sidecar container has to run the
following command:

Use a Volume, mounted at /var/log, to make the log file big-corp-app.log available to the sidecar container.
Correct Answer: See explanation below.
Question #14 Topic 1

SIMULATION -

Task -
From the pod label name=overloaded-cpu, find pods running high CPU workloads and write the name of the pod consuming most CPU to the file
/opt/
KUTR00401/KUTR00401.txt (which already exists).

Correct Answer: See explanation below.


Question #15 Topic 1

SIMULATION -

Task -
A Kubernetes worker node, named wk8s-node-0 is in state NotReady.
Investigate why this is the case, and perform any appropriate steps to bring the node to a Ready state, ensuring that any changes are made
permanent.
Correct Answer: See explanation below.
Question #16 Topic 1

SIMULATION -

Task -
Create a new PersistentVolumeClaim:
✑ Name: pv-volume
✑ Class: csi-hostpath-sc
✑ Capacity: 10Mi
Create a new Pod which mounts the PersistentVolumeClaim as a volume:
✑ Name: web-server
✑ Image: nginx
✑ Mount path: /usr/share/nginx/html
Configure the new Pod to have ReadWriteOnce access on the volume.
Finally, using kubectl edit or kubectl patch expand the PersistentVolumeClaim to a capacity of 70Mi and record that change.

Correct Answer: See explanation below.


Question #17 Topic 1

SIMULATION -

Task -
Create a new nginx Ingress resource as follows:
✑ Name: pong
✑ Namespace: ing-internal
✑ Exposing service hello on path /hello using service port 5678
Correct Answer: See explanation below.

You might also like