Cedacri CKAD Mock Exam - ALL

# Cedacri CKAD Mock Exam - ALL ## Before we start - Install autocomplete - `sudo -c 'kubectl completion bash >/etc/bash_completion.d/kubectl'` - Install aliases - `echo 'alias k=kubectl' >>~/.bashrc` - `echo 'alias kx=kubectx' >>~/.bashrc` - `echo 'alias kbs=kubens' >>~/.bashrc` - `echo 'complete -F __start_kubectl k' >>~/.bashrc` - Install jq - `sudo apt-get install -y jq` - Install yq - `sudo wget https://github.com/mikefarah/yq/releases/download/v4.13.4/yq_linux_amd64 -O /usr/bin/yq && sudo chmod +x /usr/bin/yq` ## Victims order 1. massimiliano ortenzi 1. stefano riccardi 1. gianmarco tonelli 1. angela ruscitto 1. stefano lombardi ## Question 0 - Namespaces Create a namespace called `alpha-x123555`. After the namespace creation, create a list of all the existing namespaces in `/home/workshop/namespaces.txt`. The list should contain only the names of the namespaces, one per line: ```txt ## /home/workshop/namespaces.txt alpha-x123555 default everything-works ingress-nginx kube-node-lease kube-public kube-system local-path-storage ``` ### Solution TBD ## Question 1 - Pod Deploy a pod with name `nginx-xh78` with the image `registry.sighup.io/workshop/nginx:alpine` in the default namespace. The container inside the pod should be named `nginx-xh78-container`. After the pod creation, write a script `/home/workshop/get_status.sh` that uses `kubectl` to retrieve the status of the `nginx-xh78` pod when invoked. ### Solution TBD ## Question 2 - Pod Labels Deploy a pod with name `child` with the image `registry.sighup.io/workshop/redis:alpine` in the default namespace. The pod shoud have a label `fruit=pineapple`. After the pod creation, create a replicaset called `parent` that will adopt the pod `child`. Check the desired and current pods in the replica set are correct. Try to delete the pod `child` and see if another one is created. ### Solution TBD ## Question 3 - Pod Placement Deploy a pod with name `busybox-jke3` with the image `registry.sighup.io/workshop/busybox` in the default namespace. The pod should be scheduled **only** on the **master nodes**. The solution should work in case the number of master nodes increase in the future. Do not edit the master node definition. ### Solution TBD ## Question 4 - Static pod Create a namespace `static`. Create a static pod in the first worker node in the namespace `static`. The pod should: - be called `static-pod` - run the image `registry.sighup.io/workshop/busybox` - execute the command `sleep 1000` ### Solution TBD ## Question 5 - Job Create a namespace `red`. Create a job called `red` in the `red` namespace. The job should run the image `registry.sighup.io/workshop/busybox` and execute `sleep 2 && echo done`. The job should run 10 times and execute at most 3 runs in parallel. Check the jobs log when terminated. ### Solution TBD ## Question 6 - CronJob Create a `rooster` CronJob that everyday at `6:00 AM` executes `date; echo chicchirichi`. You can use the `registry.sighup.io/workshop/busybox` image in the definition. ### Solution TBD ## Question 7 - Expose deployment internally via ClusterIP Create the namespace `beta`. Create a deployment `cache` with the label `flavour=cache` that uses the image `registry.sighup.io/workshop/redis:alpine` in the namespace `beta`. The container inside the pod template definition should expose port `6379`. Expose the deployment inside the cluster with a service `cache-service` on the port `6379` . After the deployment and service are created, scale the number of replicas of the `cache` deployment to 3. ### Solution TBD ## Question 8 - Expose deployment externally via NodePort Create the namespace `hello`. Create a deployment `hello-world` with the label `app=hello` that uses the image `gcr.io/google-samples/node-hello:1.0` in the namespace `hello`. The container inside the pod template definition should expose port `8080`. Expose the deployment outside the cluster with an appropriate service `hello-service`. The service should be mapped on the port `30003` of the nodes. ### Solution TBD ## Question 9 - Deployment update and rollback 1. Create a deployment in the default namespace with the image `registry.sighup.io/workshop/nginx:1.7.9` with 3 replicas called `nginx`. 2. Execute a rolling update saving the change cause to the image `registry.sighup.io/workshop/nginx:1.9.9`. 3. In case of problems rollback to the previous version. ### Solution TBD ## Question 10 - Set requests and limits Create the namespace `blue`. Create a deployment `blue` with `3` replicas in the `blue` namespace that uses the image `registry.sighup.io/workshop/httpd:latest`. The container should be named `blue-container` and have memory request of `20Mi` and a memory limit of `50Mi`. ### Solution TBD ## Question 11 - Troubleshooting applications Inside the namespace `everything-works` there is a `website` deployment which is currently not working. Identify the problem and fix it. ### Solution TBD ## Question 12 - InitContainer and Probes 1. Create a pod in the namespace `default` called `slowstart`. The pod should mount an `emptyDir` volume called `shared` at `/usr/share/nginx/html`. Moreover, the pod should have a container called `nginx` that: - runs the image `registry.sighup.io/workshop/nginx` - has a liveness probe that performs an `httpGet` on port `80` at `/filedinamico.html` 2. Run the pod, it should be in `CrashLoopBack` state as the liveness probe is failing. 3. Add an initContainer called `init` that mounts the `shared` volume and create the file `/usr/share/nginx/html/filedinamico.html`. You can use the image `registry.sighup.io/workshop/busybox` ### Solution TBD ## Question 13 - Sidecar Create a pod called `writer-reader` in the `default` namespace with following specifications: - Use an emptyDir volume called `shared`. - Have a container `writer` running `registry.sighup.io/workshop/busybox` that mounts the `shared` volume at `/opt/app_logs/` and writes `hello` in a file `/opt/app_logs/wave.log` - Another container `reader` running `registry.sighup.io/workshop/ubuntu` that outputs the file created by the other container to stout. Extract the first 10 lines of the logs of the `reader` container at `/home/workshop/multi.logs`. ### Solution TBD ## Question 14 - DNS Resolution Create a deployment in the namespace `default` called `apache` that uses the image `registry.sighup.io/workshop/httpd:latest`. The container inside the pod template definition should expose port `80`. Expose the deployment internally with a service `apache-service` on port `8080`. Verify the DNS resolution of the `apache-service` via `nslookup` using a temporary pod running the image `registry.sighup.io/workshop/busybox`. Save `nslookup` output at `/home/workshop/dnsresolution.txt` ### Solution TBD ## Question 15 - Statefulsets Create a statefulset called `whoami` in the namespace `default` containing 3 pods running the image `registry.sighup.io/workshop/ubuntu`. Each pod should mount the following persistentVolumeClaim at the mountPath `/pvc`: - name: `whoami` - accessModes: `"ReadWriteOnce"` - storage: `1Gi` The first pod of the three should output every 10 seconds to stdout: `"I am the leader"` The other pods should output every 10 seconds to stdout: `"I am a follower"` ### Solution TBD ## Question 17 - Network policy 0. Create the namespace `policy`. 1. Create a pod `busybox`: - with image `registry.sighup.io/workshop/busybox:latest` - with stag `type=client` - in the namespace `policy` - that executes the command `sleep 3600` 2. Create a pod `cannot`: - with image `registry.sighup.io/workshop/busybox:latest` - with stag `type=hacker` - in the namespace `policy` - that executes the command `sleep 3600` 3. Create a deployment `httpd`: - with the image `registry.sighup.io/workshop/httpd:latest` - in the namespace `policy` - that exposes the `containerPort` 80 4. Expose the deployment internally `httpd` via a service at port `80`. 5. Create a network policy that allows the `busybox` to talk to the `httpd` deployment on the port `80` but blocks the access from all other pods. ### Solution TBD ## Question 20 - Configmap 1. Create a ConfigMap called `beta-5000` in the namespace `default` with the following values: - `COLOR=red` - `FLAVOUR=garlic` 2. Create a pod `configmap-reader` in the namespace `default` that uses the ConfigMap `beta-5000`, mounting `COLOR` and `FLAVOUR` as environment variables inside a container that echos these values every minute. You can use the `registry.sighup.io/workshop/busybox` image for the container inside the `configmap-reader` pod. ### Solution TBD ## Question 21 - Secret 1. Create a secret called `secret-3fg` in the namespace `default` containing the following `secret.config` file: ```text Hello world Doing Kubernetes stuff ``` Create a `secret-reader` pod in the namespace `default` that mounts this secret in `/opt/secret.config` and output its content every minute. ### Solution TBD ## Question 22 - Secret Token of Service Account Create a service account called `luke` in the namespace `default`. Retrieve the service account token and write the base64 **decoded** token to file `/home/workshop/token` ### Solution TBD ## Question 31 - Volumes 1. Create a persistent volume claim `alpha-claim` in the namespace `default` with: - storageClass `local-path` - access mode `ReadWriteOnce` - Capacity `1Gi` 2. Create a pod called `volume-user` that uses the image `registry.sighup.io/workshop/nginx:alpine` that mounts this volume on `/usr/share/nginx/html`. 3. Enter the pod `volume-user` and create a file `index.html` inside the mounted directory with arbitrary content. 4. Delete and recreate the pod 5. Check that the file `/usr/share/nginx/html/index.html` inside the pod is still present. ### Solution TBD ## Question 40 - jsonpath Use the `-o jsonpath` to extract the `osImage` from all the nodes as save it in `/home/workshop/osImage_list.txt` > TIP: `osImage` is inside `status->nodeInfo`. ### Solution TBD