
Linux Foundation Certified Kubernetes Administrator (CKA) Program - CKA Exam Questions
QUESTION NO: 1
You must connect to the correct host.
Failure to do so may result in a zero score.
[candidate@base] $ ssh Cka000055
Task
Verify the cert-manager application which has been deployed to your cluster .
Using kubectl, create a list of all cert-manager Custom Resource Definitions (CRDs ) and save it to ~/resources.yaml .
You must use kubectl 's default output format.
Do not set an output format.
Failure to do so will result in a reduced score.
Using kubectl, extract the documentation for the subject specification field of the Certificate Custom Resource and save it to ~/subject.yaml.
You must connect to the correct host.
Failure to do so may result in a zero score.
[candidate@base] $ ssh Cka000055
Task
Verify the cert-manager application which has been deployed to your cluster .
Using kubectl, create a list of all cert-manager Custom Resource Definitions (CRDs ) and save it to ~/resources.yaml .
You must use kubectl 's default output format.
Do not set an output format.
Failure to do so will result in a reduced score.
Using kubectl, extract the documentation for the subject specification field of the Certificate Custom Resource and save it to ~/subject.yaml.
Correct Answer:
Task Summary
You need to:
* SSH into the correct node: cka000055
* Use kubectl to list all cert-manager CRDs, and save that list to ~/resources.yaml
* Do not use any output format flags like -o yaml
* Extract the documentation for the spec.subject field of the Certificate custom resource and save it to ~
/subject.yaml
Step-by-Step Instructions
Step 1: SSH into the node
ssh cka000055
Step 2: List cert-manager CRDs and save to a file
First, identify all cert-manager CRDs:
kubectl get crds | grep cert-manager
Then extract them without specifying an output format:
kubectl get crds | grep cert-manager | awk '{print $1}' | xargs kubectl get crd > ~/resources.yaml This saves the default kubectl get output to the required file without formatting flags.
Step 3: Get documentation for spec.subject in the Certificate CRD
Run the following command:
kubectl explain certificate.spec.subject > ~/subject.yaml
This extracts the field documentation and saves it to the specified file.
If you're not sure of the resource, verify it exists:
kubectl get crd certificates.cert-manager.io
Final Command Summary
ssh cka000055
kubectl get crds | grep cert-manager | awk '{print $1}' | xargs kubectl get crd > ~/resources.yaml kubectl explain certificate.spec.subject > ~/subject.yaml
You need to:
* SSH into the correct node: cka000055
* Use kubectl to list all cert-manager CRDs, and save that list to ~/resources.yaml
* Do not use any output format flags like -o yaml
* Extract the documentation for the spec.subject field of the Certificate custom resource and save it to ~
/subject.yaml
Step-by-Step Instructions
Step 1: SSH into the node
ssh cka000055
Step 2: List cert-manager CRDs and save to a file
First, identify all cert-manager CRDs:
kubectl get crds | grep cert-manager
Then extract them without specifying an output format:
kubectl get crds | grep cert-manager | awk '{print $1}' | xargs kubectl get crd > ~/resources.yaml This saves the default kubectl get output to the required file without formatting flags.
Step 3: Get documentation for spec.subject in the Certificate CRD
Run the following command:
kubectl explain certificate.spec.subject > ~/subject.yaml
This extracts the field documentation and saves it to the specified file.
If you're not sure of the resource, verify it exists:
kubectl get crd certificates.cert-manager.io
Final Command Summary
ssh cka000055
kubectl get crds | grep cert-manager | awk '{print $1}' | xargs kubectl get crd > ~/resources.yaml kubectl explain certificate.spec.subject > ~/subject.yaml
QUESTION NO: 2
List pod logs named "frontend" and search for the pattern "started" and write it to a file "/opt/error-logs" See the solution below.
List pod logs named "frontend" and search for the pattern "started" and write it to a file "/opt/error-logs" See the solution below.
Correct Answer:
Kubectl logs frontend | grep -i "started" > /opt/error-logs
QUESTION NO: 3
Check the image version in pod without the describe command
Check the image version in pod without the describe command
Correct Answer:
kubectl get po nginx -o
jsonpath='{.spec.containers[].image}{"\n"}'
jsonpath='{.spec.containers[].image}{"\n"}'
QUESTION NO: 4
Create a file:
/opt/KUCC00302/kucc00302.txt that lists all pods that implement service baz in namespace development.
The format of the file should be one pod name per line.
Create a file:
/opt/KUCC00302/kucc00302.txt that lists all pods that implement service baz in namespace development.
The format of the file should be one pod name per line.
Correct Answer:



QUESTION NO: 5
Schedule a pod as follows:
* Name: nginx-kusc00101
* Image: nginx
* Node selector: disk=ssd
Schedule a pod as follows:
* Name: nginx-kusc00101
* Image: nginx
* Node selector: disk=ssd
Correct Answer:



QUESTION NO: 6
Create a deployment as follows:
* Name: nginx-app
* Using container nginx with version 1.11.10-alpine
* The deployment should contain 3 replicas
Next, deploy the application with new version 1.11.13-alpine, by performing a rolling update.
Finally, rollback that update to the previous version 1.11.10-alpine.
Create a deployment as follows:
* Name: nginx-app
* Using container nginx with version 1.11.10-alpine
* The deployment should contain 3 replicas
Next, deploy the application with new version 1.11.13-alpine, by performing a rolling update.
Finally, rollback that update to the previous version 1.11.10-alpine.
Correct Answer:



QUESTION NO: 7
Set the node named ek8s-node-1 as unavailable and reschedule all the pods running on it.
Set the node named ek8s-node-1 as unavailable and reschedule all the pods running on it.
Correct Answer:

QUESTION NO: 8
You must connect to the correct host.
Failure to do so may result in a zero score.
[candidate@base] $ ssh Cka000047
Task
A MariaDB Deployment in the mariadb namespace has been deleted by mistake. Your task is to restore the Deployment ensuring data persistence. Follow these steps:
Create a PersistentVolumeClaim (PVC ) named mariadb in the mariadb namespace with the following specifications:
Access mode ReadWriteOnce
Storage 250Mi
You must use the existing retained PersistentVolume (PV ).
Failure to do so will result in a reduced score.
There is only one existing PersistentVolume .
Edit the MariaDB Deployment file located at ~/mariadb-deployment.yaml to use PVC you created in the previous step.
Apply the updated Deployment file to the cluster.
Ensure the MariaDB Deployment is running and stable.
You must connect to the correct host.
Failure to do so may result in a zero score.
[candidate@base] $ ssh Cka000047
Task
A MariaDB Deployment in the mariadb namespace has been deleted by mistake. Your task is to restore the Deployment ensuring data persistence. Follow these steps:
Create a PersistentVolumeClaim (PVC ) named mariadb in the mariadb namespace with the following specifications:
Access mode ReadWriteOnce
Storage 250Mi
You must use the existing retained PersistentVolume (PV ).
Failure to do so will result in a reduced score.
There is only one existing PersistentVolume .
Edit the MariaDB Deployment file located at ~/mariadb-deployment.yaml to use PVC you created in the previous step.
Apply the updated Deployment file to the cluster.
Ensure the MariaDB Deployment is running and stable.
Correct Answer:
Task Overview
You're restoring a MariaDB deployment in the mariadb namespace with persistent data.
# Tasks:
* SSH into cka000047
* Create a PVC named mariadb:
* Namespace: mariadb
* Access mode: ReadWriteOnce
* Storage: 250Mi
* Use the existing retained PV (there's only one)
* Edit ~/mariadb-deployment.yaml to use the PVC
* Apply the deployment
* Verify MariaDB is running and stable
Step-by-Step Solution
1## SSH into the correct host
ssh cka000047
## Required - skipping = zero score
2## Inspect the existing PersistentVolume
kubectl get pv
# Identify the only existing PV, e.g.:
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS
mariadb-pv 250Mi RWO Retain Available <none> manual
Ensure the status is Available, and it is not already bound to a claim.
3## Create the PVC to bind the retained PV
Create a file mariadb-pvc.yaml:
cat <<EOF > mariadb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb
namespace: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Mi
volumeName: mariadb-pv # Match the PV name exactly
EOF
Apply the PVC:
kubectl apply -f mariadb-pvc.yaml
# This binds the PVC to the retained PV.
4## Edit the MariaDB Deployment YAML
Open the file:
nano ~/mariadb-deployment.yaml
Look under the spec.template.spec.containers.volumeMounts and spec.template.spec.volumes sections and update them like so:
Add this under the container:
yaml
CopyEdit
volumeMounts:
- name: mariadb-storage
mountPath: /var/lib/mysql
And under the pod spec:
volumes:
- name: mariadb-storage
persistentVolumeClaim:
claimName: mariadb
# These lines mount the PVC at the MariaDB data directory.
5## Apply the updated Deployment
kubectl apply -f ~/mariadb-deployment.yaml
6## Verify the Deployment is running and stable
kubectl get pods -n mariadb
kubectl describe pod -n mariadb <mariadb-pod-name>
# Ensure the pod is in Running state and volume is mounted.
# Final Command Summary
ssh cka000047
kubectl get pv # Find the retained PV
# Create PVC
cat <<EOF > mariadb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb
namespace: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Mi
volumeName: mariadb-pv
EOF
kubectl apply -f mariadb-pvc.yaml
# Edit Deployment
nano ~/mariadb-deployment.yaml
# Add volumeMount and volume to use the PVC as described
kubectl apply -f ~/mariadb-deployment.yaml
kubectl get pods -n mariadb
You're restoring a MariaDB deployment in the mariadb namespace with persistent data.
# Tasks:
* SSH into cka000047
* Create a PVC named mariadb:
* Namespace: mariadb
* Access mode: ReadWriteOnce
* Storage: 250Mi
* Use the existing retained PV (there's only one)
* Edit ~/mariadb-deployment.yaml to use the PVC
* Apply the deployment
* Verify MariaDB is running and stable
Step-by-Step Solution
1## SSH into the correct host
ssh cka000047
## Required - skipping = zero score
2## Inspect the existing PersistentVolume
kubectl get pv
# Identify the only existing PV, e.g.:
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS
mariadb-pv 250Mi RWO Retain Available <none> manual
Ensure the status is Available, and it is not already bound to a claim.
3## Create the PVC to bind the retained PV
Create a file mariadb-pvc.yaml:
cat <<EOF > mariadb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb
namespace: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Mi
volumeName: mariadb-pv # Match the PV name exactly
EOF
Apply the PVC:
kubectl apply -f mariadb-pvc.yaml
# This binds the PVC to the retained PV.
4## Edit the MariaDB Deployment YAML
Open the file:
nano ~/mariadb-deployment.yaml
Look under the spec.template.spec.containers.volumeMounts and spec.template.spec.volumes sections and update them like so:
Add this under the container:
yaml
CopyEdit
volumeMounts:
- name: mariadb-storage
mountPath: /var/lib/mysql
And under the pod spec:
volumes:
- name: mariadb-storage
persistentVolumeClaim:
claimName: mariadb
# These lines mount the PVC at the MariaDB data directory.
5## Apply the updated Deployment
kubectl apply -f ~/mariadb-deployment.yaml
6## Verify the Deployment is running and stable
kubectl get pods -n mariadb
kubectl describe pod -n mariadb <mariadb-pod-name>
# Ensure the pod is in Running state and volume is mounted.
# Final Command Summary
ssh cka000047
kubectl get pv # Find the retained PV
# Create PVC
cat <<EOF > mariadb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb
namespace: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Mi
volumeName: mariadb-pv
EOF
kubectl apply -f mariadb-pvc.yaml
# Edit Deployment
nano ~/mariadb-deployment.yaml
# Add volumeMount and volume to use the PVC as described
kubectl apply -f ~/mariadb-deployment.yaml
kubectl get pods -n mariadb
QUESTION NO: 9
Score: 4%

Context
You have been asked to create a new ClusterRole for a deployment pipeline and bind it to a specific ServiceAccount scoped to a specific namespace.
Task
Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types:
* Deployment
* StatefulSet
* DaemonSet
Create a new ServiceAccount named cicd-token in the existing namespace app-team1.
Bind the new ClusterRole deployment-clusterrole lo the new ServiceAccount cicd-token , limited to the namespace app-team1.
Score: 4%

Context
You have been asked to create a new ClusterRole for a deployment pipeline and bind it to a specific ServiceAccount scoped to a specific namespace.
Task
Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types:
* Deployment
* StatefulSet
* DaemonSet
Create a new ServiceAccount named cicd-token in the existing namespace app-team1.
Bind the new ClusterRole deployment-clusterrole lo the new ServiceAccount cicd-token , limited to the namespace app-team1.
Correct Answer:
Solution:
Task should be complete on node k8s -1 master, 2 worker for this connect use command
[student@node-1] > ssh k8s
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets, daemonsets kubectl create serviceaccount cicd-token --namespace=app-team1 kubectl create rolebinding deployment-clusterrole --clusterrole=deployment-clusterrole -- serviceaccount=default:cicd-token --namespace=app-team1
Task should be complete on node k8s -1 master, 2 worker for this connect use command
[student@node-1] > ssh k8s
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets, daemonsets kubectl create serviceaccount cicd-token --namespace=app-team1 kubectl create rolebinding deployment-clusterrole --clusterrole=deployment-clusterrole -- serviceaccount=default:cicd-token --namespace=app-team1




