live chatMcAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
Pass4Test 10%OFF Discount Code

Linux Foundation Certified Kubernetes Administrator (CKA) Program - CKA Exam Questions

QUESTION NO: 1
You must connect to the correct host.
Failure to do so may result in a zero score.
[candidate@base] $ ssh Cka000055
Task
Verify the cert-manager application which has been deployed to your cluster .
Using kubectl, create a list of all cert-manager Custom Resource Definitions (CRDs ) and save it to ~/resources.yaml .
You must use kubectl 's default output format.
Do not set an output format.
Failure to do so will result in a reduced score.
Using kubectl, extract the documentation for the subject specification field of the Certificate Custom Resource and save it to ~/subject.yaml.
Correct Answer:
Task Summary
You need to:
* SSH into the correct node: cka000055
* Use kubectl to list all cert-manager CRDs, and save that list to ~/resources.yaml
* Do not use any output format flags like -o yaml
* Extract the documentation for the spec.subject field of the Certificate custom resource and save it to ~
/subject.yaml
Step-by-Step Instructions
Step 1: SSH into the node
ssh cka000055
Step 2: List cert-manager CRDs and save to a file
First, identify all cert-manager CRDs:
kubectl get crds | grep cert-manager
Then extract them without specifying an output format:
kubectl get crds | grep cert-manager | awk '{print $1}' | xargs kubectl get crd > ~/resources.yaml This saves the default kubectl get output to the required file without formatting flags.
Step 3: Get documentation for spec.subject in the Certificate CRD
Run the following command:
kubectl explain certificate.spec.subject > ~/subject.yaml
This extracts the field documentation and saves it to the specified file.
If you're not sure of the resource, verify it exists:
kubectl get crd certificates.cert-manager.io
Final Command Summary
ssh cka000055
kubectl get crds | grep cert-manager | awk '{print $1}' | xargs kubectl get crd > ~/resources.yaml kubectl explain certificate.spec.subject > ~/subject.yaml
QUESTION NO: 2
List pod logs named "frontend" and search for the pattern "started" and write it to a file "/opt/error-logs" See the solution below.
Correct Answer:
Kubectl logs frontend | grep -i "started" > /opt/error-logs
QUESTION NO: 3
Check the image version in pod without the describe command
Correct Answer:
kubectl get po nginx -o
jsonpath='{.spec.containers[].image}{"\n"}'
QUESTION NO: 4
Create a file:
/opt/KUCC00302/kucc00302.txt that lists all pods that implement service baz in namespace development.
The format of the file should be one pod name per line.
Correct Answer:


QUESTION NO: 5
Schedule a pod as follows:
* Name: nginx-kusc00101
* Image: nginx
* Node selector: disk=ssd
Correct Answer:


QUESTION NO: 6
Create a deployment as follows:
* Name: nginx-app
* Using container nginx with version 1.11.10-alpine
* The deployment should contain 3 replicas
Next, deploy the application with new version 1.11.13-alpine, by performing a rolling update.
Finally, rollback that update to the previous version 1.11.10-alpine.
Correct Answer:


QUESTION NO: 7
Set the node named ek8s-node-1 as unavailable and reschedule all the pods running on it.
Correct Answer:
QUESTION NO: 8
You must connect to the correct host.
Failure to do so may result in a zero score.
[candidate@base] $ ssh Cka000047
Task
A MariaDB Deployment in the mariadb namespace has been deleted by mistake. Your task is to restore the Deployment ensuring data persistence. Follow these steps:
Create a PersistentVolumeClaim (PVC ) named mariadb in the mariadb namespace with the following specifications:
Access mode ReadWriteOnce
Storage 250Mi
You must use the existing retained PersistentVolume (PV ).
Failure to do so will result in a reduced score.
There is only one existing PersistentVolume .
Edit the MariaDB Deployment file located at ~/mariadb-deployment.yaml to use PVC you created in the previous step.
Apply the updated Deployment file to the cluster.
Ensure the MariaDB Deployment is running and stable.
Correct Answer:
Task Overview
You're restoring a MariaDB deployment in the mariadb namespace with persistent data.
# Tasks:
* SSH into cka000047
* Create a PVC named mariadb:
* Namespace: mariadb
* Access mode: ReadWriteOnce
* Storage: 250Mi
* Use the existing retained PV (there's only one)
* Edit ~/mariadb-deployment.yaml to use the PVC
* Apply the deployment
* Verify MariaDB is running and stable
Step-by-Step Solution
1## SSH into the correct host
ssh cka000047
## Required - skipping = zero score
2## Inspect the existing PersistentVolume
kubectl get pv
# Identify the only existing PV, e.g.:
NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS
mariadb-pv 250Mi RWO Retain Available <none> manual
Ensure the status is Available, and it is not already bound to a claim.
3## Create the PVC to bind the retained PV
Create a file mariadb-pvc.yaml:
cat <<EOF > mariadb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb
namespace: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Mi
volumeName: mariadb-pv # Match the PV name exactly
EOF
Apply the PVC:
kubectl apply -f mariadb-pvc.yaml
# This binds the PVC to the retained PV.
4## Edit the MariaDB Deployment YAML
Open the file:
nano ~/mariadb-deployment.yaml
Look under the spec.template.spec.containers.volumeMounts and spec.template.spec.volumes sections and update them like so:
Add this under the container:
yaml
CopyEdit
volumeMounts:
- name: mariadb-storage
mountPath: /var/lib/mysql
And under the pod spec:
volumes:
- name: mariadb-storage
persistentVolumeClaim:
claimName: mariadb
# These lines mount the PVC at the MariaDB data directory.
5## Apply the updated Deployment
kubectl apply -f ~/mariadb-deployment.yaml
6## Verify the Deployment is running and stable
kubectl get pods -n mariadb
kubectl describe pod -n mariadb <mariadb-pod-name>
# Ensure the pod is in Running state and volume is mounted.
# Final Command Summary
ssh cka000047
kubectl get pv # Find the retained PV
# Create PVC
cat <<EOF > mariadb-pvc.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mariadb
namespace: mariadb
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 250Mi
volumeName: mariadb-pv
EOF
kubectl apply -f mariadb-pvc.yaml
# Edit Deployment
nano ~/mariadb-deployment.yaml
# Add volumeMount and volume to use the PVC as described
kubectl apply -f ~/mariadb-deployment.yaml
kubectl get pods -n mariadb
QUESTION NO: 9
Score: 4%

Context
You have been asked to create a new ClusterRole for a deployment pipeline and bind it to a specific ServiceAccount scoped to a specific namespace.
Task
Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types:
* Deployment
* StatefulSet
* DaemonSet
Create a new ServiceAccount named cicd-token in the existing namespace app-team1.
Bind the new ClusterRole deployment-clusterrole lo the new ServiceAccount cicd-token , limited to the namespace app-team1.
Correct Answer:
Solution:
Task should be complete on node k8s -1 master, 2 worker for this connect use command
[student@node-1] > ssh k8s
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets, daemonsets kubectl create serviceaccount cicd-token --namespace=app-team1 kubectl create rolebinding deployment-clusterrole --clusterrole=deployment-clusterrole -- serviceaccount=default:cicd-token --namespace=app-team1