Mock Test 3
1. Question
Create a new ServiceAccount with the name pvviewer.
Grant this ServiceAccount access to list all PersistentVolumes in the cluster by creating an appropriate ClusterRole called pvviewer-role and ClusterRoleBinding called pvviewer-role-binding.
Next, create a pod called pvviewer with the image: redis and serviceAccount: pvviewer in the default namespace.
Answer
Pods authenticate to the API Server using ServiceAccounts. If the serviceAccount name is not specified, the default service account for the namespace is used during a pod creation.
Now, create a service account pvviewer:
|
|
To create a clusterrole:
|
|
To create a clusterrolebinding:
|
|
Solution manifest file to create a new pod called pvviewer as follows:
|
|
2. Question
List the InternalIP of all nodes of the cluster. Save the result to a file /root/CKA/node_ips.
Answer should be in the format: InternalIP of controlplane<space>InternalIP of node01 (in a single line)
Answer
|
|
3. Question
Create a pod called multi-pod with two containers.
Container 1: name: alpha, image: nginx
Container 2: name: beta, image: busybox, command: sleep 4800
Environment Variables:
container 1:
name: alpha
Container 2:
name: beta
Answer
Solution manifest file to create a multi-container pod multi-pod as follows:
|
|
4. Question
Create a Pod called non-root-pod , image: redis:alpine
runAsUser: 1000
fsGroup: 2000
Answer
|
|
Verify the user and group IDs by using below command:
|
|
5. Question
We have deployed a new pod called np-test-1 and a service called np-test-service.
Incoming connections to this service are not working. Troubleshoot and fix it.
Create NetworkPolicy, by the name ingress-to-nptest that allows incoming connections to the service over port 80.
Answer
Solution manifest file to create a network policy ingress-to-nptest as follows:
|
|
6. Question
Taint the worker node node01 to be Unschedulable.
Once done, create a pod called dev-redis, image redis:alpine, to ensure workloads are not scheduled to this worker node.
Finally, create a new pod called prod-redis and image: redis:alpine with toleration to be scheduled on node01.
key: env_type, value: production, operator: Equal and effect: NoSchedule
Answer
To add taints on the node01 worker node:
|
|
Now, deploy dev-redis pod and to ensure that workloads are not scheduled to this node01 worker node.
|
|
To view the node name of recently deployed pod:
|
|
Solution manifest file to deploy new pod called prod-redis with toleration to be scheduled on node01 worker node.
|
|
To view only prod-redis pod with less details:
|
|
7. Question
Create a pod called hr-pod in hr namespace belonging to the production environment and frontend tier, image: redis:alpine.
Use appropriate labels and create all the required objects if it does not exist in the system already.
Answer
Create a namespace if it doesn’t exist:
|
|
and then create a hr-pod with given details:
|
|
|
|
8. Question
A kubeconfig file called super.kubeconfig has been created under /root/CKA. There is something wrong with the configuration. Troubleshoot and fix it.
Answer
Verify host and port for kube-apiserver are correct.
Open the super.kubeconfig in vi editor.
Change the 9999 port to 6443 and run the below command to verify:
|
|
9. Question
We have created a new deployment called nginx-deploy.
scale the deployment to 3 replicas. Has the replica’s increased?
Troubleshoot the issue and fix it.
Answer
Use the command k scale to increase the replica count to 3.
|
|
The controller-manager is responsible for scaling up pods of a replicaset.
If you inspect the control plane components in the kube-system namespace, you will see that the controller-manager is not running.
|
|
The command running inside the controller-manager pod is incorrect.
After fix all the values in the file and wait for controller-manager pod to restart.
|
|
kube-contro1ler-manager -> kube-controller-manager
This will fix the issues in controller-manager yaml file.
At last, inspect the deployment by using below command:
|
|