CKA Exam Dumps - Linux Foundation Kubernetes Administrator Questions and Answers

Task Summary

You are given a host to prepare for Kubernetes:

Use dpkg to install cri-dockerd

Enable and start the cri-docker service

Set net.bridge.bridge-nf-call-iptables to 1 via sysctl

Step-by-Step Instructions

1️⃣ SSH into the correct node

bash

CopyEdit

ssh cka000051

⚠️ Required — failure to connect to the correct host = zero score.

2️⃣ Install cri-dockerd

You are told the .deb file is already located at:

bash

CopyEdit

~/cri-dockerd_0.3.9.3-0.ubuntu-jammy_amd64.deb

Install it with dpkg:

bash

CopyEdit

sudo dpkg -i ~/cri-dockerd_0.3.9.3-0.ubuntu-jammy_amd64.deb

???? If any dependencies are missing (e.g., golang or containerd), you might need:

bash

CopyEdit

sudo apt-get install -f -y

But usually, the exam system provides a pre-validated .deb environment.

3️⃣ Enable and start cri-docker service

Start and enable both services:

bash

CopyEdit

sudo systemctl enable cri-docker.service

sudo systemctl enable --now cri-docker.socket

sudo systemctl start cri-docker.service

Check status (optional but smart):

bash

CopyEdit

sudo systemctl status cri-docker.service

You should see it active (running).

4️⃣ Configure the sysctl parameter

Set net.bridge.bridge-nf-call-iptables=1 immediately and persistently.

Step A: Apply immediately:

sudo sysctl net.bridge.bridge-nf-call-iptables=1

Step B: Persist it in /etc/sysctl.d:

Create or modify a file:

echo "net.bridge.bridge-nf-call-iptables = 1" | sudo tee /etc/sysctl.d/k8s.conf

Reload sysctl:

sudo sysctl --system

Verify:

sysctl net.bridge.bridge-nf-call-iptables

Should return:

net.bridge.bridge-nf-call-iptables = 1

✅ Now the system is ready for kubeadm with Docker (via cri-dockerd)!

ssh cka000051

sudo dpkg -i ~/cri-dockerd_0.3.9.3-0.ubuntu-jammy_amd64.deb

sudo systemctl enable cri-docker.service

sudo systemctl enable --now cri-docker.socket

sudo systemctl start cri-docker.service

sudo sysctl net.bridge.bridge-nf-call-iptables=1

echo "net.bridge.bridge-nf-call-iptables = 1" | sudo tee /etc/sysctl.d/k8s.conf

sudo sysctl --system

solution

F:\Work\Data Entry Work\Data Entry\20200827\CKA\19 B.JPG

kubect1 get pods -o=jsonpath='{range

items[*]}{.metadata.name}{"\t"}{.status.podIP}{"\n"}{end}'

Solution:

kubectl get deploy front-end

kubectl edit deploy front-end -o yaml

#port specification named http

#service.yaml

apiVersion: v1

kind: Service

metadata:

name: front-end-svc

labels:

app: nginx

spec:

ports:

- port: 80

protocol: tcp

name: http

selector:

app: nginx

type: NodePort

# kubectl create -f service.yaml

# kubectl get svc

# port specification named http

kubectl expose deployment front-end --name=front-end-svc --port=80 --tarport=80 --type=NodePort

solution

F:\Work\Data Entry Work\Data Entry\20200827\CKA\15 B.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\15 C.JPG

solution

Persistent Volume

A persistent volume is a piece of storage in a Kubernetes cluster. PersistentVolumes are a cluster-level resource like nodes, which don’t belong to any namespace. It is provisioned by the administrator and has a particular file size. This way, a developer deploying their app on Kubernetes need not know the underlying infrastructure. When the developer needs a certain amount of persistent storage for their application, the system administrator configures the cluster so that they consume the PersistentVolume provisioned in an easy way.

Creating Persistent Volume

kind: PersistentVolume

apiVersion: v1

metadata:

name:app-data

spec:

capacity: # defines the capacity of PV we are creating

storage: 2Gi #the amount of storage we are tying to claim

accessModes: # defines the rights of the volume we are creating

- ReadWriteMany

hostPath:

path: "/srv/app-data" # path to which we are creating the volume

Challenge

Create a Persistent Volume named app-data, with access mode ReadWriteMany, storage classname shared, 2Gi of storage capacity and the host path /srv/app-data.

2. Save the file and create the persistent volume.

Image for post

3. View the persistent volume.

Our persistent volume status is available meaning it is available and it has not been mounted yet. This status will change when we mount the persistentVolume to a persistentVolumeClaim.

PersistentVolumeClaim

In a real ecosystem, a system admin will create the PersistentVolume then a developer will create a PersistentVolumeClaim which will be referenced in a pod. A PersistentVolumeClaim is created by specifying the minimum size and the access mode they require from the persistentVolume.

Challenge

Create a Persistent Volume Claim that requests the Persistent Volume we had created above. The claim should request 2Gi. Ensure that the Persistent Volume Claim has the same storageClassName as the persistentVolume you had previously created.

kind: PersistentVolume

apiVersion: v1

metadata:

name:app-data

spec:

accessModes:

- ReadWriteMany

resources:

requests:

storage: 2Gi

storageClassName: shared

2. Save and create the pvc

njerry191@cloudshell:~ (extreme-clone-2654111)$ kubect1 create -f app-data.yaml

persistentvolumeclaim/app-data created

3. View the pvc

Image for post

4. Let’s see what has changed in the pv we had initially created.

Image for post

Our status has now changed from available to bound.

5. Create a new pod named myapp with image nginx that will be used to Mount the Persistent Volume Claim with the path /var/app/config.

Mounting a Claim

apiVersion: v1

kind: Pod

metadata:

creationTimestamp: null

name: app-data

spec:

volumes:

- name:congigpvc

persistenVolumeClaim:

claimName: app-data

containers:

- image: nginx

name: app

volumeMounts:

- mountPath: "/srv/app-data "

name: configpvc

kubectl get po -o=custom-columns="POD_NAME:.metadata.name,

POD_STATUS:.status.containerStatuses[].state"

Solution:

Task should be complete on node k8s -1 master, 2 worker for this connect use command

[student@node-1] > ssh k8s

kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets

kubectl create serviceaccount cicd-token --namespace=app-team1

kubectl create rolebinding deployment-clusterrole --clusterrole=deployment-clusterrole --serviceaccount=default:cicd-token --namespace=app-team1

Task Summary

SSH into cka000048b

Update the nginx-config ConfigMap in the nginx-static namespace to allow TLSv1.2

Ensure the nginx-static Deployment picks up the new config

Verify the change using the provided curl command

Step-by-Step Instructions

Step 1: SSH into the correct host

ssh cka000048b

Step 2: Get the ConfigMap

kubectl get configmap nginx-config -n nginx-static -o yaml > nginx-config.yaml

Open the file for editing:

nano nginx-config.yaml

Look for the TLS configuration in the data field. You are likely to find something like:

ssl_protocols TLSv1.3;

Modify it to include TLSv1.2 as well:

ssl_protocols TLSv1.2 TLSv1.3;

Save and exit the file.

Now update the ConfigMap:

kubectl apply -f nginx-config.yaml

Step 3: Restart the NGINX pods to pick up the new ConfigMap

Pods will not reload a ConfigMap automatically unless it’s mounted in a way that supports dynamic reload and the app is watching for it (NGINX typically doesn't by default).

The safest way is to restart the pods:

Option 1: Roll the deployment

kubectl rollout restart deployment nginx-static -n nginx-static

Option 2: Delete pods to force recreation

kubectl delete pod -n nginx-static -l app=nginx-static

Step 4: Verify using curl

Use the provided curl command to confirm that TLS 1.2 is accepted:

curl --tls-max 1.2 https://web.k8s.local

A successful response means the TLS configuration is correct.

Final Command Summary

ssh cka000048b

kubectl get configmap nginx-config -n nginx-static -o yaml > nginx-config.yaml

nano nginx-config.yaml # Modify to include "ssl_protocols TLSv1.2 TLSv1.3;"

kubectl apply -f nginx-config.yaml

kubectl rollout restart deployment nginx-static -n nginx-static

# or

kubectl delete pod -n nginx-static -l app=nginx-static

curl --tls-max 1.2 https://web.k8s.local

Task Summary

SSH into the correct node: cka000037

Modify existing deployment synergy-leverager

Add a sidecar container:

Name: sidecar

Image: busybox:stable

Command:

/bin/sh -c "tail -n+1 -f /var/log/synergy-leverager.log"

Use a shared volume mounted at /var/log

Don't touch existing container config except adding volume mount

Step-by-Step Solution

1️⃣ SSH into the correct node

ssh cka000037

⚠️ Skipping this will result in a zero score.

2️⃣ Edit the deployment

kubectl edit deployment synergy-leverager

This opens the deployment YAML in your default editor (vi or similar).

3️⃣ Modify the spec as follows

???? Inside the spec.template.spec, do these 3 things:

✅ A. Define a shared volume

Add under volumes: (at the same level as containers):

volumes:

- name: log-volume

emptyDir: {}

✅ B. Add volume mount to the existing container

Locate the existing container under containers: and add this:

volumeMounts:

- name: log-volume

mountPath: /var/log

???? Do not change any other configuration for this container.

✅ C. Add the sidecar container

Still inside containers:, add the new container definition after the first one:

- name: sidecar

image: busybox:stable

command:

- /bin/sh

- -c

- "tail -n+1 -f /var/log/synergy-leverager.log"

volumeMounts:

- name: log-volume

mountPath: /var/log

spec:

containers:

- name: main-container

image: your-existing-image

volumeMounts:

- name: log-volume

mountPath: /var/log

- name: sidecar

image: busybox:stable

command:

- /bin/sh

- -c

- "tail -n+1 -f /var/log/synergy-leverager.log"

volumeMounts:

- name: log-volume

mountPath: /var/log

volumes:

- name: log-volume

emptyDir: {}

Save and exit

If using vi or vim, type:

bash

CopyEdit

wq

5️⃣ Verify

Check the updated pods:

kubectl get pods -l app=synergy-leverager

Pick a pod name and describe it:

kubectl describe pod

Confirm:

2 containers running (main-container + sidecar)

Volume mounted at /var/log

ssh cka000037

kubectl edit deployment synergy-leverager

# Modify as explained above

kubectl get pods -l app=synergy-leverager

kubectl describe pod