Get Instant Access of 100% REAL CKA DUMP Pass Your Exam Easily
CKA Free Exam Questions with Quality Guaranteed
The CKA certification is highly regarded in the industry, and it is recognized as a standard for measuring the skills of Kubernetes administrators. Certified Kubernetes Administrator (CKA) Program Exam certification provides a way for professionals to demonstrate their expertise to employers and clients, and it can help them advance their careers in the field of Kubernetes administration. The CKA certification is also a prerequisite for other Kubernetes certifications offered by the Linux Foundation, such as the Certified Kubernetes Application Developer (CKAD) certification.
The Certified Kubernetes Administrator (CKA) Program Certification Exam is an industry-recognized certification that validates an individual's expertise in deploying, managing, and troubleshooting Kubernetes clusters. CKA exam is designed to test the candidate's practical skills and knowledge in various aspects of Kubernetes administration, such as pod scheduling, network configuration, storage management, and security. Certified Kubernetes Administrator (CKA) Program Exam certification is offered by the Linux Foundation, a non-profit organization that promotes the adoption of open-source software and technologies.
NEW QUESTION # 32
Get the number of schedulable nodes and write to a file
/opt/schedulable-nodes.txt
- A. kubectl get nodes -o jsonpath="{range
.items[*]}{.metadata.name}
{.spec.taints[?(@.effect=='NoSchedule')].effect}{\"\n\"}{end}"
| awk 'NF==1 {print $0}' > /opt/schedulable-nodes.txt
// Verify
cat /opt/schedulable-nodes.txt - B. kubectl get nodes -o jsonpath="{range
.items[*]}{.metadata.name}
{.spec.taints[?(@.effect=='NoSchedule')].effect}{\"\n\"}{end}"
| awk 'NF==11 {print $0}' > /opt/schedulable-nodes.txt
// Verify
cat /opt/schedulable-nodes.txt
Answer: A
NEW QUESTION # 33
You are running a Kubernetes cluster with a large number of deployments and services. You need to improve the performance and efficiency of DNS resolution, especially during peak traffic periods.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Increase CoreDNS Resources:
- Allocate more CPU, memory, and storage resources to the CoreDNS Deployment to handle increased DNS traffic.
2. Configure CoreDNS for Efficient Caching: - Use CoreDNS's 'cache' plugin to store DNS records in memory and reduce the need for frequent DNS queries.
3. Use a Distributed DNS Server: - If you have a very large cluster with high traffic, consider using a distributed DNS server like etcd or Consul. This can help to improve performance and scalability. 4. Use DNS over TLS (DOT) or DNS over HTTPS (DoH): - Enable secure DNS communication to reduce the risk of DNS poisoning attacks, which can significantly impact performance.
5. Monitor CoreDNS Performance: - Use metrics and logs to monitor CoreDNS performance and identify potential bottlenecks. This will help you adjust your configuration and resource allocation as needed. ]
NEW QUESTION # 34
You are setting up a new Kubernetes cluster with a highly sensitive application that requires access control at the pod level. Explain how you can use NetworkPolicy to restrict access to pods within your cluster.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1 . Create a NetworkPolicy Resource: Define a 'NetworkPolicy' resource using a YAML file. The
'NetworkPolicy' resource will contain the rules for network traffic access to the pods. You can use 'kubectl create -f networkpolicy.yaml' to create the NetworkPolicy resource.
2. Set 'podSelectoo: Use the podSelector' field to identify the pods that will be affected by the policy. In this example, we are targeting pods with the label 'app: sensitive-app'. 3. Define 'ingress' and 'egress' Rules: Use the 'ingress' and 'egress' sections to define the rules for incoming and outgoing traffic. 'ingress': This section specifies which pods or services are allowed to send traffic to the pods targeted by the 'NetworkPolicy'. Here, we are allowing traffic from pods labeled app: trusted-service'. 'egress': This section specifies which destinations the pods targeted by the NetworkPolicy are allowed to send traffic to. In this example, we are allowing egress traffic to the IP address range 10.0.0.0/16. 4. Implement the "NetworkPolicy': Apply the YAML file using 'kubectl apply -f networkpolicy.yaml'. Once applied, the NetworkPolicy will be enforced, blocking any traffic that does not meet the specified rules.
NEW QUESTION # 35
For this item, you will have to ssh to the nodes ik8s-master-0 and ik8s-node-0 and complete all tasks on these nodes. Ensure that you return to the base node (hostname: node-1) when you have completed this item.
Context
As an administrator of a small development team, you have been asked to set up a Kubernetes cluster to test the viability of a new application.
Task
You must use kubeadm to perform this task. Any kubeadm invocations will require the use of the
--ignore-preflight-errors=all option.
* Configure the node ik8s-master-O as a master node. .
* Join the node ik8s-node-o to the cluster.
Answer:
Explanation:
See the solution below.
Explanation
solution
You must use the kubeadm configuration file located at /etc/kubeadm.conf when initializingyour cluster.
You may use any CNI plugin to complete this task, but if you don't have your favourite CNI plugin's manifest URL at hand, Calico is one popular option: https://docs.projectcalico.org/v3.14/manifests/calico.yaml Docker is already installed on both nodes and has been configured so that you can install the required tools.
NEW QUESTION # 36
What file type upload is supported as part of the basic WildFire service?
- A. BAT
- B. PE
- C. ELF
- D. VBS
Answer: B
NEW QUESTION # 37
Annotate the pod with name=webapp
- A. kubectl annotate pod nginx-dev-pod name=webapp
kubectl annotate pod nginx-prod-pod name=webapp
// Verify
kubectl describe po nginx-dev-pod | grep -i annotations
kubectl describe po nginx-prod-pod | grep -i annotations - B. kubectl annotate pod nginx-dev-pod name=webapp
kubectl annotate pod nginx-prod-pod name=webapp
// Verify
kubectl describe po nginx-dev-pod | grep -i annotations
Answer: A
NEW QUESTION # 38
Apply the autoscaling to this deployment with minimum 10 and maximum 20 replicas and target CPU of 85% and verify hpa is created and replicas are increased to 10 from 1
Answer:
Explanation:
kubectl autoscale deploy webapp --min=10 --max=20 --cpu percent=85 kubectl get hpa kubectl get pod -l app=webapp
NEW QUESTION # 39
Scale the deploymentwebserverto6pods.
Answer:
Explanation:
See the solution below.
Explanation
solution
NEW QUESTION # 40
Create a namespace called 'development' and a pod with image nginx called nginx on this namespace.
Answer:
Explanation:
See the solution below.
Explanation
kubectl create namespace development
kubectl run nginx --image=nginx --restart=Never -n development
NEW QUESTION # 41
Scale the deployment webserver to 6 pods.
Answer:
Explanation:
solution
NEW QUESTION # 42
Given a partially-functioning Kubernetes cluster, identify symptoms of failure on the cluster.
Determine the node, the failing service, and take actions to bring up the failed service and restore the health of the cluster. Ensure that any changes are made permanently.
You can ssh to the relevant I nodes (bk8s-master-0 or bk8s-node-0) using:
[student@node-1] $ ssh <nodename>
You can assume elevated privileges on any node in the cluster with the following command:
[student@nodename] $ | sudo -i
Answer:
Explanation:
See the solution below.
Explanation
solution
NEW QUESTION # 43
Create a pod as follows:
* Name: non-persistent-redis
* container Image: redis
* Volume with name: cache-control
* Mount path: /data/redis
The pod should launch in the staging namespace and the volume must not be persistent.
Answer:
Explanation:
See the solution below.
Explanation
solution
NEW QUESTION # 44
Schedule a pod as follows:
* Name: nginx-kusc00101
* Image: nginx
* Node selector: disk=ssd
Answer:
Explanation:
See the solution below.
Explanation
solution
NEW QUESTION # 45
Create an nginx pod and set an env value as 'var1=val1'. Check the env value existence within the pod
- A. kubectl run nginx --image=nginx --restart=Never --env=var1=val1
# then
kubectl exec -it nginx -- env
# or
kubectl run nginx --restart=Never --image=nginx --env=var1=val1
-it --rm -- env - B. kubectl run nginx --image=nginx --restart=Never --env=var1=val1
# then
kubectl exec -it nginx -- env
# or
kubectl exec -it nginx -- sh -c 'echo $var1'
# or
kubectl describe po nginx | grep val1
# or
kubectl run nginx --restart=Never --image=nginx --env=var1=val1
-it --rm - env
Answer: B
NEW QUESTION # 46
Create a pod with init container which create a file "test.txt"
in "workdir" directory. Main container should check a file
"test.txt" exists and execute sleep 9999 if the file exists.
- A. // create an initial yaml file with this
kubectl run init-cont-pod --image=alpine --restart=Never --dry-run -o
yaml > init-cont-pod.yaml
// edit the yml as below and create it
vim init-cont-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: init-cont-pod
labels:
app: myapp
spec:
volumes:
- name: test-volume
emptyDir: {}
containers:
- name: main-container
image: busybox:1.28
command: ['sh', '-c', 'if [ -f /workdir/test.txt ]; then sleep
9999; fi']
volumeMounts:
image: busybox:1.28
command: ['sh', '-c', "mkdir /workdir; echo >
/workdir/test.txt"]
volumeMounts:
- name: test-volume
mountPath: /workdir
// Create the pod
kubectl apply -f init-cont-pod.yaml
kubectl get pods
// Check Events by doing
kubectl describe po init-cont-pod
Init Containers:
init-myservice:
Container ID:
docker://ebdbf5fad1c95111d9b0e0e2e743c2e347c81b8d4eb5abcccdfe1dd74524
0d4f
Image: busybox:1.28
Image ID: dockerpullable://busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df
416dea4f41046e0f37d47
Port: <none>
Host Port: <none>
Command:
sh
-c
mkdir /workdir; echo > /workdir/test.txt
State: Terminated Reason: Completed - B. // create an initial yaml file with this
kubectl run init-cont-pod --image=alpine --restart=Never --dry-run -o
yaml > init-cont-pod.yaml
// edit the yml as below and create it
vim init-cont-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: init-cont-pod
labels:
app: myapp
spec:
volumes:
- name: test-volume
emptyDir: {}
containers:
- name: main-container
image: busybox:1.28
command: ['sh', '-c', 'if [ -f /workdir/test.txt ]; then sleep
9999; fi']
volumeMounts:
- name: test-volume
mountPath: /workdir
initContainers:
- name: init-myservice
image: busybox:1.28
command: ['sh', '-c', "mkdir /workdir; echo >
/workdir/test.txt"]
volumeMounts:
- name: test-volume
mountPath: /workdir
// Create the pod
kubectl apply -f init-cont-pod.yaml
kubectl get pods
// Check Events by doing
kubectl describe po init-cont-pod
Init Containers:
init-myservice:
Container ID:
docker://ebdbf5fad1c95111d9b0e0e2e743c2e347c81b8d4eb5abcccdfe1dd74524
0d4f
Image: busybox:1.28
Image ID: dockerpullable://busybox@sha256:141c253bc4c3fd0a201d32dc1f493bcf3fff003b6df
416dea4f41046e0f37d47
Port: <none>
Host Port: <none>
Command:
sh
-c
mkdir /workdir; echo > /workdir/test.txt
State: Terminated Reason: Completed
Answer: B
NEW QUESTION # 47
Score: 7%
Task
Create a new NetworkPolicy named allow-port-from-namespace in the existing namespace echo. Ensure that the new NetworkPolicy allows Pods in namespace my-app to connect to port 9000 of Pods in namespace echo.
Further ensure that the new NetworkPolicy:
* does not allow access to Pods, which don't listen on port 9000
* does not allow access from Pods, which are not in namespace my-app
Answer:
Explanation:
Solution:
#network.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-port-from-namespace
namespace: internal
spec:
podSelector:
matchLabels: {
}
policyTypes:
- Ingress
ingress:
- from:
- podSelector: {
}
ports:
- protocol: TCP
port: 8080
#spec.podSelector namespace pod
kubectl create -f network.yaml
NEW QUESTION # 48
You have a Deployment named 'mysql-deployment' running a MySQL database server. You need to store the MySQL root password securely using a Secret. This password should be used by the database server when it starts.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create the Secret:
- Create a Secret named 'mysql-password' to store the root password.
- Use the 'kubectl create secret generic' command with the '--from-literal' flag to create a generic Secret with a key-value pair:
kubectl create secret generic mysql-password -from-literal=mysql-root password="your_strong_password"
2. Modify the Deployment:
- Update the 'mysql-deployment' Deployment's Pod template to mount the mysql-password' Secret as a volume.
- Use 'volumeMounts' to specify where the Secret should be mounted within the container, and 'volumes' to define the Secret as a volume source.
- Update the MySQL server's configuration (e.g., the 'my.cnf file) to read the password from the mounted volume.
3. Apply the Changes: - Apply the modified Deployment YAML using 'kubectl apply -f mysql-deployment.yamP. 4. Restart the MySQL Pod: - Restart the MySQL pod for it to read the password from the mounted volume. This can be achieved using 'kubectl delete pod'. 5. Verify the Password: - Connect to the MySQL database using the provided password and confirm it works correctly.
NEW QUESTION # 49
Create a configmap called cfgvolume with values var1=val1,
var2=val2 and create an nginx pod with volume nginx-volume which
reads data from this configmap cfgvolume and put it on the path
/etc/cfg
- A. // first create a configmap cfgvolume
kubectl create cm cfgvolume --from-literal=var1=val1 --fromliteral=var2=val2
// verify the configmap
kubectl describe cm cfgvolume
// create the config map
kubectl create -f nginx-volume.yml
vim nginx-configmap-pod.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx
spec:
volumes:
- name: nginx-volume
configMap:
name: cfgvolume
containers:
- image: nginx
name: nginx
volumeMounts:
- name: nginx-volume
mountPath: /etc/cfg
restartPolicy: Always
k kubectl apply -f nginx-configmap-pod.yaml
/ // Verify
// exec into the pod
kubectl exec -it nginx -- /bin/sh
// check the path
cd /etc/cfg - B. // first create a configmap cfgvolume
kubectl create cm cfgvolume --from-literal=var1=val1 --fromliteral=var2=val2
// verify the configmap
kubectl describe cm cfgvolume
// create the config map
kubectl create -f nginx-volume.yml
vim nginx-configmap-pod.yaml
apiVersion: v1
kind: Pod
- name: nginx-volume
configMap:
name: cfgvolume
containers:
- image: nginx
name: nginx
volumeMounts:
- name: nginx-volume
mountPath: /etc/cfg
restartPolicy: Always
k kubectl apply -f nginx-configmap-pod.yaml
/ // Verify
// exec into the pod
kubectl exec -it nginx -- /bin/sh
// check the path
cd /etc/cfg
Answer: A
NEW QUESTION # 50
Get the DNS records for the service and pods for the deployment redis and the put the value in /tmp/dnsrecordpod and /tmp/dnsrecord-service
- A. // Get Pod Ip
kubectl get po -o wide
// Get Service Name
kubectl get svc
// Create a temporary pod and execute nslookup command
Note: POD IP format should be a-b-c-d and not a.b.c.d
kubectl run busybox --image=busybox:1.28 --restart=Never -
-rm -it -- nslookup 192-168-0-69.default.pod >
/tmp/dnsrecord-pod
kubectl run busybox1 --image=busybox:1.26 --restart=Never
--rm -it -- nslookup redis-service > /tmp/dnsrecordservice
//Verify
cat /tmp/dnsrecord-pod
Server: 10.2.8.10
Address 1: 10.2.0.10 kube-dns.kube system.svc.cluster.local Name: 192-168-0-69.default.pod Address 1: 192.168.0.69 192-166-0-69.redis service.default.svc.cluster.local cat /tmp/dnsrecord-pod Server: 10.2.0.10 Address 1: 10.2.0.10 kube-dns.kube system.svc.cluster.local Name: 192-168-0-69.default.pod Address 1: 192.168.0.69 192-168-0-69.redis service.default.svc.cluster.local - B. // Get Pod Ip
kubectl get po -o wide
// Get Service Name
kubectl get svc
// Create a temporary pod and execute nslookup command
Note: POD IP format should be a-b-c-d and not a.b.c.d
kubectl run busybox --image=busybox:1.28 --restart=Never -
-rm -it -- nslookup 192-168-0-69.default.pod >
/tmp/dnsrecord-pod
kubectl run busybox1 --image=busybox:1.28 --restart=Never
--rm -it -- nslookup redis-service > /tmp/dnsrecordservice
//Verify
cat /tmp/dnsrecord-pod
Server: 10.2.0.10
Address 1: 10.2.0.10 kube-dns.kube system.svc.cluster.local Name: 192-168-0-69.default.pod Address 1: 192.168.0.69 192-168-0-69.redis service.default.svc.cluster.local cat /tmp/dnsrecord-pod Server: 10.2.0.10 Address 1: 10.2.0.10 kube-dns.kube system.svc.cluster.local Name: 192-168-0-69.default.pod Address 1: 192.168.0.69 192-168-0-69.redis service.default.svc.cluster.local
Answer: B
NEW QUESTION # 51
Create a nginx pod that will be deployed to node with the label
"gpu=true"
- A. kubectl run nginx --image=nginx --restart=Always --dry-run -o
yaml > nodeselector-pod.yaml
// add the nodeSelector like below and create the pod
kubectl apply -f nodeselector-pod.yaml
vim nodeselector-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
nodeSelector:
gpu: true
yaml
//Verify
kubectl get no -show-labels
kubectl get po
kubectl describe po nginx | grep Node-Selectors - B. kubectl run nginx --image=nginx --restart=Always --dry-run -o
yaml > nodeselector-pod.yaml
// add the nodeSelector like below and create the pod
kubectl apply -f nodeselector-pod.yaml
vim nodeselector-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
nodeSelector:
gpu: true
containers:
- image: nginx
name: nginx
restartPolicy: Always
kubectl apply -f nodeselector-pod.yaml
//Verify
kubectl get no -show-labels
kubectl get po
kubectl describe po nginx | grep Node-Selectors
Answer: B
NEW QUESTION # 52
......
Linux Foundation offers a comprehensive training program to prepare candidates for the CKA exam. The training program includes online courses, hands-on labs, and practice exams. The program is designed to help candidates gain the necessary knowledge and skills to pass the exam and become certified Kubernetes administrators.
CKA Free Exam Files Downloaded Instantly: https://dumpsvce.exam4free.com/CKA-valid-dumps.html
