Certified Kubernetes Administrator (CKA) Practice Exam - Questions

1. Create a pod called `nginx-secure` that uses the `nginx` image and runs in the `restricted`

namespace.

2. Create a deployment called `redis-deploy` with 2 replicas using the `redis:6.0` image and expose

it via ClusterIP service.

3. Set a resource limit of 200m CPU and 256Mi memory for a container in pod `nginx-limited` using

the `nginx` image.

4. Create a pod `nginx-probe` with readiness and liveness HTTP probes on port 80.

5. Display the node on which the pod `nginx-secure` is running.

6. Create a persistent volume called `pv-data` of size 1Gi using hostPath `/mnt/data`.

7. Create a PersistentVolumeClaim for `pv-data` and mount it in a pod running busybox.

8. Create a service account `appuser` and use it in a pod called `frontend`.

9. Taint a node `worker1` to only allow pods with the toleration

`key=dedicated,value=frontend:NoSchedule`.

10. Get all pods using more than 100Mi of memory.

11. Create a Job that runs `echo Hello CKA` and exits.

12. Patch deployment `web` to use image `nginx:1.18`.

13. Configure a network policy to allow ingress to pod label app=web only from pods with label

access=true.

14. Create an Ingress to expose `web-svc` service on `/web` path.

15. Upgrade a cluster node's kubelet configuration to use a custom `--cgroup-driver=systemd` flag.

16. Create a pod that mounts a ConfigMap with key `ENV=prod` as an environment variable.

17. Enable audit logging in the Kubernetes API server.

18. Backup etcd data to `/backup/etcd-snapshot.db`.

20. Create a Horizontal Pod Autoscaler for `web-deploy` between 1 and 5 replicas at 80% CPU

target.

21. Create a CronJob that runs every 5 minutes and echoes `Hi`.

22. Configure RBAC to allow `appuser` to list pods in `dev` namespace.

23. View API resources available in the cluster.

24. Show the control plane component status.

25. Force delete a pod stuck in terminating state.

26. Create a pod `curlpod` and use it to test service `web-svc` on port 80.

27. Create a pod with init containers that sleeps 10s before starting main container.

28. Create a deployment with anti-affinity rules to spread pods across nodes.

29. Create a pod that writes to a file every 30 seconds and test log rotation.

30. Debug why a pod `nginx-pod` is not starting.

1. Create a pod called `nginx-secure` that uses the `nginx` image and runs in the `restricted`

namespace.

Answer:

kubectl create ns restricted

kubectl run nginx-secure --image=nginx -n restricted

2. Create a deployment called `redis-deploy` with 2 replicas using the `redis:6.0` image and expose

it via ClusterIP service.

Answer:

kubectl create deployment redis-deploy --image=redis:6.0 --replicas=2

kubectl expose deployment redis-deploy --port=6379 --target-port=6379 --type=ClusterIP

3. Set a resource limit of 200m CPU and 256Mi memory for a container in pod `nginx-limited` using

the `nginx` image.

Answer:

Create a YAML file with `resources.limits` section and apply using kubectl apply -f file.yaml

4. Create a pod `nginx-probe` with readiness and liveness HTTP probes on port 80.

Answer:

Define the pod spec with `readinessProbe` and `livenessProbe` using HTTP GET on port 80.

5. Display the node on which the pod `nginx-secure` is running.

Answer:

kubectl get pod nginx-secure -o wide -n restricted

6. Create a persistent volume called `pv-data` of size 1Gi using hostPath `/mnt/data`.

Answer:

Define a PersistentVolume YAML with capacity 1Gi and hostPath `/mnt/data`, then apply it.
7. Create a PersistentVolumeClaim for `pv-data` and mount it in a pod running busybox.

Answer:

Create a PVC and a pod that mounts the claim, using a shared volumeMounts path.

8. Create a service account `appuser` and use it in a pod called `frontend`.

Answer:

kubectl create sa appuser

Add `serviceAccountName: appuser` in the pod spec.

9. Taint a node `worker1` to only allow pods with the toleration

`key=dedicated,value=frontend:NoSchedule`.

Answer:

kubectl taint nodes worker1 dedicated=frontend:NoSchedule

10. Get all pods using more than 100Mi of memory.

Answer:

kubectl top pod --all-namespaces | awk '$4 > 100'

11. Create a Job that runs `echo Hello CKA` and exits.

Answer:

Define a Job YAML that runs busybox with command `echo Hello CKA`.

12. Patch deployment `web` to use image `nginx:1.18`.

Answer:

kubectl set image deployment/web nginx=nginx:1.18

13. Configure a network policy to allow ingress to pod label app=web only from pods with label

access=true.

Answer:

Define a NetworkPolicy with podSelector app=web and from: podSelector matchLabels access=true.

14. Create an Ingress to expose `web-svc` service on `/web` path.

Define an Ingress resource mapping `/web` to `web-svc`.

15. Upgrade a cluster node's kubelet configuration to use a custom `--cgroup-driver=systemd` flag.

Answer:

Edit `/var/lib/kubelet/config.yaml` and restart kubelet with systemctl.

16. Create a pod that mounts a ConfigMap with key `ENV=prod` as an environment variable.

Answer:

kubectl create configmap env-cm --from-literal=ENV=prod

Use `envFrom` or `env` in pod spec.

17. Enable audit logging in the Kubernetes API server.

Answer:

Modify kube-apiserver manifest to include `--audit-log-path` and `--audit-policy-file`.

18. Backup etcd data to `/backup/etcd-snapshot.db`.

Answer:

ETCDCTL_API=3 etcdctl snapshot save /backup/etcd-snapshot.db --endpoints <endpoint> --cacert

--cert --key

19. Restore etcd from a snapshot.

Answer:

Stop etcd, use `etcdctl snapshot restore`, then point etcd to the restored data dir.

20. Create a Horizontal Pod Autoscaler for `web-deploy` between 1 and 5 replicas at 80% CPU

target.

Answer:

kubectl autoscale deployment web-deploy --min=1 --max=5 --cpu-percent=80

21. Create a CronJob that runs every 5 minutes and echoes `Hi`.

Answer:
kubectl create cronjob hi-job --schedule="*/5 * * * *" --image=busybox -- echo Hi

22. Configure RBAC to allow `appuser` to list pods in `dev` namespace.

Answer:

Create Role with list pods and bind it to `appuser` using RoleBinding.

23. View API resources available in the cluster.

Answer:

kubectl api-resources

24. Show the control plane component status.

Answer:

kubectl get componentstatus

25. Force delete a pod stuck in terminating state.

Answer:

kubectl delete pod <pod-name> --grace-period=0 --force

26. Create a pod `curlpod` and use it to test service `web-svc` on port 80.

Answer:

kubectl run curlpod --image=busybox -it --restart=Never -- curl web-svc:80

27. Create a pod with init containers that sleeps 10s before starting main container.

Answer:

Define initContainers section with sleep 10, then normal containers start.

28. Create a deployment with anti-affinity rules to spread pods across nodes.

Answer:

Use `podAntiAffinity` with `requiredDuringSchedulingIgnoredDuringExecution`.

29. Create a pod that writes to a file every 30 seconds and test log rotation.

Answer:

Pod uses busybox and writes to file in a loop. Set up logrotate manually.
30. Debug why a pod `nginx-pod` is not starting.

Answer:

kubectl describe pod nginx-pod

kubectl logs nginx-pod