CKA, former CKAD

Question 1

Ingress vs egress ?

Answer 1

Ingress enables external traffic to reach containers, while egress enables containers to reach external resources. Ingress is typically used for exposing web applications and APIs to the outside world, while egress is used for accessing databases and other services outside of the cluster.

Question 2

why do i do need livenessprobe?

Answer 2

Caution: Liveness probes can be a powerful way to recover from application failures, but they should be used with caution. Liveness probes must be configured carefully to ensure that they truly indicate unrecoverable application failure, for example a deadlock.

ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/

Question 3

whats special when configured using goproxy?

Answer 3

it need to come with readinessProbe of its own cause its a 2-step rocket

Question 4

Difference in CKA vs CKAD exam allowed doc. sources?

Answer 4

CKA or CKAD: use the browser within the VM to access the following documentation:
https://kubernetes.io/docs/, https://kubernetes.io/blog/ and their subdomains. This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)

CKAD only: https://helm.sh/docs

See here for all details: https://docs.linuxfoundation.org/tc-docs/certification/certification-resources-allowed#certified-kubernetes-administrator-cka-and-certified-kubernetes-application-developer-ckad

Question 5

a tip how to search for multiple container pod yaml in the allowed documentation?

Answer 5

search two containers maybe? i found nginx and debian container in one pod yaml!

Question 6

Which of the following commands will run a command inside an active container?

A. kubectl exec
B. kubectl run
C. kubectl create
D. kubectl describe

Answer 6

kubectl exec -i -t my-pod –container main-app – /bin/bash.

Question 7

what does nodeSelector can be good for?

Answer 7

The nodeSelector: entry in the podspec could use this label to cause a pod to be deployed on a particular node with an entry such as:

P.s. Poor mans affinity option from what i understood later.

Question 8

Can you name some built-in object labels?

Answer 8

There are several built-in object labels. For example nodes have labels such as the arch, hostname, and os, which could be used for assigning pods to a particular node, or type of node.

Question 9

whats an ambassador in kubernetes?

Answer 9

It is “an open source, Kubernetes-native API gateway for microservices built on Envoy”.

It allows for access to the outside world without having to implement a service or another entry in an ingress controller: proxy local connection, reverse proxy, limits HTTP requests, re-route from the main container to the outside world.​

Question 10

Whats an initContainer?

Answer 10

The use of an initContainer allows one or more containers to run only if one or more previous containers run and exit successfully. For example, you could have a checksum verification scan container and a security scan container check the intended containers. Only if both containers pass the checks would the following group of containers be attempted. You can see a simple example below:

spec:
containers:
- name: intended
image: workload
initContainers:
- name: scanner
image: scanapp

Question 11

Can k8s deployments be described in other terms?

Answer 11

This controller, or operator, is an agent to create and manage one or more instances of a specific stateful application. We have worked with built-in controllers such for Deployments and other resources.

Question 12

The addition of a Custom Resource Definition can be handled through exactly what?

Answer 12

The addition of a Custom Resource Definition will be added to the cluster API path, currently under apiextensions.k8s.io/v1.

Question 13

What does An option spec field is .spec.concurrencyPolicy used for?

Answer 13

An option spec field is .spec.concurrencyPolicy which determines how to handle existing jobs, should the time segment expire. If set to Allow, the default, another concurrent job will be run, and twice as many pods would be running. If set to Forbid, the current job continues and the new job is skipped. A value of Replace cancels the current job and the controlled pods, and starts a new job in its place.

Question 14

Q. lab 4.1????: Verify your nodes are using a CNI plugin. Read through the startup process of CNI. Each message begins with a type ofmessage and a time stamp, followed by the details of the message. UseTABto complete for your node name. Examineboth the controller and one of your proxy pods

Answer 14

Those are the messages, dont see any type of message in the begining: I1212 11:23:19.028798 1 replica_set.go:205] Starting replicationcontroller controller
I1212 11:23:19.028813 1 shared_informer.go:252] Waiting for caches to sync for ReplicationC
ontroller

Question 15

how many layers are there in the context of k8s CNI and what are their names?

Answer 15

1) physical is not talked about according to chatgpt
2) Layer 2 - Data Link Layer: This layer is responsible for node-to-node data transfer and handles things like MAC addressing, Ethernet framing, VLAN tagging, and error detection. CNI plugins operating at this layer manage how data is transferred within the same network segment or VLAN.

Layer 3 - Network Layer: This layer deals with IP addressing and routing. It is responsible for moving packets across network boundaries. CNI plugins operating at this layer are involved in routing and IP address assignment for pods.

Layer 4 - Transport Layer: While not directly managed by CNI plugins, this layer, which handles protocols like TCP and UDP, is relevant in the overall Kubernetes networking picture, particularly in services, ingress, and egress operations.

Question 16

how is OSI organised?

Answer 16

Layer 1 - Physical Layer: This is the most fundamental layer, dealing with the transmission of raw bits over a physical medium. It includes things like cable types, electrical signals, and data rates. It’s the foundation upon which all higher layers are built.

Layer 2 - Data Link Layer: This layer is responsible for node-to-node data transfer and operates on frames. It handles things like physical addressing (MAC addresses), error detection and correction, and defines the protocol to establish and terminate a connection between two physically connected devices.

Layer 3 - Network Layer: The Network Layer is concerned with the routing of packets across different networks. It deals with logical addressing (IP addresses) and determines how data is sent to its destination through routing.

Layer 4 - Transport Layer: This layer provides end-to-end communication services for applications. It ensures complete data transfer and is responsible for error recovery and flow control. Protocols like TCP and UDP operate at this layer.

Layer 5 - Session Layer: This layer manages sessions between applications. It establishes, manages, and terminates connections between applications.

Layer 6 - Presentation Layer: It translates data between the application layer and the network. It’s responsible for data encryption, decryption, compression, and conversion.

Layer 7 - Application Layer: The highest layer of the OSI model, it provides services directly to user applications. It deals with network services that support applications.

Question 17

Come up with questions about support of these features in k8s CNI projects: about support for vxlands, which layer is supported, network policies support, support for encryption of tcp and udp trafic and more? Here is what chatgpt 4 said:

Answer 17

Enhanced Kubernetes CNI Providers Comparison
Calico

Network Layer Support: Layer 3.
VXLAN Support: Yes, offers both VXLAN and IP-in-IP encapsulation.
Network Policies: Advanced network policy enforcement.
Encryption Support: Supports WireGuard for encrypting traffic.
Use Cases: High-performance, security-focused environments; advanced policy management.
Calico with Canal

Network Layer Support: Combines Layer 2 (Flannel) and Layer 3 (Calico).
VXLAN Support: Inherits VXLAN support from both Calico and Flannel.
Network Policies: Advanced, from Calico.
Encryption Support: Supports encryption via Calico (WireGuard).
Use Cases: Environments needing both simple setup (Flannel) and advanced policy control (Calico).
Flannel

Network Layer Support: Primarily Layer 2.
VXLAN Support: Yes, focuses on simplicity in VXLAN implementation.
Network Policies: Basic support, not as advanced as Calico.
Encryption Support: Does not natively support encryption of traffic.
Use Cases: Smaller, simpler Kubernetes setups; focus on ease of deployment.
Cilium

Network Layer Support: Layer 3, with eBPF-based networking.
VXLAN Support: Yes, along with other encapsulation formats.
Network Policies: Highly advanced, with eBPF-powered security features.
Encryption Support: Strong support for encryption, including transparent encryption of traffic.
Use Cases: Security-centric deployments; environments requiring detailed network visibility and control.
Kube-router

Network Layer Support: Layer 3 focused.
VXLAN Support: Limited or no native support for VXLAN.
Network Policies: Basic to moderate policy support.
Encryption Support: No native support for traffic encryption.
Use Cases: Balances performance and simplicity; suitable for medium-scale environments

Question 18

What are some ways containers can communicate within the same pod?

Answer 18

IPC, loopback or shared filesystem access

Question 19

Tips for the exam!

Answer 19

second: k should already be an alias, otherwise; alias k=kubectl
third: dont ever click on links not allowed or u will get disqualified. for that exit maximum window and see what are the links before clicking
fourth: Use :set paste or even better vim ~./.vimrc and put these there:

syntax on
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab

Question 20

What does those options stand for? autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab

Answer 20

autocmd FileType yaml: This part tells Vim to automatically execute the following commands whenever a file of the ‘yaml’ file type is opened. Vim detects the file type based on the file extension or sometimes the file content.

setlocal: This command sets options locally for the current buffer. It ensures that the changes made apply only to the YAML file you’re working on, not globally across all open files in Vim.

ts=2: This sets the ‘tabstop’ (ts) option to 2. The ‘tabstop’ option specifies the number of spaces that a tab in the file counts for. In this case, each tab character will be displayed as two spaces.

sts=2: This sets the ‘softtabstop’ (sts) option to 2. When you’re entering text, the ‘softtabstop’ setting makes Vim behave as though the tab character is 2 spaces wide. It affects how text is inserted and how the Tab and Backspace keys work.

sw=2: This sets the ‘shiftwidth’ (sw) option to 2. The ‘shiftwidth’ setting determines the number of spaces to use for each step of (auto)indent. It controls how many spaces are inserted for indentation.

expandtab: This option, when enabled, makes Vim insert spaces instead of tabs when the Tab key is pressed. Combined with the settings above, it means that each time you press Tab, it will insert two spaces.

Question 21

Name possible memory settings in the pod yaml

Answer 21

Requests is what Kubernetes guarantees as available for the container.
Limits is the maximum amount of memory the container is allowed to use.
Args (“–vm-bytes”, “250M”) is specific to the stress tool used inside the container for testing and is not a Kubernetes resource allocation setting.

Question 22

How do you aproach this on the exam? you need to know cron, its the linux 5 places cron thats used and which place is which:

Answer 22

Create a new cronjob which runs busybox and the sleep 30 command. Have the cronjob run every three minutes. View the job status to check your work. Change the settings so the pod runs 10 minutes from the current time, every week. For example, if the current time was 2:14PM, I would configure the job to run at 2:24PM, every Monday.

Obs! remember its 5parts cron and they are MHDMDofweek

Question 23

What is the ambassador in Kubernetes?

Answer 23

Ambassador is a Kubernetes-native API Gateway built on Envoy Proxy. Managed entirely via Kubernetes Custom Resource Definitions, Ambassador provides powerful capabilities for traffic management, authentication, and observability.

Question 24

Which of the following are helper container types? Choose all answers that apply: Ambassador, Adapter,ProbeHelper,Sidecar

Answer 24

All except Probehelper. can u give example of those?

Question 25

If a Pod uses more CPU than allowed, it will be evicted. True or False?

Answer 25

False! But its true for memory and disk!

Question 26

howdo you find port of your local registry?

Answer 26

You just need to list your k8s services: kubectl get svc

Question 27

Write the list of all DbBackup objects into /root/db-backups .

Answer 27

kubectl get db-backups -A k get crd to get a list of all, and then take the part before the first dot.

Question 28

What does this 3 term mean? Helm Chart, Helm Release, Helm Values ?

Answer 28

Helm Chart: Kubernetes YAML template-files combined into a single package, Values allow customisation Helm Release: Installed instance of a Chart Helm Values: Allow to customise the YAML template-files in a Chart when creating a Release

Question 29

Write the list of all Helm releases in the cluster into /root/releases .

Answer 29

helm ls -A > /root/releases Obs. helm list -h helps!

Question 30

How to get to know Api Group of k8s Deployments ?

Answer 30

The answer is "Apps". Two ways to find out: 1) kubectl api-resources| grep -i deploy deployments deploy apps/v1 true Deployment 2) k explain deploy GROUP: apps KIND: Deployment VERSION: v1 P.s. Remember, group is like groupid in maven: [groupId]:[artifactId]:[type]:[version]

Question 31

your best way to know the actual version of some api thing?

Answer 31

kubectl api-resources| grep -i

Question 32

1) What is the official doc reference link for all the special annotations? 2) what is it for namespaces?

Answer 32

1. https://kubernetes.io/docs/reference/labels-annotations-taints/. 2. kubernetes.io/metadata.name

Question 33

Whats inside a basic Dockerfile that just ping a website?

Answer 33

FROM node:lts-alpine WORKDIR /app COPY . . RUN yarn install --production CMD ["node", "src/index.js"] EXPOSE 3000 Obs! remember command parts separated with comma. Also lower/uppercase in FROM matters.

Question 34

Howto build and list a simple docker/podman image?

Answer 34

podman build -t pinger . podman image ls

Question 35

howto run a simple docker/podman image?

Answer 35

podman run --name my-ping pinger

Question 36

This is the 4 ingredients of Dockerfile. What 2 would i use to create an image that pings a webside: FROM ubuntu:22.04 COPY . /app RUN make /app CMD python /app/app.py

Answer 36

FROM bash CMD ["ping", "killercoda.com"]

Question 37

What was the biggest surprise when i did killerkoda ingress task?

Answer 37

ingressClass! P.s. seems i can see it here kubectl get ingress test-ingress

Question 38

1. What is a command to create a container just by a command? 2. Where in official doc do i find that info

Answer 38

1. kubectl run nginx --image=nginx 2. reference > kubectl > generated > kubectl_run

Question 39

Howto get kubectl events sorted by time?

Answer 39

kubectl get events --sort-by='.lastTimestamp'

Question 40

What are 4 servicetypes?

Answer 40

Service type For some parts of your application (for example, frontends) you may want to expose a Service onto an external IP address, one that's accessible from outside of your cluster. Kubernetes Service types allow you to specify what kind of Service you want. The available type values and their behaviors are: ClusterIP Exposes the Service on a cluster-internal IP. Choosing this value makes the Service only reachable from within the cluster. This is the default that is used if you don't explicitly specify a type for a Service. You can expose the Service to the public internet using an Ingress or a Gateway. NodePort Exposes the Service on each Node's IP at a static port (the NodePort). To make the node port available, Kubernetes sets up a cluster IP address, the same as if you had requested a Service of type: ClusterIP. LoadBalancer Exposes the Service externally using an external load balancer. Kubernetes does not directly offer a load balancing component; you must provide one, or you can integrate your Kubernetes cluster with a cloud provider. ExternalName Maps the Service to the contents of the externalName field (for example, to the hostname api.foo.bar.example). The mapping configures your cluster's DNS server to return a CNAME record with that external hostname value. No proxying of any kind is set up.

Question 41

How do you expose deployment using service?

Answer 41

kubectl expose deployment/kubernetes-bootcamp --type="NodePort" --port 8080

Question 42

How am i supposed to find info about exposing a deployment?

Answer 42

Searching for "service expose deployment" gave 2 main type of results that are useful: 1) tutorial pages that are still under kubernetes.io 2) under tasks/access-application-cluster/service-access-application-cluster/

Question 43

howto create secret from command with 3 data strings?

Answer 43

1. either base64 each parameter and put in in yaml or 2. kubectl create secret generic db-secret-xxdf --from-literal=DB_Host=sql01 --from-literal=DB_User=root --from-literal=DB_Password=password123

Question 44

howto label deployment?

Answer 44

kubectl label deployment my-deployment unhealthy=true

Question 45

what do u do if u need to configure pod to run as root user?

Answer 45

root is the default user, no action needed!

Question 46

how do u restart a pod?

Answer 46

A pod is the smallest unit in Kubernetes (K8S). They should run until they are replaced by a new deployment. Because of this, there is no way to restart a pod, instead, it should be replaced. There is no kubectl restart [podname] command for use with K8S (with Docker you can use docker restart [container_id] ), so there are a few different ways to achieve a pod ‘restart’ with kubectl

Question 47

Are you familiar with all of these shortcuts? rs,deploy,svc,ns,netpol,pvc,sa

Answer 47

netpol = network policy, sa = service account

Question 48

1. how do u replace multiple lines in VIM? how do u indent multiple lines?

Answer 48

1. kom ihåg procent tecken :%s/foo/bar/g 2. 5jj (5 för antal rader , j och sen j igen tror jag)

Question 49

difference readinessprobe and livenessProbe? example how it look like?

Answer 49

livenessProbe: exec: command: - cat - /tmp/healthy

Question 50

how do you permanently save the namespace for all subsequent kubectl commands in that context?

Answer 50

kubectl config set-context --current --namespace=ggckad-s2

Question 51

How do you quickly see if a pod have some volumemounts?

Answer 51

k exec pod1 -- ls /etc/birke

Question 52

When the exam say to create container from dockerfile, do they mean k8s or docker/podman container?

Answer 52

apparently they mean a docker container!

Question 53

Howto Tag the Docker/Podman image, which is currently tagged as pinger , also as local-registry:5000/pinger? Howto also then push the image into the local registry?

Answer 53

podman tag pinger local-registry:5000/pinger podman image ls podman push local-registry:5000/pinger

Question 54

What does maxSurge mean in the context of deployments? and how can it be measured?

Answer 54

maxSurge: The number of pods that can be created above the desired amount of pods during an update. This can be an absolute number or percentage of the replicas count. The default is 25%.

Question 55

What did i forget when trying to use your own CRD?

Answer 55

1) You create yaml by yourself, not template generator! 2) The mandatory first 5 lines start according to abbreviation "AKMnS" 3) !!! Most important cause i made it wrong!! The first A which is apiversion comes from CRD groupid/version, that is "apiVersion: beta.killercoda.com/v1" with or without citation!!!

Question 56

Whats interesting about this? controlplane $ k get shopping-items NAME AGE bananas 8m26s shopping-items.beta.killercoda.com 10m controlplane $ k delete bananas error: the server doesn't have a resource type "bananas" controlplane $ k delete crd bananas Error from server (NotFound): customresourcedefinitions.apiextensions.k8s.io "bananas" not found controlplane $ k delete crd shopping-items.beta.killercoda.com customresourcedefinition.apiextensions.k8s.io "shopping-items.beta.killercoda.com" deleted

Answer 56

Strange that i could not remove banas here!? Also it seems when i remove CRD, i remove the instance of it too!

Question 57

if i need to search for helm chart "nginx-stable/nginx-ingress", where can i search and where did i actually find it?

Answer 57

helm search hub - search for charts in the Artifact Hub or your own hub instance helm search repo - search repositories for a keyword in charts i found it in the repo! P.s. luckily i did not have to care about that when i just tried to install it by: helm install devserver nginx-stable/nginx-ingress -n team-yellow

Question 58

Whats The key difference between Blue-Green and Canary rollouts in Kubernetes ?

Answer 58

The key difference between Blue-Green and Canary rollouts in Kubernetes lies in their approach to releasing new versions: Blue-Green Rollout: This involves two identical environments: Blue (current production) and Green (new version). Once the Green environment is ready and tested, traffic is switched from Blue to Green. If issues arise, you can switch back to Blue. It's a more straightforward approach with less risk and easier rollback, but requires double the resources. Canary Rollout: This is a more gradual process where the new version (Canary) is slowly rolled out to a small subset of users. The new version's performance and stability are monitored, and if no issues are detected, the rollout continues gradually until the canary version replaces the old version completely. This method allows for more detailed monitoring and reduces risk but can be more complex to manage.

Question 59

When the questiono ask "Write the Api Group of Deployments into /root/group " what do they mean? individual deploy property or a high level logical group for deploy?

Answer 59

The later! So the answer is "apps" , here is how u get it: k explain deploy This will show VERSION: apps/v1 . The version is displayed as VERSION: {group}/{version}. echo apps > /root/group Obs! Dont make a mistake and look at individual deploys!

Question 60

If the task is: "There is a FlowSchema file at /apps/flowschema.yaml which uses a deprecated Api version. Update the file to use the non deprecated one." How would u find out what to use?

Answer 60

Try to apply it and see kubectl say its not the latest one. Obs! It will suggest the latest one!!!

Question 61

2 selfcheck questions for an exam question which goes: "Write all Admission Controller Plugins, which are enabled in the kube-apiserver manifest, into /root/admission-plugins ." 1) how to do it ? 2)what is it verifying actually

Answer 61

1) cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep admission-plugins 2) It verifies that i know they are mounted locally for me to use. Obs! ps aux | grep kube-apiserver shows it too. obs! Dont get excited when you find this in documentation "kube-apiserver -h | grep enable-admission-plugins" because it gets u "admission plugins that SHOULD BE enabled in addition to default enabled ones"

Question 62

how do you view all logs using a certain label?

Answer 62

kubectl logs -l app=elasticsearch

Question 63

how do u spec a netpol so it allows port on a certain trafic? block, allow or just port spec?

Answer 63

just port spec: egress: - ports: - port: 53 protocol: TCP - port: 53 protocol: UDP

Question 64

How do u verify that u blocked access to a certain host?

Answer 64

These should work k -n space1 exec app1-0 -- nslookup killercoda.com these should not work k -n space1 exec app1-0 -- curl -m 1 tester.default.svc.cluster.local k -n space1 exec app1-0 -- curl -m 1 killercoda.com

Question 65

how do u use namespace selector by name? not labels but name!!!

Answer 65

- namespaceSelector: matchLabels: kubernetes.io/metadata.name: space2

Question 66

There was one qn ask was to creating cpu limit not beyond the NS QUOTA. but when I can't find any quota on namespace

Answer 66

The q was in a comment under https://www.youtube.com/watch?v=h9-6K8v3wHM` obs! chatgpt said no automatic way to make ns limits are not exceeeded by all pods, needs to be checked manually!

Question 67

What is CPU resource units, the quantity expression 0.1 is equivalent to when expressed differently?

Answer 67

For CPU resource units, the quantity expression 0.1 is equivalent to the expression 100m, which can be read as "one hundred millicpu".

Question 68

how to canary deploy?

Answer 68

No magic! just 2 keys: 1) labels is the key which tie together old deploy, new deploy and service. just dont forget that in a deploy spec same label name is mentioned 3 times! 2) second is just to have right spec.replicas that correspond to the task, 2 (new) and 8(old) for 20/80 with max 10 replicas!

Question 69

how to see labels attached to a namespace?

Answer 69

k get ns -A --show-labels

Question 70

how to quickly see in which context you are?

Answer 70

k config get-contexts (look for star *) or k config current-context

Question 71

What objects does not belong to namespace but entire thing?

Answer 71

PVs, StorageClass, CRD, clusterrole and clusterrolebinding, namespace and componentstatus are not bound to any ns.

Question 72

whats the easiest way to get kubectl within namespace and context to do anything?

Answer 72

kubectl --context= -n

Question 73

when creating new deployment to fulfill canary deployment 80/20 of total 10 replicas, how many elements of deploy have label app: wonderful?

Answer 73

3: metadata.label, spec.selector.matchLabels, spec.template.metadata p.s. for seamless transition between green and blue deployment you can use labels. And service allows seamless transitions when applied. Thats what chatgpt says: Apply the updated Service configuration using kubectl apply -f .yaml. Kubernetes Services are designed to provide a seamless transition of traffic from one set of Pods to another when the selector labels are updated, allowing for zero downtime.

Question 74

When setting the context, i need to have 4 params of which 2 are probably the same as in other contexts and 2 are probably new. what are they?

Answer 74

kubectl config set-context dev --namespace=development \ --cluster=lithe-cocoa-92103_kubernetes \ --user=lithe-cocoa-92103_kubernetes obs! ingen förkortning på namespace!!! And then kubectl config use-context dev

Question 75

where are manifest files located?

Answer 75

/etc/kubernetes/manifests/. Remember E.K.M like ekg but M in the end.

Question 76

whats a container hostname from within the cluster?

Answer 76

podName.nsName.svc.cluster.local

Question 77

What are PV mount options?

Answer 77

Retain - meaning the PV, until deleted, is kept alive. Recycle - meaning the data can be restored later after getting scrubbed. Delete - associated storage assets (such as AWS EBS, GCE PD, Azure Disk, and OpenStack Cinder volumes) are deleted.

Question 78

Name one way to troubleshoot fluentd logging?

Answer 78

Check the queued log messages You can check the buffer directory if Fluent Bit is configured to buffer queued log messages to disk instead of in memory. (You can configure it through the InputTail fluentbit config, by setting the storage.type field to filesystem.) kubectl exec -it logging-demo-fluentbit-9dpzg ls /buffers Ref: https://kube-logging.dev/docs/operation/troubleshooting/fluentbit/

Question 79

What does it mean if, in deployment spec, under spec: i have the following: tolerations: - effect: NoSchedule operator: Exists

Answer 79

it seems like it means no schedule unless there is a matching toleration!

Question 80

howto get the name of the serviceaccount your pod is using?

Answer 80

kubectl get pods/ -o yaml In the output, you see a field spec.serviceAccountName. Kubernetes automatically sets that value if you don't specify it when you create a Pod. Obs! This is about how an application running inside a Pod can access the Kubernetes API!

Question 81

What does it mean if a task require "Set the security context for a Pod"

Answer 81

It seems its this part: securityContext: runAsUser: 1000 runAsGroup: 3000 fsGroup: 2000 Obs! it can be set both on pod and container level!

Question 82

What are all the bookmarks pointing to?

Answer 82

"kubectl commands" generated, tasks, reference, concepts, tutorials, helm.sh

Question 83

how do i found out if a node have taints?

Answer 83

k get nodes controlplane -o json| grep -i10 taints

Question 84

why would a pod be scheduled on a node despite the taint?

Answer 84

A pod might be scheduled on a node with a taint for several reasons, despite the general expectation that taints should prevent pods from being scheduled unless they tolerate the taint. Here are some common scenarios: Tolerations: The most likely reason is that the pod has a toleration that matches the taint on node01. Tolerations allow pods to schedule onto nodes with matching taints. If a pod's toleration key, value, and effect match those of a taint on a node, the scheduler allows the pod to be placed on that node. Taint Effect: The effect of the taint on the node may allow the scheduling of the pod under certain conditions. For example, a taint with the PreferNoSchedule effect might not strictly prevent all pods from being scheduled on the node; instead, it will try to avoid placing pods on the node but isn't guaranteed to prevent it. DaemonSets: Pods created by DaemonSets are scheduled on all nodes that match the DaemonSet's node selector, ignoring most taints by default. This is because DaemonSets often represent system-level functions that need to run on all nodes. Critical System Pods: Some critical system pods might be scheduled on any node regardless of taints to ensure the stability and functionality of the cluster. These could include pods related to Kubernetes system components like networking or DNS. Changes to Taints or Tolerations: The taint on node01 might have been added after the pod was already scheduled and running on the node. Similarly, the tolerations for the pod might have been added or modified after the pod was created, allowing it to be scheduled on a tainted node. Administrative Override: A cluster administrator can manually schedule a pod on a node regardless of taints, using specific commands or configurations that bypass the usual scheduling constraints. If you are encountering a situation where pods are being scheduled on a node with a taint and it's not clear why it's important to review the pod's tolerations, the taints on the node, and any administrative actions that might have affected scheduling decisions.

Question 85

1.What does it mean to remove a taint? 2. whatsup with removing taint ?

Answer 85

1.Removing a taint from a node removes the restriction, allowing any pod (even those without a toleration for the taint) to be scheduled on the node. 2.its the same as adding, just a minus in the end kubectl taint nodes controlplane node-role.kubernetes.io/control-plane:NoSchedule-

Question 86

Can you label both pod and node? and if so how?

Answer 86

k label node node01 color=blue

Question 87

how to find out what node consumes most cpu or mem?

Answer 87

k top node! P.s. similar as for pod k top pod.

Question 88

how do you see the status of init container using describe pod command?

Answer 88

Its under init-containers/state! Its ABSOLUTELY NOT in the bottom where its says running and started even though those rows are about init container.

Question 89

if a pod have a init container with these command, what does it say about the pods availability? Command: sh -c sleep 600

Answer 89

That the pod will be available after 10min: 60sek * 10

Question 90

it does not make sense that if node taint condition match pod toleration with condition NoSchedule, its something positive?

Answer 90

Its because NoSchedule is basically abbreviation for NoScheduleUnlessTheAboveRuleMatch!

Question 91

how to know if i should use podaffinity with labelSelector vs nodeAffinity with nodeSelectorTerms?

Answer 91

For starters the example actually specified NodeAffinity!

Question 92

Whats the differences between node affinity and pod affinity?

Answer 92

When to Use Each Use Case Affinity Type Run pods on nodes with SSD storage Node Affinity Co-locate frontend and backend pods Pod Affinity Spread pods across availability zones Pod Anti-Affinity

Question 93

how to get explanation for any structure?

Answer 93

kubectl explain deployment.spec.template.spec.affinity ; k explain deployment.spec.template.spec.affinity

Question 94

whats topologyKey ?

Answer 94

topologyKey is the key of node labels. If two Nodes are labelled with this key and have identical values for that label, the scheduler treats both Nodes as being in the same topology. The scheduler tries to place a balanced number of Pods into each topology domain.

Question 95

Whats the difference of applying nodeAffinity/podAffinity/podAntiAffinity on a pod vs deployment?

Answer 95

For pod its spec.affinity.nodeAffinity.reuiredDuring.. structure and for deployment its spec.template.spec.affinity.nodeAffinity.requiredDuring... structure

Question 96

How do i find out How many DIFFERENT OBJECTS are in the prod environment including PODs, ReplicaSets and any other objects?

Answer 96

k get all --selector env=prod p.s. selelctor seems like equal of label: -l env=prod

Question 97

how do i Identify the POD which is part of the prod environment, the finance BU and of frontend tier?

Answer 97

i comma-separate the labels rather than putting -l in front of each one as in: k get pod -o wide -l tier=frontend,env=prod,bu=finance

Question 98

whats the Relationship Between spec.selector.matchLabels and spec.template.metadata.labels ?

Answer 98

The labels defined in spec.template.metadata.labels must match the selector defined in spec.selector.matchLabels. This is how Kubernetes knows which Pods are managed by which Deployment (or other workload resources). When a Deployment creates new Pods, it adds the labels from spec.template.metadata.labels to those Pods. The Deployment's selector (spec.selector.matchLabels) must be able to match these labels, or else the Deployment will not recognize the Pods as its own. This relationship ensures that the Deployment only manages the Pods that it's supposed to manage, according to the labels and selectors you define. Same goes for Replicaset, E.g.: apiVersion: apps/v1 kind: ReplicaSet metadata: name: replicaset-1 spec: replicas: 2 selector: matchLabels: tier: front-end template: metadata: labels: tier: front-end spec: containers: - name: nginx image: nginx

Question 99

can you please explain why the these command produce errors when trying to apply generated yaml: k create job throw-dice-job --image=kodekloud/throw-dice --dry-run=server -o yaml > q2of9.yaml

Answer 99

Its due to the usage of --dry-run=server Chatgpt: The errors you're encountering when applying the YAML generated with --dry-run=server for a Kubernetes Job are related to the spec.selector and spec.template.metadata.labels fields. When you generate YAML with --dry-run=server, the Kubernetes server populates certain fields that are usually auto-generated during the actual creation of a resource. These fields include unique identifiers and selectors that are intended to be managed by Kubernetes itself and not specified manually.

Question 100

what parameter do i need to mind on a JOB so it does not quit before it succede?

Answer 100

its spec.backoffLimit of a job yaml! This is the indicator: describe job | grep -i Succeeded Pods Statuses: 0 Active (0 Ready) / 1 Succeeded / 0 Failed

Question 101

What would you put in the JOB spec so it completes 3 times successfully out of randomly many required attempts?

Answer 101

spec: completions: 3 backoffLimit: 25 # This is so the job does not quit before it succeeds.

Question 102

How do you know how many endpoints exist for a given system

Answer 102

? i answered 1 because there were no Subsets and it was correct! Obs! The exam tip: Run the command: kubectl describe service and look at the Endpoints Endpoints is a collection of endpoints that implement the actual service. Example: Name: "mysvc", Subsets: [ { Addresses: [{"ip": "10.10.1.1"}, {"ip": "10.10.2.2"}], Ports: [{"name": "a", "port": 8675}, {"name": "b", "port": 309}] }, { Addresses: [{"ip": "10.10.3.3"}], Ports: [{"name": "a", "port": 93}, {"name": "b", "port": 76}] }, ]

Question 103

how do you know which type of traffic is the netpol affecting?

Answer 103

k describe netpol payroll-policy. There is a type there!

Question 104

how do you create entirely different Egress rules for different pods?

Answer 104

You have multiple "- to" blocks. E.g.: egress: - to: - podSelector: matchLabels: name: mysql ports: - protocol: TCP port: 3306 - to: Obs! ports under "-to" part is described by same explain as just "to" without leading dash!

Question 105

how would you know which namespace is the Ingress Controller deployed in?

Answer 105

Actually, its not trivial. The answer was the namepace of the service deployment.apps/ingress-nginx-controller and not the namespace i see in when i run these: k get ingress -A

Question 106

whats service port vs. targetport?

Answer 106

The primary distinction between port and targetPort is that port specifies the Service‘s listening port for incoming traffic. The targetPort field specifies the port number for routing traffic to the Service‘s pods.

Question 107

when do i use rewrite-target in a new ingress instead of just adding mapping to an existing ingress?

Answer 107

It could be appropriate in several scenarios, particularly when you need to manage how URLs are rewritten and directed to your backend services in a way that's distinct from the existing mappings. Here's an example use case: One of these applications, let's call it AppX, is designed to handle requests under a specific path, say /appx/*. However, AppX is developed to expect requests that do not include the /appx prefix in the URI path. Another reason maybe security, need for ssl termination.

Question 108

Guess why this ingress i constructed myself from official doc did not work? apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: minimal-ingress namespace: critical-space annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx-example rules: - http: paths: - path: /pay pathType: Prefix backend: service: name: pay-service port: number: 8282

Answer 108

IngressClassName should not be there at all! P.s. i guess in that case default one is used. p.s. wrong namespace was the thirst error.

Question 109

how do you delete label from service?

Answer 109

The same minus in the end!: kubectl label service my-service app-

Question 110

what comes to mind when creating ingress for existing two servicec on the exam?

Answer 110

Ingress resource comes under the namespace scoped, so don't forget to create the ingress in the same namespace as the services this is applied to! p.s. ports of the services is not what you see on the surface by: get svc - o wide but inside the decription

Question 111

what can be done instead of deleting a pod when you added a volume but forgot to add it under container?

Answer 111

i can use the force flag. p.s. replace instead of apply and then --force flag, but apply actually also worked but only with --force flag

Question 112

Sometimes its not straightforward to find example definitions for some objects, e.g. pvc. Whats a more straighforward way to search for it?

Answer 112

"kind: PersistentVolumeClaim"

Question 113

why was the pvc not bound but pending in kodecloud lab?

Answer 113

its because the access mode was a mismatch with the pv. p.s. i created PV first and PVC second

Question 114

Whats interesting about capacity when the PV was just claimed and bound and PV was 100Mi and PVC was 50Mi ?

Answer 114

Checking capactiy under k get pvc showed 100!!!

Question 115

Det finns 2 fel med CronJob i lightning-lab-2-2/

Answer 115

1) completions,backoffLimit,activeDeadlineSeconds skulle sitta på spec.jobTemplate.spec och inte på spec 2) restartPolicy: Never

Question 116

when you want to expose a deployment as a service, how do you do that when the deployment is in different namespace?

Answer 116

k -n yourNS expose deploy europe --port 80 Obs! k expose deploy -h does not saying anything about namespace, so its important to remember its kubectl itself that have that parameter!

Question 117

What do you derive out of a CKAD saying following: There are two existing Deployments in Namespace world which should be made accessible via an Ingress. First: create ClusterIP Services for both Deployments for port 80 . The Services should have the same name as the Deployments.

Answer 117

1. you should run expose command 2. ingress does not exist and dont even need to exist????? 3. BOTTOMLINE: you should run the following for each: k -n world expose deploy europe --port 80 see first exercise here: https://killercoda.com/nginx-ingress/scenario/ingress-create

Question 118

what would be one thing i can easily mess up when creating ingress? Based on excercise nr 2 here https://killercoda.com/nginx-ingress/scenario/ingress-create

Answer 118

These part: spec: ingressClassName: nginx rules: - host: "world.universe.mine" Tips1: ingress class name can be looked up like: get ingressclasses Tips2: host comes w/o port and in these case reflected in /etc/hosts

Question 119

Nämn alla ställen att kolla på vid api server crash enligt https://killercoda.com/killer-shell-cka/scenario/apiserver-crash

Answer 119

/var/log/pods /var/log/containers crictl ps + crictl logs docker ps + docker logs (in case when Docker is used) kubelet logs: /var/log/syslog or journalctl

Question 120

kubernetes manifest location

Answer 120

/etc/kubernetes/manifests

Question 121

how to check logs for all containers in the same deployment?

Answer 121

kubectl logs --all-containers deploy/collect-data

Question 122

are these equivalent? is these configs separated by --- not equivalent? egress: - to: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: space2 --- egress: - to: - namespaceSelector: matchExpressions: - key: namespace operator: In values: ["space2"]

Answer 122

First matches namespaces that have a label with the exact key-value pair. Second matchExpressions: Matches namespaces based on more complex conditions, using a logical expression. key: namespace: Matches namespaces that have the label key namespace. operator: In: Matches if the label's value is in the list of values. values: ["space2"]: The specific value to match.

Question 123

howto find answer to that error : k apply -f /apps/flowschema.yaml --dry-run=client error: resource mapping not found for name: "health-for-strangers" namespace: "" from "/apps/flowschema.yaml": no matches for kind "FlowSchema" in version "flowcontrol.apiserver.k8s.io/v1beta2"

Answer 123

kubectl api-versions | grep flow

Question 124

how do i find admission control plugin names?

Answer 124

cat /etc/kubernetes/manifests/kube-apiserver.yaml OR ELSE ps aux | grep kube-apiserver

Question 125

1.how do i disable an admission controller plugin? 2. and why would i do that?

Answer 125

1.Although it does not exist per default i add it in the same /etc/kubernetes/manifests/kube-apiserver.yaml 2. I do it because i am crazy and want to delete default namespace

Question 126

whats tricky for my mind in these way to select namespace?: namespaceSelector: matchExpressions: - key: namespace operator: In values: ["space2"]

Answer 126

i assume its about name of the namespace while, according to chatgpt, it matches namespaces where the LABEL NAMESPACE exists and its value is space2. !!! What??? Facit alt1: that key would have worked: kubernetes.io/metadata.name Facit alt2: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: space2

Question 127

where would you look for static pod config?

Answer 127

Short answer: typically here /var/lib/kubelet/config.yaml Long and not entirely covering answere is here: https://kubernetes.io/docs/tasks/administer-cluster/kubelet-config-file/

Question 128

how many cluster or noncluster role bindings do i need if i have 2 serviceaccounts and 1 role?

Answer 128

for clusterrolebinding it seems its 1 and for normal rolebinings its either that or, even more weird,i can create 2 bindings with the same name

Question 129

why am i still not seeing nodes from the newly joined node althoug i do see it from controlplane and the ask is approved: https://killercoda.com/killer-shell-cka/scenario/cluster-node-join

Answer 129

N/A

Question 130

how do i know which version of kubeadm is available to upgrade to?

Answer 130

apt-cache madison kubectl or kubeadm or kubelet

Question 131

what was the very last command in the cluster upgrade procedure? https://killercoda.com/killer-shell-cka/scenario/cluster-upgrade

Answer 131

service kubelet restart

Question 132

when do i use "kubeadm upgrade node" ?

Answer 132

The kubeadm upgrade node command is used during the process of upgrading Kubernetes worker nodes after the control plane has been upgraded. This step ensures that the worker node components, such as the kubelet and kube-proxy, are updated to match the version of the control plane.

Question 133

whats interesting about kubeadm upgrade node vs kubeadm upgrade plan on the worker node?

Answer 133

The plan gave error while node seem to have done its job

Question 134

name all the places to look for when troubleshooting https://killercoda.com/killer-shell-cka/scenario/apiserver-misconfigured

Answer 134

/var/log/pods /var/log/containers crictl ps + crictl logs docker ps + docker logs (in case when Docker is used) kubelet logs: /var/log/syslog or journalctl

Question 135

whats complex but i have all the chances to get good at ?

Answer 135

https://killercoda.com/killer-shell-cka/scenario/apiserver-misconfigured

Question 136

apiservice is not coming up. what service you might have to restart or conf file you might have to check?

Answer 136

either a)move the kube-apiserver.yaml out of the manifests directory and then back again OR b) service kubelet restart

Question 137

what other file can contain invalid param and stop kubelet from starting and so a node is not ready?

Answer 137

vim /var/lib/kubelet/kubeadm-flags.env . obs! Dont forget: service kubelet restart; service kubelet status. P.s. journalctl or grep kubelet /var/log/syslog should tell you whats not working!

Question 138

whats the easiest way to find out which port is my etcd is actually running on ?

Answer 138

ps aux | grep etcd. and look for listen-client-urls

Question 139

what parameter is not available but could be when creating clusterrolebindings?

Answer 139

namespace. its only about connecting sa and cluster role or role; k create clusterrolebinding pipeline-view --clusterrole view --serviceaccount ns1:pipeline --serviceaccount ns2:pipeline

Question 140

"k get ds -A" did not show restored datastore in https://killercoda.com/chadmcrowell/course/cka/kubernetes-backup-etcd untill i did what?

Answer 140

kubectl -n kube-system rollout restart daemonset/kube-proxy

Question 141

how do you list linux system services in https://killercoda.com/chadmcrowourse/cka/linux-services

Answer 141

sudo systemctl list-unit-files --type service --all | grep kube > services.csv

Question 142

how do you see kubelet service status

Answer 142

sudo systemctl status kubelet.service (or without .service in the end)

Question 143

1) how do i list all kubernetes api resources and 2) how did i find out that command

Answer 143

1)kubectl api-resources > resources.csv 2)k get -h| grep -i api

Question 144

how do i list taints applied to a node?

Answer 144

k describe no controlplane| grep -i taint Obs! but i should use jsonpath instead!

Question 145

Given this is a node taint: dedicated=special-user:NoSchedule and the task is " Apply the correct toleration to this pod manifest in order for it to successfully get scheduled to node01.", what should the pod yaml addition be like?

Answer 145

tolerations: - key: "dedicated" value: "special-user" effect: "NoSchedule"

Question 146

weight is used when in the context of affinity?

Answer 146

when its prefered...

Question 147

a) what are 2 ways to get busybox pod to print out logs to stdout and b) whats similar for both

Answer 147

b) similar is both put logs logic in args but syntax is different a1) args: [/bin/sh, -c, 'while true; do echo $(date); sleep 1; done'] a2) - args: - -c - while true; do echo $(date); sleep 1; done

Question 148

whats a "while true" command to log something to output using kubectl?

Answer 148

k run pod-logging --image=busybox --dry-run=client -o yaml -- /bin/sh -c 'while true; do echo $(date); sleep 1; done'

Question 149

what do you do to add empty dir volume mount in pod defintion?

Answer 149

volumeMounts for each container having same name as in volumes, that is varlog: - name: varlog emptyDir: {}

Question 150

what would kubectl command to create an Ingress resource that will allow you to resolve the domain name hello.com to the service named apache-svc over port 80 look like?

Answer 150

kubectl create ingress minimal-ingress \ --class=nginx \ --rule="hello.com/=apache-svc:80" \ --annotation nginx.ingress.kubernetes.io/rewrite-target=/

Question 151

What would be the command for these task and whats strange about the solution vs task?: Create a pod named redis-pod that uses the image redis:7 and exposes port 6379 . Use the command redis-server /redis-master/redis.conf to store redis configuration data and store this in an emptyDir volume.

Answer 151

k run redis-pod --image=redis:7 --port 6379 --command 'redis-server' '/redis-master/redis.conf' --dry-run=client -o yaml > redis-pod.yaml Whats strange is that emptydir thing is not visible at all, i mean emptydir volume is still a volume.

Question 152

what do they mean in the context of ingress description when they say "ssl-redirect" should be configured as false".

Answer 152

They mean nginx.ingress.kubernetes.io/ssl-redirect: "false" just like it could be nginx.ingress.kubernetes.io/rewrite-target: /

Question 153

whats peculiar about retrieving ingress class name?

Answer 153

The command is: kubectl get ingressclass. But k get -h| grep -i ingress does not show anything

Question 154

What did i forget when crafting command for task: "Verify your ability to perform DNS lookups(use name: test-nslookup ) for the service name from within the cluster using the busybox:1.28 image"

Answer 154

--restart Never

Question 155

controlplanel node is not ready. how did u fix it here? https://killercoda.com/sachin/course/CKA/etcd-backup-issue

Answer 155

systemctl status kubelet.service systemctl start kubelet.service P.s. when i viewed logs by: k -n kube-system logs etcd-controlplane I saw: ..Jan 25 10:44:49 controlplane systemd[1]: Stopping kubelet: The Kubernetes Node Agent... Jan 25 10:44:49 controlplane systemd[1]: kubelet.service: Succeeded.

Question 156

when you are asked "Use port forwarding to service to access.." so you can curl curl http://localhost:8080. How do u fix port forwarding?

Answer 156

kubectl port-forward service/nginx-service 8080:80 P.s. lookup when/how sachin H R (70+ CKA questions on killerkoda) using port forwarding using his google drive answeres: https://drive.google.com/drive/folders/1V7GEsQ64Vhgo92HmQ5inb4bIwtnbBpn6

Question 157

so how does command to only do nslookup and redirect output to file look like

Answer 157

k run xyz --image busybox -it --rm --restart Never -- /bin/sh -c "nslookup kubernetes.default" > out.txt

Question 158

Whats the quickest way to create replicaset?

Answer 158

create deployment and replace deployment with replicaset, remove strategy, and if desired put command: ["whatever"] under container image.

Question 159

whats interesting about kubectl port-forward ?

Answer 159

it can be used as a test. "kubectl port-forward service/cka-service 8080:80" is stuck https://killercoda.com/sachin/course/CKA/cronjob-issue

Question 160

what hasnt goten into my head about ingress route port untill after CKAD attempts and 1 CKA attempt and 1 day after?

Answer 160

That i need to Check the NodePort Service for the Nginx Ingress Controller to see the ports. And use target port there. That is curl will use 30080 but i would not be defining that port if ingress controller exist. service/ingress-nginx-controller NodePort 10.103.245.223 80:30080/TCP,443:30443/TCP 32m

Question 161

How do you make sure that a busybox container not just execute command and stops, making the pod as NotReady or 1/2 containere pod running if its multicontainer pod?

Answer 161

you add "& tail -f /dev/null" in the command or args part which ever is the even of your command instruction.

Question 162

what made it difficult for me to troubleshoot https://killercoda.com/sachin/course/CKA/pod-issue-2

Answer 162

i thought that not setting storageclass and relying on default be fine but its not!

Question 163

kubelet service not running in controlplane , it will cause the controlplane in NotReady state. Whats your top 2 vectors to troubleshoot?

Answer 163

1. systemctl status/start kubelet 2. Check journalctl. E.g. failed to get kubelet configuration from config file Check if /var/lib/kubelet/config.yaml exists and is correctly formatted. failed to create kubelet: no API server Ensure the API server is running and Kubelet can connect to it. TLS certificate expired Renew Kubelet certificates using kubeadm certs renew. container runtime not running Restart the container runtime (containerd or dockerd).

Question 164

https://killercoda.com/sachin/course/CKA/sc-pv-pvc-pod took 2 hours. what did it teach me?

Answer 164

1. that pvc not necessary have to refer to pv 2. u dont necessary have to have Filesystem on both to get it bound together. 3. search for volume claim to also get results from docs/tasks and not only docs/concepts 4. hostPath is sort of opposite of dynamic.

Question 165

how do u make sure that your PV gets tied to a certain node?

Answer 165

PV get "nodeAffinity" which does not have "affinity" as parent node and does not have requiredDuring as child node but just required. P.s. dont forget "k explain pv.spec".

Question 166

which one exist? "k explain pv.spec.selector" or "k explain pvc.spec.selector"

Answer 166

The later, the longer. P.S Claims can specify a label selector to further filter the set of volumes

Question 167

what was https://killercoda.com/sachin/course/CKA/kubectl-issue

Answer 167

wrong port in vim ~/.kube/config

Question 168

why could i not fix this sc,pv,pvc binding issue having, among others, these description: "The volume should be bound to blue-pv-cka " https://killercoda.com/sachin/course/CKA/sc-pv-pvc

Answer 168

Because untill now i thought that when the pod is not in the picture i basically have to use claimRef on PV pointing to PVC or it somehow magically recognise each other. Now i know PVC can point out PV by volumeName.

Question 168

what does this error mean: "Defaulted container "nginx-container" out of: nginx-container, init-container (init)" when indentify issue behind pod error: nginx-deployment-74dbdb77f8-2d69b 0/1 Init:CrashLoopBackOff

Answer 168

it suggests that the init container (init-container) is failing, causing the main container (nginx-container) not to start. The busybox command was missing first 2 of 3 command lines, correct syntax is: - command: - /bin/sh - -c - echo 'Welcome To KillerCoda!'

Question 169

how do u refer to env vars from e.g. command args?

Answer 169

like $(YOUR_ENV_VAR)

Question 170

when looking for node syntax and not finding what should you look for instead?

Answer 170

see if it has children first. e.g. rollingUpdate had children like maxSurge which i did not realise.

Question 171

whats to think about deployment labels?

Answer 171

That if you are asked to use a certain label and you are doing it manually, its multiple places to set correctly in the spec!

Question 172

how does a command to test connectivity look like and whats special about that mode of execution?

Answer 172

1. k run curltest3 --image busybox --rm -it -- /bin/sh -c "wget http://192.168.1.5" 2. i cant do dry-run on that

Question 173

I needed to "Create an Ingress resource that will allow you to resolve the domain name hello.com to the service named apache-svc over port 80 ." What did i miss trying to?https://killercoda.com/nashwan/course/cka/create-ingress

Answer 173

annotations: nginx.ingress.kubernetes.io/rewrite-target: /

Question 174

what 2 mistakes did i do here wrong again one day before exam? https://killercoda.com/killer-shell-cka/scenario/ingress-create

Answer 174

1) ingress is namespace scoped too and so it can not specify namespace when defining backend service 2) i forgot to lookup ingress class and use it

Question 175

what did i do wrong when defining readiness and liveliness probe here https://killercoda.com/het-tanis/course/Kubernetes-Labs/CKA-Troubleshooting2

Answer 175

used tcpSocket as the basis instead of httpGet

Question 176

how do i get svc endpoint

Answer 176

kubectl get endpoints -n

Question 177

when the pod was missing secret, where did i see it

Answer 177

state: waiting: message: secret "postgres-db-secret" not found reason: CreateContainerConfigError

Question 178

Hur testar man ingress?

Answer 178

Det är faktiskt knepigt om inte man har en host att speca eller det inte finns ingress controller etc...

Question 179

when they say "upgrade kubelet" on controlplane, how do u see it?

Answer 179

"k get no". should show new version for your node, e.g. controlpanel

Question 180

what did i miss when upgrading kubelet 20250211

Answer 180

Part of step 6 which has with apt-mark to do although it seems like it did not matter in the end. And part 7!!! Step 6: Upgrade the kubelet and kubectl: apt-mark unhold kubelet kubectl && \ apt-get update && apt-get install -y kubelet=1.27.2-00 kubectl=1.27.2-00 && \ apt-mark hold kubelet kubectl Step 7: Restart the kubelet: sudo systemctl daemon-reload sudo systemctl restart kubelet