Killerkoda

Question 1

What is what and which is not possible?: ClusterRole + RoleBinding or Role + ClusterRoleBinding?

Answer 1

• ClusterRole + RoleBinding (available cluster-wide, applied in single Namespace)
• Role + ClusterRoleBinding (NOT POSSIBLE: available in single Namespace, applied cluster-wide)

Question 2

Hur ger man access att managera Deployments i både Namespaces?

Answer 2

k create clusterrole pipeline-deployment-manager –verb create,delete –resource deployments

Question 3

how do i see if my serviceaccount can delete pods in another ns?

Answer 3

k auth can-i delete deployments –as system:serviceaccount:ns2:pipeline -n ns2

Question 4

hur skapar ut pod defintion utan att applicera ?

Answer 4

k -n lion run important –image=nginx:1.21.6-alpine -oyaml –dry-run=client > pod.yaml

Question 5

whats matchLabelKeys for?

Answer 5

used within affinity topology. The keys are used to lookup values from the pod labels, those key-value labels are ANDed with labelSelector to select the group of existing pods over which spreading will be calculated for the incoming pod

Question 6

what is the initial letterS of the required manifest addition for podAffinity?

Answer 6

spec:
template:
spec:
affinity:
podAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:

Question 7

Whats the name of the grouping thing for node affinity or anitaffinity?

Answer 7

topologyKey

Question 8

how many node affinity types are there? and what are they?

Answer 8

2 types: requiredDuringSchedulingIgnoredDuringExecution
and
preferredDuringSchedulingIgnoredDuringExecution

https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#types-of-inter-pod-affinity-and-anti-affinity

Question 9

1. name 2 things that were missing in preferredDuringSchedulingIgnoredDuringExecution block in official doc. 2. And how do i get to know which ones?

Answer 9

1. preferredDuringSchedulingIgnoredDuringExecution:
   
   • weight: 100
     podAffinityTerm:
2. kubectl explain pod.spec.affinity.podAffinity.preferredDuringSchedulingIgnoredDuringExecution

Question 10

how would you verify if u can reach a service from a pod using wget?

Answer 10

wget -O- apache-svc

Question 11

There are cases where the Kubelet did stop the kube-apiserver container but did not start it again. How can you force it to?

Answer 11

You can force it to do so with systemctl restart kubelet.service

Question 12

How can you change Change the IP address associated with the cluster’s DNS Service?

Answer 12

kubectl -n kube-system edit svc kube-dns

Question 13

where is kubelet config?

Answer 13

/var/lib/kubelet/config.yaml

Question 14

How to Determine If Your Kubelet Uses Dynamic Config

Answer 14

ps aux | grep kubelet | grep – –config

Question 15

If i dont know if my kubelet uses dynamic config and need to change ip adress using both ways, what are those 2 ways?

Answer 15

1) vim /var/lib/kubelet/config.yaml
2) k -n kube-system edit cm kubelet-config

Question 16

How do i apply the update to the kubelet configuration immediately on the node?

Answer 16

kubeadm upgrade node phase kubelet-config
systemctl daemon-reload
systemctl restart kubelet

Question 17

how do i verify a pods dns update?

Answer 17

Get a shell to the pod and cat the /etc/resolv.conf to check that the DNS server used is 100.96.0.10

Question 18

Howto make the node unavailable?

Answer 18

mark the node01 unschedulable
kubectl cordon node01

list the nodes to verify that node01 is unschedulable
kubectl get no

Question 19

howto evict:a poddar på en nod?

Answer 19

cordon the node

kubectl cordon <node-name></node-name>

evict the pods that are running on node01
kubectl drain node01 –ignore-daemonsets

kubectl get po -o wide | grep node01

mark the node scheduleable once again
kubectl uncordon node01

Question 20

whats the most straightforward way to make sure a pod runs on a certain node=

Answer 20

just put these in the pod yaml:
nodeName: node01

Question 21

how do you change the image used for the deployment?

Answer 21

kubectl set image deploy apache httpd=httpd:latest

Question 22

how do you scale replicas?

Answer 22

kubectl scale deploy apache –replicas 5

Question 23

Whats important to remember about PVC

Answer 23

That its like a link between pod and PV, and also these fields:
accessModes: Must match the PV’s accessModes.
resources.requests.storage: Requests a specific amount of storage.
storageClassName: Matches the PV’s storageClassName.

Question 24

etcdctl and etcdutl are 2 different tools. which one is for what?

Answer 24

etcdctl: This is the primary command-line client for interacting with etcd over a network. It is used for day-to-day operations such as managing keys and values, administering the cluster, checking health, and more.

etcdutl: This is an administration utility designed to operate directly on etcd data files, including migrating data between etcd versions, defragmenting the database, restoring snapshots, and validating data consistency. For network operations, etcdctl should be used.

p.s. see e.g. https://everythingdevops.dev/backup-kubernetes-etcd-data/

Question 25

whats the (main part of) command to initalize kubernetes by creating a controlplane?

Answer 25

kubeadm init –kubernetes-version 1.31.0 –pod-network-cidr 192.168.0.0/16

Question 26

how to add a node to a kubernetes cluster containing only one node - controlpanel

Answer 26

generate a new token OR use the one printed out “kubeadm init” before
kubeadm token create –print-join-command

ssh node-summer
kubeadm join 172.30.1.2:6443 –token …
exit

Question 27

Main part of Uppgrading kubernetes controlpanel typically requires 4 commands of which 2 commands checking and 1 upgrading utility and 1 upgrading server part. What are they?

Answer 27

see possible versions
kubeadm upgrade plan

show available versions
apt-cache show kubeadm

can be different for you
apt-get install kubeadm=1.31.1-1.1

could be a different version for you, it can also take a bit to finish!
kubeadm upgrade apply v1.31.1

Question 28

Once main kubeadm stuff is done, what are 2 more commands of which 1 is about utilities and 1 about kubernetes itself?

Answer 28

can be a different version for you
apt-get install kubectl=1.31.1-1.1 kubelet=1.31.1-1.1

service kubelet restart

Question 29

if deployment is not starting replicas and there is nothing in the events junk of its description, what does it mean?

Answer 29

some part of kubernetes kube-system isnt fine, see whats it with k get po -A

Question 30

During first CKA exam in late jan 2025, nodes did not want to drain after cordon and drain, although i was using force and, i thnk –ignore-daemonsets too

Answer 30

According to chatgpt above those mentioned 2 flags, —-delete-emptydir can be used too.

Question 31

SV: first CKA jan 2025 attempt experience

Answer 31

• lägg till sidecar som kör command som skriver till en volume (jag kunde inte utläsa att den volumen finns men jag kunde verifiera att den funkar. commando citations tecken tror jag att jag gjort fel inte
  jag skulle ju använda en mount att skriva loggar till. oklart hur jag får de loggar från första podden men ändå)
  
  • Ensure both containers mount the emptyDir volume at the same path, such as /shared-data… chatgpt driven lärdom som kommer från “https://killercoda.com/sachin/course/CKA/Shared-Volume”. Emptydir
    betyder volumes: \n - name: shared-data \n emptyDir: {}
  • “& tail /dev/null för att inte pod ska avsluta efter command exekvering”
  • varje container har egen “volumeMounts:”
  • träna mer på detta!!!
• noder ville inte drainas helt trots force
• ingress grejer fram o tillbaka ihop med 2containere podden
• verifiera curl:ande fram o tillbaka
  
  • bra o veta att när man gör: k expose, så sätts targetPort till samma värde som port.
• uppgradera bara master nod men inte några plugins…
• cronjob ??? or was it CKAD before?

Question 32

based on one of the questions in the first CKA jan 2025 about sidecar helping with logs, this is what chatgpt suggested

Answer 32

apiVersion: v1
kind: Pod
metadata:
name: nginx-with-log-sidecar
labels:
app: nginx
spec:
volumes:
- name: log-volume
emptyDir: {}

containers:
# Main NGINX container
- name: nginx-container
image: nginx:latest
volumeMounts:
- name: log-volume
mountPath: /var/log/nginx
ports:
- containerPort: 80
command: [“/bin/sh”, “-c”]
args:
- |
mkdir -p /var/log/nginx;
nginx -g “daemon off;” # Keeps NGINX running

# Sidecar container for log processing
- name: log-collector
  image: busybox
  volumeMounts:
    - name: log-volume
      mountPath: /var/log/nginx
  command: ["/bin/sh", "-c"]
  args:
    - |
      while true; do
        tail -n 10 /var/log/nginx/access.log;
        sleep 5;
      done;

Question 33

how do u redirect stdout and stderr to same file

Answer 33

> file.log 2>&1

Question 34

en visdom från denna https://killercoda.com/sachin/course/CKA/network-policy som jag gjort inför sista försöket eller första försöket med gråga macbook pro

Answer 34

snåla inte på “from’s”, en from per en ingress allow regel.