Online Access Free CKAD Exam Questions

You have a Spring Boot application that requires access to a PostgreSQL database. Implement a sidecar container pattern using a PostgreSQL container within the same pod to provide database access for the application. Ensure tnat tne application can connect to the database through the PostgreSQL container's service name.

Correct Answer:

See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Define the PostgreSQL Container:
- Create a YAML file (e.g., 'postgresql-sidecar.yaml') to define the PostgreSQL container as a sidecar-
- Specify the image, resource requests, and ports for the PostgreSQL container.
- Define the container's environment variables, including the database name, username, and password.
- Add a volume mount to share a persistent volume claim (PVC) for database data.

2. Create a Persistent Volume Claim (PVC): - Create a PVC (e.g., 'postgresql-pvc.yaml') to store the PostgreSQL data. - Specify the storage class, access modes, and storage capacity for the PVC.

3. Configure the Spring Boot Applicatiom - Update your Spring Boot application to connect to the database using the environment variables you defined. - Ue the service name 'postgresql-sidecar' to access the PostgreSQL database from within the application. 4. Deploy the Pod: - Apply the YAML file to create the pod using 'kubectl apply -f spring-boot-app-with-sidecar_yaml' 5. Verify the Deployment: - Check the status of the pod using 'kubectl get pods' - Verity that both the Spring Boot application container and the PostgreSQL sidecar container are running. - Access your application's endpoint to ensure it can successfully connect to the database and perform operations. Important Notes: - Replace 'your-spring-boot-application-image:latest , 'your-password' , 'your-database-name', 'your-pvc-name' , and 'your-storage-class-name' with your actual values. - You may need to adjust the resource requests and limits for the containers based on your application's requirements. - The PostgreSQL container will initialize the database and stan the service automatically.]

You are managing a Kubernetes cluster with multiple teams working on different projects. Each team needs its own isolated environment within the cluster to deploy tneir applications and manage their resources witnout interfering With others. Describe how you would use Kubernetes namespaces to achieve this, and provide an example of how you might configure a namespace for a team working on a new e-commerce application.

Correct Answer:

See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create Namespaces for Teams: use 'kubectl create namespace command to create namespaces for each team. For example, 'kubectl create namespace ecom-team'.
2. Configure Resource Quotas: Set resource limits for each namespace using 'kubectl create -f command. This prevents one team from consuming all the resources available on the cluster Heres a sample resource quota file:

3. Apply Role-Based Access Control (RBAC): IJse 'kubectl create -f ' command to define role bindings for each team. This allows you to control the actions that each team can perform within their namespace. Here's a sample role binding file:

4. Create Resources within the Namespace: Deploy your applications and other resources within the dedicated namespace for the e-commerce team. For example, you can deploy a 'Deployment Witn the following configuration:

5. Verify Namespace Configuration: IJse 'kubectl get namespaces' to list all namespaces, and 'kubectl describe namespace to view details of a specific namespace. 6. Manage Namespace Access: You can use tools like 'kubectl' or a graphical user interface (GIJI) to manage the access rights and resources within each namespace. 7. Cleanup: When a team no longer needs a specific namespace, you can delete it using 'kubectl delete namespace '.

You have a Deployment named 'my-app-deployment' running a Flask application. You need to configure a rolling update strategy with a maximum of one pod unavailable at any time. You also want to trigger an automatic update whenever a new image is pushed to the Docker Hub repository. Additionally, you want to analyze the application logs during the update process to ensure everything is working smoothly. How would you achieve this?

Correct Answer:

See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Configure Deployment with Rolling Update:
- Update the 'my-app-deployment' Deployment configuration to include the following:
- 'replicas': Set to 2 to ensure a rolling update with a maximum of one unavailable pod.
- 'maxUnavailable: 1': This specifies that a maximum of one pod can be unavailable during the update.
- 'maxSurge: 0': This ensures no new pods are created beyond the desired replicas.
- 'imagePullPolicy: Always': This forces the pods to pull the latest image from the repository.
- 'strategy.type: RollingUpdate': Specifies the rolling update strategy.

2. Apply Deployment Configuration: - Apply the updated YAML file to your cluster: 'kubectl apply -f my-app-deployment.yamr 3. Analyze Application Logs: - To monitor the logs of your Flask application, utilize a tool like 'kubectl logs' or a dedicated logging service like Fluentd or ElasticSearch. - Example using 'kubectl logs' bash kubectl logs -f my-app-deployment-pod-name - During the rolling update, closely watch the logs for errors or warnings to ensure smooth transitions. 4. Trigger an Automatic Update: - Push a new image with updates to the 'my-app-image:latest' Docker Hub repository. 5. Monitor the Deployment: - Use 'kubectl get pods -l app=my-app' to monitor the pods during the rolling update. 6. Verify Deployment Status: - Check the status of the Deployment using 'kubectl describe deployment my-app-deployment' . The 'updatedReplicas' field should match the 'replicas' field, indicating a successful update.

You are developing a service that uses a custom configuration file called 'service.properties'. You want to use ConfigMaps to store and manage this file in a secure and efficient manner. The 'service-properties' file contains sensitive information such as database credentials and API keys.
How would you create a ConfigMap that securely stores the 'service-properties' file, ensuring that the file is accessible only to the service's container?

Correct Answer:

See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a Secret for Sensitive Data:
- Create a Secret

- Encode the 'service-properties' file: bash echo "your-database-username=your-database-username" > service-properties echo "your-database-password=your-database-password" >> service-properties echo 'Your-api-key=your-api-key" >> service.properties base64 -w 0 service.properties - Replace with the output from the base64 command. 2. Create the ConfigMap for the File:

3. Apply the Secret and ConfigMap: bash kubectl apply -f service-secrets-yaml kubectl apply -f service-config.yaml 4. Update the Deployment to use the ConfigMap and Secret

5. Apply the updated Deployment: bash kubectl apply -f my-service-deployment-yaml 6. Access the File in the Container. - Mount the ConfigMap and Secret: - The ConfigMap mounts the 'service.properties' file as a placeholder. - The Secret mounts the actual 'service.properties' file securely. - Access the File: - The container should access the 'service.properties' file from '/var/secrets/service/service.properties' This approach uses a Secret to store sensitive data and a ConfigMap to mount the file securely within the container. The container will have access to the 'service-properties' file, but the actual data is stored in the Secret, ensuring its confidentiality'.

You are building a Kubernetes application that requires access to sensitive credentials stored in a Secret. The application should only have access to specific keys within the Secret, and you need to ensure that the Secret is updated without disrupting the application's functionality. How would you design and implement this functionality using Custom Resource Definitions (CRDs) and Kubernetes resources?

Correct Answer:

See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Define a CRD for Secret Access:
- Create a Custom Resource Definition (CRD) named 'SecretAccess' , representing the required access to the Secret. This CRD will define the following fields:
- 'secretName': The name ot the Secret containing the sensitive information.
- 'allowedKeys': A list of keys from the Secret that the application is allowed to access.
- The 'SecretAccess' CRD schema will be validated to ensure that the specified Secret and keys exist.

2. Create a Controller for SecretAccess CRD. - Implement a Kubernetes controller that watches for changes in 'SecretAccesS resources. - When a new 'SecretAccesS resource is created or updated, the controller: - Validates the specified Secret and allowed keys. - Creates or updates a new 'Secret resource with the requested keys from the original Secret. - Updates the 'SecretAccess' resource status with the name of the generated Secret.

3. Create a SecretAccess Resource: - Define a 'SecretAccess' resource specifying the target Secret and allowed keys.

4. Update the Application to IJse the Generated Secret: - Modify your application to use the generated Secret, whiCh will contain only the allowed keys. - The generated Secret name can be retrieved from the "SecretAccess' resource status. - The application can access the Secret using the Kubernetes API, similar to accessing a regular Secret.

- The SecretAccesS CRD acts as a resource request for access to specific keys from a Secret_ - The controller ensures that only the requested keys are made available to the application, enhancing security. - By generating a separate Secret for each application with limited access, you prevent accidental exposure ot sensitive data. - The automated update mechanism of the controller allows you to update the original Secret without disrupting the application.,