CKA Questions and Answers

kubect1 get pods--sort-by=.metadata.creationTimestamp

SOLUTION:

[student@node-1] > ssh ek8s

kubectl cordon ek8s-node-1

kubectl drain ek8s-node-1 --delete-local-data --ignore-daemonsets --force

solution

You must use the kubeadm configuration file located at /etc/kubeadm.conf when initializing

your cluster.

You may use any CNI plugin to complete this task, but if you don't have your favourite CNI plugin's manifest URL at hand, Calico is one popular option: https://docs.projectcalico.org/v3.14/manifests/calico.yaml

Docker is already installed on both nodes and apt has been configured so that you can install the required tools.

Solution:

#network.yaml

apiVersion: networking.k8s.io/v1

kind: NetworkPolicy

metadata:

name: allow-port-from-namespace

namespace: internal

spec:

podSelector:

matchLabels: {

}

policyTypes:

- Ingress

ingress:

- from:

- podSelector: {

}

ports:

- protocol: TCP

port: 8080

#spec.podSelector namespace pod

kubectl create -f network.yaml

solution

F:\Work\Data Entry Work\Data Entry\20200827\CKA\7 B.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\7 C.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\7 D.JPG

kubectl run busybox --image=busybox -it --rm --restart=Never --

/bin/sh -c 'echo hello world'

kubectl get po # You shouldn't see pod with the name "busybox"

kubectl get po -o=custom-columns="POD_NAME:.metadata.name,

POD_STATUS:.status.containerStatuses[].state"

kubect1 get pods -o=jsonpath='{range

items[*]}{.metadata.name}{"\t"}{.status.podIP}{"\n"}{end}'

solution

F:\Work\Data Entry Work\Data Entry\20200827\CKA\12 B.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\12 C.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\12 D.JPG

solution

F:\Work\Data Entry Work\Data Entry\20200827\CKA\4 B.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\4 C.JPG

F:\Work\Data Entry Work\Data Entry\20200827\CKA\4 D.JPG

Kubect1 get po -o wide

Using JsonPath

kubect1 get pods -o=jsonpath='{range

items[*]}{.metadata.name}{"\t"}{.status.podIP}{"\n"}{end}'

Solution:

sudo -i

systemctl status kubelet

systemctl start kubelet

systemctl enable kubelet

kubectl get po –all-namespaces > /opt/pods-list.yaml

Task Summary

SSH into cka000054

Install a CNI plugin that supports NetworkPolicies

Two CNI options provided:

Flannel v0.26.1 (❌ does NOT support NetworkPolicies)

Calico v3.28.2 ✅ (does support NetworkPolicies)

❗ Decision Point: Which CNI to choose?

✅ Choose Calico, because only Calico supports enforcing NetworkPolicies natively. Flannel does not.

✅ Step-by-Step Solution

1️⃣ SSH into the correct node

ssh cka000054

⚠️ Required. Skipping this results in zero score.

2️⃣ Install Calico CNI (v3.28.2)

Use the official manifest provided:

kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/tigera-operator.yaml

This installs the Calico Operator, which then deploys the full Calico CNI stack.

3️⃣ Wait for Calico components to come up

Check the pods in tigera-operator and calico-system namespaces:

kubectl get pods -n tigera-operator

kubectl get pods -n calico-system

✅ You should see pods like:

calico-kube-controllers

calico-node

calico-typha

tigera-operator

Wait for all to be in Running state.

✅ (Optional) 4️⃣ Confirm CNI is enforcing NetworkPolicies

You can check:

kubectl get crds | grep networkpolicy

You should see:

networkpolicies.crd.projectcalico.org

This confirms Calico's CRDs are installed for policy enforcement.

Final Command Summary

ssh cka000054

kubectl apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.28.2/manifests/tigera-operator.yaml

kubectl get pods -n tigera-operator

kubectl get pods -n calico-system

kubectl get crds | grep networkpolicy

Task Summary

SSH into cka000060

Add the Argo CD Helm repo named argo

Generate a manifest (~/argo-helm.yaml) for Argo CD version 7.7.3

Target namespace: argocd

Do not install CRDs

Just generate, don’t install

✅ Step-by-Step Solution

1️⃣ SSH into the correct host

ssh cka000060

⚠️ Required — skipping this = zero score

2️⃣ Add the Argo CD Helm repository

helm repo add argo https://argoproj.github.io/argo-helm

helm repo update

✅ This adds the official Argo Helm chart source.

3️⃣ Generate Argo CD Helm chart template (version 7.7.3)

Use the helm template command to generate a manifest and write it to ~/argo-helm.yaml.

helm template argocd argo/argo-cd \

--version 7.7.3 \

--namespace argocd \

--set crds.install=false \

> ~/argo-helm.yaml

argocd → Release name (can be anything; here it's same as the namespace)

--set crds.install=false → Disables CRD installation

> ~/argo-helm.yaml → Save to required file

✅ 4️⃣ Verify the generated file (optional but smart)

head ~/argo-helm.yaml

Check that it contains valid Kubernetes YAML and does not include CRDs.

???? Final Command Summary

ssh cka000060

helm repo add argo https://argoproj.github.io/argo-helm

helm repo update

helm template argocd argo/argo-cd \

--version 7.7.3 \

--namespace argocd \

--set crds.install=false \

> ~/argo-helm.yaml

head ~/argo-helm.yaml # Optional verification

Task Summary

SSH into cka000022 ✅

Modify an existing Deployment:

Namespace: spline-reticulator

Deployment: front-end

Container: nginx

Expose: port 80/tcp

Create a Service:

Name: front-end-svc

Type: NodePort

Port: 80 → container port 80

✅ Step-by-Step Solution

1️⃣ SSH into the correct node

ssh cka000022

⚠️ Skipping this = zero score

2️⃣ Edit the Deployment to expose port 80

kubectl edit deployment front-end -n spline-reticulator

Under containers: → nginx, add this if not present:

ports:

- containerPort: 80

protocol: TCP

✅ This enables the container to accept traffic on port 80.

3️⃣ Create a NodePort Service

Create a file named front-end-svc.yaml:

cat < front-end-svc.yaml

apiVersion: v1

kind: Service

metadata:

name: front-end-svc

namespace: spline-reticulator

spec:

type: NodePort

selector:

app: front-end

ports:

- port: 80

targetPort: 80

protocol: TCP

EOF

⚠️ Make sure the Deployment has a matching label selector like app: front-end. You can verify with:

kubectl get deployment front-end -n spline-reticulator -o yaml | grep labels -A 2

4️⃣ Apply the service

kubectl apply -f front-end-svc.yaml

5️⃣ Verify

Check if the service is created and has a NodePort assigned:

kubectl get svc front-end-svc -n spline-reticulator

✅ You should see something like:

NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE

front-end-svc NodePort 10.96.0.123 80:3XXXX/TCP 10s

Where 3XXXX is your automatically assigned NodePort (between 30000–32767).

Final Command Summary

ssh cka000022

kubectl edit deployment front-end -n spline-reticulator

# Add:

# ports:

# - containerPort: 80

cat < front-end-svc.yaml

apiVersion: v1

kind: Service

metadata:

name: front-end-svc

namespace: spline-reticulator

spec:

type: NodePort

selector:

app: front-end

ports:

- port: 80

targetPort: 80

protocol: TCP

EOF

kubectl apply -f front-end-svc.yaml

kubectl get svc front-end-svc -n spline-reticulator

kubectl get pods -o=jsonpath="{.items[*]['metadata.name',

'metadata.namespace']}"

solution

F:\Work\Data Entry Work\Data Entry\20200827\CKA\14 B.JPG

A screen shot of a computer AI-generated content may be incorrect.