https://kubernetes.io/docs/ and their subdomains
https://kubernetes.io/blog/ and their subdomains
https://helm.sh/ and their subdomains
This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)
- run
time_lefton work pc to check time - run
check_resulton work pc to check result
| 1 | Create a secret secret1 with value key1=value1 in the namespace jellyfish. Add that secret as an environment variable to an existing pod1 in the same namespace. |
|---|---|
| Task weight | 2% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Name: secret1 - key1: value1- Namespace: jellyfish - pod env name: PASSWORD from secret secret1 and key key1 |
| 2 | Create a cron job cron-job1 |
|---|---|
| Task weight | 6% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - name: cron-job1 - namespace: rnd - image: viktoruj/ping_pong:alpine - Concurrency policy: Forbid - command: echo "Hello from CKAD mock" - run every 15 minutes - tolerate 4 failures - completions 3 times - imagePullPolicy IfNotPresent - keep successfulJobs to 5 - keep failedJobs to 7 - terminate pods after 10 seconds |
| 3 | There is deployment my-deployment in the namespace baracuda . Rollback deployment to 1-st version . Scale deployment to 3 replicas. |
|---|---|
| Task weight | 2% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Rollback deployment to 1-st version - Scale deployment to 3 replicas |
| 4 | Create deployment shark-app in the shark namespace. |
|---|---|
| Task weight | 2% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Name: shark-app - namespace shark - Image: viktoruj/ping_pong- container port 8080 - Environment variable ENV1 = 8080 |
| 5 | Build container image using given manifest /var/work/5/Dockerfile. Podman is instaled on Worker-PC |
|---|---|
| Task weight | 2% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Image Name: ckad - Tag: 0.0.1- export image in oci-archive to /var/work/5/ckad.tar |
| 6 | Update sword-app deployment in the swordfish namespace |
|---|---|
| Task weight | 2% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - user with ID 5000on container level - restrict privilege escalation on container level |
| 7 | There are deployment, service and the ingress in meg namespace . user can't access to the app http://ckad.local:30102/app . Please fix it . |
|---|---|
| Task weight | 6% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - curl http://ckad.local:30102/app works. |
| 8 | There is a pod web-app in namespace tuna. It needs to communicate with mysql-db service in namespace tuna .Network policies have already been created, don't modify them. Fix problem. |
|---|---|
| Task weight | 4% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - web-app pod can communicate with mysql-db service and port 3306 |
| 9 | Deployment main-app in salmon namespace, has 10 replicas. It is published http://ckad.local:30102/main-app. The marketing asks you to create a new version of the application that will receive 30% of requests. The total number of application replicas should remain 10. |
|---|---|
| Task weight | 5% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - The new version deplyment name is main-app-v2 - The new version of the application receives 30% of requests - new version has image viktoruj/ping_pong:latest and env SERVER_NAME=appV2 - total replicas of the app is 10 |
| 10 | Create a Persistent Volume with the given specification. Run pod with pv. |
|---|---|
| Task weight | 8% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Volume name: pv-analytics- pvc name: pvc-analytics- Storage: 100Mi- Access mode: ReadWriteOnce- Host path: /pv/analytics- pod name: analytics- image: busybox- node: nodeSelector- node_name: node_2- command: "sleep 60000"- mountPath: /pv/analytics |
| 11 | Create secret from literal . create deployment , mount the secret as env |
|---|---|
| Task weight | 4% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - secret: ns=dev-db name=dbpassword key=pwd value=my-secret-pwd - pod: ns= dev-db name=db-pod image=mysql:8.0 env.name=MYSQL_ROOT_PASSWORD env.value=from secret dbpassword key=pwd |
| 12 | Export the logs of the pod app-xyz3322 to a file located at /opt/logs/app-xyz123.log. The pod is located in any namespace. First, identify the namespace where the pod is running. |
|---|---|
| Task weight | 1% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Logs at /opt/logs/app-xyz123.log |
| 13 | Create a new pod called nginx1233 in the web-ns namespace with the image nginx. Add a livenessProbe to the container to restart it if the command ls /var/www/html/ probe fails. This check should start after a delay of 10 seconds and run every 60 seconds. |
|---|---|
| Task weight | 2% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - You may delete and recreate the object. Ignore the warnings from the probe. - Pod: nginx1233, namespace: web-ns, image nginx, livenessProbe? |
| 14 | Add prometheus helm repo and install prometheus chart to the cluster. |
|---|---|
| Task weight | 4% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Add repo prometheus-community https://prometheus-community.github.io/helm-charts- Install prometheus from the helm chart to kubernetes cluster - Release name: prom, namespace: monitoring- helm chart: prometheus-community/kube-prometheus-stack |
| 15 | In the Namespace team-elephant create a new ServiceAccount pod-sa. Assing an account permissions to list and get pods using Role pod-sa-role and RoleBinding pod-sa-roleBinding |
|---|---|
| Task weight | 8% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Namespace team-elephant - ServiceAccount pod-sa - Role pod-sa-role : resource pods , verb : list and get -RoleBinding pod-sa-roleBinding - create pod pod-sa image = viktoruj/cks-lab, command = sleep 60000, ServiceAccount pod-sa |
| 16 | You have a legacy app in a legacy namespace . The application contains 2 containers . The first container writes log files to /log/logs1.txt . The second container /log/logs2.txt . you need to add another container log that will collect logs from these containers and send them to stdout . |
|---|---|
| Task weight | 6% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - volule : name logs , type emptyDir , sizeLimit 500Mi : - Containers app1,app2 , log have /log to /log - log container : name log, Image: viktoruj/cks-lab, command tail -f -n 100 /log/logs1.txt -f /log/logs2.txt - check logs from app1 container : k exec checker -n legacy -- sh -c 'curl legacy-app:8081/test_app1' ; k logs -l app=legacy-app -n legacy -c log - check logs from app2 container : k exec checker -n legacy -- sh -c 'curl legacy-app:8082/test_app2' ; k logs -l app=legacy-app -n legacy -c log |
| 17 | collect logs from 4 pods with label app_name=xxx to logfile /opt/17/17.log in namespace app-x |
|---|---|
| Task weight | 4% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - /opt/17/17.log contains logs from 4 pods with label app_name=xxx in namespace app-x |
| 18 | Convert existing pod in namespace app-y to deployment deployment-app-y . set allowPrivilegeEscalation: false and privileged: false |
|---|---|
| Task weight | 5% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - Ns app-y - deployment name deployment-app-y - image viktoruj/ping_pong:alpine - replicas 1 - env SERVER_NAME = app-y - allowPrivilegeEscalation: false - privileged: false |
| 19 | create configmap config from file /var/work/19/ingress_nginx_conf.yaml in namespace app-z . create deployment app-z with mount as volume configmap with mount path /app |
|---|---|
| Task weight | 4% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - configmap config from file /var/work/19/ingress_nginx_conf.yaml in namespace app-z - deployment app-z in namespace app-z image viktoruj/ping_pong:alpine replicas 1 mount configmap to /appConfig |
| 20 | create deployment app in namespace app-20 with init container. |
|---|---|
| Task weight | 4% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - ns app-20 - deployment name app - init container image and app image viktoruj/ping_pong:alpine - replicas 1 - volume type emptyDir sizeLimit 5Mi - mount to init and main containers to /configs - init container command echo 'hello from init '>/configs/app.config |
| 21 | fix deployment manifest from previous version kubernets and deploy it . |
|---|---|
| Task weight | 2% |
| Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1) |
| Acceptance criteria | - deployment manifest /var/work/21/app-21.yaml is updated to current kubernetes version - app-21 deployment is deployed - pods from deployment app-21 are ready |