최신Linux Foundation Certified Kubernetes Application Developer - CKAD무료샘플문제
You have a Deployment named 'wordpress-deployment' that runs 3 replicas of a WordPress container. The container image is pulled from a private registry with authentication credentials stored in a secret called 'registry-credentials' _ Implement a strategy to ensure that only one replica of the Deployment is updated at a time, and the update process is triggered automatically whenever a new image is pushed to the private registry with the tag 'wordpress:latest'
Explanation:
Solution (Step by Step) :
1. Create a Secret for Registry Credentials:

- Replace with the base64 encoded content of your dockerconfigjson file containing the registry credentials. 2 Update the Deployment YAML:

- Replace 'your-registry-com' with your private registry address. - Ensure the 'imagePullSecrets' section references tne 'registry-credentials' secret. - Configure the 'strategy-type' to 'Rollingupdate', and 'strategy-rollingl-lpdate.maxunavailable' to ' 1 ' to allow only one replica to be unavailable during the update. - Set 'imagePullPolicy' to 'Always' to ensure the new image is pulled every time. 3. Apply the Updated YAML: bash kubectl apply -f wordpress-deploymentyaml 4. Verify the Deployment bash kubectl get deployments wordpress-deployment 5. Trigger the Automatic Update: - Push a new image with the tag 'wordpress:latest' to your private registry. 6. Monitor the Deployment - Use 'kubectl get pods -l app=wordpress' to monitor the pod updates during the rolling update process. 7. Check for Successful Update: - After the update is complete, run 'kubectl describe deployment wordpress-deployment' to verify that the 'updatedReplicaS matcnes the 'replicas' field. Now, whenever a new image tagged 'wordpress:latest' is pushed to your private registry, Kubernetes will automatically trigger a rolling update for the 'wordpress-deployment , updating one replica at a time while ensuring availability.,
You have a container image that uses a specific version of a library. You want to update this library to a newer version while still keeping the previous version available for compatibility purposes. Describe the steps involved in modifying the container image to include both versions of the library without rebuilding the entire application.
Explanation:
Solution (Step by Step) :
1. Create a Dockerfile:
- Create a new 'Dockerfile' with the following content:

- Replace 'your-library' Witn the actual library name. - Replace 'new-version' and 'old-version' witn tne desired versions. 2. Build the Image: - Build the image using tne DockerTlle: docker build -t updated-image:latest 3. Modify your application code: - Modify your application code to explicitly import the specific version of the library that you want to use. For example: python # Import the new version for new functionality from your_library impon new_functionality # Import the Old version for backward compatibility from your_library import old_functionality # Use the appropriate version of the library based on your requirements 4. IJpdate the Deployment - Modify your Deployment YAML file to use the newly built image:

5. Apply the Changes: - Apply the updated Deployment using kubectl apply -f deployment.yamr 6. Test the Application: - Access your application and ensure it functions correctly with both versions of the library.
You have a Deployment named 'bookstore-deployment which deploys a Bookstore application, utilizing a PostgreSQL database. The deployment has 3 replicas. The database server is managed externally. The application is built With a feature to dynamically resize its replica count based on the load- You need to implement a strategy to automatically adjust the replica count to between 2 and 5, based on the CPU utilization of the pods. This should happen without manual intervention.
Explanation:
Solution (Step by Step) :
1. Create a Horizontal Pod Autoscaler (HPA):
- use the 'kubectl create hpa' command to create an HPA named 'bookstore-hpa'
- Set the 'minRepIicas' to 2 and 'maxRepIic.as' to 5, defining the desired range of replicas.
- Set the 'targetCPlJLJtilizationPercentage' to 70, meaning the replica count will adjust when the average CPU utilization ot the pods crosses 70%.
- Specify the selector to match the 'bookstore-deployment' pods.

2. Apply the HPA: - Run 'kubectl apply -f bookstore-hpa.yamr to create the HPA. 3. Verify the HPA: - Check the status of the HPA using 'kubectl get hpa bookstore-hpa' 4. Observe Replica Adjustment: - Increase the load on the bookstore application to trigger the HPA scaling. - Monitor the replica count of the bookstore-deployment' using 'kL1bectl get deployments bookstore-deployment. You will observe the replica count automatically adjusting based on the CPL] utilization- 5. Customize Scaling Parameters: - You can customize the 'targetCPLJlJtilizationPercentage', 'minReplicas', and 'maxReplicaS in the HPA definition based on the application requirements and desired benavior.
You are managing a Kubernetes cluster running a highly-available application that uses a custom resource called 'Orders. The 'orders resource is created and managed by a custom controller that ensures the order processing workflow runs flawlessly. However, the 'order' resource's validation rules have changed, requiring a new schema to be applied. How can you ensure that the existing 'Order' resources conform to the new schema without disrupting the application's functionality?
Explanation:
Solution (Step by Step) :
I). Define the New Schema:
- Create a new CustomResourceDefinition (CRD) file with the updated schema for the 'Order' resource.
- Ensure that the CRD's 'spec-validation.openAPlV3Schema' field includes all the new validation rules.

2. Update the CRD: - Apply the new CRD definition using 'kubectl apply -f order-crd.yaml'. 3. Create a Webhook for Validation: - Define a webhook in your Kubernetes cluster that will be responsible for validating the 'order' resources against the new schema. - Configure the webhook to be invoked during resource creation and update operations.

4. Deploy the Validation Service: - Create a deployment for the validation service that implements the logic for validating the 'Order' resources against the new schema. - The service should expose an endpoint that the webhook can communicate with.

5. Reconcile Existing Resources: - Once the validation webhook and service are deployed, create a temporary job that iterates through all existing 'Order resources. - The job snould validate each resource against tne new schema and automatically update any resources that do not comply.

By following these steps, you can ensure that your 'order' resources conform to the new schema without disrupting the application's functionality The validation webhook prevents new invalid resources from being created, and the reconciliation job ensures that existing resources are updated to meet the new schema requirements. This approach allows for smooth schema evolution and maintains the consistency of your data.,
You have a Deployment named 'web-app' running a containerized application with a complex startup sequence. The application relies on a database service that might be Slow to respond on startup. How would you implement Liveness and Readiness probes to ensure the application iS healthy and available to users, even during startup?
Explanation:
Solution (Step by Step) :
1. Define Liveness Probe:
- Create a 'livenessProbe' within the 'containers' section of your 'web-app' Deployment YAML-
- Choose a probe type appropriate tor your application. In this case, since the startup is complex, use an 'exec' probe.
- Specify the command to execute. This should be a simple command that checks if the application is up and ready to handle requests.
- Set 'initialDelaySecondS and 'periodSeconds' to provide sufficient time for the application to start.
- Configure 'failureThreshold' and 'successThreshold' to define how many tailed or successful probes trigger a pod restart.

2. Define Readiness Probe: - Create a 'readinessProbe' Within the 'containers' section of your 'web-apps Deployment YAML. - Use the same 'exec' probe type as for the liveness probe. - Specify a command that checks it the application is ready to serve traffic. - Set 'initialDelaySeconds' and 'periodSeconds' to control the frequency and delay of the probe. - Configure 'failureThreshold' and 'successThreshold' to handle failed or successful probe results.

3. Deploy the Deployment: - Apply the updated YAML file using 'kubectl apply -f web-app.yamr 4. Verify the Probes: - Observe the pod logs using 'kubectl logs to see when liveness and readiness probes are executed. - Use 'kubectl get pods -I app=web-app' to check the status of pods and see how liveness and readiness probes affect the pod's health and availability. 5. Test the Application: - Send requests to the application to verify that it is healthy and responsive, even during startup. - Liveness Probe: The ' livenessProbe' checks if the application is still healthy and running. If the probe fails repeatedly, the Kubernetes will restart the pod to fix the issue. This ensures that unhealthy pods are removed and replaced with healthy ones. - Readiness Probe: The 'readinessproa' cnecks it the application iS ready to receive traffic. This allows Kubernetes to delay sending traffic to a pod until it is fully initialized and prepared to serve requests. It helps prevent users from encountering errors during startup. By using both liveness and readiness probes, you can ensure your application is healthy and available to users, even during complex startup sequences.,

Context
You have been tasked with scaling an existing deployment for availability, and creating a service to expose the deployment within your infrastructure.
Task
Start with the deployment named kdsn00101-deployment which has already been deployed to the namespace kdsn00101 . Edit it to:
* Add the func=webFrontEnd key/value label to the pod template metadata to identify the pod for the service definition
* Have 4 replicas
Next, create ana deploy in namespace kdsn00l01 a service that accomplishes the following:
* Exposes the service on TCP port 8080
* is mapped to me pods defined by the specification of kdsn00l01-deployment
* Is of type NodePort
* Has a name of cherry
Explanation:
Solution:




You nave a Deployment running a web application tnat uses secrets to store sensitive information like database credentials. To improve security, you want to use a secret injection mechanism to provide the secret to the pod without exposing it in the deployment YAML.
Explanation:
Solution (Step by Step) :
1. Create a Secret:
- Create a secret containing the sensitive information:

2. Configure Deployment to Use Secret: - Update the Deployment YAML to mount the secret into the container:

3. Apply the Configuration: - Apply tne Secret and Deployment configuration: bash kubectl apply -f my-secret.yaml kubectl apply -f my-web-app-deployment.yaml 4. Verify Secret Injection: - Access the secret information from within the container using environment variables: - For example, '$DATABASE_USERNAME and '$DATABASE PASSWORD'.
You are managing a Kubernetes cluster with multiple teams working on different projects. Each team needs its own isolated environment within the cluster to deploy tneir applications and manage their resources witnout interfering With others. Describe how you would use Kubernetes namespaces to achieve this, and provide an example of how you might configure a namespace for a team working on a new e-commerce application.
Explanation:
Solution (Step by Step) :
1. Create Namespaces for Teams: use 'kubectl create namespace command to create namespaces for each team. For example, 'kubectl create namespace ecom-team'.
2. Configure Resource Quotas: Set resource limits for each namespace using 'kubectl create -f command. This prevents one team from consuming all the resources available on the cluster Heres a sample resource quota file:

3. Apply Role-Based Access Control (RBAC): IJse 'kubectl create -f ' command to define role bindings for each team. This allows you to control the actions that each team can perform within their namespace. Here's a sample role binding file:

4. Create Resources within the Namespace: Deploy your applications and other resources within the dedicated namespace for the e-commerce team. For example, you can deploy a 'Deployment Witn the following configuration:

5. Verify Namespace Configuration: IJse 'kubectl get namespaces' to list all namespaces, and 'kubectl describe namespace to view details of a specific namespace. 6. Manage Namespace Access: You can use tools like 'kubectl' or a graphical user interface (GIJI) to manage the access rights and resources within each namespace. 7. Cleanup: When a team no longer needs a specific namespace, you can delete it using 'kubectl delete namespace '.
You have a Kubernetes application that uses a Deployment named sweb-app' to deploy multiple replicas of a web server pod. This web server application needs to be accessible through a public IP address. You are tasked with implementing a service that allows users to access the application from outside the cluster. However, the service should exposed via a specific port number (8080), regardless ot the port that the web server listens on inside the pods.
Explanation:
Solution (Step by Step) :
1. Create the Service YAMI-:
- Define the service type as 'LoadBalancer' to expose it via a public IP
- Set the 'targetPort' to the port that the web server listens on inside the pods (let's assume it's 8080)-
- Set the 'port' to 8080, which will be the port used to access the service from outside the cluster.

2. Apply the Service: - Use 'kubectl apply -f web-app-service.yaml' to create the service- 3. Get the External IP: - Once the service iS created, use 'kubectl get services web-app-services to get the external IP address. This will be assigned by the cloud provider and will be available for users to access the application. 4. Test the Service: - Access the application using the external IP address and port 8080. For example, if the external IP is '123.45.67.89' , you would access the application through 'http://123.45.67.89:8080' ,
You have a Kustomization file that defines a Deployment with two replicas. You want to configure the deployment to use a different image tag based on the environment it is deployed to- For example, in the 'dev' environment, the image tag should be 'example/nginx:dev' , while in the 'prod' environment, it should be 'example:nginx:prod'. Describe how to achieve this using Kustomize.
Explanation:
Solution (Step by Step) :
1. Create a base Kustomization file:
resources :
- deployment. yaml
2. Create a deployment-yaml file:

3. Create environment-specific overlays: - For dev environment

- For prod environment:

4. Create a patch.yaml file:

5. Apply Kustomize: - For dev environment: bash Kustomize dev I oubect1 apply -f - - For prod environment: bash Kustomize prod I oubect1 apply -f - - The base customization file defines the resources that are included in the deployment. - The environment-specific overlays patch the base resources With the appropriate image tag. - The patchesStrategicMerge' field applies the patch.yaml tile to the deployment. - The '{{.environment}Y placeholder in the patch file is replaced with the actual environment name when Kustomize is applied. This approach allows you to easily manage and deploy your applications to different environments with specific configuration settings.
You need to design a mufti-container Pod that includes a main application container and a sidecar container- The sidecar container should periodically check the health of the main application container using a health Check mechanism. If tne main application container iS unhealthy, the sidecar container should take corrective actions like restarting the main container or sending an alert. Explain how you can accomplish this using a sidecar container and health check probes.
Explanation:
Solution (Step by Step) :
1. Define the Pod configuration: Create a Pod with two containers: the main application container and the sidecar container.

2. Configure the main application containers health check: Define a SlivenessPr0be' for the main container. This probe will periodically check the containers health using the specified mechanism. The probe will restart the container if it's unhealthy.

- specifies a TCP port to check. - 'initialDelaySeconds:' sets the delay before the first probe. - 'periodSeconds:' determines the frequency of health checks. - 'tailureThreshold:' specifies the number of consecutive tailed probes before restarting the container 3. Create the sidecar container: Design a sidecar container that monitors tne main containers health status. This container can be responsible for: - Observing health check results: Receive health check results from the main container. - Taking corrective actions: It the main container becomes unhealthy, the sidecar cam - Restart the main container: Use Kubernetes restart policy or 'execs commands to restart the main container. - Send alerts: Integrate with a monitoring system to send alerts about the main container's health issues. 4. Implement sidecar logic: Implement the necessary logic in the sidecar container to handle the health checks, perform corrective actions, and potentially interact witn a monitoring system. bash # Sidecar Dockerfile FROM ubuntu:latest # (add your monitoring and restart logic) # Start a process to periodically check main application container health CMD ["sh", "-c", "while true; do sleep 20; curl -s http://main-app:8080; exit 0; done"] 5. Test and monitor: Test the Pod's functionality by simulating a health issue in the main container. Ensure the sidecar container successfully identifies the issue and takes corrective actions. Monitor logs from both containers to validate the health check process and sidecar containers actions. This approach uses the sidecar container to monitor the health of the main application container, effectively managing the application's health and ensuring responsiveness to potential failures. ,