Linux Foundation CKAD 問題集

質問 1：
You have a multi-container Pod that needs to perform some initialization tasks before the main application containers Stan. These tasks involve setting up a database connection, downloading a configuration file, or running some pre-flight checks. Design a Pod configuration that utilizes an init container to handle these tasks before tne main application containers start Ensure that your solution includes the necessary steps to handle potential errors encountered during the initialization process.
正解：
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create an init container: Define an init container within your Pod's spec. This container will be responsible for running the initialization tasks before your main application containers start.

2. Define the init container image: Create a Docker image specifically for your init container. This image should contain all the necessary tools and scripts to perform your initialization tasks. basn # Create a Dockerfile for the init container FROM ubuntu:latest RUN apt update && apt install -y mysql-client # (add your initialization tasks here) CMD ["echo", "Database connected"] # Build the Docker image docker build -t example/init-script:latest . 3. Handle potential errors: Use a "lifecycle" nook to handle any errors during tne init container execution. This ensures that if the init container fails, the Pod is restarted, and the initialization process is retried.

This example demonstrates the "poststart" lifecycle hook, which ensures the main application container only starts after the init container successfully completes. 4. Define resources for the init container: Specifr,' resource requirements for your init container (CPU, memory, etc.). This ensures that the initialization process doesn't impact your main application containers resource availability 5. Configure the main application container: Make sure your main application containers configuration is aware of the init containers actions (e.g., the database connection details are available). 6. Monitor and troubleshoot: Monitor your Pod's status to ensure the init container runs successfully. If errors occur, analyze logs from the init container to identify and address the issues. This configuration ensures that your init container executes the initialization tasks before your main application containers start, and provides a mechanism to handle errors during the initialization process.

質問 2：
You need to configure a Kubernetes deployment to use a secret stored in a different namespace. How can you access the secret in a different namespace, and how can you mount it as a file in your deployment's container?
正解：
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Ensure Access to the Secret:
- The service account used by your deployment needs to have read access to the secret in the other namespace. This can be done using a Role and RoleBinding. If the service account already has access, skip to step 2.
- Create a role in the secret's namespace:

- Create a RoleBinding in the secret's namespace:

- Apply the Role and RoleBinding using: bash kubectl apply -f role-yaml kubectl apply -f rolebinding.yaml 2. Modify your Deployment - Update your Deployment YAML file to mount the secret as a file, specifying the namespace:

- Replace 'my-secret with the actual name of the secret and 'secret-namespace with the namespace where the secret is stored. 3. Apply the Updated Deployment: - Apply the updated deployment using: bash kubectl apply -f my-deployment.yaml 4. Access Secret Data: - The secret's data is now mounted in the container at the specified 'mountPatm. You can access the secret's data using the mounted file.]

質問 3：
You are deploying a web application with a separate database container. You need to implement a proxy container that handles requests from the web server and forwards them to the database container. The proxy container should also log all incoming requests to a dedicated log file within the Pod.
正解：
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Define the Pod YAML: Create a Pod YAML file that includes the web server, database, and proxy containers.

2. Configure the Proxy Container: Choose a suitable proxy container image (e.g., Nginx, HAProxy) and configure it to forward requests from port 8080 to the database container on port 5432 3. Implement Logging: Configure the proxy container to log incoming requests to the '/var/log/proxy' directory. You can use the proxy container's built- in logging facilities or install a separate logging agent within the container. 4. Deploy the Pod: Apply the Pod YAML using ' kubectl apply -f my-app-pod_yaml' 5. Verify Functionality: Access the web server container on port 80 and ensure requests are forwarded to the database container Check the log file ' Ivar/log/proxys to verify that requests are being logged. Note: This solution demonstrates using a proxy container to manage communication between different containers within a Pod. You can customize the proxy's configuration based on your specific application's requirements.,

質問 4：
You are managing a Kubernetes cluster running a web application. You need to create a CronJob that automatically updates the web application's database every night at 1:00 AM. The database update script iS located in a container image named 'database-update:vl'. The script requires the following environment variables: 'DATABASE_HOST' , 'DATABASE_USER' , and 'DATABASE_PASSWORD'. How would you create the CronJob YAML file to achieve this?
正解：
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Create the CronJob YAML file:
- Stan by creating a YAML file named 'database-update-cronjob.yaml' with the following structure:

2. Create a Secret for database credentials: - Create a Kubernetes secret named 'database-credentials' to store the sensitive database credentials:] bash kubectl create secret generic database-credentials \ --trom-literal=DATA8ASE HOST=your_database host \ --from-literal=DATA8ASE_USER=your_database_user --from-literal=DATA8ASE_PASSWORD=your_database_password 3. Apply the CronJob: - Apply the CronJ0b YAML file using 'kubectl apply -f database-update-cronjob.yamr. 4. Verify the CronJob: - Check the status of the CronJob using "kubectl get cronjobs" and ensure that it is scheduled successfully. - 'schedule': Defines the schedule for the CronJ0b. In this case, it's set to "0 1 ", which means the job will run at 1:00 AM every day. - 'jobTemplate': Specifies the template for the job that will be created by the CronJob. - 'containers': Defines tne container that will run tne database update script. - 'images: Sets the image for the container, which is 'database-update:vl' - 'command': Defines the command to be executed in the container. - Specifies the environment variables required for the database update script. In this case, the variables are retrieved from a Kubernetes secret named 'database-credentials' to ensure secure storage of sensitive information. - 'backoffLimit: Sets the maximum number of retries if the job fails. ,

質問 5：
You have a Deployment named 'my-app-deployment' running three replicas of an application container. You need to implement a rolling update strategy were only one pod is updated at a time. Additionally, you need to ensure tnat tne update process is triggered automatically whenever a new image is pushed to your private Docker registry.
正解：
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Update the Deployment YAML:
- Update the 'replicas' to 2.
- Define 'maxunavailable: 1' and 'maxSurge: O' in the 'strategy-rollinglJpdate' section to control the rolling update process.
- Configure a 'strategy.types to 'Rollingupdates to trigger a rolling update wnen the deployment is updated.
- Add a 'spec-template.spec.imagePullP01icy: Always' to ensure tnat tne new image is pulled even if it exists in the pod's local cache.
- Add a 'spec-template-spec-imagePullSecrets' section to provide access to your private Docker registry. Replace 'registry-secret with the actual name of your secret.

2. Create the Deployment - Apply the updated YAML file using 'kubectl apply -f my-app-deployment.yamr 3. Verify the Deployment: - Check the status of the deployment using 'kubectl get deployments my-app-deployment' to confirm the rollout and updated replica count. 4. Trigger the Automatic Update: - Push a new image to your private Docker registry with a tag like 'your-private-registry.com/your-namespacemy-app:latest. 5. Monitor the Deployment: - Use 'kubectl get pods -l app=my-apps to monitor the pod updates during the rolling update process. You will observe that one pod is terminated at a time, while one new pod with the updated image is created. 6. Check for Successful Update: - Once the deployment is complete, use 'kubectl describe deployment my-app-deployment' to see that the updatedReplicas' field matches the 'replicas' field, indicating a successful update. ]