This article provides detailed step-by-step solutions for Mock Exam Two. Each question covers a key aspect of Kubernetes cluster configuration—from creating storage classes and deployments to configuring ingress, RBAC, network policies, HPA setups, and troubleshooting common issues. Follow the solutions below to configure your clusters and gain hands-on experience with Kubernetes.Documentation Index
Fetch the complete documentation index at: https://notes.kodekloud.com/llms.txt
Use this file to discover all available pages before exploring further.
Question 1 – Creating a Default Local StorageClass
In this question, you will create a StorageClass named local-sc on Cluster One’s control plane. This StorageClass must be set as the default with the following criteria:-
SSH into your control plane:
-
Referencing the documentation, copy the example configuration and update it as follows:
- Change the
nameto local-sc. - Update the annotation
storageclass.kubernetes.io/is-default-classto"true". - Set the
provisionertokubernetes.io/no-provisioner. - Remove any unnecessary fields (such as
reclaimPolicyandmountOptions) not specified. - Retain only
allowVolumeExpansionandvolumeBindingMode: WaitForFirstConsumer.
- Change the
question1.yaml), apply the configuration:
Question 2 – Deployment with App and Sidecar Containers for Logging
This question guides you through creating a deployment named logging-deployment in thelogging-ns namespace. The deployment uses one replica and runs two containers within the same pod:
- app-container: Uses the busybox image to continuously append log entries to
/var/log/app/app.log. - log-agent: Also based on busybox, this container tails the same log file.
emptyDir volume mounted at /var/log/app.
Below is the complete YAML configuration (save as question2.yaml):
Question 3 – Creating an Ingress Resource to Route Traffic
Here, you will create an Ingress resource named webapp-ingress in theingress-ns namespace. This ingress routes traffic to a service called webapp-svc, using the NGINX ingress controller with the following criteria:
- Hostname:
kodekloud-ingress.app - Path:
/(withPathType: Prefix) - Forward traffic to webapp-svc on port 80
question3.yaml):
Question 4 – Updating an Nginx Deployment with Rolling Updates
In this question, create a deployment named nginx-deploy using nginx:1.16 and then perform a rolling update to upgrade the image to nginx:1.17.-
Generate an initial deployment YAML using a dry run:
The generated YAML will be similar to:
-
Apply the deployment:
-
Update the image to version 1.17 using a rolling update:
-
Verify the rollout history:
Question 5 – Creating a User via CSR and Configuring RBAC
This question has two parts:Part A: Create a CertificateSigningRequest (CSR) for User “john”
- The private key is located at
/root/cka/john.keyand the CSR file at/root/cka/john.csr. Base64 encode the CSR file content for use in your CSR object. - The CSR object should use the signer
kubernetes.io/kube-apiserver-clientand specify these usages:digital signature,key encipherment, andclient auth.
question5.yaml):
Part B: Grant RBAC Permissions with Role and RoleBinding
Create a Role named developer in thedevelopment namespace to allow the following verbs on pods: create, list, get, update, and delete. Then, bind the role to user john.
Save the following YAML as question5-rbac.yaml:
Question 6 – Creating an Nginx Pod with an Internal Service and DNS Testing
In this exercise, you will deploy an Nginx pod named nginx-resolver and expose it internally using a ClusterIP service named nginx-resolver-service. Then you will verify DNS resolution using a BusyBox pod.-
Create the Nginx pod:
-
Expose the pod internally:
-
Verify the service endpoints:
-
Run a temporary BusyBox pod to perform an nslookup:
/root/cka/nginx.svc) if necessary. Remember that Kubernetes creates DNS entries for both pods and services.
Question 7 – Creating a Static Pod
Create a static pod named nginx-critical on Node One. This pod should automatically restart on failure and must reside in the/etc/kubernetes/manifests directory.
-
Generate a pod YAML definition via dry run:
-
SSH into Node One:
-
Place the YAML file into
/etc/kubernetes/manifests/static.yamlwith contents similar to:
Question 8 – Creating a Horizontal Pod Autoscaler (HPA)
Create an HPA for a deployment named backend-deployment in thebackend namespace. The HPA should target an average memory utilization of 65% across all pods, with a minimum of 3 replicas and a maximum of 15.
Below is the example HPA YAML (save as webapp-hpa.yaml):
Question 9 – Troubleshooting a Non-Responsive API Server
If Cluster Two fails to respond tokubectl commands (e.g., with the error message “The connection to the server cluster2-controlplane:6443 was refused”), perform the following steps:
-
Run a command such as:
which may yield:
-
Use
crictl podsto check the running containers and notice that the API server container is missing. -
Verify the kubelet status:
If it is inactive, start and enable the kubelet:
Question 10 – Modifying the Web Gateway for HTTPS
Modify the existing web gateway in thecka5673 namespace on Cluster One so that it handles HTTPS traffic on port 443 for kodekloud.com using TLS certificates stored in the kodekloud-tls secret.
-
Verify that the secret exists:
-
Retrieve the current gateway configuration:
-
Edit the YAML file to update the listener section. Change to the following:
-
Apply the updated configuration:
Question 11 – Uninstalling a Vulnerable Helm Release
Identify and uninstall the Helm release that uses the vulnerable imagekodekloud/webapp-color:v1.
-
List all Helm releases across namespaces:
-
Search for the vulnerable image in each release’s manifests:
-
Once identified (for example, if the release is named
atlanta-page-apdin theatlanta-page-04namespace), uninstall it:
Question 12 – Applying a Network Policy
Implement a network policy that allows traffic from frontend applications (namespacefrontend) to backend applications (namespace backend), while blocking traffic from the databases (namespace databases).
After reviewing the provided policies, net-pol-3.yaml is the correct choice. Its contents are as follows:
Question 13 – Troubleshooting a Failed Deployment Due to Resource Quota
On Cluster Three, if the backend-api deployment fails to scale to three replicas due to resource quota limitations, follow these troubleshooting steps:-
Describe the deployment to see error events:
Also check the ReplicaSets for error events indicating that pod creation is forbidden by resource quotas.
-
Describe the resource quota:
An example output might be:If the new pod’s request (e.g., 128Mi) exceeds the quota, adjustments are needed.
-
Update the deployment’s resource requests to ensure the total for three replicas remains within the limits. For instance, reduce the memory request from
128Mito100Mi: -
Update the deployment using editing or applying a modified YAML, and if necessary, delete the problematic ReplicaSet to trigger a new rollout:
Question 14 – Deploying Calico CNI with a Custom CIDR
On Cluster Four, deploy Calico as your CNI provider. Use the official Calico custom-resources YAML from GitHub and modify the CIDR to172.17.0.0/16.
-
Download the custom-resources file:
-
Edit the downloaded YAML file. Locate the Calico IP pool definition and update the
cidrvalue as shown below: -
Apply the modified configuration:
-
To verify that Calico is operating correctly and pod-to-pod communication works, deploy a test pod (such as an Nginx pod) and use a BusyBox or net-tools container for connectivity tests:
This article provides a comprehensive walkthrough of essential Kubernetes configurations and troubleshooting steps. By following these step-by-step solutions, you can better understand Kubernetes components and improve your operational skills.