https://kubernetes.io/docs/ and their subdomains
https://kubernetes.io/blog/ and their subdomains
This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)
- run
time_left
on work pc to check time - run
check_result
on work pc to check result
1 | Deploy a pod named nginx-pod using the nginx:alpine image |
---|---|
Task weight | 1% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Name: nginx-pod - Image: nginx:alpine |
2 | Deploy a messaging pod using the redis:alpine image with the labels set to tier=msg |
---|---|
Task weight | 1% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Pod Name: messaging - Image: redis:alpine - Labels: tier=msg |
3 | Create a namespace named apx-x9984574 |
---|---|
Task weight | 1% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Namespace: apx-x9984574 |
4 | Get the list of nodes in JSON format and store it in a file at /var/work/tests/artifacts/4/nodes.json |
---|---|
Task weight | 2% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - list of nodes /var/work/tests/artifacts/4/nodes.json |
5 | Create a service messaging-service to expose the messaging application within the cluster on port 6379 |
---|---|
Task weight | 2% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Use imperative commands. - Service: messaging-service - Port: 6379 - Type: ClusterIp - Use the right labels |
6 | Create a deployment named hr-web-app using the image nginx:alpine with 2 replicas |
---|---|
Task weight | 2% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Name: hr-web-app - Image: nginx:alpine - Replicas: 2 |
7 | Create a static pod named static-busybox with label pod-type=static-pod on the controlplane node that uses the busybox image and the command sleep 60000. |
---|---|
Task weight | 2% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Name: static-busybox - Image: busybox - label: pod-type=static-pod - command: sleep 60000 |
8 | Create a POD in the finance namespace named temp-bus with the image redis:alpine. |
---|---|
Task weight | 1% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Namespace: finance - Name: temp-bus - Image: redis:alpine |
9 | Use JSON PATH query to retrieve the osImages of all the nodes and store it in a file /var/work/tests/artifacts/9/os.json each node - new line. |
---|---|
Task weight | 3% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | file /var/work/tests/artifacts/9/os.json |
10 | Create a pod called multi-pod with two containers |
---|---|
Task weight | 5% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Pod Name: multi-pod - Container 1, name: alpha, image: nginx , variable name=alpha - Container 2: name: beta, image: busybox, command: sleep 4800, variable name=beta |
11 | Expose the hr-web-app as service |
---|---|
Task weight | 4% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - The web application listens on port 80 - Name: hr-web-app-service - Type: NodePort - Endpoints: 2 - Port: 80 - NodePort: 30082 |
12 | Create a Persistent Volume with the given specification. Run pod with pv. |
---|---|
Task weight | 6% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Volume name: pv-analytics - pvc name: pvc-analytics - Storage: 100Mi - Access mode: ReadWriteOnce - Host path: /pv/analytics - pod name: analytics - image: busybox - node: nodeSelector - node_name: node_2 - command: "sleep 60000" - mountPath: /pv/analytics |
13 | Take a backup of the etcd cluster and save it to /var/work/tests/artifacts/13/etcd-backup.db |
---|---|
Task weight | 3% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - etcd backup on control-plane node /var/work/tests/artifacts/13/etcd-backup.db |
14 | Create a Pod called redis-storage with image: redis:alpine with a Volume of type emptyDir that lasts for the life of the Pod |
---|---|
Task weight | 4% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Pod name: redis-storage - container name: redis-storage - image: redis:alpine - volumes.name: data - volumes.type: emptyDir - volumes.sizeLimit: 500Mi - volumeMounts.mountPath: /data/redis - volumeMounts.name: data |
15 | Create a new pod called super-user-pod with image busybox:1.28. Allow the pod to be able to set system_time. |
---|---|
Task weight | 2% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Pod name: super-user-pod - container name: super-user-pod - Container Image: busybox:1.28 - command: sleep for 4800 seconds. - capability: SYS_TIME |
16 | Create a new deployment called nginx-deploy, with image nginx:1.16 and 1 replica. Next upgrade the deployment to version 1.17 using rolling update. |
---|---|
Task weight | 3% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Deployment : nginx-deploy. - Image: nginx:1.16 - Task: Upgrade the version of the deployment to 1:17 with image 1.17 - Task: Record the changes for the image upgrade |
17 | Create a new user called john. Grant him access to the cluster. John should have permission to create, list, get, update and delete pods in the development namespace. |
---|---|
Task weight | 6% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - create ns development - create private key and csr - CSR: john-developer with Status:Approved- Role Name: developer , namespace: development , Resource: pods , verbs: create,list,get - rolebinding: name= developer-role-binding , role=developer , user=john , namespace=development - Access: User 'john' has appropriate permissions |
18 | Create a new service account with the name pvviewer. Grant this Service account access to list all PersistentVolumes in the cluster by creating an appropriate cluster role called pvviewer-role and ClusterRoleBinding called pvviewer-role-binding. Next, create a pod called pvviewer with the image: redis and serviceAccount: pvviewer in the default namespace. |
---|---|
Task weight | 5% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - ServiceAccount: pvviewer - ClusterRole: pvviewer-role , resources - persistentvolumes , verbs - list,get - clusterrolebinding: pvviewer-role-binding - Pod: pvviewer - image: viktoruj/cks-lab:latest - command: sleep 60000 |
19 | Create a Pod called non-root-pod, image: redis:alpine |
---|---|
Task weight | 2% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - pod name: non-root-pod - image: redis:alpine - runAsUser: 1000 - fsGroup: 2000 |
20 | Create secret, configmap. Create a pod with mount secret and configmap. |
---|---|
Task weight | 8% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - namespace: prod-apps - secret: name=prod-secret, ns=prod-apps, variables var1=aaa, var2=bbb - configmap: configmap_name=prod-config,ns=prod-apps,file_name_for_configmap=config.yaml, file_content= "test config" - pod: name=prod-app, ns=prod-apps, - container1: name=app1, image=viktoruj/cks-lab:latest , command="sleep 60000", volume_name=config, volume_type=configmap, mount_path="/app/configs", ENV=from secret "prod-secret" - container2: name=app2, image=viktoruj/cks-lab:latest , command="sleep 60000", volume_name=secret, volume_type=secret, mount_path="/app/secrets" |
21 | Resolve dns svc and pod. Create a nginx pod called nginx-resolver using image nginx, expose it internally with a service called nginx-resolver-service. |
---|---|
Task weight | 3% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - Pod: nginx-resolver - image: nginx - Service: nginx-resolver-service - lookup pod name : test-nslookup - lookup pod image : busybox:1.28 - service file: /var/work/tests/artifacts/21/nginx.svc - pod file: /var/work/tests/artifacts/21/nginx.pod |
22 | Update Kubernetes cluster. |
---|---|
Task weight | 7% |
Cluster | cluster2 (kubectl config use-context cluster2-admin@cluster2 ) |
Acceptance criteria | - The cluster is running Kubernetes 1.29.0, update it to 1.29.1 . - Use apt package manager and kubeadm for this. - Use ssh to connect to the instances. |
23 | Network policy. |
---|---|
Task weight | 6% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - create default deny ingress policy in prod-db NS- create policy with allow connections from prod Namespaces to prod-db - create policy with allow connections from stage Namespaces and have label: role=db-connect - create policy with allow connections from any Namespaces and have label: role=db-external-connect |
24 | Create DaemonSet to run pods on all nodes (control-plane too) |
---|---|
Task weight | 6% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - namespace: app-system - ds: name=important-app , image=nginx - run on all nodes (control-plane too) |
25 | Create deployment and spread the pods on all nodes(control-plane too). Add PodDisruptionBudget |
---|---|
Task weight | 8% |
Cluster | cluster1 (kubectl config use-context cluster1-admin@cluster1 ) |
Acceptance criteria | - namespace: app2-system - deployment: name=important-app2 , image=nginx , replicas=3 - PodAntiAffinity: nodename - PodDisruptionBudget: name=important-app2 min available pod = 1 |