Get up-to-date Real Exam Questions for CKAD UPDATED [2026]
Pass Linux Foundation CKAD Exam in First Attempt Guaranteed
NEW QUESTION # 65
You have a web application that requires a specific sidecar container to perform certain tasks like logging and monitoring. You need to ensure that this sidecar container iS always running alongside your application pod, even it the main application pod restarts or iS deleted and recreated. How would you achieve this using a DaemonSet in Kubernetes?
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Define the DaemonSet YAML: Create a YAML file that defines the DaemonSet configuration. This file will include the following key sections:
- Metadata Includes the name and labels for the DaemonSet.
- Spec: Defines the deployment details:
- Selector: Matches the labels of the pods that the DaemonSet should manage.
- Template: Contains the pod definition:
- Containers: Defines the main application container and the sidecar container.
- Ensure the sidecar container has appropriate resources and environment variables.
- Include any necessary ports or volume mounts for the sidecar container.
- UpdateStrategy: You might want to control the update strategy (RollingUpdate or Recreate) if you have multiple nodes.
2. Create the Daemonset Apply the Daemonset YAML file to your Kubernetes cluster using 'kubectl apply -f daemonset.yamr. This will create the DaemonSet and stan deploying tne pods on each node. 3. Verify Deployment: Use 'kubectl get daemonsetS to check the status of the DaemonSet. Verify that the pods are running on each node. 4. Testing and Monitoring: - Restart or Delete the Main App Pod: Observe how the sidecar container continues running alongside the main app pod, even when the main pod is restarted or deleted and recreated. - Check Logs If your sidecar container is responsible for logging, use 'kubectl logs to check the logs from the sidecar container This approach ensures that the sidecar container remains in a ready state on each node and is always available to support your application pod, fulfilling the requirements for logging and monitoring even when the main pod restarts or is recreated.
NEW QUESTION # 66
Context
Context
Developers occasionally need to submit pods that run periodically.
Task
Follow the steps below to create a pod that will start at a predetermined time and]which runs to completion only once each time it is started:
* Create a YAML formatted Kubernetes manifest /opt/KDPD00301/periodic.yaml that runs the following shell command: date in a single busybox container. The command should run every minute and must complete within 22 seconds or be terminated oy Kubernetes. The Cronjob namp and container name should both be hello
* Create the resource in the above manifest and verify that the job executes successfully at least once
Answer:
Explanation:
Solution:


NEW QUESTION # 67
You are building a microservices architecture for a web application. One of your services handles user authentication. To ensure the service remains available even if one of the pods fails, you need to implement a high-availability solution. Design a deployment strategy for the authentication service that utilizes Kubernetes features to achieve high availability and fault tolerance.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Deploy as a StatefuISet:
- Use a StatefuISet to deploy your authentication service. StatefuISets maintain persistent storage and unique identities for each pod, ensuring that data is preserved and the service can recover from failures without losing state.
2. I-Ise Persistent Volumes: - Provision persistent volumes for each pod in the StatefulSet to store sensitive data like user credentials or session information. This ensures that the data persists even if a pod iS restarted or replaced. 3. Configure a Service with Load Balancing: - Create a Service that uses a load balancer (like a Kubernetes Ingress or external load balancer) to distribute traffic across the replicas of your authentication service. This ensures that requests are evenly distributed, even if some pods are down.
4. Implement Health Checks: - Set up liveness and readiness probes for the authentication service. Liveness probes ensure that unhealthy pods are restarted, while readiness probes ensure that only nealtny pods receive traffic. 5. Enable TLS/SSL: - Secure your authentication service with TLS/SSL to protect sensitive user data during communication. You can use certificates issued by a certificate authority (CA) or self-signed certificates for development environments. 6. Consider a Distributed Cache: - For improved performance and scalability, consider using a distributed cache like Redis or Memcached to store frequently accessed data, such as user authentication tokens. This can reduce the load on the authentication service and improve user response times.
NEW QUESTION # 68
You are building a microservice that relies on a third-party API for its functionality_ To ensure the reliability and performance of your microservice, you need to implement a robust strategy tor handling API calls. Design a deployment strategy that addresses potential issues with the third-pany API and ensures the stability of your microservice.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Use a Deployment:
- Deploy your microservice using a Deployment. Deployments provide a robust mechanism for managing and scaling your microservices, making it easy to update and manage your application.
2. Secure API Credentials: - Store API credentials (like API keys or tokens) securely using a Kubernetes Secret. This prevents credentials from being exposed in plain text within your deployments.
3. Implement Retry Mechanisms: - Add retry logic to your code to handle transient errors (like network hiccups or temporary service outages) during API calls. This helps ensure that your microservice can recover from temporary issues and continue functioning. 4. Utilize Rate Limiting: - Implement rate limiting to prevent your microservice from ovenvhelming the third-party API. This helps protect both your microservice and the API from performance degradation- 5. Use a Circuit Breaker Pattern: - Integrate a circuit breaker pattern into your API call handling. This pattern helps prevent cascading failures by automatically stopping requests to the third-party API it it is experiencing prolonged outages or errors- 6. Consider a Proxy or Gateway: - Implement a proxy or gateway layer between your microservice and the third-party API. This layer can help with request routing, load balancing, security, and performance optimization. 7. Monitor API Calls: - Implement monitoring and logging to track API call performance and identify potential issues. This allows you to proactively identify and address problems before they impact your microservice's reliability 8. Utilize Caching: - Consider caching API responses to reduce the load on the third-party API and improve the response time of your microservice. 9. Implement Fallbacks: - Have fallback mechanisms in place if the third-party API is unavailable. This could involve returning default data or using alternative data sources to provide a degraded but functional experience. 10. Consider Using a Service Mesh: - For complex microservice architectures, consider implementing a service mesh like Istio. Service meshes provide features like traffic management, security, observability, and resilience, which can be very beneficial for managing interactions with third-party APIs.,
NEW QUESTION # 69
You are building a new web application that utilizes a microservice architecture- One of the microservices, 'recommendation-service', is responsible for providing personalized product recommendations to users.
This service uses a machine learning model for generating recommendations based on user purchase history and browsing behavior. The model is trained offline and its weights are stored in a 'model-store' service.
Design a mufti-container Pod for the 'recommendation-service' that incorporates the following considerations:
- The Pod should include a primary container for the 'recommendation-service' application.
- The Pod should include a secondary container that runs the 'model-store' service to provide access to the trained model weights.
- Both containers should share a common volume to ensure that the model weights are available to the 'recommendation-service' container-
- The recommendation-service' snould be able to access the model weignts from the 'model-store' container witnout relying on a network call to another service-
- The recommendation-service' container should be configured to periodically update the model weights from the 'model-store' container when a new version of the model is available.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create the Deployment YAML:
- Define a Deployment with the name 'recommendation-service'
- Set the replicas to for redundancy and scalability.
- Specify the labels Sapp: recommendation-service' for selecting the Pods in the Deployment.
- Create a 'template' section to define the Pod specificatiom
2. Deploy the Resources: - Apply the Deployment using 'kubectl apply -f deployment-yamp 3. Verify the Deployment: - Check the status of the Deployment using 'kubectl get deployments recommendation-service and ensure that three Pods are running. 4. Contigure the 'recommendation-service' - Modify the 'recommendation-service application to load the model weights from the specified path ClmodeVIatest-modeI_weightS). - Implement a mechanism within the 'recommendation-service to periodically check tor updated model weights in the shared volume. 5. Configure the 'model-store service: - Ensure that the model-store service is properly configured to store and retrieve the model weights. - Implement a mechanism in the 'model-store' service to notify the 'recommendation-service when a new model version is available. This notification can be achieved using a shared volume or a separate messaging system. 6. Test the Application: - Send requests to the 'recommendation-service' to generate recommendations. - Monitor the 'model-store' service and the shared volume to verify that the model weights are being updated correctly and the recommendation- service' is using the latest model version. Important Considerations: - Ensure that the 'recommendation-service' application is properly configured to access and load the model weights from the shared volume. - Implement a robust model management strategy, including versioning and rollback mechanisms, to ensure that the recommendation-service always uses the appropriate model. - Consider using a dedicated model store service that provides a dedicated API for retrieving and updating model weights. This can simplify the communication between the 'recommendation-service' and the model store. - Monitor the performance and resource usage of both services to ensure optimal performance.,
NEW QUESTION # 70
You have a Kubernetes cluster with a namespace called 'dev' and a deployment named 'app-deployment' in that namespace. You need to create a new Role that allows users in the 'developers' group to only scale the Sapp-deployment' deployment. They should not be able to access any other resources in the 'dev' namespace. Implement the RBAC configuration for this scenario.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a Role:
- Create a YAML file named 'scale-app-role.yaml' with the following content:
2. Create a RoleBinding: - Create a YAML file named 'scale-app-rolebinding.yaml' with the following content:
3. Apply the configuration: - Apply the Role and Role8inding using the following commands: bash kubectl apply -f scale-app-role.yaml kubectl apply -f scale-app-rolebinding-yaml 4. Verify the configuration: - You can verify the configuration by using the following command: bash kubectl auth can-i --list --as=user:testuser--group-developers--namespace-dev - Replace 'testuser' with the name of a user in the 'developers' group. The output should show only the following permissions: - 'apps/deployments': 'get, "list, 'watch', 'update', 'patch', 'scale' 5. Test the permissions: - Try to scale the Sapp-deployment deployment using the 'kubectr command as a user in the 'developers group. - Try to perform other actions on the deployment or other resources in the 'devs namespace. You should only be able to scale the Sapp-deployment deployment.
NEW QUESTION # 71
You need to create a container image for an application that uses a specific version of Node.js (v16.x). How would you define this version within your Dockerfile to ensure the application runs as expected in a Kubernetes cluster?
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Specify Node.js Base Image:
- In your Dockerfile, start by selecting a Node.js base image from Docker Hub that matches the required version (v16.x).
- Example:
dockerfile
FROM node:16.x
2. Copy Application Code:
- Copy your Node.js application code into the Docker image.
- Example:
dockerfile
COPY
3. Install Dependencies:
- Use the 'RIJN' instruction to install any necessary Node.js dependencies using 'npm install'.
- Example:
dockerfile
RUN npm install
4. Define Startup Command:
- Specify the command to start your Node.js application within the Dockerfile_
- Example:
dockeffile
CMD ["npm", "start"]
5. Build and Deploy:
- Build your Docker image using the 'docker build' command.
- Deploy the image to your Kubernetes cluster using a Deployment or Pod.
- Ensure the container utilizes the specified Node.js version (v16.x).
NEW QUESTION # 72 
Context
Developers occasionally need to submit pods that run periodically.
Task
Follow the steps below to create a pod that will start at a predetermined time and]which runs to completion only once each time it is started:
* Create a YAML formatted Kubernetes manifest /opt/KDPD00301/periodic.yaml that runs the following shell command: date in a single busybox container. The command should run every minute and must complete within 22 seconds or be terminated oy Kubernetes. The Cronjob namp and container name should both be hello
* Create the resource in the above manifest and verify that the job executes successfully at least once See the solution below.
Answer:
Explanation:
Explanation
Solution:


NEW QUESTION # 73 
Task
Create a new deployment for running.nginx with the following parameters;
* Run the deployment in the kdpd00201 namespace. The namespace has already been created
* Name the deployment frontend and configure with 4 replicas
* Configure the pod with a container image of lfccncf/nginx:1.13.7
* Set an environment variable of NGINX__PORT=8080 and also expose that port for the container above
Answer:
Explanation:
See the solution below.
Explanation:
Solution:



NEW QUESTION # 74
You are deploying a resource-intensive application that requires a large amount of memory and CPU. How would you create a ResourceQuota to limit the resources consumed by this application and prevent it from impacting other workloads in the cluster?
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Define the ResourceQuota:
- Create a ResourceQuota object named resource-limit' in the namespace where the application is deployed.
- Set the resource limits for the application by specifying the maximum allowed requests for CPU and memory.
- You can also set limits for other resources, such as pods and services.
2. Apply the ResourceQuota: - Apply the ResourceQuota configuration using 'kubectl apply -f resource-limit.yaml' 3. Test the Resource Limits. - Try to create or scale the resource-intensive application beyond the defined limits. - You should receive an error indicating that the ResourceQuota has been exceeded.
NEW QUESTION # 75
You have a microservice application that is deployed as a Deployment. You want to implement a mechanism to handle temporary network issues or other transient failures that may occur during the application's communication with external services. Explain how you can use readiness probes and liveness probes in combination with a restart policy to address these failures.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Define Readiness Probes:
- Add a 'readinessProbe' to the container spec of your application pods.
- The probe should check the health and readiness of the application to receive incoming requests.
- This probe should be executed periodically.
- If the probe fails, the pod will be considered not ready and won't receive traffic.
- Example using a TCP socket check:
2. Define Liveness Probes: - Add a 'livenessProbe' to the container spec of your application pods- - This probe should check the health of the application pod itself. - It should be executed periodically to detect issues that might not affect readiness but indicate a problem with the application. - If the liveness probe fails for a specified number of consecutive attempts, the pod will be restarted. - Example using a HTTP endpoint cneck:
3. Set Restart Policy: - Ensure that the restart policy for the pod is set to 'Always' (the default) to automatically restart the pod upon failure detected by the liveness probe. 4. Implement Health Check Endpoints: - Implement the health check endpoints within your application (e.g., ' Ihealth' for the liveness probe, a simple TCP connection for the readiness probe) to allow probes to assess the nealth of the application and its dependencies. 5. Verify and Monitor: - Deploy the updated Deployment and simulate network failures or other transient issues. - Monitor the pods' health and observe that they are automatically restarted and marked as not ready when necessary, ensuring continued application availability despite temporary disruptions.
NEW QUESTION # 76
You are running a Kubernetes cluster that manages a critical web application. Your application uses a custom resource called 'Database' to represent database instances. You want to ensure that only authorized users within your organization can create and manage these database instances. How would you implement this using ServiceAccounts and Role-Based Access Control (RBAC)?
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a ServiceAccount:
- Create a ServiceAccount specifically for managing database instances. This ServiceAccount will be assigned to the users authorized to work with databases.
- Apply the ServiceAccount to your cluster using 'kubectl apply -f serviceAccount.yamI' 2. Create a Role: - Define a Role to specify the permissions that the 'database-manager' ServiceAccount should have. This Role will allow the ServiceAccount to create, update, delete, and list 'Database custom resources.
- Apply the Role using 'kubectl apply -f role.yamr 3. Bind the Role to the ServiceAccount - Use a RoleBinding to link the 'database-managers ServiceAccount to the 'database-manager-roles
- Apply the RoleBinding using 'kubectl apply -f roleBinding.yaml' 4. Use the ServiceAccount: - When users need to manage database instances, they should authenticate to the Kubernetes cluster using credentials associated with the 'database-manager ServiceAccount This will grant them the permissions defined in the Role. - Example: - 'kubectl create database my-database Important Notes: - Replace "'your-group"' and '"your-namespace"' with the actual values for your custom resource and namespace, respectively. - You might need to create a ClusterRole instead of a Role if you want the permissions to apply across all namespaces in your cluster. - This example assumes you've already defined the CustomResourceDefinition (CRD) for the 'Database' resource.]
NEW QUESTION # 77
You have a microservice application that is deployed as a Deployment. You want to implement a mechanism to handle temporary network issues or other transient failures that may occur during the application's communication with external services. Explain how you can use readiness probes and liveness probes in combination with a restart policy to address these failures.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Define Readiness Probes:
- Add a 'readinessProbe' to the container spec of your application pods.
- The probe should check the health and readiness of the application to receive incoming requests.
- This probe should be executed periodically.
- If the probe fails, the pod will be considered not ready and won't receive traffic.
- Example using a TCP socket check:
2. Define Liveness Probes: - Add a 'livenessProbe' to the container spec of your application pods- - This probe should check the health of the application pod itself. - It should be executed periodically to detect issues that might not affect readiness but indicate a problem with the application. - If the liveness probe fails for a specified number of consecutive attempts, the pod will be restarted. - Example using a HTTP endpoint cneck:
3. Set Restart Policy: - Ensure that the restart policy for the pod is set to 'Always' (the default) to automatically restart the pod upon failure detected by the liveness probe. 4. Implement Health Check Endpoints: - Implement the health check endpoints within your application (e.g., ' Ihealth' for the liveness probe, a simple TCP connection for the readiness probe) to allow probes to assess the nealth of the application and its dependencies. 5. Verify and Monitor: - Deploy the updated Deployment and simulate network failures or other transient issues. - Monitor the pods' health and observe that they are automatically restarted and marked as not ready when necessary, ensuring continued application availability despite temporary disruptions.
NEW QUESTION # 78 
Task
A Deployment named backend-deployment in namespace staging runs a web application on port 8081.
Answer:
Explanation:
See the solution below.
Explanation:
Solution:


NEW QUESTION # 79
You have a Kustomization file that applies a patch to the 'spec-template-spec-containers-image' field of a Deployment However, you are now using a newer version of Kubernetes and have received warnings about the deprecated 'spec.template.spec' path. How can you update the Kustomization file to use the recommended API path, ensuring the patch still applies correctly?
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Identify the Deprecated Path: The original Kustomization file likely has a patch like this:
Where 'patch.yamr contains:
2. IJpdate the Patch Path: Replace the deprecated path with the recommended one: Vspec/template/spec.containers/0/image' -> /spec/template.container/0/images
3. Apply the IJpdated Kustomizatiom Re-apply the Kustomization file With the updated patch. 4. Verify the Patch: Verify that the updated Deployment now uses the new image by checking the 'spec-template.spec.contajners.image' field. This example demonstrates updating a Kustomization file to use the correct API path for a patch. It is important to regularly review Kustomization files and apply any necessary updates to avoid issues with API deprecations and ensure compatibility with the latest Kubernetes versions.,
NEW QUESTION # 80
Refer to Exhibit.
Task:
Create a Pod named nginx resources in the existing pod resources namespace.
Specify a single container using nginx:stable image.
Specify a resource request of 300m cpus and 1G1 of memory for the Pod's container.
Answer:
Explanation:
Solution:



NEW QUESTION # 81
You have a Deployment running a microservice that is responsible for processing user data To ensure the security of this data, you need to implement a NetworkPolicy that restricts network traffic to and from the microservice's pods.
Answer:
Explanation:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a NetworkP01icy:
- Create a NetworkPolicy YAML file to define the traffic rules:
2. Apply the NetworkPolicy: - Apply tne NetworkPoliCY configuration to your Kubernetes cluster: basn kubectl apply -f restrict-microservice-traffic_yaml 3. Test the NetworkPoIicy: - Create a pod in a different namespace or on a different node. - Attempt to connect to the microservice pod from the new pod. - Verity that the connection is blocked as per the defined NetworkPolicy rules.
NEW QUESTION # 82
......
Certification Path for CNCF Certified Kubernetes Application Developer
The CNCF Certified Kubernetes Application Developer certification is made up of two parts. The first part covers the fundamentals of the Kubernetes platform, while the second part covers the specifics of working with containers and extensions to Kubernetes. The Kubernetes courses below are taught by experts who have worked with the industry's leading companies, including Google, IBM, Intel, and Microsoft.
Linux Foundation CKAD Study Guide Archives : https://www.trainingdumps.com/CKAD_exam-valid-dumps.html
Pass CKAD Exam Latest Practice Questions: https://drive.google.com/open?id=1-dPQDrPHPdNJAnHjhZnWsqffpn_6Tsz4

