CKAD Sample Practice Questions¶
Disclaimer: These are sample practice questions created for study purposes only. They are NOT actual exam questions and are designed to help you test your understanding of CKAD concepts. Real exam questions may differ in format and content.
Practice Resources¶
Before attempting these questions, we highly recommend practicing on:
- Killercoda CKAD Scenarios ⭐ Free hands-on practice environments
- killer.sh CKAD Simulator - Included with exam registration
Instructions¶
- The CKAD exam is performance-based (hands-on), not multiple choice
- Practice these scenarios in a real Kubernetes cluster
- Time yourself - aim for efficiency
- Use imperative commands when possible to save time
Section 1: Application Design and Build (20%)¶
Question 1.1 - Create a Job¶
Create a Job named pi-calculator that: - Uses the image perl:5.34 - Runs the command perl -Mbignum=bpi -wle 'print bpi(2000)' - Completes 3 times successfully - Runs 2 pods in parallel - Has a backoff limit of 4
Show Solution
# Generate base YAML
kubectl create job pi-calculator --image=perl:5.34 --dry-run=client -o yaml -- perl -Mbignum=bpi -wle 'print bpi(2000)' > job.yaml
# Edit to add completions, parallelism, backoffLimit
Question 1.2 - Create a CronJob¶
Create a CronJob named backup-job that: - Runs every day at 2:30 AM - Uses image busybox:1.36 - Runs command echo "Backup completed at $(date)" - Keeps 3 successful job history - Keeps 1 failed job history
Show Solution
kubectl create cronjob backup-job --image=busybox:1.36 --schedule="30 2 * * *" -- /bin/sh -c 'echo "Backup completed at $(date)"'
# Or with YAML for history limits:
apiVersion: batch/v1
kind: CronJob
metadata:
name: backup-job
spec:
schedule: "30 2 * * *"
successfulJobsHistoryLimit: 3
failedJobsHistoryLimit: 1
jobTemplate:
spec:
template:
spec:
containers:
- name: backup
image: busybox:1.36
command: ["/bin/sh", "-c", "echo \"Backup completed at $(date)\""]
restartPolicy: OnFailure
Question 1.3 - Multi-Container Pod¶
Create a Pod named app-with-sidecar with: - Main container: nginx:1.21 named main-app - Sidecar container: busybox:1.36 named log-agent that runs tail -f /var/log/nginx/access.log - Both containers share a volume mounted at /var/log/nginx
Show Solution
apiVersion: v1
kind: Pod
metadata:
name: app-with-sidecar
spec:
containers:
- name: main-app
image: nginx:1.21
volumeMounts:
- name: logs
mountPath: /var/log/nginx
- name: log-agent
image: busybox:1.36
command: ["tail", "-f", "/var/log/nginx/access.log"]
volumeMounts:
- name: logs
mountPath: /var/log/nginx
volumes:
- name: logs
emptyDir: {}
Section 2: Application Deployment (20%)¶
Question 2.1 - Create and Scale Deployment¶
- Create a Deployment named
web-appwith imagenginx:1.21and 3 replicas - Update the image to
nginx:1.22 - Check the rollout status
- Rollback to the previous version
Show Solution
# Create deployment
kubectl create deployment web-app --image=nginx:1.21 --replicas=3
# Update image
kubectl set image deployment/web-app nginx=nginx:1.22
# Check rollout status
kubectl rollout status deployment/web-app
# View history
kubectl rollout history deployment/web-app
# Rollback
kubectl rollout undo deployment/web-app
Question 2.2 - Deployment Strategy¶
Create a Deployment named rolling-app with: - Image: nginx:1.21 - 4 replicas - Rolling update strategy with maxSurge=1 and maxUnavailable=1
Show Solution
Question 2.3 - Helm Operations¶
- Add the bitnami repository
- Search for nginx chart
- Install nginx chart with release name
my-nginx - List all releases
- Uninstall the release
Show Solution
Section 3: Application Observability and Maintenance (15%)¶
Question 3.1 - Configure Probes¶
Create a Pod named health-check-pod with: - Image: nginx:1.21 - Liveness probe: HTTP GET on path / port 80, initial delay 10s, period 5s - Readiness probe: HTTP GET on path / port 80, initial delay 5s, period 3s
Show Solution
Question 3.2 - Debugging¶
A Pod named broken-pod is not running correctly. Debug and fix it.
apiVersion: v1
kind: Pod
metadata:
name: broken-pod
spec:
containers:
- name: app
image: nginx:latest
command: ["nginx", "-g", "daemon off;"]
resources:
limits:
memory: "10Mi"
Show Solution
Question 3.3 - View Logs¶
- View logs of pod
nginxin namespaceweb - View logs of the previous container instance
- Follow logs in real-time
- View last 50 lines
Show Solution
Section 4: Application Environment, Configuration and Security (25%)¶
Question 4.1 - ConfigMap and Secret¶
- Create a ConfigMap named
app-configwith: APP_ENV=production-
LOG_LEVEL=info -
Create a Secret named
db-secretwith: DB_USER=admin-
DB_PASS=secret123 -
Create a Pod that uses both as environment variables
Show Solution
Question 4.2 - Security Context¶
Create a Pod named secure-pod that: - Runs as user ID 1000 - Runs as group ID 3000 - Has a read-only root filesystem - Cannot escalate privileges
Show Solution
Question 4.3 - Resource Limits¶
Create a Pod named resource-pod with: - Image: nginx:1.21 - CPU request: 100m, limit: 200m - Memory request: 64Mi, limit: 128Mi
Show Solution
Section 5: Services and Networking (20%)¶
Question 5.1 - Create Services¶
- Create a Deployment named
webwith imagenginx:1.21and 3 replicas - Expose it as a ClusterIP Service on port 80
- Expose it as a NodePort Service on port 30080
Show Solution
# Create deployment
kubectl create deployment web --image=nginx:1.21 --replicas=3
# ClusterIP service
kubectl expose deployment web --port=80 --target-port=80 --name=web-clusterip
# NodePort service
kubectl expose deployment web --port=80 --target-port=80 --type=NodePort --name=web-nodeport
# Or specify nodePort:
kubectl create service nodeport web-nodeport --tcp=80:80 --node-port=30080
Question 5.2 - Network Policy¶
Create a NetworkPolicy named api-policy in namespace default that: - Applies to pods with label app=api - Allows ingress only from pods with label app=frontend - Allows ingress only on port 8080
Show Solution
Question 5.3 - Ingress¶
Create an Ingress named web-ingress that: - Routes app.example.com/api to service api-service port 80 - Routes app.example.com/web to service web-service port 80 - Uses ingress class nginx
Show Solution
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: web-ingress
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: app.example.com
http:
paths:
- path: /api
pathType: Prefix
backend:
service:
name: api-service
port:
number: 80
- path: /web
pathType: Prefix
backend:
service:
name: web-service
port:
number: 80
Exam Tips¶
- Use aliases:
alias k=kubectl - Enable auto-completion:
source <(kubectl completion bash) - Use
--dry-run=client -o yamlto generate YAML templates - Bookmark important docs before the exam
- Practice on Killercoda for free hands-on scenarios
- Time management: Don't spend too long on any single question
- Use imperative commands when possible to save time
Additional Practice¶
- Killercoda CKAD Scenarios - Free interactive scenarios
- killer.sh - Exam simulator (included with registration)
- Kubernetes Documentation - Allowed during exam