GLOBAL RULES
- Do NOT use
kubectl edit - Do NOT recreate resources unless asked
- Fix issues using kubectl patch / set / scale / rollout
- Namespace must be used
- Treat this like a real CKA exam
๐ข BASELINE (RUN ON EVERY MACHINE)
Step 0 โ Start cluster
minikube start --driver=docker
Step 1 โ Namespace
kubectl create namespace cka-lab
kubectl config set-context --current --namespace=cka-lab
Step 2 โ Apply BASE WORKLOAD (DO NOT MODIFY)
kubectl apply -f - <<EOF
apiVersion: apps/v1
kind: Deployment
metadata:
name: web-app
spec:
replicas: 4
selector:
matchLabels:
app: web
template:
metadata:
labels:
app: web
spec:
containers:
- name: nginx
image: nginx:1.25
ports:
- containerPort: 80
EOF
Step 3 โ Apply BASE SERVICE (DO NOT MODIFY)
kubectl apply -f - <<EOF
apiVersion: v1
kind: Service
metadata:
name: web-svc
spec:
selector:
app: web
ports:
- port: 80
targetPort: 80
type: ClusterIP
EOF
Step 4 โ Traffic test pod (keep running)
kubectl run traffic --image=busybox -it --rm -- sh
Inside:
while true; do
wget -qO- web-svc
echo "-----"
sleep 1
done
๐งช TASK 1 โ ROLLING UPDATE MISCONFIGURATION
PROBLEM SETUP
kubectl patch deployment web-app -p '
{
"spec": {
"strategy": {
"type": "RollingUpdate",
"rollingUpdate": {
"maxUnavailable": 4,
"maxSurge": 0
}
}
}
}'
TASK
- Fix the deployment strategy
- Ensure no downtime during image updates
SUCCESS CRITERIA
- Traffic loop never stops
- At least one pod always available
๐งช TASK 2 โ BROKEN IMAGE DEPLOYMENT
PROBLEM SETUP
kubectl set image deployment/web-app nginx=nginx:doesnotexist
TASK
- Restore the deployment to a healthy state
- Do NOT delete the deployment
SUCCESS CRITERIA
- All pods Running
- No CrashLoopBackOff
- Traffic loop stable
๐งช TASK 3 โ MISSING READINESS PROBE
PROBLEM SETUP
kubectl patch deployment web-app --type=json -p='[
{
"op": "remove",
"path": "/spec/template/spec/containers/0/readinessProbe"
}
]'
TASK
- Ensure traffic is only sent to ready pods
- Do NOT restart the cluster
SUCCESS CRITERIA
- During rollout, traffic never hits unready pods
๐งช TASK 4 โ SERVICE TRAFFIC FAILURE
PROBLEM SETUP
kubectl patch svc web-svc -p '
{
"spec": {
"selector": {
"app": "wrong"
}
}
}'
TASK
- Restore service traffic
- Do NOT recreate the service
SUCCESS CRITERIA
-
Endpointspopulated - Traffic loop resumes
๐งช TASK 5 โ CANARY DEPLOYMENT (TRAFFIC LEAK)
PROBLEM SETUP
kubectl create deployment web-app-canary --image=nginx:1.27 --replicas=1
kubectl label deployment web-app-canary track=canary
TASK
- Canary must receive traffic
- Stable workload must remain untouched
SUCCESS CRITERIA
- Service routes traffic to both versions
- No service recreation
๐งช TASK 6 โ CANARY ROLLBACK
PROBLEM SETUP
(canary from previous task is faulty)
TASK
- Remove canary from traffic immediately
- Stable version must continue serving traffic
SUCCESS CRITERIA
- Traffic uninterrupted
- Only stable pods receive traffic
๐งช TASK 7 โ PAUSED ROLLOUT INCIDENT
PROBLEM SETUP
kubectl rollout pause deployment web-app
kubectl set image deployment/web-app nginx=nginx:1.26
TASK
- Identify why rollout is stuck
- Complete the deployment
SUCCESS CRITERIA
- New image fully deployed
- Deployment not paused
๐งช TASK 8 โ NODEPORT ACCESS FAILURE
PROBLEM SETUP
kubectl patch svc web-svc -p '
{
"spec": {
"type": "NodePort"
}
}'
Traffic still unreachable.
TASK
- Make application reachable from browser
- Do NOT recreate Service or Deployment
SUCCESS CRITERIA
- Browser access works
- NodePort correctly assigned
๐งช TASK 9 โ SCALING INCIDENT
PROBLEM SETUP
kubectl scale deployment web-app --replicas=0
TASK
- Restore service availability
- Do NOT recreate pods manually
SUCCESS CRITERIA
- Pods running
- Traffic restored
๐งช TASK 10 โ FINAL CLEANUP
TASK
- Remove all resources created in this lab
- Namespace must be empty
SUCCESS CRITERIA
kubectl get all
โ No resources found
Top comments (0)