Deployments are the most commonly used workload in Kubernetes. There is a high chance that at least one question of your Certified Kubernetes Administrator (CKA) exam will require you to work with Deployment resources. This post outlines different kinds of tasks around the Kubernetes Deployment resource. You’ll learn to solve those tasks efficiently to perform well in your exam.
Prerequisites
- A Kubernetes cluster (I’m using a local minikube cluster)
- Kubectl installed and configured to access the Kubernetes cluster with administrator rights
- Run the following script to prepare your Kubernetes cluster for this exercise:
#!/bin/bash # Prepare for Q1: Create a Deployment kubectl create ns moon # Prepare for Q2: Scale a Deployment kubectl create ns mars kubectl create deploy mars-server -n mars --image nginx:1.25.1 --replicas 3 # Prepare for Q3: Set image of a Deployment kubectl create ns saturn kubectl create deploy saturn-server -n saturn --image nginx:1.24.0 --replicas 2 # Prepare for Q4: Mount secret in Deployment kubectl create ns uranus kubectl create secret generic db-user -n uranus --from-literal=user=testuser --from-literal=pass=1234 # Prepare for Q5: Environment configuration for a Deployment kubectl create ns sun kubectl create configmap app-config -n sun --from-literal=name=sun-server # Prepare for Q6: Rollout and Rollback a Deployment kubectl create ns earth kubectl create deploy earth-server -n earth --image nginx:1.25.1 --replicas 5
Create a Deployment
CKA Exam Task: Create a Deployment
Create a deployment with the name moon-server
in namespace moon
. The deployment should use the image nginx:1.25.1
and it should run 3
replicas.
Solution
The fastest way to create the deployment described in the task is to use kubectl create
. You can use the following command:
kubectl create deploy moon-server --replicas 3 --image nginx:1.25.1 -n moon
Verify the deployment was created successfully by looking at the pods created and their state:
kubectl get pods -n moon NAME READY STATUS RESTARTS AGE moon-server-dfdbd764f-l4gm7 1/1 Running 0 24s moon-server-dfdbd764f-rhkfb 1/1 Running 0 24s moon-server-dfdbd764f-vjgf6 1/1 Running 0 24s
Scale a Deployment
CKA Exam Task: Scale a Deployment
There is an existing deployment in the namespace mars
with the name mars-server
. Scale the deployment to run only 2 replicas.
Solution
The fastest way to scale deployments is to use the kubectl scale
command:
kubectl scale deploy -n mars mars-server --replicas 2
🤓: You can also use "kubectl edit deploy -n mars mars-server" and change the replicas field in the yaml. Using the scale command is more efficient and will save you some time in the exam.
Verify the deployment is only running 2 replicas:
kubectl get pods -n mars NAME READY STATUS RESTARTS AGE mars-server-668498fb9-7dgwt 1/1 Running 0 38s mars-server-668498fb9-jqsrj 1/1 Running 0 38s
Change image of a Deployment
CKA Exam Task: Change image of a Deployment
There is an existing deployment in the namespace saturn
with name saturn-server
running an outdated version of nginx
. Set the image for the container with name nginx
to nginx:1.25.1
. Make sure all Pods are running and use the new image.
Solution
The most efficient way to change the image of a deployment is to use the kubectl set image
command:
kubectl set image -n saturn deploy saturn-server nginx=nginx:1.25.1
🤓: Notice to run the set image command, you need the container's name in the deployments manifest. In this case, it is given in the task description. If no name is in the task description, it's faster to edit the deployment in place using "kubectl edit deploy -n saturn saturn-webser". You can also use "kubectl get deploy -o jsonpath={spec.template.spec.containers}" to get an overview of container names.z
Now verify that the pods were updated with the new image:
kubectl get pods -n saturn -o yaml | grep image: - image: nginx:1.25.1 image: nginx:1.25.1 - image: nginx:1.25.1 image: nginx:1.25.1
Mount secrets to a Deployment
CKA Exam Task: Mount secrets to a Deployment
Create a deployment in namespace uranus
named uranus-server
. The deployment should use image nginx:1.25.1
. Configure it to run 1 replica. There is an existing secret in namespace uranus
called db-user
. Mount this secret to the nginx container of the deployment using path /var/db-user
.
Solution
First, run the following command to create a boilerplate of the deployment yaml manifest.
kubectl create deploy uranus-server -n uranus -o yaml --dry-run=client --image nginx:1.25.1 > uranus-server.yaml
This will create the following Deployment manifest for you:
apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: uranus-server name: uranus-server namespace: uranus spec: replicas: 1 selector: matchLabels: app: uranus-server strategy: {} template: metadata: creationTimestamp: null labels: app: uranus-server spec: containers: - image: nginx:1.25.1 name: nginx resources: {} status: {}
Next, we modify the Deployment manifest to mount the secret as a volume:
... spec: containers: - image: nginx:1.25.1 name: nginx resources: {} volumeMounts: - mountPath: /var/db-user name: db-user volumes: - name: db-user secret: secretName: db-user
We first create a volume referencing the db-user
secret. Then we mount that volume to the nginx
container using the path /var/db-user
.
Now that we’ve configured the volume mount we can apply the deployment.
kubectl apply -f uranus-server
Verify that the Pod is running:
kubectl get pod -n uranus NAME READY STATUS RESTARTS AGE uranus-server-55ff47c8df-9bs8b 1/1 Running 0 4s
Check that the secret data is available as files in the file system of the Pod:
# you'll have to change the Pod ID in this command to match your actual Pod kubectl exec -n uranus uranus-server-55ff47c8df-9bs8b -- ls /var/db-user/ pass user kubectl exec -n uranus uranus-server-55ff47c8df-9bs8b -- cat /var/db-user/pass 1234 kubectl exec -n uranus uranus-server-55ff47c8df-9bs8b -- cat /var/db-user/user testuser
Environment Configuration for a Deployment
CKA Exam Task: Environment Configuration for a Deployment
Create a deployment in namespace sun
named sun-server
. The deployment should use image nginx:1.25.1
. Configure it to run 1
replica. There is an existing ConfigMap
in namespace sun
called app-config
. Use the name
in the data of that ConfigMap to populate the environment variable APP_NAME
in sun-server
Pods.
Solution
First, run the following command to create a boilerplate of the deployment yaml manifest:
kubectl create deploy sun-server -n sun -o yaml --dry-run=client --image nginx:1.25.1
This will generate the following Deployment manifest for you:
apiVersion: apps/v1 kind: Deployment metadata: creationTimestamp: null labels: app: sun-server name: sun-server namespace: sun spec: replicas: 1 selector: matchLabels: app: sun-server strategy: {} template: metadata: creationTimestamp: null labels: app: sun-server spec: containers: - image: nginx:1.25.1 name: nginx resources: {} status: {}
Next, edit the generated deployment file to use the app-config
ConfigMap:
... spec: containers: - image: nginx:1.25.1 name: nginx resources: {} env: - name: APP_NAME valueFrom: configMapKeyRef: key: name name: app-config
We set a new environment variable called APP_NAME
referencing the key name
of ConfigMap app-config
.
Now that we’ve done that change, we can create the deployment:
kubectl apply -f sun-server.yaml
Verify the Pod is running:
kubectl get pods -n sun sun-server-6b5c7fb87f-zd6bk NAME READY STATUS RESTARTS AGE sun-server-6b5c7fb87f-zd6bk 1/1 Running 0 17s
Check the environment variable was set correctly:
kubectl exec -n sun sun-server-6b5c7fb87f-zd6bk -- env | grep APP APP_NAME=sun-server
Rollout and rollback a Deployment
CKA Exam Task: Rollout and rollback a Deployment
There is an existing Deployment in namespace earth
called earth-server
. Change the image to nginx:1.25.3000
, monitor the rollout of that change. Store the output of the rollout status to /tmp/earth-status.txt
. The rollout should be stuck because the image does not exist.
Rollback the deployment. Make sure all replicas are running again using the old image. Write the rollout history to /tmp/earth-history.txt
.
Solution
First, we need to find the container name for the deployment:
kubectl get deploy -n earth earth-server -o jsonpath={.spec.template.spec.containers[*].name} nginx
Then, we can use the name to set the image:
kubectl set image deploy -n earth earth-server nginx=nginx:1.25.3000
After the change of the image, the rollout process begins. We can watch the status using the following command:
kubectl rollout status deploy -n earth earth-server -w=false # note we're using -w since by default the command would wait for the rollout to complete # Write the rollout status to the file kubectl rollout status deploy -n earth earth-server -w=false > /tmp/earth-status.txt
Next, we rollback the deployment to get to reset the image:
kubectl rollout undo deployment -n earth earth-server
Verify the 5 replicas are running and the deployment uses the expected image:
kubectl get pods -n earth NAME READY STATUS RESTARTS AGE earth-server-8495b7d9fb-5vmr2 1/1 Running 0 5s earth-server-8495b7d9fb-7n9tn 1/1 Running 0 3m40s earth-server-8495b7d9fb-q9n6n 1/1 Running 0 3m40s earth-server-8495b7d9fb-z2n7b 1/1 Running 0 3m40s earth-server-8495b7d9fb-zf2c8 1/1 Running 0 3m40s kubectl get deploy -n earth -o yaml | grep image: - image: nginx:1.25.1
Last, write the rollout history to the file as instructed in the task description:
kubectl rollout history deploy -n earth earth-server deployment.apps/earth-server REVISION CHANGE-CAUSE 2 <none> 3 <none> kubectl rollout history deploy -n earth earth-server > /tmp/earth-history.txt
Conclusion
In this posts, you learned how to solve 5 example CKA exam tasks for Kubernetes Deployment resources:
- Creating a Deployment
- Scaling a Deployment
- Changing the image of a Deployment
- Mount secret as files to Deployments
- Use Environment Configuration and ConfigMaps with Deployments
- Rollout and Rollback a Deployment
Don’t want to miss the next post in the Certified Kubernetes Administrator (CKA) series? Follow me on LinkedIn!
To support my efforts use my affiliate link to buy your courses and exams from the Linux Foundation.
Previous post in the CKA series: CKA Exam Task: Create Network Policy
Next post in the CKA series: CKA Exam Task: DaemonSet