KubeQuest

Appearance

Deployments & Workloads Practice Questions

DaemonSets

Question 1: Basic DaemonSet

Objective: Create a DaemonSet that runs on all worker nodes.

Requirements:

  • Namespace: logging
  • Name: fluentd
  • Image: fluentd:v1.16
  • Mount /var/log from host to /var/log in container
  • Resource requests: CPU 100m, Memory 200Mi

Verify:

bash
kubectl get ds fluentd -n logging
kubectl get pods -n logging -o wide

Question 2: DaemonSet with Node Selector

Objective: Run DaemonSet only on nodes with specific label.

Requirements:

  • Namespace: monitoring
  • Name: node-exporter
  • Image: prom/node-exporter:latest
  • Run only on nodes labeled monitoring=enabled

Verify:

bash
kubectl get ds -n monitoring
kubectl get pods -n monitoring -o wide

Question 3: DaemonSet on All Nodes (Including Control Plane)

Objective: Run DaemonSet on ALL nodes including control plane.

Requirements:

  • Namespace: system
  • Name: log-collector
  • Image: busybox:1.36
  • Command: sh -c "tail -f /var/log/syslog"
  • Add tolerations for control plane taints

Verify:

bash
kubectl get pods -n system -o wide
# Should see pod on control plane node

Probes

Question 4: Liveness Probe

Objective: Add liveness probe to detect stuck container.

Requirements:

  • Name: web-app
  • Image: nginx
  • Liveness probe: HTTP GET on /healthz port 80
  • Initial delay: 10s, Period: 5s

Verify:

bash
kubectl describe pod web-app | grep -A5 "Liveness"

Question 5: Readiness Probe

Objective: Add readiness probe so pod only receives traffic when ready.

Requirements:

  • Name: api-server
  • Image: nginx
  • Readiness probe: TCP socket on port 80
  • Initial delay: 5s, Period: 10s

Verify:

bash
kubectl describe pod api-server | grep -A5 "Readiness"

Question 6: Startup Probe

Objective: Add startup probe for slow-starting application.

Requirements:

  • Name: slow-app
  • Image: busybox:1.36
  • Command: sh -c "sleep 30 && nc -lk -p 8080"
  • Startup probe: TCP socket on port 8080
  • Failure threshold: 30, Period: 10s

Verify:

bash
kubectl describe pod slow-app | grep -A5 "Startup"

Init Containers

Question 7: Wait for Service

Objective: Use init container to wait for a service before starting main container.

Requirements:

  • Name: app-with-init
  • Init container: busybox, wait for db-svc DNS resolution
  • Main container: nginx

Verify:

bash
kubectl get pod app-with-init
kubectl logs app-with-init -c init-wait

Question 8: Init Container with Shared Volume

Objective: Use init container to prepare data for main container.

Requirements:

  • Name: prepared-app
  • Init container: busybox, write "initialized" to /data/status
  • Main container: nginx, mount same volume to /usr/share/nginx/html
  • Use emptyDir volume

Verify:

bash
kubectl exec prepared-app -- cat /usr/share/nginx/html/status

Resources & QoS

Question 9: Guaranteed QoS Pod

Objective: Create a pod with Guaranteed QoS class.

Requirements:

  • Name: guaranteed-pod
  • Image: nginx
  • Requests AND Limits: CPU 100m, Memory 128Mi (must be equal)

Verify:

bash
kubectl get pod guaranteed-pod -o jsonpath='{.status.qosClass}'
# Should output: Guaranteed

Question 10: Burstable QoS Pod

Objective: Create a pod with Burstable QoS class.

Requirements:

  • Name: burstable-pod
  • Image: nginx
  • Requests: CPU 100m, Memory 128Mi
  • Limits: CPU 500m, Memory 512Mi

Verify:

bash
kubectl get pod burstable-pod -o jsonpath='{.status.qosClass}'
# Should output: Burstable

Security Context

Question 11: Run as Non-Root

Objective: Create pod that runs as non-root user.

Requirements:

  • Name: secure-pod
  • Image: busybox
  • Command: sh -c "id && sleep 3600"
  • Run as user 1000, group 3000
  • Prevent privilege escalation

Verify:

bash
kubectl exec secure-pod -- id
# Should show uid=1000 gid=3000

Question 12: Read-Only Root Filesystem

Objective: Create pod with read-only root filesystem.

Requirements:

  • Name: readonly-pod
  • Image: nginx
  • Read-only root filesystem
  • Mount emptyDir to /tmp and /var/cache/nginx for writable directories

Verify:

bash
kubectl exec readonly-pod -- touch /test
# Should fail with "Read-only file system"

Downward API

Question 13: Pod Info as Environment Variables

Objective: Expose pod metadata as environment variables.

Requirements:

  • Name: downward-env
  • Image: busybox
  • Command: sh -c "printenv && sleep 3600"
  • Env vars: POD_NAME, POD_NAMESPACE, POD_IP, NODE_NAME

Verify:

bash
kubectl exec downward-env -- printenv | grep POD

Question 14: Pod Info as Volume Files

Objective: Mount pod labels and annotations as files.

Requirements:

  • Name: downward-volume
  • Labels: app=demo, tier=frontend
  • Mount labels to /etc/podinfo/labels
  • Mount annotations to /etc/podinfo/annotations

Verify:

bash
kubectl exec downward-volume -- cat /etc/podinfo/labels

Deployments

Question 15: Create Deployment with Rolling Update

Objective: Create deployment with specific rolling update strategy.

Requirements:

  • Namespace: web
  • Name: frontend
  • Image: nginx:1.20
  • Replicas: 4
  • Strategy: RollingUpdate, maxSurge=1, maxUnavailable=0

Verify:

bash
kubectl describe deployment frontend -n web | grep -A5 "Strategy"

Question 16: Update Image and Rollback

Objective: Update deployment image and rollback.

Requirements:

  • Update frontend deployment to nginx:1.21
  • Check rollout status
  • Rollback to previous version

Verify:

bash
kubectl rollout history deployment/frontend -n web
kubectl get deployment frontend -n web -o jsonpath='{.spec.template.spec.containers[0].image}'

Question 17: Scale Deployment

Objective: Scale deployment to different replica count.

Requirements:

  • Scale frontend deployment to 6 replicas
  • Then scale down to 2 replicas

Verify:

bash
kubectl get deployment frontend -n web

Pod Disruption Budget

Question 18: Create PDB

Objective: Create PDB to ensure minimum availability.

Requirements:

  • Name: web-pdb
  • Selector: app=frontend
  • Minimum available: 2

Verify:

bash
kubectl get pdb web-pdb
kubectl describe pdb web-pdb

Environment Variables

Question 19: Multiple Env Sources

Objective: Create pod with env vars from multiple sources.

Prerequisites:

bash
kubectl create configmap app-config --from-literal=APP_ENV=production
kubectl create secret generic db-creds --from-literal=password=secret123

Requirements:

  • Name: multi-env-pod
  • All keys from app-config as env vars
  • DB_PASSWORD from secret db-creds key password
  • Static env var: LOG_LEVEL=info

Verify:

bash
kubectl exec multi-env-pod -- printenv

Volumes

Question 20: Sidecar with Shared Volume

Objective: Create pod with two containers sharing an emptyDir volume.

Requirements:

  • Name: sidecar-pod
  • Container 1 (writer): busybox, write date to /logs/app.log every 5 seconds
  • Container 2 (reader): busybox, tail the log file
  • Shared emptyDir volume mounted to /logs

Verify:

bash
kubectl logs sidecar-pod -c reader

Solutions Reference

Question 1 Solution

yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: fluentd
  namespace: logging
spec:
  selector:
    matchLabels:
      app: fluentd
  template:
    metadata:
      labels:
        app: fluentd
    spec:
      containers:
      - name: fluentd
        image: fluentd:v1.16
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
        volumeMounts:
        - name: varlog
          mountPath: /var/log
      volumes:
      - name: varlog
        hostPath:
          path: /var/log

Question 3 Solution (Tolerations)

yaml
spec:
  tolerations:
  - key: node-role.kubernetes.io/control-plane
    effect: NoSchedule
  - key: node-role.kubernetes.io/master
    effect: NoSchedule

Question 9 Solution (Guaranteed QoS)

yaml
apiVersion: v1
kind: Pod
metadata:
  name: guaranteed-pod
spec:
  containers:
  - name: app
    image: nginx
    resources:
      requests:
        cpu: "100m"
        memory: "128Mi"
      limits:
        cpu: "100m"
        memory: "128Mi"

Question 11 Solution (Security Context)

yaml
apiVersion: v1
kind: Pod
metadata:
  name: secure-pod
spec:
  securityContext:
    runAsUser: 1000
    runAsGroup: 3000
  containers:
  - name: app
    image: busybox
    command: ["sh", "-c", "id && sleep 3600"]
    securityContext:
      allowPrivilegeEscalation: false

Question 13 Solution (Downward API)

yaml
apiVersion: v1
kind: Pod
metadata:
  name: downward-env
spec:
  containers:
  - name: app
    image: busybox
    command: ["sh", "-c", "printenv && sleep 3600"]
    env:
    - name: POD_NAME
      valueFrom:
        fieldRef:
          fieldPath: metadata.name
    - name: POD_NAMESPACE
      valueFrom:
        fieldRef:
          fieldPath: metadata.namespace
    - name: POD_IP
      valueFrom:
        fieldRef:
          fieldPath: status.podIP
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          fieldPath: spec.nodeName

Question 15 Solution (Deployment)

yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: frontend
  namespace: web
spec:
  replicas: 4
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 0
  selector:
    matchLabels:
      app: frontend
  template:
    metadata:
      labels:
        app: frontend
    spec:
      containers:
      - name: nginx
        image: nginx:1.20

Question 16 Solution (Rollout)

bash
kubectl set image deployment/frontend nginx=nginx:1.21 -n web
kubectl rollout status deployment/frontend -n web
kubectl rollout undo deployment/frontend -n web

Question 18 Solution (PDB)

yaml
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
  name: web-pdb
spec:
  minAvailable: 2
  selector:
    matchLabels:
      app: frontend

Released under the MIT License.

Copyright © 2026 OpsAlchemy