KubeQuest

Appearance

Services – CKA Practice Questions

Detailed hands-on scenarios to master Kubernetes Services.

!!! note "Kind Cluster Testing Strategy" Since you are using kind, some service types behave differently:

*   **NodePort:** While you can't easily reach NodePorts from your host machine (laptop) without extra config, you **can** and **should** test them from **inside the cluster**. Use a temporary pod (`kubectl run test --image=busybox...`) to `wget` or `curl` the Node IP and NodePort. This mimics how you verify connectivity in the CKA exam environment.
*   **ClusterIP:** Fully functional. Test from other pods.
*   **External Traffic:** We simulate "external" endpoints using internal IPs allows you to practice the concepts without needing real external infrastructure.

Scenario 1: Core Service Fundamentals (ClusterIP & Verification)

!!! note "Objective" Combine creation, verification, and endpoint inspection into one complete workflow. Covers ClusterIP, Selectors, and Connectivity.

!!! tip "Task" 1. Setup: Create a Namespace named marketing. 2. Deploy: Create a Deployment named web-app using image nginx:alpine with 2 replicas in the marketing namespace. Add label app: web. 3. Expose: Expose this deployment internally using a ClusterIP Service named internal-web on port 80. 4. Verify Selectors: Check that kubectl get endpoints internal-web -n marketing shows 2 IPs (one for each pod). 5. Verify Connectivity (Kind/CKA way): * Launch a temporary pod: kubectl run test-con --rm -it --image=busybox -n marketing -- sh * Run wget -qO- internal-web:80 to confirm the service routes traffic.

Scenario 2: Service Exposure & Type Management (NodePort & Patching)

!!! note "Objective" Practice exposing applications via NodePort and managing service types dynamically. Covers NodePort creation and Switching Types.

!!! tip "Task" 1. Setup: Create a Namespace named public-access and a Deployment named front-door (nginx, 2 replicas). 2. Expose NodePort: Create a Service named global-entry of type NodePort. Manually specify/request NodePort 31050. 3. Verify (Kind way): * Get the IP of a cluster node: kubectl get nodes -o wide * From a test pod inside the cluster, access http://<Internal-Node-IP>:31050. 4. Modify Type: The requirements changed. Convert global-entry from NodePort to ClusterIP. 5. Cleanup: Ensure the nodePort field is completely removed/nullified in the final configuration.

Scenario 3: Advanced Port Configuration (Multi-Port & Protocols)

!!! note "Objective" Handle complex service definitions with multiple ports and protocols. Covers Named Ports and Multi-Protocol (TCP/UDP).

!!! tip "Task" 1. Setup: Create a Namespace services-test and a Deployment app-gateway (nginx, 2 replicas). 2. Configure Service: Create a Service multi-svc that exposes: * HTTP: Port 80 targeting container port 8080 (TCP). * Metrics: Port 9090 targeting container port 9090 (TCP). * Signaling: Port 53 targeting container port 5353 (UDP). 3. Requirement: Use Named Ports in your Service definition to map to the container ports (e.g., targetPort: http-port). 4. Verify: Describe the service to confirm all 3 ports are listed with correct protocols.

Scenario 4: Service Discovery & DNS

!!! note "Objective" Master logical service discovery across namespaces. Covers DNS Resolution and FQDN.

!!! tip "Task" 1. Setup: Create two Namespaces: alpha and beta. 2. Deploy: In alpha, deploy web (nginx) and expose it as alpha-svc (ClusterIP). 3. Discovery Test: * Launch a pod in beta. * Verify you can resolve the service using its Fully Qualified Domain Name (FQDN): nslookup alpha-svc.alpha.svc.cluster.local. * Verify you can access it via short-name across namespaces: alpha-svc.alpha.

Released under the MIT License.

Copyright © 2026 OpsAlchemy