🚨 Why the Mismatch?¶

This means that the ReplicaSet was updated at some point (image changed to busybox), but the old pods were not terminated, so they’re still running with busybox777.

In Kubernetes:

• A ReplicaSet does not update existing pods when its template is changed.
• It will only apply the new template to new pods (if old ones are deleted).

✅ How to Fix¶

To apply the updated image (busybox) to all pods:

Delete the old pods manually¶

kubectl delete pod -l name=busybox-pod

This will trigger the ReplicaSet to:

• Create new pods
• Using the latest template (with busybox)

Lab 2¶

logger-deployment.yaml¶

apiVersion: apps/v1 kind: Deployment metadata: name: logging-deployment namespace: logging-ns spec: replicas: 1 selector: matchLabels: app: logger template: metadata: labels: app: logger spec: volumes: - name: logger emptyDir: {} initContainers: - name: log-agent image: busybox command: - sh - -c - | touch /var/log/app/app.log tail -f /var/log/app/app.log restartPolicy: Always volumeMounts: - name: logger mountPath: /var/log/app containers: - name: app-container image: busybox command: - sh - -c - | mkdir -p /var/log/app while true; do echo "Log entry" >> /var/log/app/app.log sleep 5 done volumeMounts: - name: logger mountPath: /var/log/app

webapp-ingress.yaml¶

apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: webapp-ingress namespace: ingress-ns annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - host: kodekloud-ingress.app http: paths: - path: / pathType: Prefix backend: service: name: webapp-svc port: number: 80

apiVersion: certificates.k8s.io/v1 kind: CertificateSigningRequest metadata: name: john-developer spec: signerName: kubernetes.io/kube-apiserver-client request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZEQ0NBVHdDQVFBd0R6RU5NQXNHQTFVRUF3d0VhbTlvYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUt2Um1tQ0h2ZjBrTHNldlF3aWVKSzcrVVdRck04ZGtkdzkyYUJTdG1uUVNhMGFPCjV3c3cwbVZyNkNjcEJFRmVreHk5NUVydkgyTHhqQTNiSHVsTVVub2ZkUU9rbjYra1NNY2o3TzdWYlBld2k2OEIKa3JoM2prRFNuZGFvV1NPWXBKOFg1WUZ5c2ZvNUpxby82YU92czFGcEc3bm5SMG1JYWpySTlNVVFEdTVncGw4bgpjakY0TG4vQ3NEb3o3QXNadEgwcVpwc0dXYVpURTBKOWNrQmswZWhiV2tMeDJUK3pEYzlmaDVIMjZsSE4zbHM4CktiSlRuSnY3WDFsNndCeTN5WUFUSXRNclpUR28wZ2c1QS9uREZ4SXdHcXNlMTdLZDRaa1k3RDJIZ3R4UytkMEMKMTNBeHNVdzQyWVZ6ZzhkYXJzVGRMZzcxQ2NaanRxdS9YSmlyQmxVQ0F3RUFBYUFBTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQ1VKTnNMelBKczB2czlGTTVpUzJ0akMyaVYvdXptcmwxTGNUTStsbXpSODNsS09uL0NoMTZlClNLNHplRlFtbGF0c0hCOGZBU2ZhQnRaOUJ2UnVlMUZnbHk1b2VuTk5LaW9FMnc3TUx1a0oyODBWRWFxUjN2SSsKNzRiNnduNkhYclJsYVhaM25VMTFQVTlsT3RBSGxQeDNYVWpCVk5QaGhlUlBmR3p3TTRselZuQW5mNm96bEtxSgpvT3RORStlZ2FYWDdvc3BvZmdWZWVqc25Yd0RjZ05pSFFTbDgzSkljUCtjOVBHMDJtNyt0NmpJU3VoRllTVjZtCmlqblNucHBKZWhFUGxPMkFNcmJzU0VpaFB1N294Wm9iZDFtdWF4bWtVa0NoSzZLeGV0RjVEdWhRMi80NEMvSDIKOWk1bnpMMlRST3RndGRJZjAveUF5N05COHlOY3FPR0QKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg== usages: - digital signature - key encipherment - client auth

kubectl run nginx-resolver --image=nginx kubectl expose pod nginx-resolver --name=nginx-resolver-service --port=80 --target-port=80 --type=ClusterIP

kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup nginx-resolver-service kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup nginx-resolver-service > /root/CKA/nginx.svc

kubectl get pod nginx-resolver -o wide kubectl run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup > /root/CKA/nginx.pod

apiVersion: autoscaling/v2 kind: HorizontalPodAutoscaler metadata: name: backend-hpa namespace: backend spec: scaleTargetRef: apiVersion: apps/v1 kind: Deployment name: backend-deployment minReplicas: 3 maxReplicas: 15 metrics: - type: Resource resource: name: memory target: type: Utilization averageUtilization: 65

web-gateway.yaml¶

apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: web-gateway namespace: cka5673 spec: gatewayClassName: kodekloud listeners: - name: https protocol: HTTPS port: 443 hostname: kodekloud.com tls: certificateRefs: - name: kodekloud-tls

helm ls -A kubectl get deploy -n -o json | jq -r '.spec.template.spec.containers[].image' helm uninstall -n

cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf net.ipv4.ip_forward = 1 net.bridge.bridge-nf-call-iptables = 1 EOF

Apply sysctl params without reboot¶

sudo sysctl --system