π
Topic Coverage:
Environment:
LAB 0 β Environment Check (MANDATORY)
minikube start
kubectl get nodes
Expected:
STATUS: Ready
π§ͺ LAB 1 β STARTUP PROBE (CrashLoopBackOff ISSUE)
π― Goal
Understand why slow apps restart endlessly and how startup probe fixes it.
Step 1 β Deploy a slow application (BROKEN)
# lab1-broken.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: slow-app
spec:
replicas: 1
selector:
matchLabels:
app: slow
template:
metadata:
labels:
app: slow
spec:
containers:
- name: app
image: busybox
command: ["sh", "-c"]
args:
- sleep 30; echo STARTED; sleep 3600
livenessProbe:
exec:
command: ["sh", "-c", "echo ok"]
initialDelaySeconds: 5
periodSeconds: 5
Apply:
kubectl apply -f lab1-broken.yaml
kubectl get pods
β What breaks
Check:
kubectl describe pod
Step 2 β FIX using startup probe
# lab1-fixed.yaml
startupProbe:
exec:
command: ["sh", "-c", "echo ok"]
failureThreshold: 40
periodSeconds: 1
Add this under the container spec.
Apply:
kubectl apply -f lab1-fixed.yaml
kubectl get pods
β Expected Result
π‘ CKA LESSON
π§ͺ LAB 2 β READINESS PROBE (TRAFFIC ISSUE)
π― Goal
Stop traffic to unhealthy pods without restarting them
Step 1 β Deploy app WITHOUT readiness
# lab2-broken.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ready-app
spec:
replicas: 1
selector:
matchLabels:
app: ready
template:
metadata:
labels:
app: ready
spec:
containers:
- name: app
image: hashicorp/http-echo:0.2.3
args:
- "-listen=:8080"
- "-text=HELLO"
ports:
- containerPort: 8080
Service:
apiVersion: v1
kind: Service
metadata:
name: ready-svc
spec:
selector:
app: ready
ports:
- port: 80
targetPort: 8080
Apply:
kubectl apply -f lab2-broken.yaml
kubectl apply -f service.yaml
β What breaks
Check:
kubectl get endpoints ready-svc
Step 2 β FIX using readiness probe
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
Apply fix.
β Expected Result
π‘ CKA LESSON
π§ͺ LAB 3 β LIVENESS PROBE (HUNG APP)
π― Goal
Restart stuck containers automatically
Step 1 β Deploy app WITHOUT liveness
# lab3-broken.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hang-app
spec:
replicas: 1
selector:
matchLabels:
app: hang
template:
metadata:
labels:
app: hang
spec:
containers:
- name: app
image: nginx
Apply:
kubectl apply -f lab3-broken.yaml
β Simulate hang
kubectl exec -it pod-name -- kill 1
kubectl get pods
Result:
Step 2 β FIX using liveness probe
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 5
Apply fix.
β Expected Result
π‘ CKA LESSON
π§ͺ LAB 4 β CONFIGMAP (CONFIG NOT APPLIED ISSUE)
π― Goal
Understand why config changes donβt apply automatically
Step 1 β Create ConfigMap
kubectl create configmap app-config \
--from-literal=APP_COLOR=blue
Step 2 β Inject via env (BROKEN EXPECTATION)
env:
- name: APP_COLOR
valueFrom:
configMapKeyRef:
name: app-config
key: APP_COLOR
Apply deployment.
β What breaks
kubectl edit configmap app-config
Change value β app does NOT change.
Step 3 β FIX
kubectl rollout restart deployment app
π‘ CKA LESSON
π§ͺ LAB 5 β CONFIGMAP AS FILE (RELOAD CONFUSION)
π― Goal
Understand mounted config behavior
Step 1 β Mount ConfigMap
volumes:
- name: config
configMap:
name: app-config
volumeMounts:
- name: config
mountPath: /etc/config
Step 2 β Update ConfigMap
kubectl edit configmap app-config
β Observation
π‘ CKA LESSON
π§ͺ LAB 6 β SECRETS (SECURITY TRAP)
π― Goal
Handle secrets correctly
Step 1 β Create Secret
kubectl create secret generic db-secret \
--from-literal=DB_PASS=secret123
Step 2 β Inject as env
env:
- name: DB_PASS
valueFrom:
secretKeyRef:
name: db-secret
key: DB_PASS
β Common mistake
kubectl describe pod
Secrets visible in plain text.
π‘ CKA LESSON
β FINAL CHECKLIST
β Startup vs readiness vs liveness
β ConfigMap injection methods
β Why config updates fail
β Secret handling risks
β Rollout restarts
β Debug using describe, logs, exec
More...
Topic Coverage:
- Startup / Readiness / Liveness Probes
- ConfigMaps
- Secrets
- Configuration mistakes & fixes
Environment:
- Minikube
- kubectl
- Local machine (Mac / Linux / Windows)
LAB 0 β Environment Check (MANDATORY)
minikube start
kubectl get nodes
Expected:
STATUS: Ready
π§ͺ LAB 1 β STARTUP PROBE (CrashLoopBackOff ISSUE)
π― Goal
Understand why slow apps restart endlessly and how startup probe fixes it.
Step 1 β Deploy a slow application (BROKEN)
# lab1-broken.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: slow-app
spec:
replicas: 1
selector:
matchLabels:
app: slow
template:
metadata:
labels:
app: slow
spec:
containers:
- name: app
image: busybox
command: ["sh", "-c"]
args:
- sleep 30; echo STARTED; sleep 3600
livenessProbe:
exec:
command: ["sh", "-c", "echo ok"]
initialDelaySeconds: 5
periodSeconds: 5
Apply:
kubectl apply -f lab1-broken.yaml
kubectl get pods
β What breaks
- Pod enters CrashLoopBackOff
- Liveness probe runs before app finishes startup
Check:
kubectl describe pod
Step 2 β FIX using startup probe
# lab1-fixed.yaml
startupProbe:
exec:
command: ["sh", "-c", "echo ok"]
failureThreshold: 40
periodSeconds: 1
Add this under the container spec.
Apply:
kubectl apply -f lab1-fixed.yaml
kubectl get pods
β Expected Result
- Pod starts successfully
- No restarts
π‘ CKA LESSON
- Startup probe blocks liveness
- Mandatory for slow apps (Java, DB, migrations)
π§ͺ LAB 2 β READINESS PROBE (TRAFFIC ISSUE)
π― Goal
Stop traffic to unhealthy pods without restarting them
Step 1 β Deploy app WITHOUT readiness
# lab2-broken.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: ready-app
spec:
replicas: 1
selector:
matchLabels:
app: ready
template:
metadata:
labels:
app: ready
spec:
containers:
- name: app
image: hashicorp/http-echo:0.2.3
args:
- "-listen=:8080"
- "-text=HELLO"
ports:
- containerPort: 8080
Service:
apiVersion: v1
kind: Service
metadata:
name: ready-svc
spec:
selector:
app: ready
ports:
- port: 80
targetPort: 8080
Apply:
kubectl apply -f lab2-broken.yaml
kubectl apply -f service.yaml
β What breaks
- Pod always receives traffic
- No way to stop traffic during issues
Check:
kubectl get endpoints ready-svc
Step 2 β FIX using readiness probe
readinessProbe:
tcpSocket:
port: 8080
initialDelaySeconds: 5
periodSeconds: 3
Apply fix.
β Expected Result
- When readiness fails β pod removed from endpoints
- Pod still Running
π‘ CKA LESSON
- Readiness controls traffic
- Required for zero downtime
π§ͺ LAB 3 β LIVENESS PROBE (HUNG APP)
π― Goal
Restart stuck containers automatically
Step 1 β Deploy app WITHOUT liveness
# lab3-broken.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: hang-app
spec:
replicas: 1
selector:
matchLabels:
app: hang
template:
metadata:
labels:
app: hang
spec:
containers:
- name: app
image: nginx
Apply:
kubectl apply -f lab3-broken.yaml
β Simulate hang
kubectl exec -it pod-name -- kill 1
kubectl get pods
Result:
- Pod stays Running
- App is dead
Step 2 β FIX using liveness probe
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 5
Apply fix.
β Expected Result
- Pod restarts automatically
π‘ CKA LESSON
- Liveness = self-healing
- Without it, Kubernetes does nothing
π§ͺ LAB 4 β CONFIGMAP (CONFIG NOT APPLIED ISSUE)
π― Goal
Understand why config changes donβt apply automatically
Step 1 β Create ConfigMap
kubectl create configmap app-config \
--from-literal=APP_COLOR=blue
Step 2 β Inject via env (BROKEN EXPECTATION)
env:
- name: APP_COLOR
valueFrom:
configMapKeyRef:
name: app-config
key: APP_COLOR
Apply deployment.
β What breaks
kubectl edit configmap app-config
Change value β app does NOT change.
Step 3 β FIX
kubectl rollout restart deployment app
π‘ CKA LESSON
- Env vars are immutable
- Restart required
π§ͺ LAB 5 β CONFIGMAP AS FILE (RELOAD CONFUSION)
π― Goal
Understand mounted config behavior
Step 1 β Mount ConfigMap
volumes:
- name: config
configMap:
name: app-config
volumeMounts:
- name: config
mountPath: /etc/config
Step 2 β Update ConfigMap
kubectl edit configmap app-config
β Observation
- File updates
- App behavior does NOT change
π‘ CKA LESSON
- Kubernetes updates file
- App must reload manually
π§ͺ LAB 6 β SECRETS (SECURITY TRAP)
π― Goal
Handle secrets correctly
Step 1 β Create Secret
kubectl create secret generic db-secret \
--from-literal=DB_PASS=secret123
Step 2 β Inject as env
env:
- name: DB_PASS
valueFrom:
secretKeyRef:
name: db-secret
key: DB_PASS
β Common mistake
kubectl describe pod
Secrets visible in plain text.
π‘ CKA LESSON
- Secrets are base64
- RBAC is mandatory
- Never commit secrets
β FINAL CHECKLIST
β Startup vs readiness vs liveness
β ConfigMap injection methods
β Why config updates fail
β Secret handling risks
β Rollout restarts
β Debug using describe, logs, exec
More...