Below is an exam-style, step-by-step solution (commands + verification). Follow exactly on host ckad000.
0) Connect to the right host
ssh ckad000
(Optional but good sanity check)
kubectl config current-context
kubectl get ns
1) Inspect the existing Deployment (to know its labels/ports)
kubectl -n prod get deploy nginx-deployment
kubectl -n prod get deploy nginx-deployment -o wide
Check what labels the Pod template already has (important for the Service selector):
kubectl -n prod get deploy nginx-deployment -o jsonpath='{.spec.template.metadata.labels}{"\n"}'
Check container ports (so we expose the correct targetPort):
kubectl -n prod get deploy nginx-deployment -o jsonpath='{.spec.template.spec.containers[0].ports}{"\n"}'
If ports output is empty, it’s still often nginx on 80, but the safest is to confirm by describing a pod later.
2) Update Deployment to 2 replicas
Fastest:
kubectl -n prod scale deploy nginx-deployment --replicas=2
Verify:
kubectl -n prod get deploy nginx-deployment
3) Add label role=webFrontEnd to the Pod (Pod template label)
You must add it under:
spec.template.metadata.labels
Use a patch (quick + safe):
kubectl -n prod patch deploy nginx-deployment \
-p '{"spec":{"template":{"metadata":{"labels":{"role":"webFrontEnd"}}}}}'
Verify the Deployment template now includes it:
kubectl -n prod get deploy nginx-deployment -o jsonpath='{.spec.template.metadata.labels}{"\n"}'
Now verify the running Pods have the label (important!):
kubectl -n prod get pods --show-labels
If the label doesn’t show on pods immediately, wait for rollout:
kubectl -n prod rollout status deploy nginx-deployment
kubectl -n prod get pods --show-labels
4) Create a NodePort Service rover exposing the Deployment’s Pods
4.1 Get a reliable target port
Try to read containerPort:
kubectl -n prod get deploy nginx-deployment -o jsonpath='{.spec.template.spec.containers[0].ports[0].containerPort}{"\n"}'
If this prints a number (commonly 80), use it as --target-port.
If it prints nothing/empty, check a pod:
POD=$(kubectl -n prod get pod -l role=webFrontEnd -o jsonpath='{.items[0].metadata.name}')
kubectl -n prod describe pod "$POD" | sed -n '/Containers:/,/Conditions:/p' | sed -n '/Ports:/,/Environment:/p'
Assuming nginx is on 80 (most common), create the service:
kubectl -n prod expose deploy nginx-deployment \
--name=rover \
--type=NodePort \
--port=80 \
--target-port=80
If your nginx container port is different (e.g., 8080), change --target-port=8080 accordingly.
5) Verify Service + endpoints (critical)
kubectl -n prod get svc rover -o wide
kubectl -n prod describe svc rover
kubectl -n prod get endpoints rover -o wide
You should see 2 endpoints (matching 2 pods).
Also confirm the pods are Ready:
kubectl -n prod get pods -l role=webFrontEnd -o wide
Quick “CKAD checkpoints”
Deployment in prod has replicas=2
Pod template has label role=webFrontEnd
Service rover in prod is NodePort
Service endpoints point to the nginx pods
Submit