Question 3 - Linux CKS Real Exam Questions [Jan 2026 Update]

Q: 3

Create a Pod name Nginx-pod inside the namespace testing, Create a service for the Nginx-pod named nginx-svc, using the ingress of your choice, run the ingress on tls, secure port.

Your Answer

Correct Answer:

FIRST, CREATE A TLS SECRET. THE INGRESS RESOURCE REQUIRES THIS FOR TLS TERMINATION. BASH CREATE A SELF-SIGNED CERTIFICATE AND PRIVATE KEY OPENSSL REQ -X509 -NODES -DAYS 365 -NEWKEY RSA:2048 \ -KEYOUT TLS.KEY -OUT TLS.CRT -SUBJ "/CN=NGINX.EXAMPLE.COM" CREATE THE KUBERNETES SECRET IN THE 'TESTING' NAMESPACE (AFTER CREATING IT) KUBECTL CREATE SECRET TLS NGINX-TLS-SECRET --KEY TLS.KEY --CERT TLS.CRT -N TESTING APPLY THE FOLLOWING KUBERNETES MANIFESTS: YAML 1-NAMESPACE.YAML APIVERSION: V1 KIND: NAMESPACE METADATA: NAME: TESTING --- 2-POD.YAML APIVERSION: V1 KIND: POD METADATA: NAME: NGINX-POD NAMESPACE: TESTING LABELS: APP: NGINX SPEC: CONTAINERS: - NAME: NGINX IMAGE: NGINX:1.25 PORTS: - CONTAINERPORT: 80 --- 3-SERVICE.YAML APIVERSION: V1 KIND: SERVICE METADATA: NAME: NGINX-SVC NAMESPACE: TESTING SPEC: SELECTOR: APP: NGINX PORTS: - PROTOCOL: TCP PORT: 80 TARGETPORT: 80 --- 4-INGRESS.YAML APIVERSION: NETWORKING.K8S.IO/V1 KIND: INGRESS METADATA: NAME: NGINX-INGRESS NAMESPACE: TESTING SPEC: TLS: - HOSTS: - NGINX.EXAMPLE.COM SECRETNAME: NGINX-TLS-SECRET RULES: - HOST: NGINX.EXAMPLE.COM HTTP: PATHS: - PATH: / PATHTYPE: PREFIX BACKEND: SERVICE: NAME: NGINX-SVC PORT: NUMBER: 80

Explanation

The solution creates the required resources in a logical sequence. First, a Namespace isolates the components. A Pod running Nginx is created with a label app: nginx. A Service then targets this pod using the label selector, providing a stable internal endpoint. For TLS, a Kubernetes Secret of type kubernetes.io/tls is created from a pre-generated certificate and key. Finally, the Ingress resource is defined. Its tls section references the secret to secure traffic for the specified host (nginx.example.com), and its rules section routes external traffic from that host to the internal nginx-svc. This configuration ensures traffic is served over a secure port (HTTPS/443).

References

1. Kubernetes Official Documentation

"Ingress": This document details the structure of an Ingress resource

including the tls section for specifying the secret that contains the TLS private key and certificate. See the "TLS" subsection.

Source: Kubernetes Authors

Ingress Concepts

kubernetes.io.

Reference: kubernetes.io/docs/concepts/services-networking/ingress/#tls

2. Kubernetes Official Documentation

"Service": This page explains how a Service exposes an application running on a set of Pods. It covers the use of selector to match Pod labels and ports to define the service endpoint.

Source: Kubernetes Authors

Service Concepts

kubernetes.io.

Reference: kubernetes.io/docs/concepts/services-networking/service/#defining-a-service

3. Kubernetes Official Documentation

"Secrets": This documentation describes how to manage sensitive information. The "TLS secrets" section specifically outlines the creation and usage of secrets for TLS certificates.

Source: Kubernetes Authors

Secret Concepts

kubernetes.io.

Reference: kubernetes.io/docs/concepts/configuration/secret/#tls-secrets

4. UC Berkeley EECS Courseware

CS 162: Lecture slides from this operating systems course cover Kubernetes networking concepts

including the role of Ingress in managing external access to services in a cluster

often in conjunction with TLS for security.

Source: University of California

Berkeley

Department of Electrical Engineering and Computer Sciences.

Reference: CS 162

Lecture 22: "Cloud Computing"

Slide 67 "Kubernetes Ingress". (Available via course website archives).

Premium Access Includes

FLASH OFFER

avail 10% DISCOUNT on YOUR PURCHASE