CKA EXAM QS-15 2025
- Ingress now
- Oct 20
- 1 min read
Question 15:
An NGINX Deployment named nginx-static is running in the nginx-static namesapce.
it is configured using a ConfigMap named nginx-config.
Update the nginx-config ConfigMap to allow only TLSv1.3 connection
You may re-create, restart, or scale resources as necessary.
You can use the folowing command to test the changes.
#curl --tls-max 1.3 https://web.k8s.local
=============================================================
Answer:
#kubectl scale --replicas=0 deploy nginx-static -n nginx-static
#kubectl get cm -n nginx-static
#kubectl get cm nginx-config -n nginx-static -o yaml > cmmap.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-config
namespace: nginx-static
data:
nginx.conf: |+
server {
listen 80;
tls v1.3; # v1.2 removed
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
#kubectl delete -f cmmap.yaml # to delete old config map
#kubectl create -f cmmap.yaml # to create new config map
#kubectl scale --replicas=1 deploy nginx-static -n nginx-static
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
namespace: nginx-static
spec:
selector:
matchLabels:
app: nginx
replicas: 2
template:
metadata:
labels:
app: nginx
spec:
volumes:
- name: nginx-config
configMap:
name: nginx-config
containers:
- name: nginx
image: nginx:latest
ports:
- containerPort: 80
volumeMounts:
- name: nginx-config
mountPath: /etc/nginx/nginx.conf
subPath: nginx.conf
readOnly: true
vim nginx.conf
server {
listen 80;
tls v1.3;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
}
Comments