Question 1
Which command will show the Tanzu Kubernetes cluster versions available in the vSphere content
library?
- A. kubect1 get rc,services
- B. kubect1 get contentlibrary
- C. kubect1 get tanzukubernetesreleases
- D. kubect1 get tanzuimages
Answer:
C
Explanation:
kubectl get tanzukubernetesreleases
List available Tanzu Kubernetes releases.
kubectl get tkr
Short form version of the preceding command.
kubectl get tkr v1.17.8---vmware.1-tkg.1.5417466 -o yaml
Provides details on the named Tanzu Kubernetes release.
VMware Tanzu distributes Kubernetes software versions as Tanzu Kubernetes releases. To consume
these releases, you configure a vSphere Content Library and synchronize the available releases. You
can do so using a subscription-based model, or on-demand. If you want to provision Tanzu
Kubernetes in an internet restricted environment, you can create a local library and manually import
the releases.
Comments
Question 2
Which object helps maintain copies of a vSphere pod?
- A. ReplicaSets
- B. Network Policies
- C. Namespaces
- D. Persistent Volume
Answer:
A
Explanation:
A ReplicaSet declares how the functionality of a pod is made scalable and resilient through
redundancy. The ReplicaSet ensures that a specified number of pods is kept running. Example:
Deploy a ReplicaSet. • The ReplicaSet name is nginx-replica-demo. • Two replicas are expected to be
running. • The ReplicaSet applies to pods with label nginx.
For
more
information
about
Kubernetes
replica
sets,
see
https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
Comments
Question 3
On which network are TKG clusters deployed in vSphere with Tanzu when using the vSphere
networking stack?
- A. Workload
- B. Backend
- C. Edge
- D. Frontend
Answer:
A
Explanation:
The Workload Network, such as TKGS-VLAN1000, is where the Tanzu Kubernetes clusters run.
A workload network is a network construct that is used by supervisor control plane VMs and vSphere
namespaces:
• The workload network is supported by a vSphere Distributed Switch port group.
• An IP range is defined to allocate an IP address for VMs attached to the workload network.
• A primary workload network must be selected.
• The supervisor control plane VMs attach to the primary workload networks port group.
A workload network can be used by multiple namespaces. A namespace can be assigned only one
workload network.
Comments
Question 4
What is the correct process to store images in a project on the Registry Service?
- A. Use the kubect1 push command
- B. Use the docker push command
- C. Use the vSphere Client to upload the image the content library
- D. Use the vSphere Client to upload the image to the Registry Service
Answer:
B
Explanation:
https://docs.docker.com/docker-hub/repos/
• Registry Service: Developers can store and manage Docker and OCI images using Harbor. Harbor is
an open-source container image registry that secures images with role-based access control.
Procedure
Login to Harbor Registry with the vSphere Docker Credential Helper.
docker-credential-vsphere login <container-registry-IP> --user [email protected]
Note:While providing --user username is acceptable for login, you should use the UserPrincipalName
(UPN) syntax ( --user [email protected]) to login and use docker push commands.
Tag the image that you want to push to the project in Harbor Registry with same name as the
namespace, where you want to use it:
docker tag <image-name>[:TAG] <container-registry-IP>/<project-name>/<image-name>[:TAG]
For example:
docker tag hello-world:latest 10.179.145.77/tkgs-cluster-ns/hello-world:latest
docker images
REPOSITORY
TAG
IMAGE ID
CREATED
SIZE
10.179.145.77/tkgs-cluster-ns/hello-world
latest
bf756fb1ae65
10 months ago
13.3kB
hello-world
latest
bf756fb1ae65
10 months ago
13.3kB
To push an image to a project in Harbor, run the following command:Syntax:
docker push <container-registry-IP>/<namespace-name>/<image_name>
For example:
docker push 10.179.145.77/tkgs-cluster-ns/hello-world:latest
Expected result.
The push refers to repository [10.179.145.77/tkgs-cluster-ns/hello-world]
9c27e219663c: Pushed
latest: digest: sha256:90659bf80b44ce6be8234e6ff90a1ac34acbeb826903b02cfa0da11c82cbc042
size: 525
Comments
Question 5
Which functionality does the Cloud Native Storage (CNS) component take advantage of to support
the creation of container volumes?
- A. First Class Disk
- B. VMware Disk Encryption
- C. Virtual Disk
- D. Storage Based Policy Management
Answer:
A
Explanation:
The Cloud Native Storage server resides in vCenter Server:
• Provisions and manages life cycle operations for container volumes
• Creates First Class Disks (FCDs) to support the container volumes
• First Class Disks exist as .vmdk and -flat.vmdk files on a vSphere datastore •
Integrates with storage policy based management (SPBM) for the placement of disks
A First Class Disk (FCD) is also called an improved virtual disk. It is a named virtual disk that is
unassociated with a VM. These disks reside on a VMFS, NFS, or vSAN datastore and support container
volumes.
Storage policy based management (SPBM) is a vCenter Server service that supports provisioning of
persistent volumes according to specified storage requirements. After provisioning, the service
monitors compliance of the volume with the required policy characteristics.
Comments
Question 6
Which step in vSphere with Tanzu enablement using the vSphere Distributed Switch process is done
prior to using the Workload Management Enablement Wizard?
- A. Deploy the load balancer
- B. Choose the Kubernetes content library that should be used in the Supervisor Cluster
- C. Define the Primary workload network P range
- D. Define the Management network interfaces for the Supervisor Cluster
Answer:
D
Explanation:
As a vSphere administrator, you can enable the Workload Management platform on a vSphere cluster
by configuring the vSphere networking stack to provide connectivity to workloads. A Supervisor
Cluster that is configured with vSphere networking supports the deployment of Tanzu Kubernetes
clusters created by using the Tanzu Kubernetes Grid Service. It does not support running vSphere Pod
or using the embedded Harbor Registry.
Comments
Question 7
How can a vSphere administrator replace the Supervisor Cluster API endpoint certificate?
- A. Use the certificate-manager CLI utility to replace the Supervisor Cluster API endpoint certificate.
- B. Use the vSphere Client to replace the Workload platform MTG certificate.
- C. Use the vSphere Client to replace the NSX Load Balancer certificate.
- D. Use kubectl to replace the Supervisor Cluster API endpoint certificate.
Answer:
B
Explanation:
As a vSphere administrator, you can replace the certificate for the virtual IP address (VIP) to securely
connect to the Supervisor Cluster API endpoint with a certificate signed by a CA that your hosts
already trust. The certificate authenticates the Kubernetes control plane to DevOps engineers, both
during login and subsequent interactions with the Supervisor Cluster.
Prerequisites
Verify that you have access to a CA that can sign CSRs. For DevOps engineers, the CA must be
installed on their system as a trusted root.
Procedure
In the vSphere Client, navigate to the Supervisor Cluster.
Click Configure then under Namespaces select Certificates.
In the Workload platform MTG pane, select Actions > Generate CSR.
Provide the details for the certificate.
Once the CSR is generated, click Copy.
Sign the certificate with a CA.
From the Workload platform MTG pane, select Actions > Replace Certificate.
Upload the signed certificate file and click Replace Certificate.
Validate the certificate on the IP address of the Kubernetes control plane.
Comments
Question 8
The Gold storage policy has been assigned to the Web namespace, and the DevOps engineer wants
to place a persistent volume for the Web application in the Gold storage class.
How should this goal be accomplished?
- A. Indicate the Gold storage class in the persistent volume claim specification
- B. Assign the persistent volume to the Gold storage class
- C. Indicate the Gold storage class in the persistent volume specification
- D. Configure tag-based placement for the persistent volume
Answer:
A
Explanation:
• VM storage policies are translated into Kubernetes storage classes.
• Developers can access all assigned VM storage policies in the form of storage classes. •
Developers cannot manage storage classes.
Comments
Question 9
An administrator is tasked with increasing the amount of CPU and memory in an existing Tanzu
Kubernetes cluster.
Which change must the administrator complete to ensure the cluster scales successfully when
updating the YAML definition?
- A. Manually update the CPU and memory of the nodes
- B. Update the Virtual Machine Class Type
- C. Increase the number of worker nodes
- D. Increase the number of control plane nodes
Answer:
B
Explanation:
Virtual Machine Class Types for Tanzu Kubernetes Clusters
A virtual machine class defines the resource sizing for Tanzu Kubernetes cluster VMs: • CPU •
Memory •
Storage
Virtual machine class types range from extra small (xsmall) to extra large (xlarge). Class types are
categorized as guaranteed or best effort:
• Guaranteed: Reserve all CPU and memory allocations. • Best effort: Allocate the same CPU and
memory but do not reserve the resources.
The class type guaranteed-small allocates 2 CPU, 4 GB of memory, and 16 GB of storage and reserves
CPU and memory allocations. Custom virtual machine class types cannot be defined.
Comments
Question 10
An organization is preparing to deploy vSphere with Tanzu and will be using the vSphere Networking
stack.
How should the administrator allocate management network IP addresses for the Kubernetes
Control Plane within the Supervisor Cluster?
- A. Five IP addresses are required, one for each of the Control Plane VMs. one for the floating IP address of the Control Plane VM, and one spare for performing rolling cluster upgrades
- B. Four IP addresses are required, one for each of the Control Plane VMs and one spare for performing rolling cluster upgrades
- C. Three IP addresses are required, one for each of the Control Plane VMs
- D. Six IP addresses are required, one for each of the Control Plane VMs, one for the floating IP address of the Control Plane VM. one for performing rolling cluster upgrades and one for the image Registry VM.
Answer:
A
Explanation:
Static IPs for Kubernetes control plane VMs
Block of 5A block of 5 consecutive static IP addresses to be assigned to the Kubernetes control plane
VMs in the Supervisor Cluster.
Comments
Page 1 out of 12
Viewing questions 1-10 out of 124
page 2