🟦 CKA 2025 — Question 14 (Full Question + Complete Solution)

📌 Q-14 — Prepare Linux System for Kubernetes (cri-dockerd Setup)

Docker is already installed on the system, but kubeadm cannot use Docker directly. You must configure cri-dockerd so Kubernetes can use Docker as a CRI.

Task:

Complete these steps to prepare the system for Kubernetes:

  1. Set up cri-dockerd
  2. Install the Debian package located at:

~/cri-dockerd_0.3.9.3-0.ubuntu-jammy_amd64.deb
3. Debian packages must be installed using dpkg 4. Enable and start the cri-docker service 5. Configure these system parameters:

net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
net.netfilter.nf_conntrack_max = 131072

🟩 Understanding the Question (Exam Logic)

This question tests whether you can prepare a Kubernetes node for kubeadm init, using Docker.

Direct Docker runtime is deprecated → kubeadm needs CRI → install cri-dockerd.

Traps inside the question:

1️⃣ You MUST use dpkg

The exam explicitly says:

Debian packages are installed using dpkg

Using apt install will fail the question.

2️⃣ Both cri-docker service and socket must run

Many fail here by enabling only the service. But kubelet talks to cri-docker.socket.

3️⃣ sysctl settings MUST be applied using a file

Correct method for Kubernetes exam:

/etc/sysctl.d/k8s.conf

4️⃣ You MUST run sysctl --system

If you forget this → kubeadm init fails.

🟧 Full Solution (Exactly what to type in exam)

1️⃣ Install cri-dockerd .deb

sudo dpkg -i ~/cri-dockerd_0.3.9.3-0.ubuntu-jammy_amd64.deb

If dependencies fail:

sudo apt-get install -f -y

2️⃣ Enable and Start cri-dockerd Service + Socket

sudo systemctl enable cri-docker.service
sudo systemctl start cri-docker.service

sudo systemctl enable cri-docker.socket
sudo systemctl start cri-docker.socket

Verify:

systemctl status cri-docker.service
systemctl status cri-docker.socket

Both must show active (running).

3️⃣ Apply kernel/system parameters

Create the file:

sudo tee /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
net.netfilter.nf_conntrack_max = 131072
EOF

Apply:

sudo sysctl --system

🟦 Final Answer (Exam Version)

sudo dpkg -i ~/cri-dockerd_0.3.9.3-0.ubuntu-jammy_amd64.deb
sudo systemctl enable --now cri-docker.service
sudo systemctl enable --now cri-docker.socket

sudo tee /etc/sysctl.d/k8s.conf <<EOF
net.bridge.bridge-nf-call-iptables = 1
net.ipv6.conf.all.forwarding = 1
net.ipv4.ip_forward = 1
net.netfilter.nf_conntrack_max = 131072
EOF

sudo sysctl --system