k8s学习总结（三）

CKAD prepare

• Core Concepts(13%)

1.创建一个 namesapce

#create a namespace with name my-space
kubectl create namespace my-space

2.创建一个pod

# In the namespace my-space create a new Pod named mypod with the image nginx.Expose the port 80
kubectl run mypod --image=nginx --restart=Never --port=80 --namespace=my-space

3.检查容器状态

#view base info
#view all namespace
kubectl get pod --all-namespaces -n my-space 
#view only my-space
kubectl get pod -n my-space
#view detail info
kubectl describe pod mypod --namespace=my-space

4.改变image版本

#set image version nginx:1.16
kubectl set image pod mypod mypod=nginx:1.16 --namespace=my-space

5.登录到容器

#login mypod
kubectl exec mypod -it --namespace=my-space -- /bin/sh 

6.查看容器IP

#查看namespace下所有pod
kubectl get pods -o wide -n my-space
#查看pod
kubectl get pods my pod -o wide -n myspace

7.运行一个临时pod

#Run a temporary Pod using the image `busybox`, shell into it and run a `wget` command against the `nginx` Pod using port 
#use --rm
kubectl run busybox --image=busybox --rm -it --restart=Never -n my-space -- /bin/sh
#IP use the above procedure result
wget -O- 172.17.1.35:80

8.查看容器log

#查看mypod log
kubectl logs mypod -n my-space

 9.删除pod和namespace

#delete pod
kubectl delete pod mypod -n my-space
#delete namespace
kubectl delete namespcae my-space

configuration(18%)

1.使用configmap创建pod

#create a environment variables file
$echo -e "DB_URL=localhost:3306\nDB_USERNAME=postgres" > config.txt
#create configmap and link to above file
$kubectl create configmap db-config --from-env-file=config.txt
$kubectl run backend --image=nginx --restart=Never -o yaml --dry-run > pod.yaml
$cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: backend
  name: backend
spec:
  containers:
  - image: nginx
    name: backend
    envFrom:
      - configMapRef:
          name: db-config
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Never
status: {}
#login backend
$kubectl exec backend -it -- /bin/sh
$env
DB_URL=localhost:3306
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.1.0.1:443
HOSTNAME=backend
HOME=/root
PKG_RELEASE=1~buster
DB_USERNAME=postgres
TERM=xterm
KUBERNETES_PORT_443_TCP_ADDR=10.1.0.1
NGINX_VERSION=1.17.8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
NJS_VERSION=0.3.8
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.1.0.1:443
KUBERNETES_SERVICE_HOST=10.1.0.1
PWD=/

2.使用secret

#create a secret named db-credentials with the key/value pair db-password=passwd
kubectl create secret generic db-credentials --from-literal=db-password=passwd
#create a pod named backend with image nginx, use the secret as env named DB_PASSWORD
kubectl run back --image=nginx --restart=Never -o yaml --dry-run > podd.yaml
kubectl create -f podd.yaml

3.创建安全文本（只读）

#create yaml file
kubectl run secured --image=nginx --restart=Never -o yaml --dry-run > secured.yaml
# add volume mount
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: secured
  name: secured
spec:
  securityContext:
    fsGroup: 3000
  containers:
  - image: nginx
    name: secured
    volumeMounts:
    - name: data-vol
      mountPath: /data/app
    resources: {}
  volumes:
  - name: data-vol
    emptyDir: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Never
status: {}

kubectl create -f secured.yaml
kubectl exec -it secured -- sh

4.定义pod资源需求

kubectl create namespace rq-demo
cat rq.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
  name: app
spec:
  hard:
    pods: "2"
    requests.cpu: "2"
    requests.memory: 500m
#define namespace resource
kubectl create -f rq.yaml --namespace=rq-demo
#view namespace info
kubectl describe quto --namespace=rq-demo
# create a yaml with resource exceed the limit
cat pad.yaml
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: mypad
  name: mypad
spec:
  containers:
  - image: nginx
    name: mypad
    resources:
      requests:
        memory: "1G"
        cpu: "400m"
  dnsPolicy: ClusterFirst
  restartPolicy: Never
status: {}

#create pod use the pad.yaml
kubectl create -f pad.yaml --namespace=rq-demo
#you'll see the bellow error
Error from server (Forbidden): error when creating "pad.yaml": pods "mypad" is forbidden: exceeded quota: app, requested: requests.memory=1G, used: requests.memory=0, limited: requests.memory=500m
#then, we revise the resource request, let memory less than 500m

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: mypad
  name: mypad
spec:
  containers:
  - image: nginx
    name: mypad
    resources:
      requests:
        memory: "300m"
        cpu: "400m"
  dnsPolicy: ClusterFirst
  restartPolicy: Never
status: {}

#you can check pod resource with cmd
kubectl describe pod mypad -n rq-demo

5.使用服务账号

#create service account
kubectl create serviceaccount backend-team
#export yaml
kubectl get serviceaccount backend-team -o yaml --export
apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: null
  name: backend-team
  selfLink: /api/v1/namespaces/default/serviceaccounts/backend-team
secrets:
- name: backend-team-token-ck5vq
#create pod
kubectl run backe --image=nginx --restart=Never --serviceaccount=backend-team
#login pod
kubectl exec -it backe -- /bin/sh
#print token
cat /var/run/secrets/kubernetes.io/serviceaccount/token