Question 1: Permission control RBAC
Question 2: Setting the node to be unavailable
Question 3: Upgrading kubeadm
Question 4: Backup and restore etc
Question 5: Configuring network policy NetworkPolicy
Question 6: Creating Service
Question 7: Create as required Ingress resources
Question 8: Expanding Deployment
Question 9: Scheduling pods to designated nodes
Question 10: Counting the number
of nodes in ready status Question 11: Creating multi-container pods
Question 12: Creating PVs as required
Question 13: Create and use PVC
Question 14: Monitor pod logs
Question 15: Add a sidecar container and output logs
Question 16: View the pod with the highest CPU usage
Question 17: Troubleshoot faults in the cluster node
Test question 1: Permission control RBAC
配置环境:
[student@node-1] $ kubectl config use-context k8s
Context
为部署流水线创建一个新的ClusterRole并将其绑定到范围为特定的 namespace 的特定ServiceAccount。
Task
创建一个名为deployment-clusterrole且仅允许创建以下资源类型的新ClusterRole:
Deployment
StatefulSet
DaemonSet
在现有的 namespace app-team1中创建一个名为cicd-token的新 ServiceAccount。
限于 namespace app-team1中,将新的ClusterRole deployment-clusterrole绑定到新的 ServiceAccount cicd-token。
考点:RBAC授权模型的理解。
answer:
考试时执行,切换集群。
# kubectl config use-context k8s
开始操作
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets
kubectl -n app-team1 create serviceaccount cicd-token
# 题目中要求“限于namespace app-team1中”,则创建rolebinding。没有要求,则创建clusterrolebinding。
kubectl -n app-team1 create rolebinding cicd-token-rolebinding --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token
# rolebinding后面的名字cicd-token-rolebinding随便起的,因为题目中没有要求,如果题目中有要求,就不能随便起了。
检查:kubectl -n app-team1 describe rolebinding cicd-token-rolebinding