The adoption of CKA (Certified Kubernetes Administration) exam, the exam remember the title out to share
The trick is to test for kubectl native command must be familiar with, or write yaml file a waste of time.
I have been in the cluster configuration used in the test of a good auto-complete.
I began to pay attention to the subject when the handover command cluster.
1. Place all the files according to name pv sort and output the results to the development of
This question is the main test for kubectl command sort-by use
kubectl get pv --sort-by=.metadata.name
2. Start a daemonset named daemon-test, the inside of the pod name nginx, use nginx image
This question exam is daemonset, here sir can become a deployment of yaml, and then to modify this yaml achieve their goals, pay attention to the need to ensure that this name pod container is nginx
#先生成一个deploy的yaml
kubectl run daemon-test --image=nginx -o yaml --dry-run >deploy.yaml
#修改一下yaml文件
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
run: daemon-test
name: daemon-test
spec:
selector:
matchLabels:
run: daemon-test
template:
metadata:
name: nginx
labels:
run: daemon-test
spec:
containers:
- image: nginx:latest
name: nginx
3. Start contains pod nginx, redis, ubuntu's
kubectl run yaml can generate a pod, we add another container in the yaml can. Do not use kubectl run --image = nginx --image = redis this will only generate the final container, without generating three container
#先生成单个container的pod
kubectl run test-pod --image=nginx -o yaml --dry-run --restart=Never>pod.yaml
#修改yaml文件
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: test-pod
name: test-pod
spec:
containers:
- image: nginx
name: nginx
- image: redis
name: redis
- image: ubuntu
name: ubuntu
4. Start nginx contains a deployment of POD, the initial version 1.9.1, 1.13.1 and recorded to upgrade, the upgrade version of the finished roll back to the original
This question is examined upgrade deployment, the main use of rollout
#生成deployment
kubectl run deploy-nginx --image=nginx:1.9.1
#升级到1.13.1
kubectl set image deployment deploy-nginx deploy-nginx=nginx:1.13.1 --record
#查看升级历史
kubectl rollout history deployment deploy-nginx
#回滚
kubectl rollout undo deployment deploy-nginx
5. Start a Container, when determining the presence of the directory / data a.txt continues to run, if there is no exit. a.txt need to create initcontainer
Test volume mount and init container, to be used here to mount emptydir
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: test-file
name: test-file
spec:
containers:
- name: myapp-container
image: busybox:1.28
command: ['sh', '-c', 'if [ -f /data/a.txt ];then sleep 3000;fi']
volumeMounts:
- mountPath: /data
name: cache-volume
initContainers:
- name: init-myservice
image: busybox:1.28
command: ['sh', '-c', 'touch /data/a.txt']
volumeMounts:
- mountPath: /data
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
6. Examples loadbalncer deployment extended to 3
Deploy the expansion test, used as the command line
kubectl scale deployment loadbalancer --replicas=3
7. pod front-app to create the corresponding service will expose it
The pod is to examine the binding service
需要找到pod的端口
kubectl describe pod xxxx
绑定service
kubectl expose pod front-app --type=ClusterIp --port=80 --target-port=80
8. The deployment my-nginx binding nodeport service type, and outputs the parsed service and pod log dns
Examine deploy binding service, and dns resolve cluster
#创建service
kubectl expose deployment my-nginx --type=NodePort --port=80 --target-port=80
#dns解析使用nslookup,需要启动一个pod来协助
wget http://kubernetes.io/examples/admin/dns/busybox.yaml
kubectl apply -f busybox.yaml
#使用nslookup解析service
kubectl exec -it busybox nslookup my-nginx
#使用nslookup解析pod
kubectl get pods -owide | grep my-nginx 查看到pod对应的ip
kubectl exec -it busybox nslookup 查到的对应的ip
9.pod redis mount a volume, mount the directory / data / redis, requires the directory is non-presist
non-presist on the note is a type emptydir
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: redis
name: redis
spec:
containers:
- name: redis
image: redis
volumeMounts:
- mountPath: /data/redis
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
10. The pod nginx is scheduled to label the disk = ssd node
Examine nodeselector
kubectl run nginx --image=nginx -o yaml --dry-run >nginx.yml
在nginx.yml中加入nodeselector即可
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disk: ssd
11. Create a deployment started 10 redis example, label and start to check = test, do not need real, in the specified directory only need to store yaml
Directly on the command file to generate yaml
kubectl run redis --image=redis --replicas=10 --labels=check=test -o yaml --dry-run > redis.yaml
12. Create a mount pv size of the local directory / data / pv for 2G, policy WRO
apiVersion: v1
kind: PersistentVolume
metadata:
name: task-pv-volume
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 2Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/data/pv"
13. The node node1 will not participate in scheduling and assign all of his pod to the other node
kubectl drain node1 --ignore-daemonsets --delete-local-data
14. Statistics all available nodes in the cluster, the node does not contain a non-scheduled, the number of writes to the corresponding file
Get to the node Note that there is no taints the noscheduler
kubectl get nodes
kubectl describe node_name查看taint
15 are listed as the pod log file-not-found row and written to the specified file
kubectl logs my-app | grep 'file-not-found' >a.txt
16. List service my-app corresponding to the pod, a file is written to the corresponding
#查看service的label
kubectl get service -o wide
#根据label去获取pod
kubectl get pods --selector=查出来的label
17. identify pod service my-app corresponding to the highest cpu used pod, the pod is written into the corresponding file name
Examine kubectl top
#查看service的label
kubectl get service -o wide
#根据label去处理
kubectl top node --selector=查出来的label
18. Create a sercert called my-secret, content username = test, were he to mount pod1 the / data / secret, pod2 set environment variables AUTHUSER
And examine the secret environment variables and file mount
#创建secret
kubectl create secret generic my-secret --from-file=./username.txt
#pod1
apiVersion: v1
kind: Pod
metadata:
name: pod1
spec:
containers:
- name: mypod
image: nginx
volumeMounts:
- name: mysecret
mountPath: "/data/secret"
readOnly: true
volumes:
- name: mysecret
secret:
secretName: my-secret
#pod2
apiVersion: v1
kind: Pod
metadata:
name: pod2
spec:
containers:
- name: mycontainer
image: redis
env:
- name: AUTHUSER
valueFrom:
secretKeyRef:
name: mysecret
key: username
19. Use etcd backup, backup files will be stored to the specified path, providing endpoints, ca, cert, key
#所有需要的key的位置都已经告诉我们
ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=ca.pem --cert=cert.pem --key=key.pem snapshot save snapshotdb
20. The start of the static configuration node pod guarantee that modifications are permanent
In two steps: 1. Start Configuration kubelet static command with the start of the pod 2. The static pod yaml file into the required directory to
参考
https://kubernetes.io/docs/tasks/configure-pod-container/static-pod/
21. The node will not start to solve the situation, and make the changes permanent.
View to the node is not started kubelet
systemctl start kubelet
systemctl enable kubelet
22. will join a cluster node
did not do
23. to solve the problem in a cluster
Did not do too
There is also a question forgotten