CKA考试笔记

题目一:etcd升级

1、从内置快照中备份数据

ETCDCTL_API=3 etcdctl --endpoints=https://master:2379 \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
snapshot save $etcd-backup

注意：证书路径从etcd pod的描述中查看；提示没有etcdctl 命令则执行下面命令：

wget "https://github.com/coreos/etcd/releases/download/v3.3.9/etcd-v3.3.9-linux-amd64.tar.gz" && tar -zxvf etcd-v3.3.9-linux-amd64.tar.gz && ln -s /root/cka/etcd-v3.3.9-linux-amd64/etcdctl /usr/local/bin/etcdctl

2、验证快照：
ETCDCTL_API=3 etcdctl --write-out=table snapshot status $etcd-backup

+----------+----------+------------+------------+
|   HASH   | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| e4be98dc |   549192 |       2601 |     5.5 MB |
+----------+----------+------------+------------+

3、从快照备份数据：
ETCDCTL_API=3 etcdctl --endpoints master:2379 snapshot restore $etcd-backup

题目二：查看集群中状态为ready的node数量，不包含被打了 NoSchedule污点的节点，并将结果写到/opt/node.txt

kubectl describe node $(kubectl get node | grep Ready | awk '{print $1}') | grep Taints | grep -vc NoSchedule > /opt/node.txt

题目三：设置成node不能调度，并使已被调度的pod重新调度。

kubectl cordon my-node 
kubectl drain my-node --ignore-daemonsets

题目四：给一个pod创建service，并可以通过ClusterIP访问

kubectl expose pod web --port=80 --target-port=80

题目五：列出命名空间下某个service关联的所有pod，并将 pod名称写到/opt/pod.txt文件中（使用标签筛选）

kubectl get svc web -o wide
kubectl get pod -l app=web -o name > /opt/pop.txt

题目五：创建一个RBAC规则

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: deployment-clusterrole

rules:
- apiGroups: ["apps"]
  resources: ["deployment","statefulset","daemonset"]
  verbs: ["create"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: read-secrets
  namespace: app-team1

subjects:
- kind: ServiceAccount
  name: cicd-token
  namespace: app-team1
  
roleRef:
  kind: ClusterRole
  name: deployment-clusterrole
  apiGroup: rbac.authorization.k8s.io

题目六创建一个Pod使用PV自动供给

apiVersion: v1kind: Podmetadata:  name: pod-pvcspec:  containers:    - name: busybox      image: busybox      command: ["/bin/sh", "-c","sleep 6000"]      volumeMounts:        - name: data          mountPath: /opt  volumes:    - name: data      persistentVolumeClaim:        claimName: block-pvc---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: block-pvcspec:  storageClassName: my-csi-plugin  accessModes:    - ReadWriteMany  resources:    requests:      storage: 5Gi---apiVersion: v1kind: PersistentVolumemetadata:  name: block-pvcspec:  capacity:    storage: 5Gi  volumeMode: Filesystem  accessModes:    - ReadWriteMany  persistentVolumeReclaimPolicy: Recycle  hostPath:    path: /tmp

题目七创建一个secret，分别使用环境变量和env的方式挂载

apiVersion: v1kind: Secretmetadata:  name: mysecretdata:  username: YWRtaW4K  password: MTIzNDU2Cg==---apiVersion: v1kind: Podmetadata:  name: pod-volume-secretspec:  containers:  - name: pod-volume-secret    image: nginx    volumeMounts:    - name: mysecret      mountPath: "/etc/foo"  volumes:  - name: mysecret    secret:      secretName: mysecret---apiVersion: v1kind: Podmetadata:  name: pod-env-secretspec:  containers:   - name: pod-env-secret    image: nginx    env:      - name: ABC        valueFrom:          secretKeyRef:            name: mysecret            key: username  volumes:  - name: mysecret    secret:      secretName: mysecret

题目八创建一个Pod，检测到没有相应的文件则自动退出。

apiVersion: v1kind: Podmetadata:  name: web  labels:    app: myappspec:  restartPolicy: Never  containers:  - name: myapp-container    image: busybox:1.28    command: ['sh', '-c', 'cat /root/test.txt && sleep 3000']    volumeMounts:    - mountPath: /root      name: test-volume  initContainers:  - name: init-myservice    image: busybox:1.28    command: ["sh","-c","touch /root/test.txt"]    volumeMounts:    - mountPath: /root      name: test-volume  volumes:  - name: test-volume    emptyDir: {}

题目九创建一个pod使用pvc，并对这个PVC进行扩容

apiVersion: storage.k8s.io/v1kind: StorageClassmetadata:  name: slowprovisioner: kubernetes.io/gce-pdparameters:  type: pd-standard#需要先定义一个存储类，增加“allowVolumeExpansion: true”参数允许动态扩容。allowVolumeExpansion: true---apiVersion: v1kind: Podmetadata:  name: web-serverspec:  containers:    - name: nginx      image: nginx      volumeMounts:      - mountPath: "/usr/share/nginx/html"        name: mypvc  volumes:    - name: mypvc      persistentVolumeClaim:        claimName: myclaim---apiVersion: v1kind: PersistentVolumeClaimmetadata:  name: myclaim

常用命令：

临时运行一个测试容器：kubectl run test --image=busybox --restart=Never -it

posted @ 2021-06-23 20:11 在河之舟2020 阅读(278) 评论(0) 编辑收藏举报

刷新页面返回顶部

在河之舟2020

CKA考试笔记

题目一:etcd升级

题目二：查看集群中状态为ready的node数量，不包含被打了 NoSchedule污点的节点，并将结果写 到/opt/node.txt

题目三：设置成node不能调度，并使已被调度的pod重新调度。

题目四：给一个pod创建service，并可以通过ClusterIP访问

题目五：创建一个RBAC规则

题目六 创建一个Pod使用PV自动供给

题目七 创建一个secret，分别使用环境变量和env的方式挂载

题目八 创建一个Pod，检测到没有相应的文件则自动退出。

题目九 创建一个pod使用pvc，并对这个PVC进行扩容

题目二：查看集群中状态为ready的node数量，不包含被打了 NoSchedule污点的节点，并将结果写到/opt/node.txt

题目六创建一个Pod使用PV自动供给

题目七创建一个secret，分别使用环境变量和env的方式挂载

题目八创建一个Pod，检测到没有相应的文件则自动退出。

题目九创建一个pod使用pvc，并对这个PVC进行扩容