-
CKA考试笔记,仅做个人学习使用
1. RBAC
#创建角色 kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployment,statefulset,daemonset #创建namespace kubectl create namespace app-team1 #创建serviceaccount kubectl create serviceaccount cicd-token -n app-team1 #创建账户绑定 kubectl create clusterrolebinding cicd-token-binding --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token -n app-team1- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
清理试验环境
kubectl delete namespaces app-team1 kubectl delete clusterrole deployment-clusterrole- 1
- 2
2.drain node
kubectl drain cka003 --ignore-daemonsets --force --delete-emptydir-data- 1
3.kubeadm downgrade&upgrade
记得东西太多,所以需要借助文档了:kubeadm upgrade
参照题目应该是先需要执行ssh cka001再执行sudo -i切换root用户
downgradeapt update apt-cache madison kubeadm apt-mark unhold kubeadm && \ apt-get update && apt-get install -y kubeadm=1.24.2-00 && \ apt-mark hold kubeadm kubeadm version kubeadm upgrade plan sudo kubeadm upgrade apply v1.24.2 --etcd-upgrade=false kubectl drain cka001 --ignore-daemonsets apt-mark unhold kubelet kubectl && \ apt-get update && apt-get install -y kubelet=1.24.2-00 kubectl=1.24.2-00 --allow-downgrades && \ apt-mark hold kubelet kubectl sudo systemctl daemon-reload sudo systemctl restart kubelet kubectl uncordon cka001 记得两次exit退出sudo、ssh- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
ssh cak001 sudo -i apt update apt-cache madison kubeadm apt-mark unhold kubeadm && \ apt-get update && apt-get install -y kubeadm=1.24.3-00 && \ apt-mark hold kubeadm kubeadm version kubeadm upgrade plan sudo kubeadm upgrade apply v1.24.3 --etcd-upgrade=false kubectl drain cka001 --ignore-daemonsets apt-mark unhold kubelet kubectl && \ apt-get update && apt-get install -y kubelet=1.24.3-00 kubectl=1.24.3-00 && \ apt-mark hold kubelet kubectl sudo systemctl daemon-reload sudo systemctl restart kubelet kubectl uncordon cka001 exit exit- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
核心点三个:
--etcd-upgrade=false --ignore-daemonsets exit exit- 1
- 2
- 3
- 4
4.关于ectd的备份与还原
本地测试熟记:/etc/kubernetes/pki/etcd/xxxx #执行etcd备份 etcdctl snapshot save -h etcdctl snapshot save /data/backup/etcd-snapshot.db --cacert="/etc/kubernetes/pki/etcd/ca.crt" --cert="/etc/kubernetes/pki/etcd/server.crt" --key="/etc/kubernetes/pki/etcd/server.key" --endpoints=127.0.0.1:2379 #执行etcd目录文件mv mv /var/lib/etcd /var/lib/etcd.bak2 #执行还原文件 etcdctl snapshot restore -h etcdctl snapshot restore /data/backup/etcd-snapshot.db --endpoints=https://127.0.0.1:2379 --cacert="/etc/kubernetes/pki/etcd/ca.crt" --cert="/etc/kubernetes/pki/etcd/server.crt" --key="/etc/kubernetes/pki/etcd/server.key" --data-dir="/var/lib/etcd"- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
核心点: 1、上面的kubeadm时不要给etcd升级,不然会导致etcdctl报异常 2、cert/key/cacert/endpoints使用命令行定位- 1
- 2
- 3
5.networkPolicy
题目要求:允许现有namespace internal 中的所有pod都可以连接到对应pod的8080端口。不允许非 internal的namespace访问到。
# 模拟环境 kubectl create ns internal kubectl create deploy nginx --image=nginx --port=80 -n internal kubectl create deploy tomcat --image=tomcat --port=8080 -n internal kubectl run centos --image=centos -n internal -- "/bin/sh" "-c" "sleep 3600"- 1
- 2
- 3
- 4
- 5
搜索 kubernetes.io/docs/关键词:
apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-port-from-namespace namespace: internal spec: podSelector:{} policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: kubernetes.io/metadata.name: internal ports: - protocol: TCP port: 6379- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
功能验证,感觉这里的功能验证更加重要。
kubectl get pods -n internal # 查看pod对应IP地址 kubectl describe pods nginx -n internal kubectl describe pods tomcat -n internal # 登陆测试机centos kubectl exec centos -n internal -i -t -- bash $ curl <nginx_ip>:80 $ curl <tomcat_ip>:8080- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
核心点:
1、podSelector必填用 {} 即可
2、namespaceSelector 筛选要用 kubectl get ns interal --show-label6.Service创建
模拟环境
kubectl create deployment front-end --image=nginx- 1
巧用explain获取参数
kubectl explain deploy.spec.template.spec.containers.ports containerPort name protocol- 1
- 2
- 3
- 4
kubectl edit deployment front-end ports: - containerPort: 80 name: http protocol: TCP- 1
- 2
- 3
- 4
- 5
创建服务
kubectl expose deployment front-end --port=80 --target-port=http --name=front-end-svc- 1
更新服务配置
kubectl edit svc front-end-svc ...... internalTrafficPolicy: Local type: NodePort ......- 1
- 2
- 3
- 4
- 5
核心点:
1、不知道内容可以使用kubectl explain deploy.spac.template.spac.containers.ports
2、expose时–target-port要使用http,而不是80重置环境
kubectl delete deployment front-end kubectl delete svc front-end-svc- 1
- 2
7.创建一个ingress服务
配置模拟环境,实际考试时不占用时间。
kubectl patch ingressclass nginx -p '{"metadata": {"annotations": {"ingressclass.kubernetes.io/is-default-class": "true"}}}' kubectl create ns ing-internal kubectl create deploy hi --image=nginx --port=80 -n ing-internal kubectl expose deploy hi --port=5678 --target-port=80 -n ing-internal- 1
- 2
- 3
- 4
- 5
官方文件直接搜索 kind: ingress
apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: ping namespace: ing-internal annotations: nginx.ingress.kubernetes.io/rewrite-target: / spec: ingressClassName: nginx rules: - http: paths: - path: /hi pathType: Prefix backend: service: name: hi port: number: 5678- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
配置并获取clusterIP信息。
kubectl apply -f ingress.yaml # 静等1分钟左右,才能正常显示clusterIP kubectl get ingress -n ing-interal root@cka001:~/exam# kubectl get ingress -A NAMESPACE NAME CLASS HOSTS ADDRESS PORTS AGE default nginx-app nginx app1.com,app2.com 10.106.186.103 80 24d ing-internal ping nginx * 10.106.186.103 80 80s # 测试请求 root@cka001:~/exam # curl '10.106.186.103:80/hi'- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
核心注意点:
1、namespace: ing-interal 2、等待ingress配置完成 3、核心关键字 kind: ingress- 1
- 2
- 3
8.Scale deployment
scale 多多借助自动提示
kubectl create deployment presentation --image nginx kubectl scale deployment presentation --replicas 3- 1
- 2
9.创建pod依赖nodeSelector
从官网搜索 assign pod node,然后搜索 kind: Pod,会得到一个有nodeSelector的yaml,修改核心核心即可。
apiVersion: v1 kind: Pod metadata: name: nginx-kusc00401 spec: containers: - name: nginx-kusc00401 image: nginx nodeSelector: disk: spinning- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
一定要检查pod是否正常启动,如果启动不正常证明没有设置对node的信息,所以重新设置node 对应的 label即可。
10.统计node节点 Ready 且 非 noschedule 节点总数
查看ready节点总数
kubectl get nodes | grep Ready- 1
记录一下NotReady的节点列表,比如cka005、cka006
设置污点节点
kubectl taint cak003 key=value:NodeScheduler- 1
查看node数据
kubectl get node | egrep 'Name:|:NoSchedule' root@cka001:~# kubectl describe node | egrep "Name:|:NoSchedule" Name: cka001 Taints: node-role.kubernetes.io/control-plane:NoSchedule node-role.kubernetes.io/master:NoSchedule Name: cka002 Name: cka003 Taints: key=value:NoSchedule node.kubernetes.io/unschedulable:NoSchedule- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
记录一下 有污点的节点列表,比如cka005、cka006。
计算所有NotReady和污点节点总数。
然后用总数减去该值即可。11.使用一个pod创建多个容器
使用 dry-run 构建yaml文件模板
kubectl run kucc8 --image=nginx --dry-run=client -oyaml > multi_containers.yaml- 1
基于模板做文件修改即可。
apiVersion: v1 kind: Pod metadata: name: kucc8 spec: containers: - image: nginx name: nginx - image: redis name: redis - image: memcached name: memcached - image: consul name: consul- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
12.创建pv
搜索PersistentVolumes typed hostPath,进去查找 an example of hostPath
apiVersion: v1 kind: PersistentVolume metadata: name: app-config spec: capacity: storage: 1Gi accessModes: - ReadOnlyMany hostPath: path: "/svc/app-config"- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
13.创建pod绑定pvc并重新设置pvc存储大小且做记录
查询文档大法好,关键词:kind: PersistentVolumeClaim,选择那个“持久卷: PersistentVolum”
先创建pvcapiVersion: v1 kind: PersistentVolumeClaim metadata: name: pv-volume spec: accessModes: - ReadWriteOnce resources: requests: storage: 10Mi storageClassName: csi-hostpath-sc- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
再创建pod
apiVersion: v1 kind: Pod metadata: name: web-server spec: containers: - name: web-server image: nginx volumeMounts: - mountPath: "/usr/share/nginx/html" name: pv-sc volumes: - name: pv-sc persistentVolumeClaim: claimName: pv-volume- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
然后执行创建即可。
然后,后面使用kubectl edit pvc pv-volume --record=true记录响应更改即可。14. kubectl logs
kubectl logs foobal| grep xxx> /opt/foobl cat /opt/foobl- 1
- 2
15.使用sidecar检测其他容器的volumeMount文件更新
busybox 是sidecar
big-corp-app 是已存在pod
logs 是两上容器的公共 mount_path
创建 emptyDir 卷,让两个container挂载上首先创建big-cop的对应pod的初始化yaml,这部分不要求手动操作,每次测试通了即可。
cat > big-corp-app.yaml <<EOF apiVersion: v1 kind: Pod metadata: name: big-corp-app spec: containers: - name: count image: busybox args: - /bin/sh - -c - > i=0; while true; do echo "$(date) INFO $i" >> /var/log/big-corp-app.log; i=$((i+1)); sleep 1; done EOF- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
然后其实基于这个做下构建。
kubectl apply -f big-corp-app.yaml kubectl get pods big-corp-app -oyaml > big-corp-app-full.yaml- 1
- 2
然后我们就可以编辑这个文件了
volumes: - name: logs emptyDir: {}- 1
- 2
- 3
spec: containers: - name: busybox image: busybox args: ["/bin/sh","-c","tail -f /log/xxx"] volumeMounts: - mountMounts: /var/logs name: logs- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
最后执行如下:
kubectl delete pods big-cop kubectl apply -f big-cop.yaml- 1
- 2
记得试验后执行
kubectl delete pods big-cop- 1
16.获取某标签的pod的cpu排行
root@cka001:~/exam# kubectl top pod --sort-by=cpu -l app=podinfo NAME CPU(cores) MEMORY(bytes) podinfo-668b5b9b5b-9fcd2 1m 2Mi podinfo-668b5b9b5b-zk9bc 0m 2Mi echo 'podinfo-668b5b9b5b-9fcd2' > /opt/maxcpupod.txt- 1
- 2
- 3
- 4
- 5
17.设置node有效
ssh cka003 sudo -i systemctl start kubelet systemctl enable kubelet- 1
- 2
- 3
- 4
-
相关阅读:
Python tests in.....
开源视频监控服务器Shinobi
idea中maven无法导包问题
使用零一万物 200K 模型和 Dify 快速搭建模型应用
java面试注意要点
Python房价分析和可视化<anjuke新房>
Qt应用程序连接达梦数据库-飞腾PC麒麟V10
代码随想录笔记_动态规划_416分割等和子集
计算机网络基础概念入门
【组合导航】基于matlab卡尔曼滤波残差的组合导航系统故障诊断【含Matlab源码 4002期】
- 原文地址:https://blog.csdn.net/e421083458/article/details/126069584
