CKA考试学习笔记
CKA认证考试是由Linux基金会和云原生计算基金会(CNCF)创建的,以促进Kubernetes生态系统的持续发展。该考试是一种远程在线、有监考、基于实操的认证考试,需要在运行Kubernetes的命令行中解决多个任务。CKA认证考试是专为Kubernetes管理员、云管理员和其他管理Kubernetes实例的IT专业人员而设的。
已获得认证的K8s管理员具备了进行基本安装以及配置和管理生产级Kubernetes集群的能力。他们将了解Kubernetes网络、存储、安全、维护、日志记录和监控、应用生命周期、故障排除、API对象原语等关键概念,并能够为最终用户建立基本的用例。
docker
Docker commit
docker save -o dao.tar nginx:latest
| docker save -o nginx:latest | gzip > dao.tar |
docker load -i dao.tar
docker cp dao.tai adfae3:/tmp/
nsenter
.dockerignore
kubernetes
i=xxx;kubectl create namespace $i;alias kubectl=”kubectl -n $i”
pod
kubectl run nginx –image=nginx –restart=Never –dry-run=client -o yaml > nginx2-pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx2
name: nginx2
spec:
containers:
- image: nginx
name: nginx2
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
kubectl create -f nginx2-pod.yaml
Kubectl describe po nginx
kubectl logs nginx
kubectl explain po
apiVersion: v1
kind: Pod
metadata:
name: pod-base
spec:
containers:
- image: daocloud.io/busybox
name: pod-base
command: ["sleep", "3600"]
ports:
- containerPort: 80
env:
- name: DEMO_GREETING
value: "hello from the environment"
- name: DEMO_GREETING2
value: "hello from the environment2"
kubectl run pod-base –image=daocloud.io/busybox –port=80 –env A=a –env B=b –command “sleep 3600” –dry-run=client -o yaml > run-pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-base
name: pod-base
spec:
containers:
- command:
- sleep 3600
env:
- name: A
value: a
- name: B
value: b
image: daocloud.io/busybox
name: pod-base
ports:
- containerPort: 80
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
/etc/kubernetes/manifests
| ps -ef | grep kubelet |
| cat /var/kubelet/config.yaml | grep staticPodPath |
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-init
name: pod-init
spec:
initContainers:
- name: pod1-init
image: daocloud.io/busybox
command:
- sleep
- "10"
containers:
- command:
- sleep
- "10"
env:
- name: A
value: a
image: daocloud.io/busybox
name: pod-init
ports:
- containerPort: 80
readinessProbe:
exec:
command:
- cat
- /
initialDelaySeconds: 5
periodSeconds: 5
resources:
limits:
cpu: "0.5"
memory: 0.5G
requests:
cpu: "0.01"
memory: 0.01G
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
Deploymenyts
kubectl create deploy nginx-app –image=nginx:1.10.2-alpine –dry-run=client -o yaml > deploy.yaml
piVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx-app
name: nginx-app
namespace: york
spec:
replicas: 1
selector:
matchLabels:
app: nginx-app
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx-app
spec:
containers:
- image: nginx:1.10.2-alpine
name: nginx
resources: {}
status: {}
kubectl set image deployment/nginx-deployment nginx=nginx:1.16.1 --record
kubectl rollout status deployment.v1.apps/nginx-deployment
kubectl rollout history deployment.v1.apps/nginx-deployment
kubectl rollout undo deployment.v1.apps/nginx-deployment --to-revision=2
DaemonSet
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ds-kubesc12345
name: ds-kubesc12345
namespace: york
spec:
selector:
matchLabels:
app: ds-kubesc12345
template:
metadata:
labels:
app: ds-kubesc12345
spec:
containers:
- image: nginx:1.10.2-alpine
name: nginx
resources: {}
job
apiVersion: batch/v1
kind: Job
metadata:
name: pijob
spec:
parallelism: 2
completions: 10
template:
spec:
containers:
- name: pijob
image: daocloud.io/busybox
command:
- "sh"
- "-c"
- "echo Beijing"
restartPolicy: Never
backoffLimit: 4
kubectl get deploy nginx-backend -n baz -o yaml
kubectl get po -l app=nginx -l service=backend -n baz -o name > test.txt
–sort-by
pod_name.service_name.namespace_name.svc.clusterdomain
pv
apiVersion: v1
kind: PersistentVolume
metadata:
name: york-pv-volume
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/root/yrok/data"
pvc
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: york-pv-claim
spec:
storageClassName: manual
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
Pod-pvc
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: myfrontend
image: nginx
volumeMounts:
- mountPath: "/var/www/html"
name: mypd
volumes:
- name: mypd
persistentVolumeClaim:
claimName: myclaim
hostPath
apiVersion: v1
kind: Pod
metadata:
name: york-pv-pod
spec:
volumes:
- name: york-path
hostPath:
type: Directory
path: "/root/york/data"
containers:
- name: york-pv-container
image: redis
ports:
- containerPort: 80
name: "http-server"
volumeMounts:
- mountPath: "/root/data/"
name: york-path
ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: game-demo
data:
# 类属性键;每一个键都映射到一个简单的值
player_initial_lives: "3"
ui_properties_file_name: "user-interface.properties"
#
# 类文件键
game.properties: |
enemy.types=aliens,monsters
player.maximum-lives=5
user-interface.properties: |
color.good=purple
color.bad=yellow
allow.textmode=true
Secret
kubectl create secret generic super-secret –from-literal=AAA=hello
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: super-secret
Secret-env
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
volumes:
- name: secret-volume
secret:
secretName: super-secret
containers:
- name: mycontainer
image: redis
env:
- name: CONFIG_ENV
valueFrom:
secretKeyRef:
name: super-secret
key: AAA
restartPolicy: Never
taints
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ds-york
name: ds-york
namespace: york
spec:
selector:
matchLabels:
app: ds-york
template:
metadata:
labels:
app: ds-york
spec:
tolerations:
- key: "node-role.kubernetes.io/master"
effect: "NoSchedule"
containers:
- image: nginx:1.10.2-alpine
name: nginx
resources
kubeadm
106.75.254.20 node
113.31.102.239 master
shiedek.ee7Ua,t
kubeadm join master:6443 --token yya78n.x535uqhn4vg232i0 \
--discovery-token-ca-cert-hash sha256:7f5b13b570f7764ebc02e8429a4095c2d5501cbfb84802c6c35e285626f5d681 \
--control-plane --certificate-key bee63c0cc910164923889989c3435f20b24439f0aba241018a39be180579702d
kubeadm join master:6443 --token yya78n.x535uqhn4vg232i0 \
--discovery-token-ca-cert-hash sha256:7f5b13b570f7764ebc02e8429a4095c2d5501cbfb84802c6c35e285626f5d681
mkdir -p $HOME/.kube
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
sudo chown $(id -u):$(id -g) $HOME/.kube/config
etcd
etcdctl --endpoints=127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key snapshot save backup.db
ETCDCTL_API=3 etcdctl --endpoints https:127.0.0.1:2379 --cacert=/opt/dir/ca.crt --cert=/opt/dir/etcd-client.crt --key=/opt/dir/etcd-client.key snapshot save /data/backup/etcd-snapshot.db
训练
第一题
kubectl run demo0 –image=harbor.daocloud.cn/daolab/daolab:nginx
apiVersion: v1
kind: Pod
metadata:
name: demo0
spec:
containers:
- image: harbor.daocloud.cn/daolab/daolab:nginx
name: nginx
第二题
kubectl exec -it demo0 -- sh -c 'curl 127.0.0.1'
kubectl exec -it demo0 -- sh -c 'curl 127.0.0.1/404'
kubectl logs demo0 |grep '404' >/opt/demo1.txt
第三题
kubectl exec -it demo0 -- sh -c 'echo "hello world" >/usr/share/nginx/html/index.html'
kubectl exec -it demo0 -- sh -c 'curl 127.0.0.1'
kubectl exec -it demo0 -- sh -c 'curl 127.0.0.1/404'
kubectl logs demo0 |grep '404' >/opt/demo1.txt
第四题
kubectl run demo4 –image=harbor.daocloud.cn/daolab/daolab:nginx –dry-run=client -o yaml > pod.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: demo4
name: demo4
spec:
initContainers:
- image: harbor.daocloud.cn/daolab/daolab:nginx
name: init-containers
command:
- sh
- -c
- "sleep 10"
containers:
- image: harbor.daocloud.cn/daolab/daolab:nginx
name: demo4
ports:
- containerPort: 80
readinessProbe:
httpGet:
path: /
port: 80
env:
- name: TEST
value: "CKA"
resources:
limits:
cpu: "0.5"
memory: 0.5G
requests:
limits:
cpu: "0.5"
memory: 0.5G
dnsPolicy: ClusterFirst
restartPolicy: Always
cp pod1.yaml /etc/kubernetes/manifests/pod1.yaml
第五题
apiVersion: v1
kind: Pod
metadata:
name: multiple-containers
spec:
restartPolicy: Never
containers:
- name: myapp-nginx
image: harbor.daocloud.cn/daolab/nginx
- name: myapp-redis
image: harbor.daocloud.cn/daolab/redis
- name: myapp-memcached
image: harbor.daocloud.cn/daolab/memcached
- name: myapp-consul
image: harbor.daocloud.cn/daolab/consul
第六题
kubectl create deploy nginx-app --image=harbor.daocloud.cn/daolab/nginx:1.10.2-alpine --dry-run=client -o yaml > deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx-app
name: nginx-app
spec:
replicas: 3
selector:
matchLabels:
app: nginx-app1
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx-app1
spec:
containers:
- image: harbor.daocloud.cn/daolab/nginx:10.2-alpine
name: nginx
resources: {}
status: {}
kubectl set image deploy nginx-app nginx=harbor.daocloud.cn/daolab/nginx:1.11.13-alpine --record
kubectl rollout history deploy nginx-app
kubectl rollout undo deploy nginx-app
第七题
kubectl create deploy ds-test1 --image=harbor.daocloud.cn/daolab/nginx --dry-run=client -o yaml > dae.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ds-test1
name: ds-test1
spec:
selector:
matchLabels:
app: ds-test1
template:
metadata:
labels:
app: ds-test1
spec:
containers:
- image: harbor.daocloud.cn/daolab/nginx
name: nginx
第八题
apiVersion: batch/v1
kind: Job
metadata:
name: job-demo
spec:
parallelism: 2 # 最大并行数量
completions: 3 # 需要完成的次数
backoffLimit: 1 # 重试次数
template: # 同 pod
spec:
containers:
- name: job-demo
image: busybox
command: ["sh", "-c", "echo 'Beijing'"]
restartPolicy: Never
第九题
kubectl expose pod front-end --name=front-end-service --type=NodePort --port=80 --target-port=30003
apiVersion: v1
kind: Service
metadata:
name: front-end-service
spec:
selector:
app: front-end
type: NodePort
ports:
- protocol: TCP
port: 80
targetPort: 80
第十题
kubectl get svc -n baz
kubectl edit svc deveployment -n baz
kubectl get po -n baz -l app=nginx -l service=backend -o name > /opt/dir/kucc12345.txt
第十一题
kubectl create deployment nginx-random --image=harbor.daocloud.cn/daolab/nginx
kubectl expose deployment nginx-random --port=80
kubectl get pods - o wide
kubectl run -it --rm dsntest --image=busybox:1.28 --restart=Never nslookup nginx-random > /opt/dir/service.dns
kubectl run -it --rm dsntest --image=busybox:1.28 --restart=Never nslookup 10.244.1.54 > /opt/dir/Pod.dns
第十二题
kubectl run non-persistent-redis --image=harbor.daocloud.cn/daolab/redis --dry-run=client -o yaml > pod3.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: non-persistent-redis
name: non-persistent-redis
namespace: staging
spec:
containers:
- image: harbor.daocloud.cn/daolab/redis
name: non-persistent-redis
volumeMounts:
- name: cache-control
mountPath: "/data/redis"
volumes:
- name: cache-control
emptyDir: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
第十三题
apiVersion: v1
kind: PersistentVolume
metadata:
name: app-config
labels:
type: local
spec:
storageClassName: manual
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
hostPath:
path: "/srv/app-config"
第十四题
kubectl create secret generic super-secret --from-literal credential=alice
apiVersion: v1
kind: Pod
metadata:
name: pod-secrets-via-file
spec:
containers:
- name: mypod
image: harbor.daocloud.cn/daolab/nginx
volumeMounts:
- name: foo
mountPath: "/secrets"
readOnly: true
volumes:
- name: foo
secret:
secretName: super-secret
apiVersion: v1
kind: Pod
metadata:
name: pod-secrets-via-env
spec:
containers:
- name: mycontainer
image: harbor.daocloud.cn/daolab/nginx
env:
- name: CONFIDENTIAL
valueFrom:
secretKeyRef:
name: super-secret
key: credential
restartPolicy: Never
第十五题
kubectl create deploy ds-kubesc12345 --image=haibor.daocloud.cn/daolab/nginx --dry-run=client -o yaml > dae.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
labels:
app: ds-kubesc12345
name: ds-kubesc12345
spec:
selector:
matchLabels:
app: ds-kubesc12345
template:
metadata:
labels:
app: ds-kubesc12345
spec:
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
- key: node.kubernetes.io/unschedulable
effect: NoSchedule
containers:
- image: harbor.daocloud.cn/daolab/nginx
name: nginx
第十六题
kubectl run nginx-kucc2345 --image=haibor.daocloud.cn/daolab/nginx --dry-run=client -o yaml > pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx-kucc2345
name: nginx-kucc2345
spec:
nodeSelector:
disk: spinning
containers:
- image: harbor.daocloud.cn/daolab/nginx
name: nginx-kucc2345
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
第十七题
kubectl drain node node1 --ignore-daemonsets --delete-local-data
第十八题
kubectl logs bar | grep "No such file" > /opt/dir/bar
第十九题
kubectl get pv --sort-by=.spec.capacity.storage > /opt/dir/volume_list
第二十题
kubectl run nginx --image=harbor.daocloud.cn/daolab/nginx -n website-frontend
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: website-frontend
spec:
containers:
- name: nginx
image: harbor.daocloud.cn/daolab/nginx
第二十一题
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app_env_stage: prod
name: kual12345
spec:
replicas: 4
selector:
matchLabels:
app_env_stage: prod
strategy: {}
template:
metadata:
labels:
app_env_stage: prod
spec:
containers:
- image: harbor.daocloud.cn/daolab/nginx
name: kual12345
resources: {}
第二十二题
apiVersion: v1
kind: Pod
metadata:
name: bumpy-llama
labels:
app: bumpy-llama
spec:
initContainers:
- name: bumpy-llama-init
image: harbor.daocloud.cn/daolab/busybox:1.28
command:
- /bin/sh
- -c
- "touch /workdir/faithful.txt"
volumeMounts:
- name: cache-volume
mountPath: /workdir
containers:
- name: bumpy-llama
image: harbor.daocloud.cn/daolab/busybox
command:
- /bin/sh
- -c
- "ls /workdir/faithful.txt && sleep 100000"
volumeMounts:
- mountPath: /workdir
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
第二十三题
apiVersion: v1
kind: Pod
metadata:
name: kucc3
spec:
restartPolicy: Never
containers:
- name: myapp-nginx
image: harbor.daocloud.cn/daolab/nginx
- name: myapp-redis
image: harbor.daocloud.cn/daolab/redis
- name: myapp-memcached
image: harbor.daocloud.cn/daolab/memcached
- name: myapp-consul
image: harbor.daocloud.cn/daolab/consul
第二十四题
提供一个非完全正常运行的 Kubernetes Cluster, 在该Cluster中找出故障征兆。
确定node和出现故障的服务,采取措施修复故障服务,使 Cluster 恢复正常。确保所有更改永久有效。
提示:
可使用 ssh node-name 通过 ssh 命令连接到相应 node
可使用 sudo -i 命令在该 cluster 的任何node上获取更高权限
kubectl get cs 能看到controller manager 没有启动 登陆到master上 找到相关服务重启 systemctl start kube-manager-controller.service 情况二 kubectl get node显示connection refuse,估计是apiserver的故障
第二十五题
查看集群状态
kubectl get nodes
查看故障节点信息
kubectl describe node node1
Message显示kubelet无法访问(记不清了)
进入故障节点
ssh node1
查看节点中的kubelet进程
ps -aux | grep kubelete
没找到kubelet进程,查看kubelet服务状态
systemctl status kubelet.service
kubelet服务没启动,启动服务并观察
systemctl start kubelet.service
启动正常,enable服务
systemctl enable kubelet.service
回到考试节点并查看状态
exit
第二十六题
通过kubeadm 安装集群
在本任务中,将配置两个新Node(一个master: ik8s-master-0 和node节点 ik8s-node-0 ) 组成一个新集群, 要求:
安装完成后, node 状态为ready
Node已经安装了docker,请自行安装kubeadm等
根据官方文档安装即可
安装kubeadm
在master 执行: kubeadm init
根据master安装后的join命令,在节点执行: kubeadm join …
安装网络
检查node 是否ready: kubectl get node
第二十七题
export ETCDCTL_API=3
etcdctl help 再etcdctl snapshot save --help
etcdctl --endpoints=127.0.0.1:2379 --cacert=/etc/ssl/etcd/ssl/ca.pem --cert=/etc/ssl/etcd/ssl/node-node1.pem --key=/etc/ssl/etcd/ssl/node-node1-key.pem snapshot save /data/backup/etcd-snapshot.db
第二十八题
kubectl top pod -l name=cpu-user
第二十九题
kubectl get nodes --show-labels | grep -vi schedule | grep -vi version | grep -i ready | wc -l
第三十题
kubectl scale --replicas=5 deployment/loadbalancer
第三十一题
kubectl run myservice --image=harbor.daocloud.cn/daolab/nginx --generator=run-pod/v1 --dry-run -o yaml > /etc/kubernetes/manifests/24.yml
重启服务 systemctl start kubelet