CKA真题
来自:https://mp.weixin.qq.com/s/OkNWcNF16nNG1LhTxkMVjQ
一、列出pod并排序
#这个命令执行完后pod按abcd排序了
$ kubectl get pod --sort-by .metadata.name
二、找出pod中的错误日志
#其实就是kubectl logs命令
$ kubectl logs mypod-798fcd9949-lk9rc | grep error > xx.log
三、创建一个Pod,并调度到某节点上
#其实就是节点亲和性nodeSelector
$ cat > pod.yaml << EOF
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disktype: ssd
EOF
$ kubectl create -f pod.yaml
四、列出正常节点的个数
#ready状态的都算正常
$ kubectl get node | grep -w Ready
五、在Pod中挂载volume
#volumes和container同级,container中使用volumeMounts挂载
#参考https://kubernetes.io/docs/concepts/storage/volumes/
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
六、提供一个pod,添加init-container ,在container中添加一个空文件,启动的时候。在另一个containre中检测是否有这个文件,否则退出
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx-pod
name: nginx-pod
spec:
containers:
- image: nginx
name: nginx-pod
command: ['sh','-c','if [ -f "a.txt" ]; then echo xx ;fi']
ports:
- containerPort: 80
resources: {}
volumeMounts:
- name: workdir
mountPath: /usr/nginx/html
dnsPolicy: ClusterFirst
initContainers:
- image: busybox
name: initcheck
command: ['sh','-c','touch /tmp/index.html']
volumeMounts:
- name: workdir
mountPath: /tmp
volumes:
- name: workdir
emptyDir: {}
七、创建一个pod,再创建一个Service
apiVersion: v1
kind: Pod
metadata:
name: nats
labels:
app: nats
spec:
containers:
- name: nats
image: nats
---
apiVersion: v1
kind: Service
metadata:
name: nats
spec:
selector:
app: nats
ports:
- port: 4222
nodePort: 32222
type: NodePort
八、在一个Pod中创建两个容器
apiVersion: v1
kind: Pod
metadata:
name: demo
spec:
containers:
- image: nginx
name: nginx
- image: redis
name: redis
九、找到指定service下的pod中,cpu利用率按高到底排序
$ kubectl top pods --selector="app=demo" | grep -v NAME | sort -k 2 -nr
十、创建一个简单的deamonset
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-elasticsearch
namespace: kube-system
labels:
k8s-app: fluentd-logging
spec:
selector:
matchLabels:
name: fluentd-elasticsearch
template:
metadata:
labels:
name: fluentd-elasticsearch
spec:
tolerations:
# this toleration is to have the daemonset runnable on master nodes
# remove it if your masters can't run pods
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: fluentd-elasticsearch
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
十一、deployment的扩容,scale命令
$ kubectl scale --replicas=4 deployment demo
十二、创建secret,有一个paasword字段(手动base64加密),创建两个pod引用该secret,一个用env ,一个用volume来调用
$ echo -n 'admin' | base64
YWRtaW4=
$ echo -n '1f2d1e2e67df' | base64
MWYyZDFlMmU2N2Rm
然后写成一个secret对象
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
使用kubectl apply创建
$ kubectl apply -f ./secret.yaml
Pod 中使用 Secret 作为环境变量的示例:
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
Pod 中使用 volume 挂在 secret 的例子:
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
官方链接:https://kubernetes.io/docs/concepts/configuration/secret/
十三、先将nginx:1.9的deployment,升级到nginx:1.11,记录下来(—record),然后回滚到1.9
升级:
$ kubectl set image deployments demo demo=nginx:1.11 --record
回滚:
$ kubectl rollout undo deployment demo
十四、使用 nslookup 查看service 和pod的dns
service 和pod 的创建用之前的 yaml
# 查看 dns
$ kubectl run -it --image busybox:1.28.4 dnstest --rm /bin/sh
# 查看 sevice
$ nslookup svc-demo.kube-system.svc.cluster.local
# 查看 pod
# 查看pod ip时,要把1.2.3.4换成1-2-3-4,否则会报错
$ nslookup 1-2-3-4.default.pod.cluster.local
参考文档:https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
十五、etcdctl 来 备份etcd
参考文档地址:https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/
# 先声明环境变量ETCDCTL_API=3 ,不然etcdctl 是v2版本
$ ETCDCTL_API=3 etcdctl --cacert=/opt/kubernetes/ssl/ca.pem --cert=/opt/kubernetes/ssl/server.pem --key=/opt/kubernetes/ssl/server-key.pem --endpoints=https://192.168.1.36:2379 snapshot save /data/etcd_backup_dir/etcd-snapshot-`date +%Y%m%d`.db
十六、static pod 的使用
找到 --pod-manifest-path=/etc/kubelet.d/ 配置的位置,然后把 pod 的 yaml 放进去
apiVersion: v1
kind: Pod
metadata:
name: static-web
labels:
role: myrole
spec:
containers:
- name: web
image: nginx
ports:
- name: web
containerPort: 80
protocol: TCP
参考文档地址:https://kubernetes.io/docs/tasks/administer-cluster/static-pod/
十七、在一个新的namespace创建pod
先创建 ns
# 创建 ns
$ kubectl create namespace test
再创建 pod
apiVersion: v1
kind: Pod
metadata:
name: demo
namespace: test
spec:
containers:
- image: nginx
name: nginx
十八、pv 类型 hostpath 位置在/data,大小为1G, readonly 模式
参考文档:参考文档地址:https://kubernetes.io/docs/concepts/storage/persistent-volumes/
apiVersion: v1
kind: PersistentVolume
metadata:
name: example-pv
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadOnlyMany
persistentVolumeReclaimPolicy: Delete
local:
path: /data
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- test-node
二十、给Pod创建service
Pod 配置文件
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
service 配置文件,通过 labels app=nginx 关联 pod
apiVersion: v1
kind: Service
metadata:
name: nginx
labels:
app: nginx
spec:
ports:
- port: 80
protocol: TCP
selector:
app: nginx
二十一、使用node selector,选择disk为ssd的机器调度
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disktype: ssd
二十二、排查apiserver连接不上的问题
下面例举一些可能导致的原因:
-
1、apiserver 有负载均衡,负载均衡服务有问题,或者负载均衡服务连接不上后端apiserver
-
2、TLS证书过期,分两种情况:
-
- 2.1、整个集群证书过期
- 2.2、ETCD证书和K8S集群证书分开颁发,只有ETCD集群证书过期,或者k8s内部证书过期
-
3、apiserver 服务连接过多,导致连接不上
-
4、k8s集群规则大,导致etcd集群响应慢,apiserver接口服务也受到影响(因为 apiserver 是k8s集群唯一数据查询与写入口)
还有其它原因,本文只例举这些。
二十三、把一个node弄成unavailable 并且把上边的pod重新调度去新的node上
$ kubectl drain ${node-name} --delete-local-data=true --ignore-daemonsets=true
真题日期
- 日期:2019年5月
- 版本:k8s 1.13