CKA真题:题目和解析-3
所有命令都验证过,有更好的方式,欢迎留言~~~
CKA 习题和真题汇总
CKA考试经验:报考和考纲
CKA :2019年12月英文原题和分值
CKA考试习题:K8S基础概念--API 对象 CKA考试习题:调度管理- nodeAffinity、podAffinity、Taints CKA考试习题:K8S日志、监控与应用管理 CKA考试习题:网络管理-Pod网络、Ingress、DNS CKA考试习题:存储管理-普通卷、PV、PVC CKA考试习题:安全管理--Network Policy、serviceaccount、clusterrole CKA考试习题:k8s故障排查 CKA真题:题目和解析-1 CKA真题:题目和解析-2 CKA真题:题目和解析-3 CKA真题:题目和解析-4 CKA真题:题目和解析-5 CKA真题:题目和解析-6CKA真题:手动配置TLS BootStrap
更多CKA资料或交流:可加 wei xin :wyf19910905
9、新分区创建PodSet configuration context $ kubectl config use-context k8s
Create a Pod as follows:
Name: jenkins
Using image: jenkins
In a new Kubernetes namespce named website-frontend
先创建namespace,再生成pod模板
kubectl run jenkins --image=jenkins --generator=run-pod/v1 --dry-run -o yaml >9pod.yml
创建pod加上namespace参数
答:
[root@vms31 ~]# kubectl create ns website-frontend namespace/website-frontend created [root@vms31 ~]# kubectl get ns NAME STATUS AGE default Active 174d kube-public Active 174d kube-system Active 174d ns001 Active 173d production Active 173d website-frontend Active 10s [root@vms31 opt]# cat 9pod.yaml apiVersion: v1 kind: Pod metadata: labels: run: jenkins name: jenkins spec: containers: - name: jenkins image: jenkins status: {} [root@vms31 opt]# kubectl apply -f 6.yaml -n website-frontend pod/jenkins created [root@vms31 opt]# kubectl get pods -n website-frontend NAME READY STATUS RESTARTS AGE jenkins 1/1 Running 0 18s官网链接:https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/
10、Deployment创建(--dry-run)Set configuration context $ kubectl config use-context k8s
Create a deployment spce file that will:
launch 7 replicas of the redis image with the label:app_env_stage=dev
Deployment name: kua100201
Save a copy of this spec file to /opt/KUAL00201/deploy_spec.yaml
When you are done,clean up (delete) any new k8s API objects that you produced during this task
创建一个deployment文件,文件将:
启动7个redis镜像副本,镜像标签是:app_env_stage=dev
deployment名称:kual00201
将规范文件的副本保存到/opt/KUAL002001/deploy_spec.yaml (or .json)
完成后,清理(删除)在此任务期间生成的任何新的k8s API对象
答
[root@vms31 opt]# kubectl run kua100201 --image=redis --replicas=7 --labels=app_env_stage=dev --dry-run -o yaml > ./opt/KUAL002001/deploy_spec.yaml [root@vms31 opt]# [root@vms31 opt]# [root@vms31 opt]# cat /opt/KUAL002001/deploy_spec.yaml apiVersion: apps/v1beta1 kind: Deployment metadata: creationTimestamp: null labels: app_env_stage: dev name: kua100201 spec: replicas: 7 selector: matchLabels: app_env_stage: dev strategy: {} template: metadata: creationTimestamp: null labels: app_env_stage: dev spec: containers: - image: redis name: kua100201 resources: {} status: {} [root@vms31 opt]# kubectl apply -f /opt/KUAL002001/deploy_spec.yaml deployment.apps/kua100201 created [root@vms31 opt]# kubectl delete -f /opt/KUAL002001/deploy_spec.yaml deployment.apps "kua100201" deleted11、统计Service中的podSet configuration context $ kubectl config use-context k8s
Create a file /opt/KUCC00302/kucc00302.txt that lists all pods that implement Service foo in Namespce production
The format of the file should be one pod name per line
创建一个文件/opt/KUCC00302/ KUCC00302 .txt,
其中列出在Namespce 为Production中实现Service 为foo的所有pod
文件的格式应该是每行一个pod名称
答:
[root@vms31 KUCC00302]# kubectl get svc --show-labels -n production | grep foobar [root@vms31 KUCC00302]# kubectl get pods -l name=haha -n production |grep -v NAME|awk '{print $1}' > /opt/KUCC00302/kucc00302.txt [root@vms31 KUCC00302]# cat /opt/KUCC00302/kucc00302.txt foo-fd6cbbd89-jdsdx foo-fd6cbbd89-wrd6v如果labels项是空白没有值的//查看foobar是否运行正常 kubectl get svc -n production | grep foobar //这个命令会得出一个标签值 kubectl describe svc foobar -n production | grep -i selector //也可以手动将得出的Pod名称复制到指定的文件中 kubectl get pods -n production --show-labels | grep 后面跟标签值 | awk '{print $1}' > /opt/KUCC00302/kucc00302.txt注意:如果foo这个服务有多个标签的话,依次查找
补充:
// 使用custom-columns,直接找到某个节点名,进行输出
12、secret
kubectl get pods -l run=nginx -o=custom-columns=NAME:metatda.name >name.yamlSet configuration context $ kubectl config use-context k8s
Create a kubetnetes Secret as follows:
Name: super-secret
Credential: alice or username:bob
Create a Pod named pod-secrets-via-file using the redis image which mounts a secret named super-secret at /secrets
Create a second Pod named pod-secrets-via-env using the redis image,which exports credential/username as TOPSECRET/CREDENTIALS
创建一个secret,使用以下:
名字:super-secret
Credential:alice or username:bob
创建一个pod名为pod-secrets-via-file 使用redis镜像,挂载名为super-secret的 挂载路径/secrets
使用redis镜像创建第二个Pod名称Pod-secrets-via-env,使用credential/username 的方式,对应的变量为:TOPSECRET/CREDENTIALS
答:
生成secret参考命令(https://kubernetes.io/docs/concepts/configuration/secret/)
# Credential:alice
kubectl create secret generic super-secret --from-literal=credential=alice# username:bob
kubectl create secret generic super-secret --from-literal=username=bob
生成yaml文件的命令,再在此基础上改写(可以在https://kubernetes.io/docs/页面搜索框输入volumes查询example)
kubectl run pod-secrets-via-file --image=redis --generator=run-pod/v1 --dry-run -o yaml >12pod-secrets-via-file .ymlapiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: pod-secrets-via-file name: pod-secrets-via-file spec: volumes: - name: super-secret secret: secretName: super-secret containers: - image: redis name: pod-secrets-via-file resources: {} volumeMounts: - name: super-secret mountPath: /secrets dnsPolicy: ClusterFirst restartPolicy: Always status: {} --- apiVersion: v1 kind: Pod metadata: creationTimestamp: null labels: run: pod-secrets-via-env name: pod-secrets-via-env spec: volumes: - name: super-secret secret: secretName: super-secret containers: - image: redis name: pod-secrets-via-env resources: {} env: - name: CREDENTIALS valueFrom: secretKeyRef: name: super-secret key: username - name: TOPSECRET valueFrom: secretKeyRef: name: super-secret key: credential dnsPolicy: ClusterFirst restartPolicy: Always status: {}官方文档位置:
https://kubernetes.io/docs/concepts/configuration/secret/
https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables
https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys
作者:琦彦
