所有命令都验证过,有更好的方式,欢迎留言~~~
CKA 习题和真题汇总
- CKA考试习题:K8S基础概念--API 对象
- CKA考试习题:调度管理- nodeAffinity、podAffinity、Taints
- CKA考试习题:K8S日志、监控与应用管理
- CKA考试习题:网络管理-Pod网络、Ingress、DNS
- CKA考试习题:存储管理-普通卷、PV、PVC
- CKA考试习题:安全管理--Network Policy、serviceaccount、clusterrole
- CKA考试习题:k8s故障排查
- CKA真题:题目和解析-1
- CKA真题:题目和解析-2
- CKA真题:题目和解析-3
- CKA真题:题目和解析-4
- CKA真题:题目和解析-5
- CKA真题:题目和解析-6
更多CKA资料或交流:可加 wei xin :wyf19910905
9、新分区创建Pod
Set configuration context $ kubectl config use-context k8s
Create a Pod as follows:
Name: jenkins
Using image: jenkins
In a new Kubernetes namespce named website-frontend
先创建namespace,再生成pod模板
kubectl run jenkins --image=jenkins --generator=run-pod/v1 --dry-run -o yaml >9pod.yml
创建pod加上namespace参数
答:
[root@vms31 ~]# kubectl create ns website-frontend
namespace/website-frontend created
[root@vms31 ~]# kubectl get ns
NAME STATUS AGE
default Active 174d
kube-public Active 174d
kube-system Active 174d
ns001 Active 173d
production Active 173d
website-frontend Active 10s
[root@vms31 opt]# cat 9pod.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: jenkins
name: jenkins
spec:
containers:
- name: jenkins
image: jenkins
status: {}
[root@vms31 opt]# kubectl apply -f 6.yaml -n website-frontend
pod/jenkins created
[root@vms31 opt]# kubectl get pods -n website-frontend
NAME READY STATUS RESTARTS AGE
jenkins 1/1 Running 0 18s
官网链接:https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/
10、Deployment创建(--dry-run)
Set configuration context $ kubectl config use-context k8s
Create a deployment spce file that will:
launch 7 replicas of the redis image with the label:app_env_stage=dev
Deployment name: kua100201
Save a copy of this spec file to /opt/KUAL00201/deploy_spec.yaml
When you are done,clean up (delete) any new k8s API objects that you produced during this task
创建一个deployment文件,文件将:
启动7个redis镜像副本,镜像标签是:app_env_stage=dev
deployment名称:kual00201
将规范文件的副本保存到/opt/KUAL002001/deploy_spec.yaml (or .json)
完成后,清理(删除)在此任务期间生成的任何新的k8s API对象
答
[root@vms31 opt]# kubectl run kua100201 --image=redis --replicas=7 --labels=app_env_stage=dev --dry-run -o yaml > ./opt/KUAL002001/deploy_spec.yaml
[root@vms31 opt]#
[root@vms31 opt]#
[root@vms31 opt]# cat /opt/KUAL002001/deploy_spec.yaml
apiVersion: apps/v1beta1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app_env_stage: dev
name: kua100201
spec:
replicas: 7
selector:
matchLabels:
app_env_stage: dev
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app_env_stage: dev
spec:
containers:
- image: redis
name: kua100201
resources: {}
status: {}
[root@vms31 opt]# kubectl apply -f /opt/KUAL002001/deploy_spec.yaml
deployment.apps/kua100201 created
[root@vms31 opt]# kubectl delete -f /opt/KUAL002001/deploy_spec.yaml
deployment.apps "kua100201" deleted
11、统计Service中的pod
Set configuration context $ kubectl config use-context k8s
Create a file /opt/KUCC00302/kucc00302.txt that lists all pods that implement Service foo in Namespce production
The format of the file should be one pod name per line
创建一个文件/opt/KUCC00302/ KUCC00302 .txt,
其中列出在Namespce 为Production中实现Service 为foo的所有pod
文件的格式应该是每行一个pod名称
答:
[root@vms31 KUCC00302]# kubectl get svc --show-labels -n production | grep foobar
[root@vms31 KUCC00302]# kubectl get pods -l name=haha -n production |grep -v NAME|awk '{print $1}' > /opt/KUCC00302/kucc00302.txt
[root@vms31 KUCC00302]# cat /opt/KUCC00302/kucc00302.txt
foo-fd6cbbd89-jdsdx
foo-fd6cbbd89-wrd6v
- 如果labels项是空白没有值的
//查看foobar是否运行正常
kubectl get svc -n production | grep foobar
//这个命令会得出一个标签值
kubectl describe svc foobar -n production | grep -i selector
//也可以手动将得出的Pod名称复制到指定的文件中
kubectl get pods -n production --show-labels | grep 后面跟标签值 | awk '{print $1}' > /opt/KUCC00302/kucc00302.txt
注意:如果foo这个服务有多个标签的话,依次查找
补充:
// 使用custom-columns,直接找到某个节点名,进行输出
kubectl get pods -l run=nginx -o=custom-columns=NAME:metatda.name >name.yaml
12、secret
Set configuration context $ kubectl config use-context k8s
Create a kubetnetes Secret as follows:
Name: super-secret
Credential: alice or username:bob
Create a Pod named pod-secrets-via-file using the redis image which mounts a secret named super-secret at /secrets
Create a second Pod named pod-secrets-via-env using the redis image,which exports credential/username as TOPSECRET/CREDENTIALS
创建一个secret,使用以下:
名字:super-secret
Credential:alice or username:bob
创建一个pod名为pod-secrets-via-file 使用redis镜像,挂载名为super-secret的 挂载路径/secrets
使用redis镜像创建第二个Pod名称Pod-secrets-via-env,使用credential/username 的方式,对应的变量为:TOPSECRET/CREDENTIALS
答:
生成secret参考命令(https://kubernetes.io/docs/concepts/configuration/secret/)
# Credential:alice
kubectl create secret generic super-secret --from-literal=credential=alice# username:bob
kubectl create secret generic super-secret --from-literal=username=bob
生成yaml文件的命令,再在此基础上改写(可以在https://kubernetes.io/docs/页面搜索框输入volumes查询example)
kubectl run pod-secrets-via-file --image=redis --generator=run-pod/v1 --dry-run -o yaml >12pod-secrets-via-file .yml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-secrets-via-file
name: pod-secrets-via-file
spec:
volumes:
- name: super-secret
secret:
secretName: super-secret
containers:
- image: redis
name: pod-secrets-via-file
resources: {}
volumeMounts:
- name: super-secret
mountPath: /secrets
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
---
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: pod-secrets-via-env
name: pod-secrets-via-env
spec:
volumes:
- name: super-secret
secret:
secretName: super-secret
containers:
- image: redis
name: pod-secrets-via-env
resources: {}
env:
- name: CREDENTIALS
valueFrom:
secretKeyRef:
name: super-secret
key: username
- name: TOPSECRET
valueFrom:
secretKeyRef:
name: super-secret
key: credential
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
官方文档位置:
https://kubernetes.io/docs/concepts/configuration/secret/
https://kubernetes.io/docs/concepts/configuration/secret/#using-secrets-as-environment-variables
https://kubernetes.io/docs/concepts/configuration/secret/#use-case-pod-with-ssh-keys