侧边栏壁纸
博主头像
问道

问道的小花园,总能给你带来惊喜

  • 累计撰写 33 篇文章
  • 累计创建 22 个标签
  • 累计收到 3 条评论

kubernetes管理员考试(CKA考试)真题:详细解答

问道
2022-06-25 / 0 评论 / 0 点赞 / 309 阅读 / 20,782 字 / 正在检测是否收录...
温馨提示:
本文最后更新于 2022-07-16,若内容或图片失效,请留言反馈。部分素材来自网络,若不小心影响到您的利益,请联系我们删除。

2021年CKA考试时的题目,有良好的参考价值

设置tab键补全命令

kubectl --help | grep bash
sudo -i
vim /etc/profile
source <(kubectl completion bash)
source /etc/profile

第一题

为部署管道创建一个新的 ClusterRole 并将其绑定到范围为特定 namespace 的特定ServiceAccount

Task
创建一个名字为 deployment-clusterrole 且仅允许创建创建以下资源类型的新 ClusterRole:
Deployment
StatefulSet
DaemonSet
在现有的 namespace app-team1 中创建有个名为 cicd-token 的新 ServiceAccount。
限 于 namespace app-team1 , 将 新 的 ClusterRole deployment-clusterrole 绑 定 到 新 的
ServiceAccount cicd-token。

[tom@vms20 ~]$ kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployment,statefulset,daemonset
clusterrole.rbac.authorization.k8s.io/deployment-clusterrole created

[tom@vms20 ~]$ kubectl create sa cicd-token -n app-team1
serviceaccount/cicd-token created
 
 [tom@vms20 ~]$ kubectl create rolebinding rbinding1 --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token -n app-team1
rolebinding.rbac.authorization.k8s.io/rbinding1 created
 

第二题

设置配置环境 kubectl config use-context ek8s

将名为 ek8s-node-0 (vms25)的 node 设置为不可用,并重新调度该 node 上所有运行的 pods。

[tom@vms20 ~]$ kubectl config use-context ek8s
Switched to context "ek8s".

[tom@vms20 ~]$ kubectl drain vms25.rhce.cc --ignore-daemonsets
node/vms25.rhce.cc already cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/calico-node-g5xk8, kube-system/kube-proxy-cfm6q
node/vms25.rhce.cc drained
 --delete-local-data --force
#如果报错,看提示要你写什么选项,就写什么选项
#把选项加全的写法
 kubectl drain vms25.rhce.cc --ignore-daemonsets --delete-local-data --force

第三题

设置配置环境 kubectl config use-context mk8s

现有的 kubernetes 集群正在运行的版本是 1.19.2。仅将主节点上的所有 kubernetes 控制平面
和节点组件升级到版本 1.20.1。
另外,在主节点上升级 kubelet 和 kubectl。

确保在升级前 drain 主节点,并在升级后 uncordon 主节点。请不要升级工作节点,etcd,
container 管理器,CNI 插件,DNS 服务或任何其他插件。

#考试是Ubuntu系统,模拟用的是centos系统
ssh vms28.rhce.cc #主机名没有就直接写ip
sudo -i
apt-mark unhold kubeadm && apt-get update && apt-get install -y kubeadm=1.21.x-00 && apt-mark hold kubeadm

[root@vms28 ~]# kubectl drain vms28.rhce.cc --ignore-daemonsets
node/vms28.rhce.cc cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/calico-node-d488p, kube-system/kube-proxy-q5tv9
evicting pod kube-system/calico-kube-controllers-65f8bc95db-6jwwt
evicting pod kube-system/coredns-6d56c8448f-b6l26
evicting pod kube-system/coredns-6d56c8448f-fw8wh
pod/coredns-6d56c8448f-fw8wh evicted
pod/calico-kube-controllers-65f8bc95db-6jwwt evicted
pod/coredns-6d56c8448f-b6l26 evicted
node/vms28.rhce.cc evicted

[root@vms28 ~]# kubeadm upgrade apply v1.20.1 --etcd-upgrade=false
[upgrade/config] Making sure the configuration is correct:
[upgrade/config] Reading configuration from the cluster...
[upgrade/config] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
[preflight] Running pre-flight checks.
[upgrade] Running cluster health checks
[upgrade/version] You have chosen to change the cluster version to "v1.20.1"
[upgrade/versions] Cluster version: v1.19.2
[upgrade/versions] kubeadm version: v1.20.1
[upgrade/confirm] Are you sure you want to proceed with the upgrade? [y/N]: y
[upgrade/prepull] Pulling images required for setting up a Kubernetes cluster


 yum install -y kubelet-1.20.1-0 kubectl-1.20.1-0 --disableexcludes=kubernetes
 
[root@vms28 ~]# systemctl daemon-reload;systemctl restart kubelet
[root@vms28 ~]# 
[root@vms28 ~]# 
[root@vms28 ~]# kubectl uncorndon vms28.rhce.cc
[root@vms28 ~]# kubectl uncordon vms28.rhce.cc
node/vms28.rhce.cc uncordoned
[root@vms28 ~]# kubectl get nodes
NAME            STATUS   ROLES                  AGE    VERSION
vms28.rhce.cc   Ready    control-plane,master   183d   v1.20.1
vms29.rhce.cc   Ready    <none>                 183d   v1.19.2
 
#比较完整规范的安装过程
先是切换集群
在ssh到集群的主节点上,用普通用户,再切root
[tom@vms20 ~]$ ssh vms28.rhce.cc
Warning: Permanently added 'vms28.rhce.cc' (ECDSA) to the list of known hosts.
[tom@vms28 ~]$ 
[tom@vms28 ~]$ sudo -i

驱赶节点
[root@vms28 ~]# kubectl drain vms28.rhce.cc --ignore-daemonsets
node/vms28.rhce.cc already cordoned
WARNING: ignoring DaemonSet-managed Pods: kube-system/calico-node-d488p, kube-system/kube-proxy-q5tv9
evicting pod kube-system/calico-kube-controllers-65f8bc95db-6jwwt
evicting pod kube-system/coredns-6d56c8448f-b6l26
evicting pod kube-system/coredns-6d56c8448f-fw8wh
pod/calico-kube-controllers-65f8bc95db-6jwwt evicted
pod/coredns-6d56c8448f-b6l26 evicted
pod/coredns-6d56c8448f-fw8wh evicted
node/vms28.rhce.cc evicted

升级 kubeadm
[root@vms28 ~]# yum install -y kubeadm-1.20.1-0 --disableexcludes=kubernetes

选择并运用要升级的目标,并且不升级etcd
[root@vms28 ~]# kubeadm upgrade apply v1.20.1 --etcd-upgrade=false

升级 kubelet 和 kubectl
[root@vms28 ~]# yum install -y kubelet-1.20.1-0 kubectl-1.20.1-0 --disableexcludes=kubernetes

重启 kubelet
[root@vms28 ~]# systemctl daemon-reload
[root@vms28 ~]# systemctl restart kubelet

通过将节点标记为可调度,让其重新上线:
[root@vms28 ~]# kubectl uncordon vms28.rhce.cc

查看升级结果
[root@vms28 ~]# kubectl get nodes
NAME            STATUS   ROLES                  AGE    VERSION
vms28.rhce.cc   Ready    control-plane,master   207d   v1.20.1
vms29.rhce.cc   Ready    <none>                 207d   v1.19.2
 


第四题

此项目无需更改配置环境

首 先 为 运 行 在 https://127.0.0.1:2379 上 的 现 有 etcd 实 例 创 建 快 照 并 将 快 照 保 存 到
/srv/data/etcd-snapshot.db。

为给定实例创建快照预计能在几秒钟内完成。如果该操作似乎挂起,则命令可能有问题。用
ctrl+c 来取消操作,然后重试。

然后还原位于/srv/data/etcd-snapshot-previous.db 的现有先前快照。

提供了一下 TLS 证书和密钥,以通过 etcdctl 连接到服务器。
CA 证书:/opt/KUIN00601/ca.crt
客户端证书: /opt/KUIN00601/etcd-client.crt
客户端密钥:/opt/KUIN00601/etcd-client.key

#不需要切换环境就是在控制台上做
#设置etcdctl的版本环境变量
使用root用户做,注意地址是 https://127.0.0.1:2379 
export ETCDCTL_API=3
[root@vms20 ~]# etcdctl snapshot save --help
NAME:
  snapshot save - Stores an etcd node backend snapshot to a given file

USAGE:
  etcdctl snapshot save <filename>

GLOBAL OPTIONS:
      --cacert=""        verify certificates of TLS-enabled secure servers using this CA bundle
      --cert=""          identify secure client using this TLS certificate file
      --command-timeout=5s      timeout for short running command (excluding dial timeout)
      --debug[=false]        enable client-side debug logging
      --dial-timeout=2s        dial timeout for client connections
  -d, --discovery-srv=""      domain name to query for SRV records describing cluster endpoints
      --endpoints=[127.0.0.1:2379]    gRPC endpoints
      --hex[=false]        print byte strings as hex encoded strings
      --insecure-discovery[=true]    accept insecure SRV records describing cluster endpoints
      --insecure-skip-tls-verify[=false]  skip server certificate verification
      --insecure-transport[=true]    disable transport security for client connections
      --keepalive-time=2s      keepalive time for client connections
      --keepalive-timeout=6s      keepalive timeout for client connections
      --key=""          identify secure client using this TLS key file
      --user=""          username[:password] for authentication (prompt if password is not supplied)
  -w, --write-out="simple"      set the output format (fields, json, protobuf, simple, table)
 
etcdctl snapshot save --cacert="/opt/KUIN00601/ca.crt" --cert="/opt/KUIN00601/etcd-client.crt" --key="/opt/KUIN00601/etcd-client.key" --endpoints=[127.0.0.1:2379] /srv/data/etcd-snapshot.db

etcdctl snapshot restore --cacert="/opt/KUIN00601/ca.crt" --cert="/opt/KUIN00601/etcd-client.crt" --key="/opt/KUIN00601/etcd-client.key" --endpoints=[127.0.0.1:2379] /srv/data/etcd-snapshot-previous.db 

第五题

设置配置环境 kubectl config use-context k8s

创建一个名为allow-port-from-namespace 的新NetworkPolicy,以允许现有namespace my-app中的 Pods 连接到同一 namespace 中其他 pods 的端口 9200。

确保新的 NetworkPolicy:

不允许 对没有在监听端口 9200 的 pods 访问

不允许 不来自 namespace my-app 的 pods 的访问

[tom@vms20 ~]$ kubectl get ns
NAME              STATUS   AGE
app-team1         Active   188d
default           Active   188d
ing-internal      Active   186d
ingress-nginx     Active   75d
kube-node-lease   Active   188d
kube-public       Active   188d
kube-system       Active   188d
[tom@vms20 ~]$ kubectl create ns my-app
namespace/my-app created
[tom@vms20 ~]$ kubectl label ns my-app name=my-app
namespace/my-app labeled
[tom@vms20 ~]$ kubectl get ns --show-labels
NAME              STATUS   AGE     LABELS
app-team1         Active   188d    <none>
default           Active   188d    <none>
ing-internal      Active   186d    <none>
ingress-nginx     Active   75d     app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx
kube-node-lease   Active   188d    <none>
kube-public       Active   188d    <none>
kube-system       Active   188d    <none>
my-app            Active   3m32s   name=my-app
#新建网络策略的yaml

[tom@vms20 ~]$ cat 5-network.yaml 
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-port-from-namespace
  namespace: my-app
spec:
  podSelector:
    matchLabels:
  policyTypes:
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: my-app
    ports:
    - protocol: TCP
      port: 9200


[tom@vms20 ~]$ kubectl apply -f 5-network.yaml 
networkpolicy.networking.k8s.io/allow-port-from-namespace created

#考试的时候可能会变化,设置出去流量的网络策略 

第六题

设置配置环境 kubectl config use-context k8s

请重新配置现有的部署 front-end 以及添加名为 http 的端口规范来公开现有容器 nginx 的端
口 80/tcp。

创建一个名为 front-end-svc 的新服务,以公开容器端口 http。

配置此服务,以通过在排定的节点上的 NodePort 来公开各个 pods。

yaml文件更改
      - image: nginx
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - containerPort: 80
          name: http
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
        
[tom@vms20 ~]$ kubectl get deploy
NAME        READY   UP-TO-DATE   AVAILABLE   AGE
front-end   1/1     1            1           187d
webserver   1/1     1            1           186d
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl edit deploy front-end
error: deployments.apps "front-end" is invalid
A copy of your changes has been stored to "/tmp/kubectl-edit-u41ie.yaml"
error: Edit cancelled, no valid changes were saved.
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl edit deploy front-end
Edit cancelled, no changes made.
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ sudo -i
[root@vms20 ~]# kubectl edit deploy front-end
deployment.apps/front-end edited

[root@vms20 ~]# kubectl expose --name=front-end-svc deployment front-end --port=80 --target-port=80 --type=NodePort
service/front-end-svc exposed
 

第七题

设置配置环境 kubectl config use-context k8s

如下创建一个新的 nginx ingress 资源:

名称:pong
namespace: ing-internal
使用服务端口 5678 在路径/hello 上公开服务 hello

可以使用一下命令检查服务 hello 的可用性,该命令返回 hello:
curl -kL < INTERNAL_ IP>/hello/

订正
kubectl exec -it pod1 -n ing-internal -- ls /usr/share/nginx/html/如果没有 hello 的话
kubectl exec -it pod1 -n ing-internal -- bash
mkdir /usr/share/nginx/html/hello
echo hello > /usr/share/nginx/html/hello/index.html
exit
再试

#yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pong
  namespace: ing-internal
  #annotations: #练习环境注释这两行,考试的时候保留,这样就能得到hello
  #  nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /hello
        pathType: Prefix
        backend:
          service:
            name: hello
            port:
              number: 5678   
              
[tom@vms20 ~]$ kubectl apply -f 7-ingress.yaml

#并没有得到hello
kubectl get pods -n ing-internal #用这条命令得到要进去的容器

[tom@vms20 ~]$ kubectl get ing -n ing-internal #这条命令来获得ingress
NAME   CLASS    HOSTS   ADDRESS         PORTS   AGE
pong   <none>   *       192.168.26.23   80      13d

[tom@vms20 ~]$ kubectl exec -it ingress-nginx-controller-5774fb4dd9-l5p5f -n ingress-nginx -- bash
bash-5.0$ mkdir /usr/share/nginx/html/hello
mkdir: can't create directory '/usr/share/nginx/html/hello': No such file or directory
bash-5.0$ su -
su: must be suid to work properly
bash-5.0$ sudo mkdir /usr/share/nginx/html/hello
bash: sudo: command not found
bash-5.0$ sudo echo hello > /usr/share/nginx/html/hello/index.html
bash: /usr/share/nginx/html/hello/index.html: No such file or directory
bash-5.0$ exit
exit
command terminated with exit code 1
[tom@vms20 ~]$ curl -kL 192.168.26.23/hello/index.html
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>
[tom@vms20 ~]$ curl -kL 192.168.26.23/hello
<html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body>
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx</center>
</body>
</html>

第八题

设置配置环境 kubectl config use-context k8s

将 deployment 从 webserver 扩展至 6pods

[tom@vms20 ~]$ kubectl get deploy
NAME        READY   UP-TO-DATE   AVAILABLE   AGE
front-end   1/1     1            1           187d
webserver   1/1     1            1           186d
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl scale deployment webserver --replicas=6
deployment.apps/webserver scaled

第九题

设置配置环境 kubectl config use-context k8s

按如下要求调度一个 pod:

名称:nginx-kusc00401
image: nginx
Node selector: disk=ssd

[tom@vms20 ~]$ kubectl config use-context k8s
Switched to context "k8s".
[tom@vms20 ~]$ --
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl run nginx-kusc00401 --image=nginx --image-pull-policy=IfNotPresent --dry-run=client -o yaml > 9-pod.yaml
[tom@vms20 ~]$ vim 9-pod.yaml


apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx-kusc00401
  name: nginx-kusc00401
spec:
  nodeSelector:
    disk: ssd                                                                                                                              
  containers:
  - image: nginx
    imagePullPolicy: IfNotPresent
    name: nginx-kusc00401
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

[tom@vms20 ~]$ kubectl apply -f 9-pod.yaml 
pod/nginx-kusc00401 created

nodeSelector

第十题

设置配置环境 kubectl config use-context k8s

检查有多少个 worker nodes 已准备就绪(不包括被打上 Taint: NoSchedule 的节点),并将数
量写入/opt/KUSC00402/kusc00402.txt

[tom@vms20 ~]$ kubectl get nodes
NAME            STATUS   ROLES                  AGE    VERSION
vms21.rhce.cc   Ready    control-plane,master   188d   v1.20.1
vms22.rhce.cc   Ready    <none>                 188d   v1.20.1
vms23.rhce.cc   Ready    <none>                 188d   v1.20.1
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl describe nodes vms21.rhce.cc | grep Taint
Taints:             node-role.kubernetes.io/master:NoSchedule
[tom@vms20 ~]$ kubectl describe nodes vms22.rhce.cc | grep Taint
Taints:             <none>
[tom@vms20 ~]$ kubectl describe nodes vms23.rhce.cc | grep Taint
Taints:             <none>
[tom@vms20 ~]$ echo 2 > /opt/KUSC00402/kusc00402.txt

第十一题

设置配置环境 kubectl config use-context k8s

创建一个名字为kucc4的pod,在pod里面分别为以下每个images单独运行一个app container
(可能会有 1-4 个 images):
nginx+redis+memcached+consul

[tom@vms20 ~]$ kubectl config use-context k8s
Switched to context "k8s".
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl run kucc4 --image=nginx --image-pull-policy=IfNotPresent --dry-run=client -o yaml > 11-pod.yaml
[tom@vms20 ~]$ vim 11-pod.yaml 
[tom@vms20 ~]$ cat 11-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: kucc4
  name: kucc4
spec:
  containers:
  - image: nginx
    imagePullPolicy: IfNotPresent
    name: c1
    resources: {}
  - image: redis
    imagePullPolicy: IfNotPresent
    name: c2
    resources: {}
  - image: memcached
    imagePullPolicy: IfNotPresent
    name: c3
    resources: {}
  - image: consul
    imagePullPolicy: IfNotPresent
    name: c4
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
[tom@vms20 ~]$ kubectl apply -f 11-pod.yaml 
pod/kucc4 created

第十二题

设置配置环境 kubectl config use-context k8s

创建名为 app-data 的 persistent volume,容量为 1Gi,访问模式为 ReadWriteMany。volume
类型为 hostPath,位于/srv/app-data

[tom@vms20 ~]$ kubectl config use-context k8s
Switched to context "k8s".
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ vim 12-pv.yaml
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl apply -f 12-pv.yaml 
error: error validating "12-pv.yaml": error validating data: ValidationError(PersistentVolume.spec): unknown field "hostpath" in io.k8s.api.core.v1.PersistentVolumeSpec; if you choose to ignore these errors, turn validation off with --validate=false
[tom@vms20 ~]$ vim 12-pv.yaml 
[tom@vms20 ~]$ kubectl apply -f 12-pv.yaml 
persistentvolume/app-data created
[tom@vms20 ~]$ cat 12-pv.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: app-data
spec:
  capacity:
    storage: 1Gi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Recycle
  hostPath:
    path: /srv/app-data

第十三题

设置配置环境 kubectl config use-context k8s

创建一个新的 PersistentVolumeClaim:
名称:pvvolume
class:csi-hostpath-sc
容量:10Mi

创建一个新的 pod,此 pod 将作为 volume 挂载到 PersistentVolumeClaim:
名称:web-server
image: nginx
挂载路径: /usr/share/nginx/html
配置新的 pod,以对 volume 具有 ReadWriteOnce 权限。

最后,使用 kubectl edit 或者 kubectl patch 将 PersistentVolumeClaim 的容量扩展为 70Mi,并
记录此次更改

[tom@vms20 ~]$ kubectl config use-context k8s
Switched to context "k8s".
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ vim 13-pvc.yaml
[tom@vms20 ~]$ cat 13-pvc.yaml 
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pvvolume
spec: 
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 10Mi
  storageClassName: csi-hostpath-sc
[tom@vms20 ~]$ kubectl apply -f 13-pvc.yaml 
persistentvolumeclaim/pvvolume created
[tom@vms20 ~]$ kubectl get pvc
NAME       STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS      AGE
pvvolume   Bound    pvc-b53cc659-6542-49b3-9dc9-c7464ae5f8c2   10Mi       RWO            csi-hostpath-sc   6s
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ vim 13-pod.yaml
[tom@vms20 ~]$ cat 13-pod.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: web-server
spec:
  containers:
    - name: myfrontend
      image: nginx
      volumeMounts:
      - mountPath: " /usr/share/nginx/html"
        name: mypd
  volumes:
    - name: mypd
      persistentVolumeClaim:
        claimName: pvvolume

[tom@vms20 ~]$ kubectl edit pvc pvvolume --record
persistentvolumeclaim/pvvolume edited

spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 70Mi
  storageClassName: csi-hostpath-sc
  volumeMode: Filesystem
  volumeName: pvc-b53cc659-6542-49b3-9dc9-c7464ae5f8c2
status:
  accessModes:
  - ReadWriteOnce
  capacity:
    storage: 70Mi
  phase: Bound

第十四题

设置配置环境 kubectl config use-context k8s

监控 pod foo 的日志并:

提取与错误 unable-to-access-website 相对应的日志行
将这些日志行写入到/opt/KUTR00101/foo

[tom@vms20 ~]$ kubectl config use-context k8s
Switched to context "k8s".
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl logs foo | grep unable-to-access-website > /opt/KUTR00101/foo
[tom@vms20 ~]$ kubectl logs foo | grep unable-to-access-website
unable-to-access-website
unable-to-access-website
unable-to-access-website
unable-to-access-website

第十五题

设置配置环境 kubectl config use-context k8s

在不更改其现有容器的情况下,需要将一个现有的 pod 集成到 kubernetes 的内置日志记录体系结构中(例如 kubectl logs)。添加 streamimg sidecar 容器是实现此要求的一种好方法。
Task
将一个 busybox sidecar 容器添加到现有的 pod legacy-app。新的 sidecar 容器必须运行一下命令:
/bin/sh -c tail -n+1 -f /var/log/legacy-app.log

使用名为 logs 的 volume mount 来让文件/var/log/legacy-app.log 可用于 sidecar 容器。

不要更改现有容器。不要修改日志文件的路径,两个容器必须通过/var/log/legacy-app.log 来访问该文件。

[tom@vms20 ~]$ kubectl config use-context k8s
Switched to context "k8s".
[tom@vms20 ~]$ kubectl get pods
NAME                         READY   STATUS    RESTARTS   AGE
csi-hostpath-attacher-0      1/1     Running   4          3d11h
csi-hostpath-provisioner-0   1/1     Running   9          3d11h
csi-hostpath-resizer-0       1/1     Running   4          3d11h
csi-hostpath-snapshotter-0   1/1     Running   4          3d11h
csi-hostpath-socat-0         1/1     Running   3          3d11h
csi-hostpathplugin-0         3/3     Running   10         3d11h
foo                          1/1     Running   5          75d
front-end-86bd877494-mctkz   1/1     Running   1          12h
kucc4                        4/4     Running   4          11h
legacy-app                   1/1     Running   5          75d
nginx-kusc00401              1/1     Running   1          11h
web-server                   1/1     Running   0          4m30s
webserver-7484bc7558-26f4k   1/1     Running   1          11h
webserver-7484bc7558-4c5zb   1/1     Running   1          11h
webserver-7484bc7558-b9vfj   1/1     Running   1          11h
webserver-7484bc7558-qzmpg   1/1     Running   4          3d11h
webserver-7484bc7558-spxb9   1/1     Running   1          11h
webserver-7484bc7558-sqc56   1/1     Running   1          11h
[tom@vms20 ~]$ kubectl get pods legacy-app -o yaml > 15-pod.yaml
[tom@vms20 ~]$ kubectl get pods legacy-app -o yaml > 15-pod.yaml.bak
[tom@vms20 ~]$ ls
11-pod.yaml  12-pv.yaml  13-pod.yaml  13-pvc.yaml  15-pod.yaml  15-pod.yaml.bak  5-network.yaml  7-ingress.yaml  9-pod.yaml
[tom@vms20 ~]$ kubectl delete pod legacy-app --force
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "legacy-app" force deleted


spec:
  containers:
  - env:
    - name: LOG_FILENAME
      value: /var/log/legacy-app.log
    image: docker.io/lfcert/monitor:latest
    imagePullPolicy: IfNotPresent
    name: liveness
    resources: {}
    terminationMessagePath: /dev/termination-log
    terminationMessagePolicy: File
    volumeMounts:
    - mountPath: /var/run/secrets/kubernetes.io/serviceaccount
      name: default-token-5ttw5
      readOnly: true
    - name: logs
      mountPath: /var/log
  - name: busybox
    image: busybox
    command: ["sh","-c","tail -n+1 -f /var/log/legacy-app.log"]
    imagePullPolicy: IfNotPresent
    volumeMounts: 
    - name: logs
      mountPath: /var/log
  dnsPolicy: ClusterFirst
  enableServiceLinks: true
  nodeName: vms23.rhce.cc
 
status:
  conditions:
  - lastProbeTime: null
    lastTransitionTime: "2021-01-31T11:40:12Z"
    status: "True"
    type: Initialized
  - lastProbeTime: null
    lastTransitionTime: "2021-04-17T01:59:06Z"
    status: "True"
  volumes:
  - name: default-token-5ttw5
    secret:
      defaultMode: 420
      secretName: default-token-5ttw5
  - name: logs                                                                                                                             
    emptyDir: {}
status:
  conditions:

第一个yaml文件通过kubectl get pods legacy-app -o yaml > 15-pod.yaml,还可以再做个备份

把volume放在一起

第十六题

设置配置环境 kubectl config use-context k8s

通过 pod label name=cpu-user,找到运行时占用大量 CPU 的 pod,并将占用 CPU 最高的 pod
名称写入到文件/opt/KUTR000401/KUTR00401.txt(已存在)

[tom@vms20 ~]$ kubectl config use-context k8s
Switched to context "k8s".
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ kubectl top pods -l name=cpu-user
NAME                         CPU(cores)   MEMORY(bytes)   
webserver-7484bc7558-26f4k   0m           3Mi             
webserver-7484bc7558-4c5zb   0m           1Mi             
webserver-7484bc7558-b9vfj   0m           1Mi             
webserver-7484bc7558-qzmpg   0m           1Mi             
webserver-7484bc7558-spxb9   0m           1Mi             
webserver-7484bc7558-sqc56   0m           1Mi             
[tom@vms20 ~]$ 
[tom@vms20 ~]$ 
[tom@vms20 ~]$ #/opt/KUTR000401/KUTR00401.txt
[tom@vms20 ~]$ 
[tom@vms20 ~]$ echo webserver-7484bc7558-26f4k > /opt/KUTR000401/KUTR00401.txt
[tom@vms20 ~]$ echo webserver-7484bc7558-26f4k > /opt/KUTR00401/KUTR00401.txt
-bash: /opt/KUTR00401/KUTR00401.txt: 没有那个文件或目录
[tom@vms20 ~]$ mkdir /opt/KUTR00401/
[tom@vms20 ~]$ echo webserver-7484bc7558-26f4k > /opt/KUTR00401/KUTR00401.txt

第十七题

设置配置环境 kubectl config use-context ek8s

名为 wk8s-node-0(练习环境使用 vms26.rhce.cc)的 kubernetes worker node 处于 Not Ready 状
态。调查发生这种情况的原因,并采取相应措施将 node 恢复为 Ready 状态,确保所做的任何更改永久生效。

可使用以下命令通过 ssh 连接到故障 node:
ssh wk8s-node-0 (vms26.rhce.cc
可使用一下命令在该 node 上获取更高权限:
sudo -i

[root@vms20 ~]# kubectl config use-context ek8s
Switched to context "ek8s".
[root@vms20 ~]# kubectl get nodes
NAME            STATUS                     ROLES                  AGE    VERSION
vms24.rhce.cc   Ready                      control-plane,master   191d   v1.20.1
vms25.rhce.cc   Ready,SchedulingDisabled   <none>                 191d   v1.20.1
vms26.rhce.cc   NotReady                   <none>                 191d   v1.20.1
[root@vms20 ~]# 
[root@vms20 ~]# 
[root@vms20 ~]# ssh tom@vms26.rhce.cc
tom@vms26.rhce.cc's password: 
Last login: Sat Apr 17 11:52:53 2021 from 192.168.26.26
[tom@vms26 ~]$ 
[tom@vms26 ~]$ 
[tom@vms26 ~]$ sudo -i
[root@vms26 ~]# 
[root@vms26 ~]# 
[root@vms26 ~]# systemctl is-active kubelet.service 
unknown
[root@vms26 ~]# systemctl start kubelet
[root@vms26 ~]# systemctl enable kubelet
Created symlink from /etc/systemd/system/multi-user.target.wants/kubelet.service to /usr/lib/systemd/system/kubelet.service.
[root@vms26 ~]# exit
登出
[tom@vms26 ~]$ exit
登出
Connection to vms26.rhce.cc closed.
[root@vms20 ~]# kubectl get nodes
NAME            STATUS                     ROLES                  AGE    VERSION
vms24.rhce.cc   Ready                      control-plane,master   191d   v1.20.1
vms25.rhce.cc   Ready,SchedulingDisabled   <none>                 191d   v1.20.1
vms26.rhce.cc   Ready                      <none>                 191d   v1.20.1

0

评论区