1.新建命名空间,在该命名空间中创建一个pod
• 命名空间名称:cka • pod名称:pod-01 • 镜像:nginx
kubectl get ns
kubectl create namespace cka
kubectl run pod-01 --image=nginx -n=cka -oyaml --dry-run
kubectl get pods -n cka
pod-01.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-01
namespace: cka
labels:
app: myapp
spec:
containers:
- name: nginx
image: nginx
2.创建一个deployment并暴露Service
• 名称:xuming-666 • 镜像:nginx
kubectl create deployment xuming-666 --image=nginx
kubectl expose deployment xuming-666 --port=80 --target-port=80
deploy-xuming-666.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: xuming-666
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.14.2
ports:
- containerPort: 80
service-xuming-666.yaml
apiVersion: v1
kind: Service
metadata:
name: xuming-666
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80
3.列出命名空间下指定标签pod
• 命名空间名称:kube-system • 标签:k8s-app=kube-dns
kubectl get pods -l k8s-app=kube-dns -n kube-system
4.查看pod日志,并将日志中Error的行记录到指定文件
• pod名称:web • 文件:/opt/web-log
kubectl logs web | grep error > /opt/web-log
5.查看指定标签使用cpu最高的pod,并记录到到指定文件
• 标签:app=web • 文件:/opt/cpu
kubectl top pods -l app=web --sort-by="cpu">/opt/cpu
6.在节点上配置kubelet托管启动一个pod
• 节点:k8s-node1 • pod名称:web • 镜像:nginx
ps -ef |grep kubelet
--config=/var/lib/kubelet/config.yaml
/var/lib/kubelet/config.yaml
staticPodPath: /etc/kubernetes/manifests
vi /etc/kubernetes/manifests/web.yaml
static-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
labels:
app: myapp
spec:
containers:
- name: nginx
image: nginx
7.向pod中添加一个init容器,init容器创建一个空文 件,如果该空文件没有被检测到pod退出
• pod名称:web
init-containers.yaml
apiVersion: v1
kind: Pod
metadata:
name: init-demo
spec:
containers:
- name: nginx
image: nginx
command: ['sh', '-c', 'if [ ! -e "/opt/test" ];then exit;fi;']
volumeMounts:
- name: workdir
mountPath: /opt
initContainers:
- name: install
image: busybox
command: ['sh', '-c', 'touch -p /opt/test']
volumeMounts:
- name: workdir
mountPath: /opt
volumes:
- name: workdir
emptyDir: {}
init-cont.yaml
apiVersion: v1
kind: Pod
metadata:
name: init-demo
spec:
containers:
- name: nginx
image: nginx
livenessProbe:
exec:
command: ['sh','-c','cat /opt/test']
volumeMounts:
- name: workdir
mountPath: /opt
initContainers:
- name: install
image: busybox
command: ['sh','-c','touch /opt/test']
volumeMounts:
- name: workdir
mountPath: /opt
restartPolicy: Always
volumes:
- name: workdir
emptyDir: {}
8.创建一个deployment 副本数 3,然后滚动更新镜像 版本,并记录这个更新记录,最后再回滚到上一个版本
• 名称:nginx • 镜像版本:1.16 • 更新镜像版本:1.17
kubectl create deployment web --image=nginx:1.16
kubectl set image deployment web nginx=nginx:1.17 --record
kubectl rollout history deployment web
kubectl rollout undo deployment web --回滚到上一个版本
kubectl rollout undo deployment web --to-revision=1 --回滚到指定版本
9.给web deployment扩容副本数为
kubectl scale deployment web --replicas=3
10.创建一个pod,其中运行着nginx、redis、 memcached、consul 4个容器
multi-containers.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: multi-containers
spec:
containers:
- name: nginx
image: nginx
- name: redis
image: redis
- name: memcached
image: memcached
- name: consul
image: consul
11.把deployment输出json文件,再删除创建的deployment
kubectl get deployments.apps web -o json>web.json
kubectl delete deployments.apps web
12.生成一个deployment yaml文件保存 到/opt/deploy.yaml
• 名称:web • 标签:app_env_stage=dev
kubectl create deployment web --image=nginx -oyaml --dry-run=client>/opt/deploy.yaml
然后根据要求修改标签,/opt/deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app_env_stag: dev
name: web
spec:
replicas: 1
selector:
matchLabels:
app: web
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: web
spec:
containers:
- image: nginx
name: nginx
resources: {}
status: {}
13.创建一个pod,分配到指定标签node上
• pod名称:web • 镜像:nginx • node标签:disk=ssd
kubectl label nodes k8s-node2 disktype=ssd --给k8s-node2加个节点标签
kubectl get nodes --show-labels
pod-nodeSelector.yaml
apiVersion: v1
kind: Pod
metadata:
name: web
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disktype: ssd
14.确保在每个节点上运行一个pod,不考虑污点
daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-elasticsearch
namespace: kube-system
labels:
k8s-app: fluentd-logging
spec:
selector:
matchLabels:
name: fluentd-elasticsearch
template:
metadata:
labels:
name: fluentd-elasticsearch
spec:
tolerations:
# this toleration is to have the daemonset runnable on master nodes
# remove it if your masters can't run pods
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: fluentd-elasticsearch
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
resources:
limits:
memory: 200Mi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: varlog
mountPath: /var/log
- name: varlibdockercontainers
mountPath: /var/lib/docker/containers
readOnly: true
terminationGracePeriodSeconds: 30
volumes:
- name: varlog
hostPath:
path: /var/log
- name: varlibdockercontainers
hostPath:
path: /var/lib/docker/containers
kubectl get ds -n kube-system --查看创建的DaemonSet类型的pod
15.查看集群中状态为ready的node数量(不包含污点类型为NoSchedule的node),并将结果写到指定文件
kubectl get node | grep -w Ready | wc -l --统计Ready数量N
kubectl describe nodes | grep Taints | grep -I NoSchedule | wc -l --统计NoSchedule和Taints数量M
答案填写N减去M得到的值
16.设置成node不能调度,并使已被调度的pod重新调度
kubectl cordon $node_name
kubectl drain node1 --ignore-daemonsets
17.给一个pod创建service,并可以通过 ClusterIP/NodePort访问
• 名称:web-service • pod名称:web • 容器端口:80
kubectl expose pod web --port=80 --target-port=80 --name=web-service --type=NodePort
kubectl get svc -owide
curl CLUSTER-IP:80
18.任意名称创建deployment和service,然后使用 busybox容器nslookup解析service
kubectl create deployment nginx-dns --image=nginx
kubectl expose deployment nginx-dns --name=nginx-dns --port=80
kubectl get pod -o wide
kubectl run bs-dns --image=busybox:1.28.4 busybox sleep 36000
kubectl exec -it bs-dns -- nslookup nginx-dns
19.列出命名空间下某个service关联的所有pod,并将 pod名称写到/opt/pod.txt文件中(使用标签筛选)
• 命名空间:default • service名称:web
kubectl get service web --show-labels
kubectl get pods -l app=web -o name
kubectl get pods -l app=web -o name>/opt/pod.txt
20.创建一个secret,并创建2个pod,pod1挂载该 secret,路径为/secret,pod2使用环境变量引用该 secret,该变量的环境变量名为ABC
• secret名称:mysecret • pod1名称:pod-volume-secret • pod2名称:pod-env-secret
demo-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
pod-volume-secret.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-volume-secret
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
secret-env-pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
21.创建一个持久卷(pv)
• 容量:5Gi • 访问模式:ReadWriteOnce
demo-pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv0003
spec:
capacity:
storage: 5Gi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle
storageClassName: slow
mountOptions:
- hard
- nfsvers=4.1
hostPath:
path: /data
22.创建一个pod并挂载数据卷,不可以用持久卷
• 卷来源:emptyDir、hostPath任意 • 挂载路径:/data
demo-volume.pod
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: redis
name: redis
volumeMounts:
- mountPath: /data
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
23.将pv按照名称、容量排序,并保存到/opt/pv文件
kubectl get pv --sort-by=.metadata.name>/opt/pv
kubectl get pv --sort-by=.spec.capacity.storage>>/opt/pv
24.Bootstrap Token方式增加一台Node(二进制)
kubelet-tls-bootstrapping的官网示例
a.kube-apiserver启用Bootstrap Token --enable-bootstrap-token-auth=true
b.使用Secret存储Bootstrap Token
c.创建RBAC角色绑定,允许 kubelet tls bootstrap 创建 CSR 请求
d.kubelet配置Bootstrap kubeconfig文件
e.kubectl get csr && kubectl certificate approve xxx
25.Etcd数据库备份与恢复(二进制)
ETCDCTL_API=3 /opt/etcd/bin/etcdctl \
snapshot save snap.db \
--endpoints=https://192.168.80.128:2379 \
--cacert=/opt/etcd/ssl/ca.pem \
--cert=/opt/etcd/ssl/server.pem \
--key=/opt/etcd/ssl/server-key.pem
注:考试使用的k8s集群的版本不同,命令可能会有一些不同,可以使用etcdctl --endpoints -h 命令查看,对应的证书文件位置可以通过ps -ef|grep etcd查看到
26.给定一个Kubernetes集群,排查管理节点组件存在问题
kubectl get cs
systemctl start xxx
systemctl enable xxx
27.工作节点 NotReady状态怎么解决?
ssh k8s-node1
systemctl start kubelet
systemctl enable kubelet