[CKA] Mock Exam 2 풀이

1. Take a backup of the etcd cluster and save it to /opt/etcd-backup.db.

# ETCD 백업문제, 백업 말고 Restore 쪽도 공부 해야한다.

 

$ cd /etc/kubernetes/manifests

$ cat etcd.yaml

# ca.crt / server.crt / server.key 경로를 확이하고 다음 명령어를 실행

 

$ ETCDCTL_API=3 etcdctl --cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> snapshot save /opt/etcd-backup.db

 

2. Create a Pod called redis-storage with image: redis:alpine with a Volume of type emptyDir that lasts for the life of the Pod. Specs on the right.

• Pod named 'redis-storage' created
• Pod 'redis-storage' uses Volume type of emptyDir
• Pod 'redis-storage' uses volumeMount with mountPath = /data/redis

$ kubectl run redis-storage --image=redis:alpine --dry-run=client -o yaml > redis-storage.yaml

 

$ vi redis-storage.yaml

 

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: redis-storage
  name: redis-storage
spec:
  containers:
  - image: redis:alpine
    name: redis-storage
    resources: {}
    volumeMounts:
    - mountPath: /data/redis
      name: redis-storage
  volumes:
  - name: redis-storage
    emptyDir: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

 

$ kubectl apply -f redis-storage.yaml

 

3. Create a new pod called super-user-pod with image busybox:1.28. Allow the pod to be able to set system_time. sleep 4800.

• Pod: super-user-pod
• Container Image: busybox:1.28
• SYS_TIME capabilities for the conatiner?

$ kubectl run super-user-pod --image=busybox:1.28 --dry-run=client -o yaml > super-user-pod.yaml

$ vi super-user-pod.yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: super-user-pod
  name: super-user-pod
spec:
  containers:
  - image: busybox:1.28
    name: super-user-pod
    resources: {}
    command: ["sleep", "4800"]
    securityContext:
      capabilities:
        add: ["SYS_TIME"]
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

 

$ kubectl apply -f super-user-pod.yaml

 

4. A pod definition file is created at /root/CKA/use-pv.yaml. Make use of this manifest file and mount the persistent volume called pv-1. Ensure the pod is running and the PV is bound. mountPath: /data persistentVolumeClaim Name: my-pvc

mountPath: /data
persistentVolumeClaim Name: my-pvc

• persistentVolume Claim configured correctly
• pod using the correct mountPath
• pod using the persistent volume claim

$ cd /root/CKA

$ cat use-pv.yaml

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: use-pv
  name: use-pv
spec:
  containers:
  - image: nginx
    name: use-pv
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

 

$ vi pvc.yaml

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: my-pvc
spec:
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Mi

 

$ kubectl apply -f pvc.yaml         

$ vi use-pv.yaml

apiVersion: v1
kind: Pod
metadata:
  name: use-pv
spec:
  containers:
  - image: nginx
    name: use-pv
    volumeMounts:

      - mountPath: "/data"

        name: my-pvc

  volumes:

    - name: my-pvc

      persistentVolumeClaim:

        claimName: my-pvc

 

 

$ kubectl apply -f use-pv.yaml    

 

5. Create a new deployment called nginx-deploy, with image nginx:1.16 and 1 replica. Record the version. Next upgrade the deployment to version 1.17 using rolling update. Make sure that the version upgrade is recorded in the resource annotation.

• Deployment : nginx-deploy. Image: nginx:1.16
• Image: nginx:1.16
• Task: Upgrade the version of the deployment to 1:17
• Task: Record the changes for the image upgrade

$ kubectl run nginx-deploy --image=nginx:1.16 replicas=1 --record --dry-run=client -o yaml > nginx-deploy.yaml

$ vi nginx-deploy.yaml

 

apiVersion: apps/v1

kind: Deployment

metadata:

  name: nginx-deploy

spec:

  replicas: 1

  selector:

    matchLabels:

      app: nginx

  template:

    metadata:

      labels:

        app: nginx

    spec:

      containers:

      - name: nginx

        image: nginx:1.16

 

$ kubectl apply -f nginx-deploy.yaml

 

$ kubectl set image deployment/nginx-deploy nginx=nginx:1.17 --record

$ kubectl rollout history deployment nginx-deploy

 

 

6. Create a new user called john. Grant him access to the cluster. John should have permission to create, list, get, update and delete pods in the development namespace. The private key exists in the location: /root/CKA/john.key and csr at /root/CKA/john.csr

Important Note: As of kubernetes 1.19, the CertificateSigningRequest object expects a signerName.
Please refer the documentation to see an example. The documentation tab is available at the top right of terminal.

• CSR: john-developer Status:Approved
• Role Name: developer, namespace: development, Resource: Pods
• Access: User 'john' has appropriate permissions

$ vi john.yaml 

7. Create an nginx pod called nginx-resolver using image nginx, expose it internally with a service called nginx-resolver-service. Test that you are able to look up the service and pod names from within the cluster. Use the image: busybox:1.28 for dns lookup. Record results in /root/CKA/nginx.svc and /root/CKA/nginx.pod

• Pod: nginx-resolver created
• Service DNS Resolution recorded correctly
• Pod DNS resolution recorded correctly

$ kubectl run nginx-resolver --image=nginx

$ kubectl expose pod nginx-resolver --name=nginx-resolver-service --port=80 --target-port=80 --type=ClusterIP

 

# 테스트

$ kubectl run test-nslookup --image=busybox:1.28 --rm -it -- nslookup nginx-resolver-service > /root/nginx.svc

 

 

# IP 복사 후

$ kubectl get pod nginx-resolver -o wide

$ kubectl run test-nslookup --image=busybox:1.28 --rm -it -- nslookup 10-32-0-5.default.pod > /root/nginx.pod

 

# 클러스터 내의 모든 서비스(DNS 서버 자신도 포함하여)에는 DNS 네임이 할당된다. 기본적으로 클라이언트 파드의 DNS 검색 리스트는 파드 자체의 네임스페이스와 클러스터의 기본 도메인을 포함한다.

 

 

8. Create a static pod on node01 called nginx-critical with image nginx. Create this pod on node01 and make sure that it is recreated/restarted automatically in case of a failure.

Use /etc/kubernetes/manifests as the Static Pod path for example.

• static pod configured under /etc/kubernetes/manifests ?
• Pod nginx-critical-node01 is up and running

$ kubectl get nodes

$ ssh node01

 

# kubelet config 파일 경로를 확인 하자.

$ systemctl status kubelet

# config 파일에서 statisPodPath를 확인.

$ cat /var/lib/kubelet/config.yaml | grep staticPodPath

 

$ cd /etc/kubernetes

$ mkdir manifests

 

# 마스터 노드로 복귀

$ logout

 

$ kubectl run nginx-critical --image=nginx --dry-run=client -o yaml > nginx-critical.yaml

 

$ cat >> nginx-critical.yaml

# 출력 되는 내용을 복사한다.

 

$ ssh node01

$ cd /etc/kubernetes/manifests

 

$ vi nginx-ciritical.yaml

# 붙여넣기 후 저장

 

# kubectl apply는 staitcPod 디렉토리에 yaml을 넣었기 때문에 안해도 된다.

 

$ logout

 

$ kubectl get pods

# 확인