cka 模拟考题六

Create a kubetnetes Secret as follows:

Name: super-secret

Credential: alice or username:bob

Create a Pod named pod-secrets-via-file using the redis image which mounts a secret named super-secret at /secrets

Create a second Pod named pod-secrets-via-env using the redis image,which exports credential/username as TOPSECRET/CREDENTIALS

kubectl create secret -h
kubectl create secret generic -h
k explain pod.spec.volumes
k explain pod.spec.volumes.secret
k explain pod.spec.containers.env
k explain pod.spec.containers.env.valueFrom
k explain pod.spec.containers.env.valueFrom.secretKeyRef

kubectl create secret generic super-secret --from-literal=credentail=alice --from-literal=username=bob -n csdn-test 
{
  echo -n 'alice' > ~/secret/credentail
  echo -n 'bob' > ~/secret/username
  kubectl create secret generic super-secret2 --from-file=/root/secret -n csdn-test 
}
k get secret super-secret super-secret2 -n csdn-test -oyaml

cat << eof | k apply -f -  -n csdn-test
---
apiVersion: v1
kind: Pod
metadata:
  name: pod-secrets-via-file
  namespace: csdn-test
spec:
  volumes:
  - name: secret-volume
    secret:
      secretName: super-secret
      items:
      - key: credentail 
        path: CREDENTIALS 
      - key: username 
        path: TOPSECRET
  containers:
  - name: pod-secrets-via-file
    image: redis
    volumeMounts:
    - name: secret-volume
      mountPath: /secrets
---
apiVersion: v1
kind: Pod
metadata:
  name: pod-secrets-via-file2
  namespace: csdn-test
spec:
  containers:
  - name: pod-secrets-via-file
    image: redis
    env:
    - name: TOPSECRET
      valueFrom:
        secretKeyRef:
          name: super-secret2
          key: username
    - name: CREDENTIALS
      valueFrom: 
        secretKeyRef: 
          name: super-secret2
          key: credentail
eof 

k exec -it po/pod-secrets-via-file -- cat /secrets/CREDENTIALS
k exec -it po/pod-secrets-via-file -- cat /secrets/TOPSECRET
k exec -it po/pod-secrets-via-file2 -- printenv TOPSECRET
k exec -it po/pod-secrets-via-file2 -- printenv CREDENTIALS

cka 模拟考题七

Take a backup of the etcd cluster and save it to /tmp/etcd-backup.db

这个命令我没有记住,但是考试的时候可以直接进入官网搜索,ok,那开始吧

wget https://github.com/etcd-io/etcd/releases/download/v3.5.11/etcd-v3.5.11-linux-amd64.tar.gz
tar -zxf etcd-v3.5.11-linux-amd64.tar.gz
mv etcd-*-linux-amd64/etcdctl /usr/local/bin
chmod +x /usr/local/bin/
# 验证
etcdctl version

ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
  --cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> \
  snapshot save <backup-file-location>

--cacert=<trusted-ca-file>  --trusted-ca-file=/etc/kubernetes/pki/etcd/ca.crt
--cert=<cert-file>          --cert-file=/etc/kubernetes/pki/etcd/server.crt
--key=<key-file>            --key-file=/etc/kubernetes/pki/etcd/server.key

ssh master
cat /etc/kubernetes/manifests/etcd.yaml

ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key \
  snapshot save /tmp/etcd-backup.db
# 验证
ETCDCTL_API=3 etcdctl --write-out=table snapshot status /tmp/etcd-backup.db

cat << eof | k apply -f -  -n backup-test
---
{ apiVersion: v1, kind: Namespace, metadata: { name: backup-test } } 
...
eof
k run nginx --image=nginx -n backup-test

ETCDCTL_API=3 etcdctl snapshot restore --data-dir <data-dir-location> snapshot.db

ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --endpoints=https://127.0.0.1:2379 --data-dir /var/lib/etcd-backup-test2 \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key 

vim /etc/kubernetes/manifests/etcd.yaml
/var/lib/etcd 换成 /var/lib/etcd-backup-test2
# 再等一会就好了
k get po
# 验证
k get po/pod-secrets-via-file2 --no-headers
# pod-secrets-via-file2   1/1     Running   0          49m
k get ns backup-test
# Error from server (NotFound): namespaces "backup-test" not found

cka 模拟考题八

Create a Pod called redis-storage with image: redis:alpine with a Volume of type emptyDir that lasts for the life of the Pod. Specs on the right

  • Pod named ‘redis-storage’ created
  • Pod ‘redis-storage’ uses Volume type of emptyDir
  • Pod ‘redis-storage’ uses volumeMount with mountPath = /data/redis
cat << eof | k apply -f - -n csdn-test
---
apiVersion: v1
kind: Pod
metadata: { name: redis-storage, namespace: csdn-test}
spec:
  volumes: [ { name: aa, emptyDir: {} } ]
  containers:
  - {name: redis-storage, image: redis:alpine, volumeMounts: [ { name: aa, mountPath: /data/redis } ]}
...
eof

k exec  redis-storage -- ls -alsh  /data/redis

total 0
0 drwxrwxrwx 2 redis root 6 Jan 1 05:33 .
0 drwxr-xr-x 3 redis redis 19 Jan 1 05:33 …

# kubernetes # 容器 # 云原生
Logo
K8S/Kubernetes

K8S/Kubernetes社区为您提供最前沿的新闻资讯和知识内容

更多推荐

【深度】阿里巴巴万级规模 K8s 集群全局高可用体系之美

作者 |  韩堂、柘远、沉醉来源 | 阿里巴巴云原生公众号​前言台湾作家林清玄在接受记者采访的时候,如此评价自己 30 多年写作生涯:“第一个十年我才华横溢,‘贼光闪现’,令周边黯然失色;第二个十年,我终于‘宝光现形’,不再去抢风头,反而与身边的美丽相得益彰;进入第三个十年,繁华落尽见真醇,我进入了‘醇光初现’的阶段,真正体味到了境界之美”。​长夜有穷,真水无香。领略过了 K8s“身在江

avatar K8S/Kubernetes

如何基于 K8s 构建下一代 DevOps 平台?

作者 | 孙健波(天元)导读:当前云原生 DevOps 体系现状如何?面临哪些挑战?如何通过 OAM 解决云原生 DevOps 场景下的诸多问题?云原生开发应用模型 OAM(Open Application Model) 社区核心成员孙健波将为大家一一解答,并分享如何基于 OAM 和 Kubernetes 打造无限能力的下一代 DevOps 平台。什么是 DevOps?为什么基于 Kub

avatar K8S/Kubernetes

k8s 火了!

2020,上云之年,产品云端化成为一种趋势。在一线城市,很多公司都已经构建了自己的私有云环境,比如阿里云、网易云、华为云等。而Kubernetes 作为基于容器编排领域的王者,具备扩展...

avatar K8S/Kubernetes