CKA-英文题目-个人答案-（模拟练习用

Introduction

做之前记得切换到对应context

You can open two browsers Tab, one is the test window，A is used to refer to (official documentation )

Q1：RBAC

Create a new ClusterRole named deployment-clusterrole at only allows the creation of the following resource types:

Deployment
StatefulSet
DaemonSet
Create a new ServiceAccount named cicd-token in the existing namespace app-team1.
Limited to namespace app-team1, bind the new ClusterRole -to the new ServiceAccount cicd-token.

kubectl create clusterrole deplyoment-clusterrole --verb=create --resource=deployment,statefulset,daemonset
kubectl create ns app-team1
kubectl create sa cicd-token -n app-team1
kubectl -n app-team1 create rolebinding cici-binding --clusterrole=deployment-clusterrole --serviceaccount=cicd-toekn:app-team1

Q2：Specifies that Node is set to unavailable

Set the node named ek8s-node-1 as unavaliable and reschedule all the pods running on it.

kubectl cordon node1
kubectl drain node1 --delete-local-data --ignore-daemonsets --force

Q3: Upgrading Kubernetes nodes

Given an existing Kubernetes cluster running version 1.20.0，upgrade all of Kubernetes control plane and node components on the master node only to version 1.20.1。

You are also expected to upgrade kubelet and kubectl on the master node。

Be sure to drain the master node
before upgrading it and uncordon it after the upgrade.
Do not upgrade the worker nodes,etcd,the container manager,the CNI plugin,the DNS service or any other addons.

kubectl cordon node1
kubectl drain node1 --delete-local-data --ignore-daemonsets --force
ssh node1
apt-get update
apt-get install -y kubeadm=1.20.1-00
kubeadm version
kubeadm upgrade plan
kubeadm upgrade apply v1.20.1 --etcd-upgrade=false
apt-get install -y kubelet=1.20.1-00 kubectl=1.20.1-00
sudo systemctl daemon-reload
sudo systemctl restart kubelet
kubectl get nodes

Q4：ETCD backup restore

ETCDETC_API=3 etcdctl --endpoints=127.0.0.1:2379 --cacert=/opt/KUIN00601/ca.crt --cert=/opt/KUIN00601/etcd-client.crt --key=/opt/KUIN00601/etcd-client.key snapshot save /srv/data/etcd-snapshot.db
ETCDETC_API=3 etcdctl --endpoints=127.0.0.1:2379 --cacert=/opt/KUIN00601/ca.crt
--cert=/opt/KUIN00601/etcd-client.crt /var/lib/backup/etcd-snapshot-previous.db

Q5：①Same namespace create NetworkPolicy

Create a new NetworkPolicy named allow-port-from-namespace to allow Pods in the existing namespace internal to connect to port 9000 of other Pods in the same namespace.
Ensure that the new NetworkPolicy:

does not allow access to Pods not listening on port 9000.
does not allow access from Pods not in namespace corp-bar》

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:name: allow-port-from-namespacenamespace: internal
spec:podSelector: {}policyTypes:- Ingressingress:- from:- podSelector: {}- namespaceSelector:matchLabels:project: corb-barports:- protocol: TCPport: 9000

Q6：Create Service

Reconfigure the existing deployment front-end and add a port specifiction named http exposing port 80/tcp of the existing container nginx.

Create a new service named front-end-svc exposing the container prot http.

Configure the new service to also expose the individual Pods via a NodePort on the nodes on which they are scheduled.

kubectl expose deployment front-end --name=front-end-svc  --port=80 --target-port=80 --type=NodePort --protocol=TCP

Q7：Create Ingress

Create a new nginx Ingress resource as follows:

Name: ping
Namespace: ing-internal
Exposing service hi on path /hi using service port 5678

The avaliability of service hi can be checked using the following command,which should return hi:
curl -kL /hi

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:name: pingnamespace: ing-internalannotations:nginx.ingress.kubernetes.io/rewrite-target: /
spec:rules:- http:paths:- path: /hipathType: Prefixbackend:service:name: hiport:number: 5678

Q8：Scale Deployment

Task

Scale the deployment loadbalancer to 6 pods

kubectl scale deployment loadbalancer --replicas=6

Q9：Make pod assgin to node

Task

Schedule a pod as follows:

Name:nginx-kusc00401
Image:nginx
Node selector:disk=spinning

apiVersion: v1
kind: Pod
metadata:name: nginx-kusc00401
spec:containers:- name: nginximage: nginximagePullPolicy: IfNotPresentnodeSelector:disk: spinning

Q10：Check how many Node nodes are healthy

Task
Check to see how many nodes are ready (not including nodes tainted NoSchedule)and write the number to /opt/KUSC00402/kusc00402.txt.

kubectl describe node |grep -i taints |grep -i -v NoSchedule > /opt/KUSC00402/kusc00402.txt

Q11: Create PODs for multiple Containers

Create a pod named kucc8 with a single app container for each of the following images running inside (there may be between 1 and 4 images specified):
nginx + redis + memcached + consul .

apiVersion: v1
kind: Pod
metadata:name: kucc8
spec:containers:- name: nginximage: nginx- name: redisimage: redis- name: memcachedimage: memcached- name: consulimage: consul

Q12：Create Persistent Volume

Task
Create a persistent volume whit name app-config, of capacity 2Gi and access mode ReadOnlyMany . the type of volume is hostPath and its location is /srv/app-config .

apiVersion: v1
kind: PersistentVolume
metadata:name: app-config
spec:capacity:storage: 2GiaccessModes:- ReadWriteManyhostPath:path: /srv/app-config

Q13：Create PersistentVolumeClaim

Task
Create a new PersistentVolumeClaim:

Name: pv-volume
Class: csi-hostpath-sc
Capacity: 10Mi

Create a new Pod which mounts the PersistentVolumeClaim as a volume:

Name: web-server
Image: nginx
Mount path: /usr/share/nginx/html

Configure the new Pod to have ReadWriteOnce access on the volume.

apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: pv-volume
spec:storageClassName: csi-hostpath-scaccessModes:- ReadWriteOnceresources:requests:storage: 10Mi
---
apiVersion: v1
kind: Pod
metadata:name: web-server
spec:volumes:- name: task-pv-storagepersistentVolumeClaim:claimName: pv-volume- name: web-serverimage: nginxports:- containerPort: 80name: "http-server"volumeMounts:- mountPath: "/usr/share/nginx/html"name: task-pv-storage

Finally,using kubectl edit or Kubectl patch expand the PersistentVolumeClaim to a capacity of 70Mi and record that change

kubecti edit pvc pv-volume
#change 10Mi to 70Mi
#wq

Q14：Monitor Pods logs

Task：
Monitor the logs of pod foobar and:

Extract log lines corresponding to error unable-to-access-website
Write them to /opt/KUTR00101/bar

kubectl logs foobar |grep unable-to-access-website > /opt/KUTR00101/bar

Q15：Add sidecar container

Context
Without changing its existing containers,an existing Pod needs to be integrated into Kubernetes’s build-in logging architecture (e.g. kubectl logs). Adding a streaming sidecar container is a good and common way to accomplish this requirement.

Task
Add a busybox sidecar container to the existing Pod legacy-app. The new sidecar container has to run the following command:

/bin/sh -c tail -n+1 -f /var/log/legacy-app.log

Use a volume mount named logs to make the file **/var/log/legacy-app.log available to the sidecar container.

Don’t modify the existing container.
Don’t modify the path of the log file,both containers must access it at /var/log/legacy-app.log.

apiVersion: v1
kind: Pod
metadata:name: legacy-app
spec:containers:- name: countimage: busyboxargs:- /bin/sh- -c- >i=0;while true;doecho "$i: $(date)" >> /var/log/legacy-app.log;i=$((i+1));sleep 1;done      volumeMounts:- name: logsmountPath: /var/log- name: busyboximage: busyboxargs: [/bin/sh, -c, 'tail -n+1 -f /var/log/legacy-app.log']volumeMounts:- name: logsmountPath: /var/logvolumes:- name: logsemptyDir: {}

Q16：View the POD with the highest CPU usage

Form the pod label name-cpu-loader,find pods running high CPU workloads and write the name of the pod consuming most CPU to the file /opt/KUTR00401/KURT00401.txt(which alredy exists).

kubectl top pods -l app=nginx |head -n2 |tail -n 1 |awk '{print $1} > /opt/KUTR00401/KURT00401.txt

Q17：Cluster troubleshooting

Task
A Kubernetes worker node,named wk8s-node-0 is in state NotReady .
Investigate why this is the case,and perform any appropriate steps to bring the node to a Ready state,ensuring that any changes are made permanent.

kubectl get nodes
ssh root@wk8s-node-0
systemctl status kubelet
systemctl start kubelet
systemctl enable kubelet
systemctl daemon-reload
#switch master
kubectl get nodes