2020年CKA考試真題題庫

2020年CKA考試真題題庫

 

 

Question 1

創建一個名為deployment-clusterrole的clusterrole,並且對該clusterrole只綁定對Deployment，Daemonset,Statefulset的創建權限

在指定namespace app-team1創建一個名為cicd-token的serviceaccount，並且將上一步創建clusterrole和該serviceaccount綁定

創建clusterrole

apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: deployment-clusterrole 
rules:
- apiGroups: [""]
  resources: ["deployments", "statefulsets", "daemonsets"]
  verbs: ["create"]

創建sa

kubectl create sa cicd-token -n app-team1

創建rolebinding

apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: deployment-rolebinding 
  namespace: app-team1
subjects:
- kind: ServiceAccount
  name: cicd-token 
  namespace: app-team1
roleRef:
  kind: ClusterRole
  name: deployment-clusterrole 
  apiGroup: rbac.authorization.k8s.io

Question 2

將名為ek8s-node-1的node設置為不可用，並且重新調度該node上所有允許的pods

kubectl get nodes
NAME      STATUS   ROLES                  AGE   VERSION
master    Ready    control-plane,master   47h   v1.20.1
node-02   Ready    worker                 47h   v1.20.1
node-03   Ready    worker                 47h   v1.20.1

kubectl get po -o wide            
NAME                                READY   STATUS    RESTARTS   AGE   IP            NODE      NOMINATED NODE   READINESS GATES
nginx-deployment-66b6c48dd5-5b4n9   1/1     Running   0          46h   10.244.2.19   node-03   <none>           <none>
nginx-deployment-66b6c48dd5-9557j   1/1     Running   0          42h   10.244.2.20   node-03   <none>           <none>
nginx-deployment-66b6c48dd5-b6lln   1/1     Running   0          42h   10.244.2.21   node-03   <none>           <none>

驅逐node-03

kubectl cordon node-03
kubectl drain node-03 --delete-local-data --ignore-daemonsets --force

kubectl get po -o wide
NAME                                READY   STATUS    RESTARTS   AGE    IP            NODE      NOMINATED NODE   READINESS GATES
nginx-deployment-66b6c48dd5-fdxfn   1/1     Running   0          116s   10.244.1.37   node-02   <none>           <none>
nginx-deployment-66b6c48dd5-krrqk   1/1     Running   0          116s   10.244.1.40   node-02   <none>           <none>
nginx-deployment-66b6c48dd5-pxhwf   1/1     Running   0          116s   10.244.1.36   node-02   <none>           <none>

Question 3

現有的Kubernetes集權正在運行的版本是1.18.8，僅將主節點上的所有kubernetes控制面板和組件升級到版本1.19.0 另外，在主節點上升級kubelet和kubectl

# 將節點標記為不可調度狀態
kubectl cordon k8s-master
​
# 驅逐Pod
kubectl drain k8s-master--delete-local-data --ignore-daemonsets --force
​
# 升級組件
$ yum install kubeadm=1.19.0-00 kubelet=1.19.0-00 kubectl=1.19.0-00 -y
​
# 重啟kubelet服務
$ systemctl restart kubelet
​
# 升級集群其他組件
$ kubeadm upgrade apply v1.19.0

Question 4

首先，為運行在https://127.0.0.1:2379上的現有etcd實力創建快照並且將快照保存到/etc/data/etcd-snapshot.db 然后還原與/var/lib/backup/etcd-snapshot-previoys.db的現有先前快照 提供了以下TLS證書和密鑰，已通過etcdctl連接到服務器

ca證書：/opt/KUIN000601/ca.crt 客戶端證書：/opt/KUIN000601/etcd-client.crt 客戶端密鑰：/opt/KUIN000601/etcd-client.key

#備份：要求備份到指定路徑及指定文件名
$ ETCDCTL_API=3  etcdctl --endpoints="https://127.0.0.1:2379" --cacert=/opt/KUIN000601/ca.crt --cert=/opt/KUIN000601/etcd-client.crt --key=/opt/KUIN000601/etcd-client.key  snapshot save /etc/data/etcd-snapshot.db
#還原：要求使用指定文件進行還原
$ ETCDCTL_API=3  etcdctl --endpoints="https://127.0.0.1:2379" --cacert=/opt/KUIN000601/ca.crt --cert=/opt/KUIN000601/etcd-client.crt --key=/opt/KUIN000601/etcd-client.key   snapshot restore /var/lib/backup/etcd-snapshot-previoys.db --data-dir=/var/lib/etcd

Question 5

創建networkPolicy，針對namespace internal下的pod，只允許同樣namespace下的pod訪問，並且可訪問pod的9000端口。

不允許不是來自這個namespace的pod訪問。

不允許不是監聽9000端口的pod訪問。

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: all-port-from-namespace
  namespace: internal
spec:
  podSelector:
    matchLabels: {}
  ingress:
  - from:
    - podSelector: {}
    ports:
    - port: 80

Question 6

重新配置已經存在的deployment front-end，為容器nginx增加port

name: http

port: 80/tcp

創建服務front-end-svc，暴露名為http的容器端口

查看已存在的deployment

kubectl get deployment                  
NAME        READY   UP-TO-DATE   AVAILABLE   AGE
front-end   1/1     1            1           18s

編輯，增加端口配置

kubectl edit deployment front-end
spec:
      containers:
      - image: nginx:1.14.2
        imagePullPolicy: IfNotPresent
        name: nginx
        ports:
        - containerPort: 80
          name: http
          protocol: TCP

暴露服務

kubectl expose deployment front-end --name=front-end-svc --port=80 --target-port=80 --type=NodePort

Question 7

創建Ingress，將指定的Service的指定端口暴露出來

集群資源查看

kubectl get svc,po -n ing-internal 
NAME         TYPE       CLUSTER-IP      EXTERNAL-IP   PORT(S)          AGE
service/hi   NodePort   10.110.68.143   <none>        5678:31873/TCP   2m17s
​
NAME        READY   STATUS    RESTARTS   AGE
pod/nginx   1/1     Running   0          21m

創建Ingress

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pong
  namespace: ing-internal
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /hi
        pathType: Prefix
        backend:
          service:
            name: hi
            port:
              number: 5678

訪問測試

curl 10.234.2.12/hi         
hi

Question 8

將指定的deployment擴展至6個pods

kubectl scale deployment loadbalancer --replicas=6

Question 9

將pod名稱為nginx-kusc00401,pod鏡像名稱為nginx，部署到標簽為disk:spinning的node節點上

查看node標簽

kubectl get nodes --show-labels

創建Pod

apiVersion: v1
kind: Pod
metadata:
  name: nginx-kusc00401
  labels:
    role: nginx-kusc00401
spec:
  nodeSelector:
    disk: spinning
  containers:
    - name: nginx
      image: nginx

Question 10

檢查有多少node節點是健康狀態，其中不包括”NoSchedule”，並將結果寫入到指定目錄中

kubectl describe nodes | grep -i taint
Taints:             node-role.kubernetes.io/master:NoSchedule
Taints:             <none>
Taints:             <none>

echo 2 > /opt/KUSC00402/kusc00402.txt

Question 11

創建一個擁有多個container容器的Pod:nginx+redis+memcached+consul

apiVersion: v1
kind: Pod
metadata:
  name: kucc1
spec:
  containers:
  - image: nginx
    name: nginx
  - image: redis
    name: redis
  - image: memchached
    name: memcached
  - image: consul
    name: consul

Question 12

創建一個名為app-config的PV，

容量為2Gi

訪問模式為ReadWriteMany

volume的類型為hostPath

位置為/src/app-config

apiVersion: v1
kind: PersistentVolume
metadata:
  name: app-config
  labels:
    type: local
spec:
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/src/app-config"

Question 13

用指定storageclass創建一個pvc 大小為10M

將這個nginx容器的/var/nginx/html目錄使用該pvc掛在出來 將這個pvc的大小從10M更新成70M

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pv-volume
spec:
  accessModes:
    - ReadWriteOnce
  volumeMode: Filesystem
  resources:
    requests:
      storage: 10Mi
  storageClassName: nfs
---
apiVersion: v1
kind: Pod
metadata:
  name: web-server
spec:
  containers:
    - name: nginx
      image: nginx
      volumeMounts:
      - mountPath: "/usr/share/nginx/html"
        name: pv-volume
  volumes:
    - name: pv-volume
      persistentVolumeClaim:
        claimName: pv-volume

Question 14

監控 pod foobar的日志並提取錯誤的unable-access-website 相對於的日志寫入到 /opt/KUTR00101/foobar

kubectl logs foobar | grep unable-access-website > /opt/KUTR00101/foobar

Question 15

Question 16

查看Pod標簽為name=cpu-user的CPU使用率並且把cpu使用率最高的pod名稱寫入/opt/KUTR00401/KUTR00401.txt文件里

kubectl  top  pod -l name=cpu-user -A
    NAMAESPACE NAME        CPU   MEM
    delault    cpu-user-1  45m   6Mi
    delault    cpu-user-2  38m   6Mi
    delault    cpu-user-3  35m   7Mi
    delault    cpu-user-4  32m   10Mi
echo 'cpu-user-1' >>/opt/KUTR00401/KUTR00401.txt

Question 17

名為wk8s-node-0的節點處於NotReady狀態，將其恢復成Ready狀態，並且設置為開機自啟

# 連接到NotReady節點
$ ssh wk8s-node-0

獲取權限
$ sudo -i

# 查看服務是否運行正常
$ systemctl status kubelet 

#如果服務非正常運行進行恢復
$ systemctl start kubelet

#設置開機自啟
$ systemctl enable kubelet