CKAD prepare
1.创建一个 namesapce
#create a namespace with name my-space
kubectl create namespace my-space
2.创建一个pod
# In the namespace my-space create a new Pod named mypod with the image nginx.Expose the port 80
kubectl run mypod --image=nginx --restart=Never --port=80 --namespace=my-space
3.检查容器状态
#view base info
#view all namespace
kubectl get pod --all-namespaces -n my-space
#view only my-space
kubectl get pod -n my-space
#view detail info
kubectl describe pod mypod --namespace=my-space
4.改变image版本
#set image version nginx:1.16
kubectl set image pod mypod mypod=nginx:1.16 --namespace=my-space
5.登录到容器
#login mypod
kubectl exec mypod -it --namespace=my-space -- /bin/sh
6.查看容器IP
#查看namespace下所有pod
kubectl get pods -o wide -n my-space
#查看pod
kubectl get pods my pod -o wide -n myspace
7.运行一个临时pod
#Run a temporary Pod using the image `busybox`, shell into it and run a `wget` command against the `nginx` Pod using port
#use --rm
kubectl run busybox --image=busybox --rm -it --restart=Never -n my-space -- /bin/sh
#IP use the above procedure result
wget -O- 172.17.1.35:80
8.查看容器log
#查看mypod log
kubectl logs mypod -n my-space
9.删除pod和namespace
#delete pod
kubectl delete pod mypod -n my-space
#delete namespace
kubectl delete namespcae my-space
configuration(18%)
1.使用configmap创建pod
#create a environment variables file
$echo -e "DB_URL=localhost:3306\nDB_USERNAME=postgres" > config.txt
#create configmap and link to above file
$kubectl create configmap db-config --from-env-file=config.txt
$kubectl run backend --image=nginx --restart=Never -o yaml --dry-run > pod.yaml
$cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: backend
name: backend
spec:
containers:
- image: nginx
name: backend
envFrom:
- configMapRef:
name: db-config
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
#login backend
$kubectl exec backend -it -- /bin/sh
$env
DB_URL=localhost:3306
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.1.0.1:443
HOSTNAME=backend
HOME=/root
PKG_RELEASE=1~buster
DB_USERNAME=postgres
TERM=xterm
KUBERNETES_PORT_443_TCP_ADDR=10.1.0.1
NGINX_VERSION=1.17.8
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
KUBERNETES_PORT_443_TCP_PORT=443
NJS_VERSION=0.3.8
KUBERNETES_PORT_443_TCP_PROTO=tcp
KUBERNETES_SERVICE_PORT_HTTPS=443
KUBERNETES_PORT_443_TCP=tcp://10.1.0.1:443
KUBERNETES_SERVICE_HOST=10.1.0.1
PWD=/
2.使用secret
#create a secret named db-credentials with the key/value pair db-password=passwd
kubectl create secret generic db-credentials --from-literal=db-password=passwd
#create a pod named backend with image nginx, use the secret as env named DB_PASSWORD
kubectl run back --image=nginx --restart=Never -o yaml --dry-run > podd.yaml
kubectl create -f podd.yaml
3.创建安全文本(只读)
#create yaml file
kubectl run secured --image=nginx --restart=Never -o yaml --dry-run > secured.yaml
# add volume mount
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: secured
name: secured
spec:
securityContext:
fsGroup: 3000
containers:
- image: nginx
name: secured
volumeMounts:
- name: data-vol
mountPath: /data/app
resources: {}
volumes:
- name: data-vol
emptyDir: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
kubectl create -f secured.yaml
kubectl exec -it secured -- sh
4.定义pod资源需求
kubectl create namespace rq-demo
cat rq.yaml
apiVersion: v1
kind: ResourceQuota
metadata:
name: app
spec:
hard:
pods: "2"
requests.cpu: "2"
requests.memory: 500m
#define namespace resource
kubectl create -f rq.yaml --namespace=rq-demo
#view namespace info
kubectl describe quto --namespace=rq-demo
# create a yaml with resource exceed the limit
cat pad.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: mypad
name: mypad
spec:
containers:
- image: nginx
name: mypad
resources:
requests:
memory: "1G"
cpu: "400m"
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
#create pod use the pad.yaml
kubectl create -f pad.yaml --namespace=rq-demo
#you'll see the bellow error
Error from server (Forbidden): error when creating "pad.yaml": pods "mypad" is forbidden: exceeded quota: app, requested: requests.memory=1G, used: requests.memory=0, limited: requests.memory=500m
#then, we revise the resource request, let memory less than 500m
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: mypad
name: mypad
spec:
containers:
- image: nginx
name: mypad
resources:
requests:
memory: "300m"
cpu: "400m"
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
#you can check pod resource with cmd
kubectl describe pod mypad -n rq-demo
5.使用服务账号
#create service account
kubectl create serviceaccount backend-team
#export yaml
kubectl get serviceaccount backend-team -o yaml --export
apiVersion: v1
kind: ServiceAccount
metadata:
creationTimestamp: null
name: backend-team
selfLink: /api/v1/namespaces/default/serviceaccounts/backend-team
secrets:
- name: backend-team-token-ck5vq
#create pod
kubectl run backe --image=nginx --restart=Never --serviceaccount=backend-team
#login pod
kubectl exec -it backe -- /bin/sh
#print token
cat /var/run/secrets/kubernetes.io/serviceaccount/token