这是一篇很长很长的文章,是去年CKA考试刚开始推出来的时候,我参与考试复习做过的一些知识点。基于做过的题,大概列出了具体的知识点,当时考试的时候还在使用v1.7版本,现在应该都要到v1.12了。
补充:这周收到CNCF的邮件,说是之前认证两年到期的CKA证书又延长了一年了(感叹:这是为了诱惑大家都来考证吗^_^)。
CKA证书
随着k8s声名大噪,国内一大堆公司推各种高价的包过培训班;我只想说:CNCF还真有些缺乏社区精神,更多的还是商业模式。但是,只要能够推动整个云原生的发展,随它吧~
为了让本文显得有说服力,我也把证书贴出来炫炫(认证ID末尾是0100,照理说刚好是第100位通过考试的),勿拍砖!
复习资料
废话不多讲,现在进入主题。
Job
Q: Create a Job that run 60 time with 2 jobs running in parallel
参考资料:https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
yaml
1 | apiVersion: batch/v1 |
并行job
Job类型 | 使用示例 | 行为 | completions | Parallelism | 备注 |
---|---|---|---|---|---|
一次性Job | 数据库迁移 | 创建一个Pod直至其成功结束 | 1 | 1 | |
固定结束次数的Job | 处理工作队列的Pod | 依次创建一个Pod运行直至completions个成功结束 | 2+ | 1 | |
固定结束次数的并行Job | 多个Pod同时处理工作队列 | 依次创建多个Pod运行直至completions个成功结束 | 2+ | 2+ | |
并行Job | 多个Pod同时处理工作队列 | 创建一个或多个Pod直至有一个成功结束 | 1 | 2+ | 不会创建多个,直接创建出一个 |
kubectl scale job
A job can be scaled up using thekubectl scale
command. For example, the following command sets.spec.parallelism
of a job calledmyjob
to 10:1
2$ kubectl scale --replicas=10 jobs/myjob
job "myjob" scaled注意
- parallelism: 表示并行执行的数量;
- completions:表示成功运行多少次就结束job;
- RestartPolicy仅支持Never或OnFailure;
- activeDeadlineSeconds标志失败Pod的重试最大时间,超过这个时间不会继续重试;
- kubectl scale其实是修改了job的parallelism属性,并不会对completetions产生影响。
Cronjob
如果某一位为*/5 就表示每隔5x; 比如在min位的话,代表每隔5分钟
1 | root@test-9:~# kubectl run cronjob --schedule="*/1 * * * *" --restart=OnFailure --image=busybox -- /bin/sh -c "sleep 99" |
kubectl top
Q: Find which Pod is taking max CPU
Usekubectl top
to find CPU usage per pod
kubectl top node
1 | root@test-9:~/henry# kubectl top nodes |
sort的参数:-r 表示反序排列; -n 表示按照数字排序
awk print的时候,使用”\t” 来区分两个列,同时,使用管道来排序
输出排序
Q: List all PersistentVolumes sorted by their name
Usekubectl get pv --sort-by=
<- this problem is buggy & also by default kubectl give the output sorted by name.
排序
1 | root@test-9:~/henry# kcs get svc --sort-by=.metadata.uid |
查询资源
1 | # Get commands with basic output |
常用命令
kubectl run
1 | root@test-9:~# kubectl run demo-1 --image=busybox:latest --env="env1=wise2c" --port=80 --hostport=30098 --restart='Always' --image-pull-policy='Always' --limits="cpu=200m,memory=512Mi" --replicas=2 -- sleep 60 |
kubectl expose
1 | root@test-9:~# kubectl expose deploy nginx2 --name=nginx --port=80 --target-port=80 --protocol=TCP --type=ClusterIP |
port-forward
1 | root@test-9:~# kubectl get pod -o wide |
NetworkPolicy
Q: Create a NetworkPolicy to allow connect to port 8080 by busybox pod only
https://kubernetes.io/docs/concepts/workloads/controllers/jobs-run-to-completion/
Make sure to useapiVersion: extensions/v1beta1
which works on both 1.6 and 1.7
- 在生效之前,必须先配置annotation来阻止所有的请求;
- podSelector.matchLablesl:定义了该规则对哪些pod(destination)有效;
- ingress:指定了允许带标签“access=true” 的pod访问这些服务;
1 | root@test-9:~# kubectl annotate ns default "net.beta.kubernetes.io/network-policy={\"ingress\": {\"isolation\": \"DefaultDeny\"}}" |
Node Broken
Q: fixing broken nodes, see
https://kubernetes.io/docs/concepts/architecture/nodes/
1 | root@test-9:~# kubectl describe nodes |
Etcd
Q: etcd backup, see
https://kubernetes.io/docs/getting-started-guides/ubuntu/backups/
https://www.mirantis.com/blog/everything-you-ever-wanted-to-know-about-using-etcd-with-kubernetes-v1-6-but-were-afraid-to-ask/
Start Etcd
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21#start script:
#========================================
etcd --name 'default' \
--data-dir '/root/data.etcd' \
--ca-file '/pki/ca.crt' --cert-file '/pki/cert.crt' --key-file '/pki/key.key' \
--peer-ca-file '/pki/ca.crt' --peer-cert-file '/pki/cert.crt' --peer-key-file '/pki/key.key' \
--client-cert-auth \
--peer-client-cert-auth \
--listen-peer-urls https://localhost:2380 \
--listen-client-urls https://localhost:2379 \
--advertise-client-urls https://localhost:2379 \
--initial-advertise-peer-urls https://localhost:2380 \
--initial-cluster default=https://localhost:2380 \
--initial-cluster-state 'new' \
--initial-cluster-token 'etcd-cluster' \
--debug
#operate:
#========================================
etcdctl --endpoint=https://localhost:2379 --ca-file=/pki/ca.crt --cert-file=/pki/cert.crt --key-file=/pki/key.key ls /如果要设置证书:
- 需要把访问的URL加上https
- 需要设置上图中红色部分的内容
Replacing a failed etcd member
Get the member ID of the failed member1:
1
etcdctl --endpoints=http://10.0.0.2,http://10.0.0.3 member list
The following message is displayed:
1
2
38211f1d0f64f3269, started, member1, http://10.0.0.1:12380, http://10.0.0.1:2379
91bc3c398fb3c146, started, member2, http://10.0.0.1:2380, http://10.0.0.2:2379
fd422379fda50e48, started, member3, http://10.0.0.1:2380, http://10.0.0.3:2379Remove the failed member:
1
etcdctl member remove 8211f1d0f64f3269
The following message is displayed:
1
Removed member 8211f1d0f64f3269 from cluster
Add the new member:
1
./etcdctl member add member4 --peer-urls=http://10.0.0.4:2380
The following message is displayed:
1
Member 2be1eb8f84b7f63e added to cluster ef37ad9dc622a7c4
Start the newly added member on a machine with the IP 10.0.0.4:
1
bash export ETCD_NAME="member4" export ETCD_INITIAL_CLUSTER="member2=http://10.0.0.2:2380,member3=http://10.0.0.3:2380,member4=http://10.0.0.4:2380" export ETCD_INITIAL_CLUSTER_STATE=existing etcd [flags]
需要知道,先从集群中添加,然后再启动对应的etcd member。
另外,对于新启动的etcd member需要指定启动的状态为“existing”。
Backing up an etcd cluster
1
2
3
4
5
6
7
8
9
10ETCDCTL_API=3 etcdctl --endpoints $ENDPOINT snapshot save snapshotdb
# exit 0
# verify the snapshot
ETCDCTL_API=3 etcdctl --write-out=table snapshot status snapshotdb
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| fe01cf57 | 10 | 7 | 2.1 MB |
+----------+----------+------------+------------+
到此结束,别以为你已经学完了,后面还有呢。
看完这一篇,还有无数篇!My God~