Kubernetes Mock Exam 2

-

 Etcd db backup

1. Check etcd version: #ECTDCTL_API=3 etcdctl --version

2. Check etcd config file: /etc/kubernetes/manifests

3. Copy the file key information

4. Make the backup:  

ECTDCTL_API=3 etcdctl snapshot save /tmp/etcd-backup.db

5. Verify the backup:

ECTDCTL_API=3 <key information> etcdctl snapshot status <destination> -w table

Create pod with specific CPU and Memory

#kubectl run --generator=run-pod/v1 elephant --image=redis --dry-run -o yaml > elephant.yaml

#vi elephant.yaml

add resources section

containers:

  - image: redis

    name: elephant

    resources:

        cpu: "1"

        memory: "200Mi"

#kubectl create -f elephant.yaml

#kubectl describe pod elephant


Create pod with volume

#kubectl run --generator=run-pod/v1 redis-storage --image=redis --dry-run -o yaml > redis.yaml

#vi redis.yaml

Add volumn section

spec: 

  containers:

  - image: redis:alpine

    name: redis-storage

    volumeMounts:

    - mountPath: /data/redis

      name: data-volume

   volumes:

   - name: data-volume

     emptyDir: {}


Create pod able to set system_time

#cp elephant.yaml super-user-pod.yaml

#vi super-user-pod.yaml

Change name / image; remove resources part / add following

spec: 

    containers:

    - name: super-user-pod

      image: busybox:1.28

      command: ["sleep","4800"]

      securityContext:

        capabilities:

            add: ["NET_ADMIN", "SYS_TIME"]

#kubectl create -f super-user-pod.yaml

#kubectl describe pod super-user-pod


Update pod yaml file to use persistent volume

check persistent volume: #kubectl get pv

create persistent volume claim:

#vi pvc.yaml

apiVersion: v1

kind: PersistentVolumeClaim

metadata:

  name: my-pvc

spec:

  accessModes:

    - ReadWriteOnce

  volumeMode: Filesystem

  resources:

    requests:

      storage: 10Mi

#kubectl create -f pvc.yaml

check: #kubectl get pv


update pod yaml file to use persistent volume claim

#vi use-pv.yaml

spec:

  containers:

    - name: user-pv

      image: nginx

      volumeMounts:

      - mountPath: "/data"

        name: mypd

  volumes:

    - name: mypd

      persistentVolumeClaim:

        claimName: my-pvc

#kubectl create -f user-pv-yaml

#kubectl describe pod user-pv


update version of deployment

#kubectl run nginx-deploy --image=nginx:1.16 --replicas=1 --record

#kubectl get deployment

#kubectl rollout history deployment nginx-deploy

#kubectl set image deployment/nginx-deploy nginx-deploy=nginx:1.17  --record

#kubectl describe deployment nginx-deploy | grep -I image

#kubectl rollout history deployment nginx-deploy


create user access grant privilege

check the key file

#kubectl api-versions | grep certif

#vi john.yaml


apiVersion: certificates.k8s.io/v1beta1

kind: CertificateSigningRequest

metadata:

  name: john-developer

spec:

  request: $(cat /root/john.csr | base64 | tr -d '\n')

  usages:

  - digital signature

  - key encipherment

  - server auth


#kubectl create -f john.yaml

#kubectl get csr

#kubectl certificate approve john-developer

#kubectl get csr


#kubectl create role developer --resource=pods  --verb=create,list,get,update,delete --namespace=development


#kubectl describe role developer -n development


#kubectl create rolebinding developer-role-binding --role=developer --user=john --namespace=development


#kubectl auth can-i update pods --namespace=development --as=john

#kubectl auth can-i list pods --namespace=development --as=john

#kubectl auth can-i create pods --namespace=development --as=john

#kubectl auth can-i get pods --namespace=development --as=john

#kubectl auth can-i delete pods --namespace=development --as=john


Create pod and service

#kubectl run --generator=run-pod/v1 nginx-resolver --image=nginx

#kubectl describe pod nginx-resolver

#kubectl expose pod nginx-resolver --name=nginx-resolver-service --port=80 --target-port=80 --type=ClusterIP

#kubectl describe svc nginx-resolver-service

#kubectl get pod nginx-resolver -o wide

#kubectl get svc


#kubectl run --generator=run-pod/v1 test-nslookup --image=busybox:1.28 --rm -it -- nslookup nginx-resolver-service > /root/nginx.svc


#cat /root/nginx.svc


#kubectl run --generator=run-pod/v1 test-nslookup --image=busybox:1.28 -rm -it -- nslookup 10-32-0-5.default.pod > /root/nginx.pod


#cat /root/nginx.pod


Create static pod on node01

#kubectl get node

#ssh node01

#systemctl status kubelet

#cd /var/lib/kubelet 

#less config.yaml --> find out the static pod path

#cd /etc/kubernetes/manifest

#exit --> go back to master

#kubectl run --generator=run-pod/v1 nginx-critical --image=nginx --dry-run -o yaml > nginx-critical.yaml

#ssh node01

#cd /etc/kubernetes/manifests

#vi nginx-critical.yaml

#docker ps |grep -i nginx-critical

#exit

#kubectl get pods -o wide

Comments

Post a Comment

Popular posts from this blog

Nginx Proxy & Load Balance & LNMP

-
Nginx Proxy Service E-commerce website Server 1: provide image request response (  apache / nginx ) Server 2: provide dynamic request response ( php-fpm / apache-php ) Server 3: provide static request response ( apache / nginx ) Server 4: provide data request response ( mysql ) It need one additional nginx server 1. Install nginx 2. proxy to specific server Example location / {      proxy_pass http://192.168.199.187:80/; } location /bbs/ {      proxy_pass http://192.168.199.187:80/bbs/; } location ~* \.(jpg|png|gif)$  {      proxy_pass http://172.16.100.7; } Enhance the log information and specific the hostname location / {      proxy_pass  http://192.168.199.187:80/;      proxy_set_header <parameter name>  $host;  (client requst the hostname )      proxy_set_header <parameter name> $remote_addr; ...
Read more

Snort+barnyard2+Snorby CentOS 6.5_64 Installation

-
#download packages: daq-2.0.2.tar.gz ImageMagicK-6.8.9-8.tar.gz oinkmaster-2.0.tar.gz ruby-1.9.3-p547.tar.gz snort-2.9.6.2.tar.gz snortrules-snapshot-2962.tar.gz MySQL-server-5.5.40-1.rhel5.x86_64.rpm MySQL-client-5.6.21-1.rhel5.x86_64.rpm MySQL-devel-5.6.21-1.rhel5.x86_64.rpm MySQL-shared-5.6.21-1.rhel5.x86_64.rpm epel-release-6-8.noarch.rpm barnyard2-2.1.13.tar.gz #install yum package rpm -ivh epel-release-6-8.noarch.rpm yum install gcc-c++ patch readline readline-devel zlib zlib-devel flex git yum install libyaml-devel libffi-devel openssl-devel make  yum install bzip2 autoconf automake libtool bison iconv-devel libxml2-devel libxslt  yum install gcc g++ build-essential libssl-devel libreadline5-devel zlib1g-devel linux-headers-generic libsqlite3-devel libxslt-devel curl-devel sqlite-devel yum --enablerepo=epel install jasper jasper-libs jasper-devel #Mysql install yum remove mysql mysql-libs rpm -ivh MySQL-server-5.5.40-1.rh...
Read more

ORACLE Error

-
Image
oracle official error explanation  http://docs.oracle.com/cd/E11882_01/server.112/e17766/toc.htm 从服务器下载ALERT日志文件,传输方式需要选择"ASCII" ORA-01078: failure in processing system parameters 发生场景:新建数据库第一次启动时 SQL> startup ORA-01078: failure in processing system parameters LRM-00109: could not open parameter file ‘/home/oracle/oracle/product/10.2.0/db_1/dbs/initorcl.ora’ 原因:oracle_sid没有配置正确 解决方案: 1. 修改oracle用户.bash_profile文件中ORACLE_SID后的内容; 2. 重新已oracle用户登录; ORA-01157: cannot identify/lock data file string - see DBWR trace file  Cause: The background process was either unable to find one of the data files or failed to lock it because the file was already in use. The database will prohibit access to this file but other files will be unaffected. However the first instance to open the database will need to access all online data files. Accompanying error from the operating system describes why the file could not be identified. Action: Have operating system make file ...
Read more