CKA 模拟真题 Killer.sh | Question 22 | Check how long certificates are valid
Task weight: 2%
Use context: kubectl config use-context k8s-c2-AC
Check how long the kube-apiserver server certificate is valid on cluster2-controlplane1 . Do this with openssl or cfssl. Write the exipiration date into /opt/course/22/expiration .
Also run the correct kubeadm command to list the expiration dates and confirm both methods show the same date.
Write the correct kubeadm command that would renew the apiserver server certificate into /opt/course/22/kubeadm-renew-certs.sh .
译文
在 cluster2-controlplane1 上检查 kube-apiserver 服务器证书的有效期。 使用 openssl 或 cfssl 执行此操作。 将过期日期写入 /opt/course/22/expiration 中。
同时运行正确的 kubeadm 命令列出过期日期,并确认两种方法显示的日期相同。
将 更新apiserver服务器证书 正确 kubeadm命令 写入 /opt/course/22/kubeadm-renew-certs.sh 中。
解答
kubectl config use-context k8s-c2-AC |
连接到controlplane1,并检查证书过期时间
ssh cluster2-controlplane1 |
使用kubeadm 来获取过期时间
root@cluster2-controlplane1:~# kubeadm certs check-expiration | grep apiserver |
写过期时间到文件
echo "Jan 10 05:00:49 2024 GMT" > /opt/course/22/expiration |
更新证书
echo "kubeadm certs renew apiserver" > /opt/course/22/kubeadm-renew-certs.sh |
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来源 Hao DevSecOps!
微信
相关推荐
2023-01-09
CKA 模拟真题 Killer.sh | Question 1 | Contexts
Task weight: 1% You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl. Finally write a second command doing the same thing into /opt/course/1/context_default_no_kubectl.sh , but without the use of kubectl. 译文你可以通过 kubectl contexts 从你的主终端访问多个集群。把所有这些上下文的名字写进 ...
2023-01-10
CKA 模拟真题 Killer.sh | Question 24 | NetworkPolicy
Task weight: 9% Use context: kubectl config use-context k8s-c1-H There was a security incident where an intruder was able to access the whole cluster from a single hacked backend Pod. To prevent this create a NetworkPolicy called np-backend in Namespace project-snake . It should allow the backend-* Pods only to: connect to db1-* Pods on port 1111 connect to db2-* Pods on port 2222 Use the app label of Pods in your policy. After implementation, connections from backend-* Pods to vault-* Pods...
2023-01-09
CKA 模拟真题 Killer.sh | Question 7 | Node and Pod Resource Usage
Use context: kubectl config use-context k8s-c1-H The metrics-server has been installed in the cluster. Your college would like to know the kubectl commands to: show Nodes resource usage show Pods and their containers resource usage Please write the commands into /opt/course/7/node.sh and /opt/course/7/pod.sh . 译文在集群中已经安装了metrics-server。你们学院想知道使用 kubectl 的命令获取如下信息。 显示节点资源使用情况 显示Pod和其容器的资源使用情况 请将这些命令写入/opt/course/7/node.sh 和 /opt/course/7/pod.sh 。 解答参考: kubectl top node -h kubectl top...
2023-01-09
CKA 模拟真题 Killer.sh | Question 8 | Get Controlplane Information
Use context: kubectl config use-context k8s-c1-H Ssh into the controlplane node with ssh cluster1-controlplane1 . Check how the controlplane components kubelet, kube-apiserver, kube-scheduler, kube-controller-manager and etcd are started/installed on the controlplane node. Also find out the name of the DNS application and how it’s started/installed on the controlplane node. Write your findings into file /opt/course/8/controlplane-components.txt . The file should be structured...
2023-01-09
CKA 模拟真题 Killer.sh | Question 11 | DaemonSet on all Nodes
Use context: kubectl config use-context k8s-c1-H Use Namespace project-tiger for the following. Create a DaemonSet named ds-important with image httpd:2.4-alpine and labels id=ds-important and uuid=18426a0b-5f59-4e10-923f-c0e078e82462 . The Pods it creates should request 10 millicore cpu and 10 mebibyte memory. The Pods of that DaemonSet should run on all nodes, also controlplanes. 译文在命名空间 project-tiger 进行如下操作。创建一个名为 ds-important 的 DaemonSet ,镜像为 httpd:2.4-alpine ,标签 id=ds-important ,...
2023-01-10
CKA 模拟真题 Killer.sh | Preview Question 3
Use context: kubectl config use-context k8s-c2-AC Create a Pod named check-ip in Namespace default using image httpd:2.4.41-alpine . Expose it on port 80 as a ClusterIP Service named check-ip-service . Remember/output the IP of that Service. Change the Service CIDR to 11.96.0.0/12 for the cluster. Then create a second Service named check-ip-service2 pointing to the same Pod to check if your settings did take effect. Finally check if the IP of the first Service has...
评论
