CKA 模拟真题 Killer.sh | Preview Question 1
Use context: kubectl config use-context k8s-c2-AC
The cluster admin asked you to find out the following information about etcd running on cluster2-controlplane1:
Server private key location Server certificate expiration date Is client certificate authentication enabled Write these information into /opt/course/p1/etcd-info.txt
Finally you’re asked to save an etcd snapshot at /etc/etcd-snapshot.db on cluster2-controlplane1 and display its status.
译文
集群管理员要求你找出关于在 cluster2-controlplane1 上运行的 etcd 的以下信息。
- 服务器私钥位置
- 服务器证书的到期日
- 是否启用了客户证书认证
将这些信息写入 /opt/course/p1/etcd-info.txt 中
最后要求你在 /etc/etcd-snapshot.db 上保存 cluster2-controlplane1 的 etcd 快照,并显示其状态。
解答
kubectl config use-context k8s-c2-AC |
检查节点
k get node |
远程cluster2-controlplane1
ssh cluster2-controlplane1 |
etcd.yaml
# /etc/kubernetes/manifests/etcd.yaml |
查看证书过期时间
root@cluster2-controlplane1:~# openssl x509 -noout -text -in /etc/kubernetes/pki/etcd/server.crt | grep Validity -A2 |
/opt/course/p1/etcd-info.txt 内容
Server private key location: /etc/kubernetes/pki/etcd/server.key |
创建etcd备份
ETCDCTL_API=3 etcdctl snapshot save /etc/etcd-snapshot.db \ |
查看备份状态
root@cluster2-controlplane1:~# ETCDCTL_API=3 etcdctl snapshot status /etc/etcd-snapshot.db |
本博客所有文章除特别声明外,均采用 CC BY-NC-SA 4.0 许可协议。转载请注明来源 Hao DevSecOps!
微信
相关推荐
2023-01-09
CKA 模拟真题 Killer.sh | Question 1 | Contexts
Task weight: 1% You have access to multiple clusters from your main terminal through kubectl contexts. Write all those context names into /opt/course/1/contexts . Next write a command to display the current context into /opt/course/1/context_default_kubectl.sh , the command should use kubectl. Finally write a second command doing the same thing into /opt/course/1/context_default_no_kubectl.sh , but without the use of kubectl. 译文你可以通过 kubectl contexts 从你的主终端访问多个集群。把所有这些上下文的名字写进 ...
2023-01-10
CKA 模拟真题 Killer.sh | Question 24 | NetworkPolicy
Task weight: 9% Use context: kubectl config use-context k8s-c1-H There was a security incident where an intruder was able to access the whole cluster from a single hacked backend Pod. To prevent this create a NetworkPolicy called np-backend in Namespace project-snake . It should allow the backend-* Pods only to: connect to db1-* Pods on port 1111 connect to db2-* Pods on port 2222 Use the app label of Pods in your policy. After implementation, connections from backend-* Pods to vault-* Pods...
2023-01-09
CKA 模拟真题 Killer.sh | Question 7 | Node and Pod Resource Usage
Use context: kubectl config use-context k8s-c1-H The metrics-server has been installed in the cluster. Your college would like to know the kubectl commands to: show Nodes resource usage show Pods and their containers resource usage Please write the commands into /opt/course/7/node.sh and /opt/course/7/pod.sh . 译文在集群中已经安装了metrics-server。你们学院想知道使用 kubectl 的命令获取如下信息。 显示节点资源使用情况 显示Pod和其容器的资源使用情况 请将这些命令写入/opt/course/7/node.sh 和 /opt/course/7/pod.sh 。 解答参考: kubectl top node -h kubectl top...
2023-01-09
CKA 模拟真题 Killer.sh | Question 8 | Get Controlplane Information
Use context: kubectl config use-context k8s-c1-H Ssh into the controlplane node with ssh cluster1-controlplane1 . Check how the controlplane components kubelet, kube-apiserver, kube-scheduler, kube-controller-manager and etcd are started/installed on the controlplane node. Also find out the name of the DNS application and how it’s started/installed on the controlplane node. Write your findings into file /opt/course/8/controlplane-components.txt . The file should be structured...
2023-01-09
CKA 模拟真题 Killer.sh | Question 11 | DaemonSet on all Nodes
Use context: kubectl config use-context k8s-c1-H Use Namespace project-tiger for the following. Create a DaemonSet named ds-important with image httpd:2.4-alpine and labels id=ds-important and uuid=18426a0b-5f59-4e10-923f-c0e078e82462 . The Pods it creates should request 10 millicore cpu and 10 mebibyte memory. The Pods of that DaemonSet should run on all nodes, also controlplanes. 译文在命名空间 project-tiger 进行如下操作。创建一个名为 ds-important 的 DaemonSet ,镜像为 httpd:2.4-alpine ,标签 id=ds-important ,...
2023-01-10
CKA 模拟真题 Killer.sh | Preview Question 3
Use context: kubectl config use-context k8s-c2-AC Create a Pod named check-ip in Namespace default using image httpd:2.4.41-alpine . Expose it on port 80 as a ClusterIP Service named check-ip-service . Remember/output the IP of that Service. Change the Service CIDR to 11.96.0.0/12 for the cluster. Then create a second Service named check-ip-service2 pointing to the same Pod to check if your settings did take effect. Finally check if the IP of the first Service has...
评论
