CKA 模拟真题 Killer.sh Extra | Question 2 | Curl Manually Contact API
Use context: kubectl config use-context k8s-c1-H There is an existing ServiceAccount secret-reader in Namespace project-hamster . Create a Pod of image curlimages/curl:7.65.3 named tmp-api-contact which uses this ServiceAccount. Make sure the container keeps running. Exec into the Pod and use curl to access the Kubernetes Api of that cluster manually, listing all available secrets. You can ignore insecure https connection. Write the command(s) for this into file...
CKA 模拟真题 Killer.sh | Extra Question 1 | Find Pods first to be terminated
Use context: kubectl config use-context k8s-c1-H Check all available Pods in the Namespace project-c13 and find the names of those that would probably be terminated first if the nodes run out of resources (cpu or memory) to schedule all Pods. Write the Pod names into /opt/course/e1/pods-not-stable.txt . 译文检查名称空间 project-c13 中的所有可用 Pod,并找出在节点资源(CPU 或内存)耗尽时可能首先终止的 Pod 名称,以调度所有 Pod。 将 Pod 名称写入...
CKA 模拟真题 Killer.sh | Preview Question 3
Use context: kubectl config use-context k8s-c2-AC Create a Pod named check-ip in Namespace default using image httpd:2.4.41-alpine . Expose it on port 80 as a ClusterIP Service named check-ip-service . Remember/output the IP of that Service. Change the Service CIDR to 11.96.0.0/12 for the cluster. Then create a second Service named check-ip-service2 pointing to the same Pod to check if your settings did take effect. Finally check if the IP of the first Service has...
CKA 模拟真题 Killer.sh | Preview Question 2
Use context: kubectl config use-context k8s-c1-H You’re asked to confirm that kube-proxy is running correctly on all nodes. For this perform the following in Namespace project-hamster : Create a new Pod named p2-pod with two containers, one of image nginx:1.21.3-alpine and one of image busybox:1.31 . Make sure the busybox container keeps running for some time. Create a new Service named p2-service which exposes that Pod internally in the cluster on port 3000->80. Find the kube-proxy...
CKA 模拟真题 Killer.sh | Preview Question 1
Use context: kubectl config use-context k8s-c2-AC The cluster admin asked you to find out the following information about etcd running on cluster2-controlplane1: Server private key location Server certificate expiration date Is client certificate authentication enabled Write these information into /opt/course/p1/etcd-info.txt Finally you’re asked to save an etcd snapshot at /etc/etcd-snapshot.db on cluster2-controlplane1 and display its status. 译文集群管理员要求你找出关于在 cluster2-controlplane1 上运行的...
CKA 模拟真题 Killer.sh | Question 25 | Etcd Snapshot Save and Restore
Task weight: 8% Use context: kubectl config use-context k8s-c3-CCC Make a backup of etcd running on cluster3-controlplane1 and save it on the controlplane node at /tmp/etcd-backup.db . Then create a Pod of your kind in the cluster. Finally restore the backup, confirm the cluster is still working and that the created Pod is no longer with us. 译文备份运行在 cluster3-controlplane1 上的 etcd,并将其保存在 controlplane 节点上的 /tmp/etcd-backup.db 中。 然后在集群中创建一个 Pod。 最后还原备份,确认集群仍在运行,且创建的 Pod 已不复存在。 解答kubectl...
CKA 模拟真题 Killer.sh | Question 24 | NetworkPolicy
Task weight: 9% Use context: kubectl config use-context k8s-c1-H There was a security incident where an intruder was able to access the whole cluster from a single hacked backend Pod. To prevent this create a NetworkPolicy called np-backend in Namespace project-snake . It should allow the backend-* Pods only to: connect to db1-* Pods on port 1111 connect to db2-* Pods on port 2222 Use the app label of Pods in your policy. After implementation, connections from backend-* Pods to vault-* Pods...
CKA 模拟真题 Killer.sh | Question 23 | Kubelet client/server cert info
Task weight: 2% Use context: kubectl config use-context k8s-c2-AC Node cluster2-node1 has been added to the cluster using kubeadm and TLS bootstrapping. Find the “Issuer” and “Extended Key Usage” values of the cluster2-node1: kubelet client certificate, the one used for outgoing connections to the kube-apiserver. kubelet server certificate, the one used for incoming connections from the kube-apiserver. Write the information into file /opt/course/23/certificate-info.txt . Compare the “Issuer”...
CKA 模拟真题 Killer.sh | Question 22 | Check how long certificates are valid
Task weight: 2% Use context: kubectl config use-context k8s-c2-AC Check how long the kube-apiserver server certificate is valid on cluster2-controlplane1 . Do this with openssl or cfssl. Write the exipiration date into /opt/course/22/expiration . Also run the correct kubeadm command to list the expiration dates and confirm both methods show the same date. Write the correct kubeadm command that would renew the apiserver server certificate into /opt/course/22/kubeadm-renew-certs.sh . 译文在...
CKA 模拟真题 Killer.sh | Question 21 | Create a Static Pod and Service
Use context: kubectl config use-context k8s-c3-CCC Create a Static Pod named my-static-pod in Namespace default on cluster3-controlplane1 . It should be of image nginx:1.16-alpine and have resource requests for 10m CPU and 20Mi memory. Then create a NodePort Service named static-pod-service which exposes that static Pod on port 80 and check if it has Endpoints and if it’s reachable through the cluster3-controlplane1 internal IP address. You can connect to the internal node IPs from your main...
