【云原生-K8s】cka认证2022年12月最新考题及指南

最新消息

题型

• 到目前为止，题型还是没有太大的变化，如果对于k8s零基础还是建议通过网上报班系统性的学习，如果对linux和k8s常用命令熟悉则无需报班，在某宝花个100块左右购买辅助资料就行。

最新改版

• 最新的PSI改版后，PSI浏览器开始考试后，会杀掉浏览器进程，所以之前说的在浏览器存书签的做法就没用啦，这就要求对官方文档非常熟悉
• 现在是只有一个单进程的PSI，题目和虚拟机都在里面，因为用的是ubuntu系统，所以文档查看就是内置的火狐浏览器，一般都是在题目、浏览器、文本编辑器来回切换做题。

注意事项

• 建议黑色星期五在官网购买套餐课程，基本上都是5折
• 考试最好网络好、摄像头清晰【比如我在某宝买的80块钱摄像头进行认证的时候聚不了焦，被迫换成笔记本】
• 最好使用台式电脑、屏幕大呀，我被迫换车笔记本太难受啦，切换不流畅
• 现在名字支持填写中文啦，建议参考官方文档，官方文档写得非常详细
• 其他的就参考官方文档吧，已经非常非常详细啦，一定要仔细阅读官方文档。
• ​​https://training.linuxfoundation.cn/help​​

真题解析

CKA真题解析-1

kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets
kubectl create serviceaccount cicd-token -n app-team1
kubectl create rolebinding cicd-token --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token -n app-team1

CKA真题解析-2

kubectl cordon k8s-node21  #设置节点不可调度
kubectl drain k8s-node21 --ignore-daemonsets --delete-emptydir-data  #驱逐pod

CKA真题解析-3

• 升级集群

kubectl drain k8s-master --ignore-daemonsets
ssh mk8s-master-0
sudo i
apt-mark unhold kubeadm
apt-get update && apt-get install -y kubeadm=1.23.1-00
apt-mark hold kubeadm

kubeadm version
kubeadm upgrade plan
kubeadm upgrade apply v1.23.1 --etcd-upgrade=false   #注意 不升级etcd添加参数

apt-mark unhold kubelet kubectl
apt-get update && apt-get install -y kubelet=1.23.1-00 kubectl=1.23.1-00
apt-mark hold kubelet kubectl

systemctl daemon-reload
systemctl restart kubelet  #kubectl get node 版本已经变更

exit

kubectl uncordon mk8s-master-0

#验证
kubectl get node

• ​​https://kubernetes.io/zh-cn/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/​​

CKA真题解析-4

#备份
ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 snapshot save /data/backup/etcd-snapshot.db

#恢复
mv /etc/kubernetes/manifests/ /etc/kubernetes/manifests.bak
mv /var/lib/etcd/ /var/lib/etcd.bak
ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 snapshot restore /data/backup/etcd-snapshot-previous.db --data-dir=/var/lib/etcd

mv /etc/kubernetes/manifests.bak /etc/kubernetes/manifests

CKA真题解析-5

vi networkpolicy.yaml

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: allow-port-from-namespace
  namespace: big-corp
spec:
  podSelector: {}
  policyTypes:
    - Ingress
  ingress:
    - from:
        - namespaceSelector:
            matchLabels:
              project: corp-net
      ports:
        - protocol: TCP
          port: 9200

kubectl apply -f networkpolicy.yaml

CKA真题解析-6

ports:
      - name: http
        protocol: TCP
        containerPort: 80

kubectl expose deployment front-end --port=80 --target-port=80 --type=NodePort --name=front-end-svc

CKA真题解析-7

vi ingress.yaml

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pong
  namespace: ing-internal
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx   #kubectl get ingressclasses.networking.k8s.io -A
  rules:
  - http:
      paths:
      - path: /hi
        pathType: Prefix
        backend:
          service:
            name: hi
            port:
              number: 5678

kubectl apply -f ingress.yaml
curl -KL xxxx/hi   #通过 kubectl get ingress -o wide 查看地址信息

CKA真题解析-8

kubectl scale deployment front-end --replicas=6

CKA真题解析-9

apiVersion: v1
kind: Pod
metadata:
  name: nginx-kusc
spec:
  containers:
  - name: nginx
    image: nginx
  nodeSelector:
    disk: ssd

CKA真题解析-10

kubectl describe node $(kubectl get node | grep Ready | awk '{print $1}') | grep Taint | grep -vc NoSchedule > /opt/402.txt

CKA真题解析-11

apiVersion: v1
kind: Pod
metadata:
  name: kucc4
spec:
  containers:
  - name: redis
    image: redis
  - name: memcached
    image: memcached

CKA真题解析-12

apiVersion: v1
kind: PersistentVolume
metadata:
  name: app-data
spec:
  capacity:
    storage: 2Gi
  accessModes:
    - ReadWriteMany
  hostPath:
    path: "/srv/app-data"

CKA真题解析-13

apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pv-volume
spec:
  storageClassName: csi-hostpath-sc
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 10Mi
---
apiVersion: v1
kind: Pod
metadata:
  name: web-server
spec:
  volumes:
    - name: data
      persistentVolumeClaim:
        claimName: pv-volume
  containers:
    - name: web-server
      image: nginx
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: data

kubectl edit pvc pv-volume --save-config   #--save-config

CKA真题解析-14

kubectl logs bar | grep "unable-to-access-websit" >> /opt/bar

CKA真题解析-15

kubectl get po big-corp-app -o yaml > big-corp-app.yaml
cp big-corp-app.yaml big-corp-app.yaml.bak

vi big-corp-app.yaml

apiVersion: v1
kind: Pod
metadata:
  name: big-corp-app
spec:
  containers:
  - name: big-corp-app
    image: busybox:1.28
    args:
    - /bin/sh
    - -c
    - >
      i=0;
      while true;
      do
        echo "$i: $(date)" >> /var/log/1.log;
        echo "$(date) INFO $i" >> /var/log/2.log;
        i=$((i+1));  tt            etz ezzzzzzzzdfxc 
      done
    volumeMounts:
    - name: varlog
      mountPath: /var/log
  - name: sidecar
    image: busybox
    args: [/bin/sh, -c, 'tail -n+1 -f /var/log/big-corp-app.log']
    volumeMounts:
    - name: varlog
      mountPath: /var/log
  volumes:
  - name: varlog
    emptyDir: {}

CKA真题解析-16

kubectl top po -A -l name=over.. --sort-by="cpu"

CKA真题解析-17

systemctl start kubelet && systemctl enable kubelet

参考资料

• ​​https://www.bilibili.com/video/BV1vA411p77o​​
• ​​https://www.bilibili.com/video/BV1aa4y1p7TC​​