kubernetes
常见报错
missing缺少 invalid无限的 scheduler调度器 unauthenticated未认证 exist存在 already已经 weight权重 match匹配 limit限制 resource资源 ratio比率 duplicate重复 rule规则 role角色 policy策略 support支持 got获取,得到 expect期望 parameters参数 provisioner提供者 annotation 注释 unknow未知 forbidden禁止 storage存储 quota限额 available可用的 guaranteed保障 Qos服务质量命名空间删除
删除命名空间时命名空间状态一直为Terminating,加上–force也删除不了
kubectl get ns logging -o json > tmp.json
kubectl proxy
新打开一个终端,进入到tmp.json文件所在目录
curl -k -H "Content-Type: application/json" -X PUT --data-binary @tmp.json http://127.0.0.1:8001/api/v1/namespaces/logging/finalizekubectl命令行操作
kubectl explain pod #查看pod的yaml文件具体参数示例
kubectl exec -it <pod> bash #以bash命令行登录到某pod
kubectl label nodes k8s-master-node1 exam=chinaskill #给k8s-master-node1节点打上exam=chinaskill的标签
kubectl taint nodes k8s-master-node1 node-role.kubernetes/master:NoExecute #设置k8s-master-node1节点为污点
kubectl taint nodes k8s-master-node1 node-role.kubernetes/master- #删除污点
kubectl apply -f <文件名> #应用文件配置
kubectll scale deployment nginx-deployment --replicas=5 #扩容pod的副本数量至5第一套
#检测pod是否健康
apiVersion: v1
kind: Pod
metadata:
name: httpd
namespace: default
spec:
containers:
- name: httpd-container
image: 192.168.10.131/library/httpd
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
lifecycle:
postStart:
exec:
command:
- /bin/sh
- -c
- 'echo Healty > /usr/local/apache2/htdocs/healthz'
livenessProbe:
exec:
command:
- cat
- /usr/local/apache2/htdocs/healthz
initialDelaySeconds: 15
timeoutSeconds: 1apiVersion: v1
kind: Pod
metadata:
name: httpd
namespace: default
spec:
containers:
- name: httpd-container
image: 192.168.10.131/library/httpd
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
args:
- /bin/sh
- -c
- echo ok > /tmp/health; sleep 10; rm -rf /tmp/health; sleep 600
livenessProbe:
exec:
command:
- cat
- /usr/local/apache2/htdocs/healthz
initialDelaySeconds: 15
timeoutSeconds: 14、为master节点打上标签“disktype=ssd”和标签“exam=chinaskill”,然后在master节点/root目录下编写YAML文件deployment.yaml创建Deployment,具体要求如下:
(1)Deployment名称:nginx-deployment;
(2)要求Pod只能调度到具有标签“disktype=ssd”的节点上;
(3)具有标签“exam=chinaskill”的节点优先被调度。
#设置亲和度,选择pod在哪个节点运行
apiVersion: apps/v1
kind: Deployment
metadata:
name: deployment-httpd
spec:
replicas: 2
selector:
matchLabels:
app: httpd
template:
metadata:
name: pod-httpd
labels:
app: httpd
spec:
containers:
- name: liveness
image: 192.168.10.131/library/httpd
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: exam
operator: In
values:
- chinaskill
3、master 节点/root 目求编与YAML 文件 limitrange.yaml ,具体要求如下:
(1)LimitRange 名称: mem-limit-range;
(2)命名空间:default;
(3)容器默认资源请求为 256Mi内存、500m-CPU;
(4)器资源请求上限为 800Mi 内存、3000mCPU;
(5)内存和CPU超售的比率均为 2。
完成后使用该 yaml 文件创建 LimitRange.
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
namespace: default
spec:
limits:
- max:
cpu: 3000m
memory: 800Mi
maxLimitRequestRatio:
cpu: 2
memory: 2
defaultRequest:
cpu: 500m
memory: 256Mi
type: Container #注意资源类型首字母大写
5、在master节点/root目录下编写YAML文件role.yaml文件创建集群角色,具体要求如下:
(1)集群角色名称:deployment-clusterrole;
(2)该角色拥有对Deployment,Daemonset,StatefulSet的创建权限。
完成后使用该YAML文件创建角色。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: deployment-cluterrole
rules:
- apiGroups: [""]
resources: ["Delpoyment","Daemonset","StatefulSet"]
verbs: ["create"]
6、在master节点/root目录下编写YAML文件network.yaml文件创建网络策略,具体要求如下:
(1)网络策略名称:exam-network;
(2)针对namespace-test下的Pod,只允许相同namespace下的Pod访问,并且可访问Pod的9000端口。
完成后使用该YAML文件创建网络策略。
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: exam-network
namespace: test
spec:
podSelector:
matchLabels:
ingress:
- from:
- podSelector: {}
ports:
- protocol: TCP #协议名称注意大写
port: 9000
7、在master节点/root目录下编写YAML文件pv.yaml创建PV,具体要求如下:
(1)PV名称:app-pv;
(2)容量为10Gi;
(3)访问模式为ReadWriteMany;
(4)volume的类型为hostPath,位置为/src/app-config。
完成后使用该YAML文件创建PV。
apiVersion: v1
kind: PersistentVolume
metadata:
name: app-pv
spec:
hostPath:
path: /src/app-config
accessModes:
- ReadWriteMany
capacity:
storage: 10Gi第二套
1、默认情况下,Pod会占用所有可用计算资源,请设置为系统守护进程kube-reserverd和system-reserverd预留500mCPU、1Gimemory和1Giephemeral-storage计算资源。
vim /var/lib/kubelet/config.yaml
.
.
.
enforceNodeAllocatable:
- pods
kubeReserved: #配置kube预留资源
cpu: 500m
memory: 1Gi
ephemeral-storage: 1Gi
systemReserved: #配置系统预留资源
cpu: 500m
memory: 1Gi
ephemeral-storage: 1Gi
2、在master节点/root目录下编写YAML文件init-pod.yaml创建Pod,具体要求如下:
(1)Pod名称:nginx;
(2)镜像:busybox;
(3)添加一个Init-Container,Init-Container的作用是创建一个空文件;
(4)Pod的Container判断文件是否存在,不存在则退出。
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
initContainers:
- name: init-container
image: 192.168.10.131/library/busybox
command: ["sh","-c","touch /var/myfile"]
volumeMounts:
- name: html
mountPath: /var
containers:
- name: nginx
image: 192.168.10.131/library/nginx
command: ["sh","-c","ls /var/myfile && sleep 360 || exit 1"]
ports:
- containerPort: 80
volumeMounts:
- name: html
mountPath: /var
volumes:
- name: html
emptyDir: {}
3、在master节点/root目录下编写YAML文件创建Pod,具体要求如下:
(1)Pod名称:exam;
(2)镜像:nginx;
(3)Volume名称为cache-volume,将起/data目录改在到宿主机/data目录下。
完成后使用该YAML文件创建Pod。
apiVersion: v1
kind: Pod
metadata:
name: exam
spec:
containers:
- name: nginx-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
volumeMounts:
- name: cache-volume
mountPath: /data
volumes:
- name: cache-volume
hostPath:
path: /data
4、在master节点/root目录下编写YAML文件nginx-deployment.yaml创建Deployment,具体要求如下:
(1)Deployment名称:nginx;
(2)保证其副本在每个节点上运行,且不覆盖节点原有的Tolerations。
完成后使用该YAML文件创建Deployment。
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: nginx
labels:
app: nginx
spec:
selector:
matchLabels:
app: nginx-pod
template:
metadata:
labels:
app: nginx-pod
spec:
containers:
- name: nginx
image: 192.168.10.131/library/nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
tolerations:
- operator: Exists
5、在master节点/root目录下编写YAML文件nginx-service.yaml为上一题的Deployment创建一个Service,具体要求如下:
(1)Service名称:nginx;
(2)以ClusterIP方式访问服务;
完成后使用该YAML文件创建Service。
apiVersion: v1
kind: Service
metadata:
name: nginx
spec:
ports:
- port: 80
protocol: TCP #注意协议名大写
targetPort: 80
selector:
app: nginx
type: ClusterIP 
6、在master节点/root目录下编写YAML文件quota.yaml创建StorageQuota,具体要求如下:
(1)StorageQuota名称:storageqyota;
(2)限制命名空间exam的PVC数目为10;
(3)限制命名空间exam累计存储容量为20Gi;
完成后使用该YAML文件创建StorageQuota。
apiVersion: v1
kind: ResourceQuota
metadata:
name: storagequota
namespace: exam
spec:
hard:
persistentvolumeclaims: "10"
requests.storage: "20Gi"
7、在master节点/root目录下编写YAML文件pv.yaml创建PV,具体要求如下:
(1)PV名称:pv-loval;
(2)回收策略:Delete;
(3)访问模式:RWO;
(4)挂载路径:node节点/data/k8s/localpv;
(5)卷容量:5G;
完成后使用该YAML文件创建pv。
apiVersion: v1
kind: PersistentVolume
metadata:
name: pv-local
spec:
local:
path: /data/k8s/localpv
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: worker
operator: In
values:
- node1
persistentVolumeReclaimPolicy: Delete
accessModes:
- ReadWriteOnce
capacity:
storage: 5Gi第三套
1、配置集群节点,要求节点可用内存低于500Mi时,kubelet开始驱逐节点上的Pods。
vim /var/lib/kubelet/config.yaml
.
.
.
eviction-hard=memory.available<500M
2、在master节点/root目录下编写YAML文件deployment.yaml创建Deployment,具体要求如下:
(1)Deployment名称:nginx-app;
(2)包含3个副本;
(3)镜像使用nginx:1.11.9;
完成后使用该YAML文件创建Deployment,然后通过滚动升级的方式更新镜像版本为1.12.0,并记录这个更新,最后,回滚该更新到之前的1.11.9版本。
apiVersion: apps/v1
kind: Deployment
metadata:
name: httpd
spec:
replicas: 3
selector:
matchLabels:
app: httpd
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
template:
metadata:
labels:
app: httpd
spec:
containers:
- name: httpd
image: 192.168.10.131/library/httpd
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
kubectl apply -f deployment-roll.yaml --record #记录命令
kubectl rollout history deployment httpd #查看是否记录命令
kubectl set image -f deployment-roll.yaml httpd=192.168.10.131/library/httpd:v1.2.3 #设置更新镜像版本,由于没有新版本镜像这里镜像版本随意填写
kubectl rollout undo deployment httpd --to-revision=1 #回滚pod版本到第一版本
3、在master节点/root目录下编写YAML文件ns.yaml创建命名空间,具体要求如下:
(1)命名空间名称:default-cpu-example;
(2)该namespace内容器默认的CPU请求500m,CPU请求限制为2000m;
完成后使用该YAML文件创建命名空间。
apiVersion: v1
kind: Namespace
metadata:
name: default-cpu-example
---
apiVersion: v1
kind: LimitRange
metadata:
name: cpu-limitrange
namespace: default-cpu-example
spec:
limits:
- max:
cpu: 2000m
defaultRequest:
cpu: 500m
type: Container ###注意添加类型
4.在master节点/root目录下编写YAML文件pod.yaml创建Pod,具体要求如下:
(1)Pod名称:nginx;
(2)镜像:nginx:latest;
(3)要求该Pod以Guaranteed·QoS类运行,其requests值等于limits值.
完成后使用该YAML文件创建Pod.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
resources:
limits:
cpu: 500m
memory: 1Gi
requests:
cpu: 500m
memory: 1Gi
5.在master节点/root目录下编写YAML文件cronjobyaml 创建的CronJob,具体要求如下:
(1)Cronjob名称:cronjob;
(2)镜像:busybox;
(3)要求该CronJob的.spec·配置文件每分钟打印出当前时间信息.完成后使用该YAML 文件创建 Cronjob.
*:表示匹配该域的任意值,假如在Minutes域使用*,则表示每分钟都会触发事件。 o/:表示起始时间开始触发,然后每隔固定时间触发一次,例如在Minutes域设置为5/20, 则意味着第1次触发在第5min时,接下来每20min触发一次,将在第25min、第45min 等时刻分别触发。
比如,我们要每隔1min执行一次任务,则Cron表达式如下:
*/1****apiVersion: batch/v1
kind: CronJob
metadata:
name: cronjob
spec:
schedule: "*/1 * * * *"
jobTemplate:
spec:
template:
spec:
containers:
- name: cronjob-pod
image: 192.168.10.131/library/busybox
args:
- bin/sh
- -c
- data;
restartPolicy: OnFailure
6.在master节点/root目录下编写YAML文件pod-host.yaml创建Pod,具体要求如下:
(1)Pod 名称:hostaliases-pod;
(2)为该Pod配置HostAliases,向hosts文件添加额外的条目,将foo.remote、bar.remote解析为127.0.0.1,将foo.remote、bar.remote解析为10.1.2.3.
完成后使用该YAML文件创建Pod.
apiVersion: v1
kind: Pod
metadata:
name: hostaliases-pod
spec:
containers:
- name: pod-hostaliases
image: 192.168.10.131/library/nginx
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "foo.local"
- "bar.local"
- ip: "10.1.2.3"
hostnames:
- "foo.remote"
- "bar.remote"
7.在master节点/root目录下编写YAML文件 clusterrole.yaml 创建 ClusterRole,具体要求如下:
(1)ClusterRole名称:secret-reader;
(2)对Secret 拥有get、watch、list的权限;
(3)对Pod和Deployment拥有create、delete、update的权限。
完成后使用该YAML 文件创建ClusterRole.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: secret-reader
rules:
- apiGroups: [""]
resources: ["Pod","Deployment"]
verbs: ["create","delete","update"]
- apiGroups: [""]
resources: ["Secret"]
verbs: ["get","watch","list"]第四套
1.为master节点打上“app=exam”标签,并将其调度策略设置为PreferNoSchedule。
kubectl label nodes k8s-master-node1 app=exam
kubectl taint node k8s-master-node1 node-role.kubernetes.io/master=:PreferNoSchedule
2.在master节点/root目录下编写YAML文件deployment.yamml,具体要求如下:
(1)Deployment 名称:nginx;
(2)镜像:nginx:latest;
(3)指定其Pod调度到有“app=exma”标签的节点上.完成后使用该YAML文件创建 Deployment.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx-nodeselector
image: 192.168.10.131/library/nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
nodeSelector:
app: exam
3.在master节点/root目录下编写YAML文件service.yaml,具体要求如下:
(1)Service名称:nginx-service;
(2)关联名为nginx的Deployment;
(3)以NodePort方式将其80端口对外暴露为30080.
完成后使用该YAML文件创建 Service.
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- port: 80
nodePort: 30089 #由于30080端口已经有服务占用这里改一下端口号
protocol: TCP
targetPort: 80
type: NodePort
5.在master 节点创建 Deployment的spec.yaml文件,具体要求如下:
(1)Deployment 名称:exam2022;
(2)镜像:redis:latest;
(3)副本数:7;
(4)label: app_enb_stage=dev.
完成后保存这个spec.yaml 文件到 master 节点/opt/exam2022/deploy_spec.yaml中.
apiVersion: apps/v1
kind: Deployment
metadata:
name: exam2022
spec:
replicas: 7
selector:
matchLabels:
app_enb_stage: dev
template:
metadata:
labels:
app_enb_stage: dev
spec:
containers:
- name: httpd-dev
image: 192.168.10.131/library/httpd
ports:
- containerPort: 80
6.在master 节点/root目录下编写YAML文件pv.yaml 创建PV,具体要求如下:
(1)PV名称:test-pv;
(2)类型:hostPath;
(3)挂载路径:/data;
(4)容量:1Gi;
(5)模式:ReadOnlyMany。
完成后使用该YAML 文件创建PV。
apiVersion: v1
kind: PersistentVolume
metadata:
name: test-pv
spec:
hostPath:
path: /data
accessModes:
- ReadOnlyMany
capacity:
storage: 1Gi
7.在master 节点/root目录下编写YAML 文件pod-secret.yaml 创建 Secret 和Pod,具体
要求如下:
(1)Secret 名称:mysecret;
(2)包含一个password字段(手动base64加密);
(3)第一个Pod-test1 使用env引用mysecret;
(4)第二个Pod·test2使用 volume引用 mysecret.
完成后使用该YAML文件创建Secret和Pod.
echo -n "123456" | base64
[root@k8s-master-node1 test]# cat pod-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
password: MTIzNDU2
[root@k8s-master-node1 test]# cat test1.yaml
apiVersion: v1
kind: Pod
metadata:
name: test1
spec:
containers:
- name: test1-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
env:
- name: MYSECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
optional: false
[root@k8s-master-node1 test]# cat test2.yaml
apiVersion: v1
kind: Pod
metadata:
name: test2
spec:
containers:
- name: test2-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
optional: false
8.在Kubernetes 集群中完成Bookinfo样例程序的部署,然后在maser 节点/root目录下 编写YAML 文件istio.yaml 配置HTTP请求超时,具体要求如下:
(1)路由名称:reviews;
(2)将请求路由到reviews服务的v2版本;
(3)对reviews 服务的调用增加一个半秒的请求超时.
完成后使用该YAML 文件配置HTTP请求超时.
第五套
1.·默认情况下,Pod能够使用集群节点全部可用计算资源,请配置集群为系统守护进程kube-reserved 和 system-reserved 预留 500m·CPU、1Gi-memory和1Gi ephemeral-storage 计 算资源.
vim /var/lib/kubelet/config.yaml
.
.
.
enforceNodeAllocatable:
- pods
kubeReserved: #配置kube预留资源
cpu: 500m
memory: 1Gi
ephemeral-storage: 1Gi
systemReserved: #配置系统预留资源
cpu: 500m
memory: 1Gi
ephemeral-storage: 1Gi
2.在master 节点/roct目录下编写YAML文件pod.yaml 创建Pod,具体要求如下:
(1)命名空间:default;
(2)Pod名称:exam;
(3)该Pod包含2个容器:redis和nginx,分别使用镜像redis和nginx.
完成后使用该YAML 文件创建Pod.
apiVersion: v1
kind: Pod
metadata:
name: exam
namespace: default
spec:
containers:
- name: redis
image: 192.168.10.131/library/redis
- name: nginx
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
3.在master 节点/root目录下编写YAML 文件pod-secret.yaml 创建 Secret和Pod,具体
要求如下:
(1)Secret 名称:mysecret;
(2)包含一个password字段(手动base64加密);
(3)第一个Pod-test1使用env引用mysecret;
(4)第二个Pod-test2使用volume引用mysecret.
完成后使用该YAML文件创建Secret和Pod.
echo -n "123456" | base64
[root@k8s-master-node1 test]# cat pod-secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: mysecret
type: Opaque
data:
password: MTIzNDU2
[root@k8s-master-node1 test]# cat test1.yaml
apiVersion: v1
kind: Pod
metadata:
name: test1
spec:
containers:
- name: test1-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
env:
- name: MYSECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
optional: false
[root@k8s-master-node1 test]# cat test2.yaml
apiVersion: v1
kind: Pod
metadata:
name: test2
spec:
containers:
- name: test2-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
optional: false
4.在master 节点/root目录下编写YAML 文件创建LimitRange,具体要求如下:
(1)LimitRange 名称:mem-limit-range;
(2)容器默认资源请求为256Mi内存、500m·CPU;
(3)容器资源请求上限为800Mi内存、3000m·CPU;
(4)容器资源请求下限为100Mi内存,300m·CPU;
(5)内存和CPU超售的比率均为2.
完成后使用该YAML 创建LimitRang.
apiVersion: v1
kind: LimitRange
metadata:
name: mem-limit-range
spec:
limits:
- max:
cpu: 3000m
memory: 800Mi
maxLimitRequestRatio:
cpu: 2
memory: 2
defaultRequest:
cpu: 500m
memory: 256Mi
min:
cpu: 300m
memory: 100Mi
type: Container
5.·为master 节点打上标签“disktype=ssd”和标签“exam=chinaskill”,然后在master 节点/root目录下编写YAML 文件创建Deployment,具体要求如下:。
(1)Deplbyment 名称:nginx-deployment;
(2)要求Pod只能调度到具有标签“disktype=ssd”的节点上;
(3)具有标签“exam=chinaskill”的节点优先被调度。
完成后使用该YAML 文件创建 Deployment.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
name: pod-nginx
labels:
app: nginx
spec:
containers:
- name: nginx-require-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: disktype
operator: In
values:
- ssd
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: exam
operator: In
values:
- chinaskill
6.在master节点/root目录下编写YAML 文件创建ClusterRole,具体要求如下:
(1)ClusterRole 名称:deployment-clusterrole;
(2)只拥有对Deployment、Daemonset、StatefulSet的创建权限.
完成后使用该YAML 文件创建 ClusterRole.
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: deployment-clusterrole
rules:
- apiGroups: [""]
resources: ["Deployment","Daemonset","StatefulSet"]
verbs: ["create"]
7.在master节点/root目录下编写YAML 文件创建 ServiceAccount,具体要求如下:
(1) ServiceAcccunt 名称:exam-sa;
(2)将该ServiceAccount 与上一题创建的ClusterRole 进行绑定绑定.
完成后使用该YAML 文件创建 ServiceAccount.
apiVersion: v1
kind: ServiceAccount
metadata:
name: exam-sa
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: role-bind-cluster-sserviceaccount
subjects:
- kind: ServiceAccount
namespace: default
name: exam-sa
roleRef:
kind: ClusterRole
name: deployment-clusterrole
apiGroup: rbac.authorization.k8s.io第六套
1.Kubelet 使用证书进行Kubernetes:API的认证,证书默认有效期为1年.请配置Kubelet 证书轮换,当证书即将过期时,将自动生成新的秘钥,并从Kubernetes·API申请新的证书.
2.·为Kubernetes集群节点配置资源配置最小回收量,要求当节点可用内存不足1Gi或者可用文件系统空间不足10Gi时开始驱逐节点上的Pod.
vim /var/lib/kubelet/config.yaml
.
.
.
eviction-hard=memory.available<1Gi,nodefs.available<10Gi
3.在master 节点/root目录下编写YAML 文件pod.yaml 创建 Pod,具体要求如下:
(1)Pod 名称:nginx;
(2)容器默认请求100M内存;
(3)容器最多请求200M内存.
完成后使用该YAML 文件创建Pod.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
resources:
requests:
memory: 100M
limits:
memory: 200M
4.在master节点/root目录下编写YAML文件 replicaset.yaml 创建ReplicaSet.具体要求如下:
(1)ReplicaSet 名称:nginx;
(2)命名空间:default;
(3)副本数:3;
(4)镜像:nginx.
完成后使用该YAML 文件创建 ReplicaSet
apiVersion: apps/v1
kind: ReplicationController
metadata:
name: nginx
namespace: default
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
5.在master节点/root目录下编写YAML文件pod-live.yaml 创建Pod,具体要求如下:
(1)Pod 名称:liveness-exec;
(2)镜像:busybox;
(3)启动命令:/bin/sh-c·"touch/tmp/healthy;sleep·30;rm-rf/tmp/healthy;
(3)在容器内执行命令“cat/tmp/healthy”来进行存活探测,每5秒执行一次.
完成后使用该YAML文件创建Pod.
apiVersion: v1
kind: Pod
metadata:
name: liveness-exec
spec:
containers:
- name: liveness-exec-pod-busybox
image: 192.168.10.131/library/busybox
command: ["/bin/sh","-c","touch /tmp/healthy; sleep 30; rm -rf /tmp/healthy"]
livenessProbe:
exec:
command: ["/bin/sh","-c","cat /tmp/healthy"]
periodSeconds: 5
6.创建命名空间quota-example,在master节点/root目录下编写YAML 文件 quota.yaml 创建ResourceQuota,具体要求如下:
(1)ResourceQuota 名称:compute-resources;
(2)命名空间compute-resources 内所有Pod数量不超过4;
(3)命名空间compute—resources内所有容器内存申请总和不得超过1G;
(4)命名空间compute-resources 内所有内存限制不得超过2G;
(5)命名空间compute-resources内所有容器申请的CPU不得超过1;
(6)命名空间 compute-resources 内所有容器限制的CPU不得超过2.
完成后使用该YAML文件创建 ResourceQuota.
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resources
namespace: quota-example
spec:
hard:
pods: 4
requests.cpu: 1
requests.memory: 1Gi
limits.cpu: 2
limits.memory: 2Gi
7.在master 节点/root目录下编写YAML 文件api.yaml扩展一个Kubernetes·API,具体 要求如下:
(1)API·Server名称:crontabs;
(2)作用域:整个集群.
完成后使用该YAML 文件创建 API-Server.
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
name: crontabs.stable.example.com
spec:
group: stable.example.com
versions:
- name: v1
served: true
storage: true
schema:
openAPIV3Schema:
type: object
properties:
spec:
type: object
properties:
cronSpec:
type: string
image:
type: string
replicas:
type: integer
scope: Namespaced
names:
plural: crontabs
singular: crontab
kind: CronTab
shortNames:
- ct第七套
1.·在master 节点/root目录下编写YAML文件创建Pod,具体要求如下:
(1)Pod名称:nginx;
(2)镜像:nginx
(3)挂载一个Volume,名称为cache-volume,将其/data目录挂载到宿主机/data目录 下。
完成后使用该YAML文件创建Pod。
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx-7-1-pod
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
volumeMounts:
- name: cache-volume
mountPath: /data
volumes:
- name: cache-volume
hostPath:
path: /data
2.·在 master 节点/root 目录下编写 YAML 文件 deployment.yaml 创建 Deployment,具体要求如下:
(1)Deployment名称: nginx-deployment;
(2)镜像: nginx:latest;
(3)副本数: 2;
(4)标签: app: nginx;
(5)容器端口:80
完成后使用该 YAML 文件创建 Deployment.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx-7-2-pod
image: 192.168.10.131/library/nginx:latest
ports:
- containerPort: 80
3.在master节点/root目录下编写YAML文件scale.yaml为上一题的nginx-deployment配置Pod水平自动伸缩,具体要求如下:
(1)Pod 水平自动伸缩名称:scale;
(2)Pod最小副本数为1;
(3)Pod最大副本数为5;
(4)根据设定的CPU使用率(75%)动态的增加或者减少Pod·数量.
完成后使用该YAML文件创建Pod水平自动伸缩.
###如果需要autoscale需给被监测pod添加requests资源声明,否则HPA读取不到CPU指标信息
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: scale
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 1
maxReplicas: 5
targetCPUUtilizationPercentage: 75 
4.·在master节点/root目录下编写YAML文件quota.yaml创建命名空间和ResourceQuota, 具体要求如下:
(1)命名空间名称:quota-exam;
(2)ResourceQuota 名称:compute-resources;
(3)要求限制命名空间内Pod数量不超过4;
(4)所有容器内存申请总和不得超过1Gi;
(5)所有容器申请的CPU不得超过2000m。
完成后使用该YAML 文件创建命名空间和ResourceQuota
apiVersion: v1
kind: Namespace
metadata:
name: quota-exam
---
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-resources
namespace: quota-exam
spec:
hard:
pods: 4
limits.cpu: 2000m
limits.memory: 1Gi
5.·默认情况下,Pod能够使用集群节点全部可用计算资源,请配置集群为系统守护进程 kube-reserved 和 system-reserved 预留 500m·CPU、1Gi-memory和 1Gi-ephemeral-storage 计 算资源。
vim /var/lib/kubelet/config.yaml
.
.
.
enforceNodeAllocatable:
- pod
kubeReserved: #配置kube预留资源
cpu: 500m
memory: 1Gi
ephemeral-storage: 1Gi
systemReserved: #配置系统预留资源
cpu: 500m
memory: 1Gi
ephemeral-storage: 1Gi
6.·在master 节点/root目录下编写YAML 文件创建角色,具体要求如下:
(1)角色名称:exam;
(2)该角色拥有创建、删除和更新Pod的权限;
(3)该角色拥有查看、创建、更改和删除Deployment的权限。
完成后使用该YAML文件创建角色。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: exam
rules:
- apiGroups: [""]
resources: ["Deployment"]
verbs: ["watch","create","update","delete"]
7.在master和node节点安装NFS文件服务器,共享目录为/data/k8s/,然后在master节点/root目录下编写YAML文件 nfs-pv.yaml 创建PV,具体要求如下:
(1)PV名称:exma-pv;
(2)使用NFS 存储作为后端存储;
(3)存储空间为1Gi;
(4)访问模式为ReadWriteOnce;
(5)回收策略为Recyle。
完成后使用该YAML文件创建PV。
mkdir -p /nfs/data
chmod -R 777 /nfs
cat <<EOF>> /etc/exports
/nfs/data *(rw,no_root_squash,sync)
EOF
exportfs -r
systemctl restart rpcbind nfs-server && systemctl enable rpcbind nfs-server
showmount -e <ip>
apiVersion: v1
kind: PersistentVolume
metadata:
name: exma-pv
labels:
pv: exma-pv
spec:
nfs:
server: 192.168.10.179
path: /nfs/data/
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Recycle第八套
1.修改集群配置参数,要求集群节点可用内存低于500Mi时,kubelet开始驱逐节点上的Pods。
vim /var/lib/kubelet/config.yaml
.
.
.
eviction-hard=memory.available<500M
2.在master 节点/root目录下编写YAML文件pod.yaml创建Pod,具体要求如下:
(1)Pod名称:nginx;
(2)镜像:nginx:latest;
(3)以Guaranteed·QoS类运行;
(4)其requests值等于limits值.
完成后使用该YAML文件创建 Pod.
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx-qos
image: 192.168.10.131/library/nginx:latest
ports:
- containerPort: 80
resources:
requests:
cpu: 500m
memory: 1Gi
limits:
cpu: 500m
memory: 1Gi
3.在master 节点/root目录下编写YAML文件nginx-deployment.yaml 创建 Deployment,具体要求如下:
(1)Deployment 名称:nginx-deployment;
(2)镜像:nginx;
(3)副本数:2;
(4)网络:hostNetwork;
(5)容器端口:80。
完成后使用该YAML 文件创建 Deployment.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
hostNetwork: true
containers:
- name: nginx
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
4.在master节点/root目录下编写YAML文件hpa.yaml为上一题的Deployment 创建Pod 水平自动伸缩,具体要求如下:
(1)Pod 水平自动伸缩名称:frontend-scaler;
(2)副本数伸缩范围:3——5;
(3)期望每个Pod根据设定的CPU使用率50%动态的伸缩。
完成后使用该YAML文件创建 Pod水平自动伸缩。
###如果需要autoscale需给被监测pod添加requests资源声明,否则HPA读取不到CPU指标信息
apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
name: fronted-scaler
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: nginx-deployment
minReplicas: 1
maxReplicas: 7
targetCPUUtilizationPercentage: 50
5.在master节点/root目录下编写YAML文件role.yaml创建角色,具体要求如下:
(1)角色名称:exam-reader;
(2)对default命名空间内的Pod 拥有get、watch、list、create、delete的权限;
(3)对default 命名空间内的Deploymeht拥有get、list的权限。
完成后使用该YAML文件创建角色。
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: exam-reader
rules:
- apiGroups: [""]
resources: ["Pod"]
verbs: ["get","watch","list","create","list"]
- apiGroups: [""]
resources: ["Deployment"]
verbs: ["get","list"]
6.Kubernetes集群支持Pod优先级抢占,通过抢占式调度策略来实现同一个Node 节点内部的Pod对象抢占。在master 节点/root目录下编写YAML 文件schedule.yaml 创建一个抢 占式调度策略,具体要求如下:
(1)抢占式调度策略名称:high-scheduling;
(2)优先级为1000000;
(3)不要将该调度策略设置为默认优先调度策略。
完成后使用该YAML文件创建抢占式调度策略。”
apiVersion: scheduling.k8s.io/v1
kind: PriorityClass
metadata:
name: higi-scheduling
value: 1000000
globalDefault: false
7.·在master节点/root目录下编写YAML文件部署 MySQL 服务,具体要求如下:
(1)Service 名称:myqsl;Deployment 名称:myqsl;
(2)镜像:mysql:5.7;
(3)数据库用户:root;密码:123456;
(4)挂载一个持久卷mysql—pv,拥有2GB的存储空间,路径为/mnt/data;
(5)以NodePort方式将3306端口对外暴露为33306.
完成后使用该YAML文件部署 MySQL服务.
apiVersion: v1
kind: PersistentVolume
metadata:
name: mysql-pv
spec:
hostPath:
path: /mnt/data
accessModes:
- ReadWriteMany
capacity:
storage: 2Gi
persistentVolumeReclaimPolicy: Retain
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: mysql-pvc
labels:
app: mysql-pvc
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 2Gi
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: mysql
spec:
replicas: 1
selector:
matchLabels:
app: mysql
template:
metadata:
labels:
app: mysql
spec:
containers:
- name: mysql
image: 192.168.10.131/library/mysql:v5.7
ports:
- containerPort: 3306
env:
- name: MYSQL_ROOT_PASSWORD
value: "123456"
volumeMounts:
- name: mysql-mnt
mountPath: /mnt/data
volumes:
- name: mysql-mnt
persistentVolumeClaim:
claimName: mysql-pvc
---
apiVersion: v1
kind: Service
metadata:
name: mysql-svc
spec:
selector:
app: mysql
ports:
- port: 3306
nodePort: 33306
targetPort: 3306
type: NodePort第九套
1.·为master 节点打上“app=exam”标签,并将其调度策略设置为PreferNoSchedule。
kubectl label nodes k8s-master-node1 app=exam
kubectl taint node k8s-master-node1 node-role.kubernetes.io/master=:PreferNoSchedule
2.在master节点/root目录下编写YAML文件nginx.yaml 创建Pod,具体要求如下:
(1)Pod名称:nginx-pod;
(2)镜像:nginx;
(3)镜像拉取策略:IfNotPresent;
(4)启用进程命名空间共享.
完成后使用该YAML文件创建Pod.
apiVersion: v1
kind: Pod
metadata:
name: nginx-pod
spec:
containers:
- name: nginx
image: 192.168.10.131/library/nginx
imagePullPolicy: IfNotPresent
ports:
- containerPort: 80
shareProcessNamespace: true
3.在master节点/root目录下编写YAML文件nginx-deployment.yaml 创建 Deployment,
具体要求如下:
(1)Deployment 名称:nginx-deployment;
(2)Pod 名称:nginy-deployment,副本数:2;
(3)镜像:nginx;
(4)容器端口:80
完成后使用该YAML文件创建 Deployment.
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: 192.168.10.131/library/nginx
ports:
- containerPort: 80
4.在master节点/root目录下编写YAML文件service.yaml 创建Service,具体要求如下:
(1)Service 名称:exam-service;
(2)集群内部访问端口:80;
(3)使用TCP协议;
(4)服务类型:ClusterIP.
完成后使用该YAML 文件创建 Service.
apiVersion: v1
kind: Service
metadata:
name: exam-service
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
type: ClusterIP
5.在master节点/root目录下编写YAML文件创建Pod并使用ConfigMap,具体要求如 下:
(1)Pod名称:exam;
(2)镜像:busybox;
(3)在数据卷里面使用ConfigMap,并设置变量“DB_HOST=localhost”和 “DB_PORT=3306”。
完成后使用该YAML文件创建Pod.
apiVersion: v1
kind: ConfigMap
metadata:
name: config
data:
data1: "localhost"
data2: "3306"
---
apiVersion: v1
kind: Pod
metadata:
name: exam
spec:
containers:
- name: exam
image: 192.168.10.131/library/busybox
env:
- name: DB_HOST
valueFrom:
configMapKeyRef:
name: config
key: data1
- name: DB_PORT
valueFrom:
configMapKeyRef:
name: config
key: data2
ports:
- containerPort: 80
