CKA Study Flashcards
(109 cards)
1
Q
Command: Apply configuration changes to a resource
A
kubectl apply -f FILENAME
2
Q
Command: Access a web server via a NodePort
A
curl http://<Node>:<NodePort>
ie: http://198.168.1.2:30008</NodePort></Node>
3
Q
Command: Create a resource
A
kubectl create -f FILENAME
4
Q
Command: Creating a file from a Deployment
A
kubectl create deployment –image=nginx nginx –dry-run=client -o yaml > nginx-deployment.yaml
5
Q
Command: Edit and update the definition of a resource
A
kubectl edit (-f FILENAME | TYPE NAME)
6
Q
Command: Get documentation for a resource type
A
kubectl explain RESOURCE-TYPE
7
Q
Command: Replace a resource
A
kubectl replace –force -f FILENAME
8
Q
Command: Update the size of the specified replication controller
A
kubectl scale -f FILENAME
9
Q
Command: Change the ETCD API version for commands
A
If you get the message, “No help topic for …”
export ETCDCTL_API=3 (default is 2)
10
Q
Command: Execute a command against an resource
A
kubectl exec etcd-master -n kube-system etcdctl get / –prefix - keys-only
11
Q
Command: List Pods
A
kubectl get pods
12
Q
Command: Display the detailed state of a Pod
A
kubectl describe pod <Pod> -n=NAMESPACE</Pod>
13
Q
Command: View a running resource and its effective options
A
ps -aux | grep <Process-Name></Process-Name>
14
Q
If a specific Controller doesn’t seem to work or exist
A
Look at the Kube-Controller-Manager options
Kubeadm: /etc/kubernetes/manifests/kube-controller-manager.yaml
Non-Kubeadm: /etc/systemd/system/kube-controller-manager.service
15
Q
Location: Where is the Pod Definition file located
A
Kubeadm: /etc/kubernetes/manifests/kube-apiserver.yaml
Non-Kubeadm: /etc/systemd/system/kube-apiserver.service
16
Q
Object: ETCD-Master
A
Key/Value data store
Runs on Port 2379
Can be accessed via a browser at https://<IP>:2379</IP>
Set Value: ./etcdctl set key1 value1
Get Value: ./etcdctl set key1
17
Q
Object: Kube-APIServer
A
Authenticate User
Validate Request
Retrieve Data
Update ETCD
Used by Kube-Scheduler-Master and Kubelet
18
Q
Object: Kube-Proxy
A
Runs on each Node in the Cluster
Look for new Services
Creates an new Rule on each Node to forward traffic to those Services
19
Q
Object: Kube-Scheduler
A
Decides which Pod goes on which Node
Kubeadm: /etc/kubernetes/manifests/kube-scheduler.yaml
Non-Kubeadm: /etc/systemd/system/kube-scheduler.service
20
Q
Object: Kubelet
A
Registers Node on the K8S cluster
Creates Pods
Monitors Nodes and Pods
Configuration located at /var/lib/kubelet/config.yaml
21
Q
Object: Master Node
A
ETCD: Information on the cluster
Kube-Scheduler: Schedule applications or containers
Kube-Controller-Manager: Takes care of all controllers
Kube-APIServer: Orchestrating operations on the cluster
22
Q
Object: Kube-Controller-Manager
A
Monitors services and brings them to the desired state
23
Q
Object: Node-Controller
A
Monitor Nodes and keeps Pods running
24
Q
Object: Namespace Kube-System
A
Namespace for system resources
25
Object: Namespace Kube-Public
Namespace for shared resources
26
Object: ResourceQuota
apiVersion: v1
kind: ResourceQuota
metadata:
name: compute-quota
spec:
hard:
pods: "10"
requests.cpu: "4"
requests.memory: 5Gi
limits.cpu: "10"
limits.memory: 10Gi
27
Object: ClusterIP Service
Creates a virtual IP to enable communication between services and pods, in the cluster
28
Object: NodePort Service
Listens to a port and forwards requests on that port to another port, across the cluster
- the Port is required and must be between 30000 and 32676
- if the TargetPort is not specified, it will be the same value as Port
- if the NodePort is not specified, it will be automatically assigned
NodePort services also externally exposes the IP Address
29
Object: LoadBalancer Service
Provisions a Load Balancer for applications
30
Object: Pods
A single instance of an Application
Helper Containers, supporting the Application, can be in the same Pod
There are many Pods in a Node
31
Object: Replication-Controller
Manages the Replicate Sets
- Pods per Set
- High Availability and Resiliency
32
Object: Worker Node
Container Engine: Docker (other engines are available)
Kubelet: Listens to Kube-API-Server and carries out instructions
Kube-Proxy: communication between nodes
33
YAML: Service NodePort
apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
type: NodePort
ports:
- targetPort: 80
port: 80
nodePort: 30008
selector:
app: myapp
type: frontend
In the Selector, app and type are copied from the Pod's Labels section
34
YAML: Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp-deployment
labels:
app: myapp
tier: frontend
spec:
template:
metadata:
name: myapp-pod
labels:
app: myapp
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx
replicas: 3
selector:
matchLabels:
type: frontend
35
YAML: Namespace
apiVersion: v1
kind: Namespace
metadata:
name: my-namespace
36
YAML: Pod
apiVersion: v1
kind: Pod
metadata:
name: my-nginx
labels:
app: nginx
tier: frontend
spec:
containers:
- name: my-nginx
image: nginx
37
YAML: ReplicaSet
apiVersion: apps/v1
kind: ReplicaSet
metadata:
name: myapp-replicaset
labels: // these labels are for the ReplicaSet
app: myapp
tier: frontend
spec:
template:
metadata:
name: myapp-pod
labels: // these labels are for filtering the specific Pods
app: myapp
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx
replicas: 3
selector:
matchLabels: // these matchLabels must match the Pod filtering labels
type: frontend
38
YAML: ReplicationController
apiVersion: v1
kind: ReplicationController
metadata:
name: myapp-rc
labels:
app: myapp
tier: frontend
spec:
template:
metadata:
name: myapp-pod
labels:
app: myapp
tier: frontend
spec:
containers:
- name: nginx-container
image: nginx
replicas: 3
39
YAML: Service ClusterIP
apiVersion: v1
kind: Service
metadata:
name: backend
spec:
type: ClusterIP
ports:
- targetPort: 80
port: 80
selector:
app: myapp
type: backend
In the Selector, app and type are copied from the Pod's Labels section
40
YAML: Service LoadBalancer
apiVersion: v1
kind: Service
metadata:
name: myapp-service
spec:
type: LoadBalancer
ports:
- targetPort: 80
port: 80
nodePort: 30008
41
Command: Create a Pod from the command line
kubectl run nginx --image=nginx --port=8080
42
Command: Create a Service to expose a Deployment or Pod
kubectl expose deployment nginx --port 80 --name nginx-service
kubectl expose pod redis --port 80 --name redis-service
43
Command: Update an Image on a Deployment
kubectl set image deployment nginx nginx=nginx:1.18
44
Command: Getting Help
kubectl create service clusterip --help
45
Command: Check if the K8S components are executing
kubectl get nodes -n kube-system
46
Command: Filter by Labels
kubectl get pods --selector LABEL1=VALUE1,LABEL2=VALUE2
47
Command: Taints
Add: kubectl taint nodes NODE-NAME key=value:taint-effect
taint-effects: NoSchedule | PreferNoSchedule | MoExecute
Remove: kubectl taint nodes NODE-NAME TAINT-
48
Command: Labels
kubectl label nodes NODE-NAME KEY=VALUE
49
YAML: Node Affinity
apiVersion: v1
kind: Pod
metadata:
name: my-nginx
spec:
containers:
- name: my-nginx
image: nginx
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: size
operator: In
values:
- Large
- Medium
50
Command: Create YAML from running resource
kubectl get pod PODNAME -o yaml > PODNAME.yaml
51
YAML: DaemonSet
Same YAML as ReplicaSet, except the kind is DaemonSet
52
Location: Path of the Static Pod Manifests
Usually, these are in /etc/kubernetes/manifests
If not, view /var/lib/kubelet/config.yaml
Look for "staticPodPath"
53
Command: Viewing Docker processes
docker ps
54
Command: Verify if a Pod is Static
Execute kubectl get pod NAME -o yaml
Investigate the ownerReferences section
If "kind: Node", then it's a static pod
55
YAML: Create a Pod with an imbedded command
kubectl run <...> --command -- sleep 100
Make sure "command" is the last parameter
56
YAML: Pod with tolerations
Using a Pod YAML, under the "spec" section, at the same indent as "containers", add:
tolerations:
- key: "app"
operator: "Equal"
value: "blue"
effect: "NoSchedule"
57
Command: Get Events
kubectl get events
58
Command: View Scheduler Logs
kubectl logs SCHEDULERNAME --name-space=kube-system
59
YAML: Additional Scheduler
apiVersion: v1
kind: Pod
metadata:
name: my-custom-scheduler
namespace: kube-system
spec:
containers:
- command:
- kube-scheduler
- --address=127.0.0.1
- --kubeconfig=/etc/kubernetes/scheduler.conf
- --leader-elect=true
- --scheduler-name=my-custom-scheduler
- --lock-object-name=my-custom-scheduler
image: k8s.gcr.io/...
name: kube-scheduler
In /etc/kubernetes/manifests/kube-scheduler.yaml
Either change the "--leader-elect=true" to false
- or -
Add the "--lock-object-name=CustomSchedulerName"
60
YAML: Using a custom scheduler
Using a Pod YAML, under the "spec" section, at the same indent as "containers", add:
schedulerName: SCHEDULERNAME
61
Command: View Performance
kubectl top Node
kubectl top pod
62
Command: Install K8S Metrics Server
git clone https://github.com/kodekloudhub/kubernetes-metrics-server.git
kubectl create -f kubernetes-metrics-server/.
63
Command: Display Logs for a Pod
kubectl logs -f PODNAME CONTAINERNAME --previous
64
Command: App Rollout Status
kubectl rollout status DEPLOYMENTNAME
65
Command: App Rollout History
kubectl rollout history DEPLOYMENTNAME
66
Command: App Rollback
kubectl rollout undo DEPLOYMENTNAME
67
YAML: Pod Command and Arguments
Using a Pod YAML, under the "spec" section, under the "containers" section,
at the same indent as "image", add:
command:["COMMAND"]
args: ["ARGUMENTS"]
68
YAML: Pod Environment Variables
Using a Pod YAML, under the "spec" section, under the "containers" section,
at the same indent as "image", add:
env:
- name: myVar
value: pink
69
Command: Configmap
kubectl create configmap \
CONFIGNAME --from-literal=KEY=VALUE
--from-literal=KEY=VALUE
- OR -
kubectl create configmap \
CONFIGNAME --from-file=PATHANDFILE
70
YAML: Configmap File
apiVersion: v1
kind: ConfigMap
metadata:
name: app-config
data:
KEY1: VALUE1
KEY2: VALUE2
71
YAML: Pod and Configmap
Using a Pod YAML, under the "spec" section, under the "containers" section,
at the same indent as "image", add:
envFrom:
- configMapRef:
name: CONFIGMAPNAME
- OR -
env:
- name: ENVNAME
valueFrom:
configMapKeyRef:
name: CONFIGMAPNAME
key: ENVNAME
- OR -
volumes:
- name: app-config-volume
configMap:
name: CONFIGMAPNAME
name: CONFIGMAPNAME2
72
Command: Secret
kubectl create secret generic \
SECRETNAME --from-literal=KEY=VALUE
--from-literal=KEY=VALUE
kubectl create secret generic \
SECRETNAME --from-file=PATHANDFILE
73
YAML: Secret File
apiVersion: v1
kind: Secret
metadata:
name: app-secret
data:
KEY1: VALUE1
KEY2: VALUE2
74
Command: Base64 Encode and Decode
Encode: echo -n 'VALUE' | base64
- OR -
cat | base64 -w 0
Decode: echo -n 'VALUE' | base64 --decode
75
YAML: Pod and Secret File
Using a Pod YAML, under the "spec" section, under the "containers" section,
at the same indent as "image", add:
envFrom:
- secretRef:
name: SECRETNAME
- OR -
env:
- name: SECRETKEYNAME
valueFrom:
configMapKeyRef:
name: SECRETNAME
key: SECRETKEYNAME
- OR -
volumes:
- name: app-secret-volume
configMap:
name: SECRETNAME
name: SECRETNAME2
76
Command: Execute within the Pod
kubectl exec PODNAME -it
- OR -
kubectl exec PODNAME --
77
SYSParm: Pod Eviction Timeout
kube-controller-manager --pod-eviction-timeout
78
Command: Drain Node
kubectl drain NODENAME
then, kubectl uncordon NODENAME
79
Command: Cordon/Uncordon Node
Cordon: kubectl cordon NODENAME
Uncordon: kubectl uncordon NODENAME
80
Command: Alias kubectl
alias k=kubectl
81
Command: Latest Stable K8S Version
kubeadm upgrade plan
82
Command: Snapshot ETCD
Values can be found in etcd pod.
etcdctl snapshot save FILENAME.db \
--endpoints="listen-client-urls" \ (exclude https:\\)
--cacert="trusted-ca-file" \
--cert="cert-file" \
--key="key-file"
View Status: etcdctl snapshot status FILENAME.db
83
Command: ETCD Restore
a) etcdctl snapshot restore --data-dir NEWDIRECTORYNAME SNAPSHOTFILENAME
b) vi /etc/kubernetes/manifests/etcd.yaml
c) change the data-data directory in the volumes section
d) save will recreate etcd pod
84
Command: Switching Context
1) kubectl config view
2) kubectl config set-context --current --namespace=
85
YAML: Pod and Volumes
Using a Pod YAML, under the "spec" section, under the "containers" section,
at the same indent as "image", add:
volumeMounts:
- mountPath: CONTAINERDIRPATH
name: VOLUMENAME
Also, at the same indent as "containers", add:
volumes:
- name: VOLUMENAME
hostPath:
path: HOSTDIRPATH
86
YALM: Persistent Volumes
apiVersion: v1
kind: PersistentVolume
metadata:
name: my-persist-vol
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce (must match Access in PVC)
persistentVolumeReclaimPolicy: Retain
hostPath:
path: /pv/log
87
YAML: Persistent Volume Claims
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: CLAIMNAME (must match CLAIMNAME in Pod)
spec:
accessModes:
- ReadWriteOnce (must match Access in PV)
resources:
requests:
storage: 500Mi
88
YAML: Pods and Persistent Volume Claims
Using a Pod YAML, under the "spec" section, under the "containers" section,
at the same indent as "image", add:
volumeMounts:
- mountPath: CONTAINERDIRPATH
name: VOLUMENAME
Also, at the same indent as "containers", add:
volumes:
- name: VOLUMENAME
persistentVolumeClaim:
claimName: CLAIMNAME (must match CLAIMNAME in PVC)
89
YAML: StorageClass
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: standard
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: Wait ForFirstConsumer
90
Object: TLS Certificates
Three Server Certificates:
1) API Server
2) ETCD Server
3) Kubelet Server
Four Client Certificates:
1) Admin
2) Kube Scheduler
3) Kube Controller Manager
4) Kube Proxy
91
Command: Inspect Service Logs
Kubeadm: kubectl logs etcd-master
- OR -
journalctl -u etcd.service -l
- OR -
docker ps -a
docker logs
- OR -
crictl ps -a
crictl logs
92
Command: Approve CSR
kubectl certificate approve
93
Location: where is the default kubeconfig file ?
$HOME/.kube/config
94
Command: API Groups URL
Available API Groups: http://localhost:6443 -k
Supported Resource Groups: http://localhost:6443/apis -k | grep "name"
Be aware: start kubectl proxy service so you don't need to enter certificate info
1) kubectl proxy
2) http://localhost:8001 -k
95
Location: API Server Authorization Mode
In /etc/kubernetes/manifests/kube-aip-server.yaml, add:
"--authorization-mode="
96
Command: RBAC
1) kubectl get roles
2) kubectl get rolebindings
3) kubectl describe role
97
Command: Check My Access
kubectl auth can-i create deployments --as
98
Command: Cluster Roles
1) kubectl get clusterroles
2) kubectl get clusterrolebindings
3) kubectl describe clusterrole
99
Command: List All Resources
kubectl api-resources
100
Command: Service Account
1) kubectl create serviceaccount
2) kubectl create token
101
Command: Private Repository
1) kubectl create secret docker-registry \
--docker-server= \
--docker-username= \
--docker-password= \
-- docker-email=
2) Using a Pod YAML, under the "spec" section, at the same indent as "containers" section, add:
imagePullSecrets:
- name:
102
Command: Install Weave Net
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
103
Object: CoreDNS
DNS solution
Configuration file is located at: /etc/coredns/Corefile
104
Command: Return IP Address of Service or Pod
Service: host (may be partially qualified)
Pod: host 10-244-2-5.default.pod.cluster.local
105
Command: View Ingress Controller
kubectl get ingress
106
Kubeadm Steps
1) Provision VMs
2) Designate Master node
3) Install Docker on all nodes
4) Install kubeadm on all nodes
5) Initialize Master node
- verify IP Addr (ifconfig eth0) when creating kubeadm inti command
6) Set up networking solution (Pod Network)
7) Join Worker nodes to Master node
107
Command: Check Control Plane Services
service kube-apiserver status
108
Kubectl Cheat Sheet
K8S Doc >> Reference >> Command Line Tool >> kubectl Cheat Sheet
109
Command: Using JSON Path Queries
kubectl get deployments.apps
-o=custom-columns='COLHEADER:JSONPATH,COLHEADER:JSONPATH' --sort-by=JSONPATH
(remember to exclude ".items" portion of JSONPATH)
kubectl get deployments.apps
-o=jsonpath='{range .items[*]}{JSONPATH}{"\t"}{JSONPATH}
