Q 13: Sidecar Container/Logging
本题目,Logging是目的;Sidecar是手段
Context -
An existing Pod needs to be integrated into the Kubernetes built-in logging architecture (e.g. kubectl logs). Adding a streaming sidecar container is a good and common way to accomplish this requirement.
Task -
Add a sidecar container named sidecar, using the busybox image, to the existing Pod big-corp-app. The new sidecar container has to run the following command:
ls
Use a Volume, mounted at /var/log, to make the log file big-corp-app.log available to the sidecar container.
Q13: 解答(来自chatgpt)
Updated Pod YAML Manifest
This assumes you have access to edit the existing Pod big-corp-app. Save the updated configuration to a file (e.g., big-corp-app.yaml) and apply it:
apiVersion: v1
kind: Pod
metadata:
name: big-corp-app
spec:
containers:
- name: main-container
image: your-app-image
volumeMounts:
- name: log-volume
mountPath: /var/log
command: ["/bin/sh", "-c"]
args: ["echo 'Hello from main container!' >> /var/log/big-corp-app.log; sleep 3600"]
- name: sidecar #需要新增部分sidecar 边车容器
image: busybox #采用最小的image
volumeMounts:
- name: log-volume
mountPath: /var/log
command: ["/bin/sh", "-c"]
args: ["tail -f /var/log/big-corp-app.log"]
volumes: # main-container和sidecar 共用一个volume
- name: log-volume
emptyDir: {}
【追加备注】
- 此题目其实属于Logging相关,而不是Pod。
- 通过Sidecar模式,运行一个1MB大小的busybox 来收集同一个pod里的应用Container的日志是一个较为流行的最佳实践。
Q14: Kubectl TOP
Task -
From the pod label name=overloaded-cpu, find pods running high CPU workloads and write the name of the pod consuming most CPU to the file /opt/
KUTR00401/KUTR00401.txt (which already exists).
Q14:解答
root@master:/opt/k8sconfig$sudo kubectl top pods -l name=voerloaded-cpu --sort-by=cpu
Q15: kubelet
Task -
A Kubernetes worker node, named wk8s-node-0 is in state NotReady.
Investigate why this is the case, and perform any appropriate steps to bring the node to a Ready state, ensuring that any changes are made permanent.
(这个题目其实是因为node上的kubelet停止了导致了node不ready。有人提到,kubelet可能配置文件或者service变动,导致无法通过service restart kubelet来重启,但是我考试没有遇到,只是简单启动一下就可以了。)
Q16: PVC
Task -
Create a new PersistentVolumeClaim:
✑ Name: pv-volume
✑ Class: csi-hostpath-sc
✑ Capacity: 10Mi
Create a new Pod which mounts the PersistentVolumeClaim as a volume:
✑ Name: web-server
✑ Image: nginx
✑ Mount path: /usr/share/nginx/html
Configure the new Pod to have ReadWriteOnce access on the volume.
Finally, using kubectl edit or kubectl patch expand the PersistentVolumeClaim to a capacity of 70Mi and record that change.
Q16: 解答
pvc-pv-volume.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pv-volume
spec:
storageClassName: csi-hostpath-sc
capacity:
storage: 10Mi
https://kubernetes.io/docs/concepts/storage/persistent-volumes/
pod-web-server.yaml
apiVersion: v1
kind: Pod
metadata:
name: pv-volume-pod
spec:
containers:
- name: web-server
image: nginx
volumeMounts:
- name: pv-test
mountPath: /usr/share/nginx/html
volumes:
- name: pv-test
persistentVolumeClass: csi-hostpath-sc
Cliamname: pv-volume
kubectl edit pvc pv-volume 此命令去edit storage
Q17: NGINX-Ingress
Task -
Create a new nginx Ingress resource as follows:
✑ Name: pong
✑ Namespace: ing-internal
✑ Exposing service hello on path /hello using service port 5678
Q17: 解答
考试时候,先定位到kubernets官网上关于ingress部分,然后copy里面的yaml example 改写即可
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pong
namespace: ing-internal
spec:
ingressClassName: nginx # 定义ingress的类型为nginx,通常nginx是default,可以不显性设定
rules:
- http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello # backend的service是“hello”
port:
number: 5678
【追加备注】
- 此题目可能需要先通过kubectl get ingressclass 来确认下是否已经存在ingress class,如果没有可能需要新建ingressclass。
- CNCF将不早于2025年2月10日开始换题,根据新的考试内容,ingress相关题目大概率会被Gateway API取代!
Q18:Pod
Task -
Schedule a Pod as follows:
• Name: kucc1
• App Containers: 2
• Container Name/images:
o redis
o consul
Q18:解答
考试时候,先定位到kubernets官网上关于pod部分,然后copy里面的yaml example 改写即可。
apiVersion: v1
kind: Pod
metadata:
name: kucc1
spec:
containers:
- name: redis
image: redis
imagePullPolicy: IfNotPresent #非必须要定义
- name: consul
image: consul
imagePullPolicy: IfNotPresent #非必须要定义
本人准备CKA考试的笔记全部完成,不承诺答案一定正确,请独立思考。