-
-
Save hemanth22/9427a0c85af5f002e4849a402a3734fb to your computer and use it in GitHub Desktop.
CKA exam cheat sheet
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
useful resources: https://github.com/ascode-com/wiki/tree/main/certified-kubernetes-administrator | |
alias ll='ls -l' | |
alias kcr='kubectl create' | |
alias ka='kubectl apply -f' | |
alias k=kubectl | |
alias kg='kubectl get' | |
alias ke='kubectl edit' | |
alias kd='kubectl describe' | |
alias kdd='kubectl delete' | |
alias kgp='kubectl get pods' | |
alias kgd='kubectl get deployments' | |
alias kgpvc='kubectl get pvc' | |
alias kgpv='kubectl get pv' | |
export alias fg='--force --grace-period=0' | |
export alias do='--dry-run=client -o yaml' | |
export alias oy='-o yaml' | |
echo 'alias k=kubectl' >>~/.bashrc | |
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc | |
https://www.youtube.com/watch?v=qRPNuT080Hk | |
https://v1-25.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/ | |
https://v1-25.docs.kubernetes.io/docs/concepts/services-networking/service/ | |
https://kubernetes.io/docs/concepts/storage/persistent-volumes/ | |
https://kubernetes.io/docs/concepts/services-networking/service/ | |
https://kubernetes.io/docs/concepts/configuration/configmap/ | |
https://kubernetes.io/docs/concepts/configuration/secret/ | |
https://kubernetes.io/docs/concepts/workloads/controllers/deployment/ | |
https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/ | |
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/ | |
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/ | |
https://kubernetes.io/docs/concepts/workloads/controllers/job/ | |
https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/ | |
https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#create-certificatesigningrequest | |
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-example - create role | |
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-create-rolebinding - create rolebinding | |
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod | |
https://kubernetes.io/docs/concepts/storage/volumes/#hostpath-configuration-example - Create pod with volume | |
https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume - create PV with hostPath | |
https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim | |
https://kubernetes.io/docs/concepts/storage/persistent-volumes/#claims-as-volumes - Pod with PVC | |
https://kubernetes.io/docs/concepts/storage/storage-classes/#local - StorageClass Local | |
https://github.com/kodekloudhub/certified-kubernetes-administrator-course - CKA github | |
kubectl api-resources | |
===============================================PODS=========================================================================== | |
kubectl replace --force -f /tmp/kubectl-31523123.yaml - применить ямл для пода, если значения не меняются напрямую, например command: | |
kubectl run test --image=nginx | |
kubectl run redis --image=redis -n finance | |
kubectl run redis --image=redis:alpine -l='tier=db' - run pod with label | |
kubectl run custom-nginx --image=nginx --port=8080 - run pod named nginx with port 8080 | |
kubectl explain replicaset | grep VERSION | |
kubectl scale rs new-replica-set --replicas=5 | |
kubectl scale --replicas -f replicaset-definition.yml | |
kubectl run webapp-color --image=kodekloud/webapp-color -l=name=webapp-color --env="APP_COLOR=green" - запустить поду с лейблом webapp-color и env APP_COLOR=green | |
kubectl run pvviewer --image=redis --serviceaccount=pvviewer | |
kubectl get pods -A --sort-by='metadata.uid' > /root/pods.txt | |
kubectl get pods -A --sort-by='metadata.creationTimestamp' > /root/creation.txt | |
==================================================generate yaml files================================== | |
kubectl run nginx --image=nginx --dry-run=client -o yaml | |
kubectl create deployment nginx --image=nginx | |
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml | |
kubectl create deployment nginx --image=nginx --dry-run=test -o yaml > test-deploy.yaml - запись ямл в файл | |
kubectl create deployment nginx --image=nginx --replicas=4 --dry-run=client -o yaml > nginx-deployment.yaml | |
kubectl run webapp-green --image=kodekloud/webapp-color --dry-run=client -o yaml -- command --color=green > asd.yaml - создать файл yaml с аргументом или же | |
kubectl run webapp-green --image=kodekloud/webapp-color -- --color green | |
============================================deployments================================================= | |
kubectl create deployment httpd-frontend --image=httpd:2.4-alpine --replicas=3 | |
kubectl create deploy redis-deploy --image=redis --replicas=2 -n dev-ns | |
kubectl set image deployment nginx nginx=nginx:1.15 | |
kubectl scale deployment nginx --replicas=5 | |
kubectl expose deployment nginx --port 80 | |
kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1 | |
kubectl rollout status deployment/myapp-deployment | |
kubectl rollout history deployment/myapp-deployment | |
kubectl create –f deployment-definition.yml | |
kubectl rollout status deployment/myapp-deployment | |
kubectl rollout history deployment/myapp-deployment | |
kubectl get deployments | |
kubectl apply –f deployment-definition.yml | |
kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1 | |
kubectl rollout undo deployment/myapp-deployment | |
kubectl -n admin2406 get deployment -o custom-columns=DEPLOYMENT:.metadata.name,CONTAINER_IMAGE:.spec.template.spec.containers[].image,READY_REPLICAS:.status.readyReplicas,NAMESPACE:.metadata.namespace --sort-by=.metadata.name > /opt/admin2406_data | |
==================================================services============================================== | |
kubectl expose deploy minio --type=NodePort --port=9001 --target-port=9001 --dry-run=client -o yaml > minio-svc.yaml | |
kubectl expose pod redis --port=6379 --name redis-service | |
kubectl run httpd --image=httpd:alpine --port=80 --expose | |
kubectl expose pod redis --port=6379 --name redis-service --dry-run=client -o yaml - create service named redis-service of type ClusterIP to expose pod redis on port 6379 OR you can use | |
kubectl create service clusterip redis --tcp=6379:6378 --dry-run=client -o yaml | |
kubectl expose pod nginx --type=NodePort --port=80 --name=nginx-service --dry-run=client -o yaml - Create a Service named nginx of type NodePort to expose pod nginx's port 80 on port 30080 on the nodes OR | |
kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --dry-run=client -o yaml | |
================================================scheduler=============================================== | |
Run the command: kubectl get pods --namespace kube-system to see the status of scheduler pod. We have removed the scheduler from this Kubernetes cluster. As a result, as it stands, the pod will remain in a pending state forever. | |
если нет поды scheduler то в yaml файл нужно добавить в секцию spec, containers строку nodeName | |
===================================================labels and selectors================================================= | |
kubectl get pods --selector env=dev --no-headers | wc -l - показать поды с лейблом dev | |
kubectl get pods --selector='bu=finance' | wc -l - показать поды с лейблом bu=finance | |
kubectl get all --selector='env=prod' | wc -l | |
kubectl get all --selector env=prod,bu=finance,tier=frontend - найти под который запущен с несколькими лейблами. | |
======================================================taint and tolerations========================================================= | |
kubectl taint nodes node01.test.kz spray=mortein:NoSchedule - применить taint | |
kubectl taint nodes node01.test.kz spray=mortein:NoSchedule- - убрать taint | |
=====================================================NodeSelector============================================== | |
kubectl label node node01.test.kz size=Super | |
=====================================================61 - NodeAffinity ПОВТОРИТЬ========================================================= | |
=====================================================DaemonSet====================================================================== | |
создать деплоймент, удалить оттуда replicas,strategy,status | |
=====================================================Static Pods==================================================================== | |
ls -l /etc/kubernetes/manifests/ | |
ps -aux | grep /usr/bin/kubelet - найти запущеннный kubelet, затем найти строку --config=/var/lib/kubelet/config.yaml | |
grep -i staticpod /var/lib/kubelet/config.yaml | |
kubectl run static-busybox --image=busybox --dry-run=client -o yaml --command -- sleep 1000 - generate pod yaml file with command sleep 1000 | |
kubectl run --restart=Never --image=busybox:1.28.4 static-busybox --dry-run=client -o yaml --command -- sleep 1000 > /etc/kubernetes/manifests/static-busybox.yaml | |
=====================================================78 - Multiple Schedulers ПРОЙТИ ТЕСТ ЕЩЕ РАЗ ДЛЯ ЗАКРЕПЛЕНИЯ============================================================== | |
kubectl get events -o wide | |
=====================================================80 - Logging and Monitoring ============================================================================================== | |
kubectl logs -f event-simulator-pod | |
kubectl top node | |
kubectl top pod | |
kubectl top pods --containers=true | |
==========================================================ConfigMap=========================================================================================================== | |
kubectl describe cm db-config | |
kubectl create configmap webapp-config-map --from-literal=APP_COLOR=darkblue | |
==========================================================initContainers=================================================================== | |
kubectl logs orange -c init-myservice - проверка лога initContainer | |
==========================================================Cluster Maintenance============================================================== | |
kubectl drain node-1 - убрать поды с ноды | |
kubectl cordon node-2 - на существующей ноде не будут запускаться новые поды, запущенные поды на ноде продолжат работу. | |
kubectl uncordon node-1 | |
kubectl upgrade plan | |
kubectl upgrade apply | |
kubectl drain node01 --ignore-daemonsets --force - удалить поды даже если есть Job, ReplicaSet, ReplicationController | |
==========================================================ETCD============================================================================= | |
kubectl describe pod etcd-controlplane -n kube-system | |
etcdctl version | |
########backup etcd | |
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 \ | |
--cacert=/etc/kubernetes/pki/etcd/ca.crt \ | |
--cert=/etc/kubernetes/pki/etcd/server.crt \ | |
--key=/etc/kubernetes/pki/etcd/server.key \ | |
snapshot save /opt/snapshot-pre-boot.db | |
########restore etcd | |
ETCDCTL_API=3 etcdctl snapshot restore /opt/snapshot-pre-boot.db --data-dir /var/lib/etcd-from-backup | |
==========================================================TLS and certificates====================================================== | |
cat akshay.csr | base64 -w 0 | |
kubectl certificate approve akshay | |
kubectl get csr agent-smith -o yaml | |
kubectl delete csr agent-smith | |
===========================================================kubeconfig and context=================================================== | |
kubectl config get-contexts | |
kubectl config current-context | |
kubectl config view | |
kubectl config --kubeconfig=/root/my-kube-config use-context research - переключиться на контекст research | |
===========================================================RBAC===================================================================== | |
kubectl get roles | |
kubectl get rolebindings | |
kubect describe role developer | |
kubectl describe rolebinding devuser-developer-binding | |
kubectl auth can-i create deployments - for example 'yes' | |
kubectl auth can-i delete node - for example 'no' | |
kubectl auth can-i create deployments --as dev-user | |
kubectl auth can-i create pods --as dev-user | |
==========================================================Role and Rolebinding============================================================= | |
kubectl create role developer --namespace=default --verb=list,create,delete --resource=pods | |
kubectl create rolebinding dev-user-binding --namespace=default --role=developer --user=dev-user | |
kubectl create role developer --verb=create --verb=get --verb=delete --verb=list --resource=pods --verb=create --verb=list --verb=delete --verb=get --resource=deployments --namespace=blue | |
==========================================================ClusterRole=============================================================== | |
kubectl get clusterrolebindings --no-headers | wc -l | |
kubectl create clusterrole nodes --verb=create --verb=list --verb=delete --verb=watch --resource=nodes | |
kubectl create clusterrolebinding nodes-admin --clusterrole=nodes --user=michelle | |
kubectl create clusterrole storage-admin --verb=list,create,watch,list --resource=persistentvolumes,storageclasses | |
kubectl create clusterrolebinding michelle-storage-admin --clusterrole=storage-admin --user=michelle | |
==========================================================ServiceAccount============================================================= | |
kubectl create sa dashboard-sa | |
kubectl create token dashboard-sa | |
==========================================================helmsman serviceaccount=================================================================== | |
kubectl create clusterrole deployment-change --verb=get --verb=delete --verb=create --verb=list --verb=patch --verb=watch --resource=rs,deployment,secrets,services -n altyn-le-dev | |
kubectl create clusterrolebinding cr-deployment-change --clusterrole=deployment-change --serviceaccount=altyn-le-dev:deployer -n altyn-le-dev | |
==========================================================SecurityContext======================================================= | |
kubectl exec ubuntu-sleeper -- whoami | |
==========================================================PV/PVC================================================================ | |
kubectl describe pvc local-pvc | |
==========================================================DNS=================================================================== | |
kubectl exec -it hr -- nslookup mysql.payroll > /root/CKA/nslookup.out | |
==========================================================Ingress + 1.20 ======================================================= | |
kubectl create ingress minio-dev --dry-run=client -o yaml --rule="minio-dev.halykmarket.com/=minio:9000,tls=wildcard.halykmarket.com" -n minio-dev | |
kubectl create ingress ingress-test --rule="wear.my-online-store.com/wear*=wear-service:80" | |
kubectl create ingress pay-ingress --rule="/pay=pay-service:8282" --dry-run=client -o yaml -n critical-space > pay-ing.yaml | |
kubectl create ingress shop --rule='/wear=wear-service:8080' --rule='/watch=video-service:8080' -n app-space | |
=============================================================Troubleshooting==================================================== | |
kubectl get nodes | |
service kube-apiserver status | |
service kube-controller-manager status | |
service kube-scheduler status | |
service kubelet status | |
service kube-proxy status | |
kubectl logs kube-apiserver-master -n kube-system | |
sudo journalctl -u kube-apiserver | |
kubectl describe node worker-1 | |
sudo journalctl –u kubelet | |
openssl x509 -in /var/lib/kubelet/worker-1.crt -text | |
openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt | |
openssl x509 -enddate -noout -text -in /etc/kubernetes/pki/apiserver.crt | |
/var/lib/kubelet/config.yaml - kubelet config file | |
vi /etc/kubernetes/kubelet.conf - проверить этот файл на воркеках если ошибка node not found | |
=========================================================Pods exec =============================================================== | |
k run dns-resolver1 --image=busybox:1.28 --restart=Never --rm -it --command -- nslookup nginx-resolver-service > /root/CKA/nginx.svc | |
k run dns-resolver2 --image=busybox:1.28 --restart=Never --rm -it --command -- nslookup 10.244.192.4 > /root/CKA/nginx.pod | |
k run --rm -ti tshoot --image=nicolaka/netshoot --command -- nc -z -v -w -2 10.244.192.1 80 | |
========================================================JSONPath================================================================== | |
kubectl get nodes -o json | jq -c 'paths' | |
kubectl get nodes -o json | jq -c 'paths' | grep type | grep -v "metadata" | grep address | |
===================================================crictl========================================================================== | |
crictl logs 2354z34edhyd43 >& /opt/log/container.log - записать логи в файл | |
====================================================kubeadm join=================================================================== | |
kubeadm token list - на мастер ноде, заттем удалить token и генерим новый токен kubeadm token create --print-join-command | |
kubeadm certs check-expiration - проверить сертификаты | |
ps -aux | grep kubelet | grep --color container-runtime-endpoint - найти socket | |
/opt/cni/bin - The CNI binaries are located under | |
ls /etc/cni/net.d/ - show CNI plugin by default | |
cat /etc/cni/net.d/10-flannel.conflist - check type | |
ip route | |
default via 172.25.1.1 dev eth1 | |
10.57.230.0/24 dev eth0 proto kernel scope link src 10.57.230.6 | |
10.244.0.0/16 dev weave proto kernel scope link src 10.244.192.0 <<<======= pods default gateway example | |
172.25.1.0/24 dev eth1 proto kernel scope link src 172.25.1.11 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment