Skip to content

Instantly share code, notes, and snippets.

@hemanth22
Forked from Nurlan199206/CKA exam cheat sheet
Created June 19, 2024 01:47
Show Gist options
  • Save hemanth22/9427a0c85af5f002e4849a402a3734fb to your computer and use it in GitHub Desktop.
Save hemanth22/9427a0c85af5f002e4849a402a3734fb to your computer and use it in GitHub Desktop.
CKA exam cheat sheet
useful resources: https://github.com/ascode-com/wiki/tree/main/certified-kubernetes-administrator
alias ll='ls -l'
alias kcr='kubectl create'
alias ka='kubectl apply -f'
alias k=kubectl
alias kg='kubectl get'
alias ke='kubectl edit'
alias kd='kubectl describe'
alias kdd='kubectl delete'
alias kgp='kubectl get pods'
alias kgd='kubectl get deployments'
alias kgpvc='kubectl get pvc'
alias kgpv='kubectl get pv'
export alias fg='--force --grace-period=0'
export alias do='--dry-run=client -o yaml'
export alias oy='-o yaml'
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc
https://www.youtube.com/watch?v=qRPNuT080Hk
https://v1-25.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/
https://v1-25.docs.kubernetes.io/docs/concepts/services-networking/service/
https://kubernetes.io/docs/concepts/storage/persistent-volumes/
https://kubernetes.io/docs/concepts/services-networking/service/
https://kubernetes.io/docs/concepts/configuration/configmap/
https://kubernetes.io/docs/concepts/configuration/secret/
https://kubernetes.io/docs/concepts/workloads/controllers/deployment/
https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/
https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/
https://kubernetes.io/docs/concepts/workloads/controllers/job/
https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/
https://kubernetes.io/docs/reference/access-authn-authz/certificate-signing-requests/#create-certificatesigningrequest
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-example - create role
https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-create-rolebinding - create rolebinding
https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
https://kubernetes.io/docs/concepts/storage/volumes/#hostpath-configuration-example - Create pod with volume
https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolume - create PV with hostPath
https://kubernetes.io/docs/tasks/configure-pod-container/configure-persistent-volume-storage/#create-a-persistentvolumeclaim
https://kubernetes.io/docs/concepts/storage/persistent-volumes/#claims-as-volumes - Pod with PVC
https://kubernetes.io/docs/concepts/storage/storage-classes/#local - StorageClass Local
https://github.com/kodekloudhub/certified-kubernetes-administrator-course - CKA github
kubectl api-resources
===============================================PODS===========================================================================
kubectl replace --force -f /tmp/kubectl-31523123.yaml - применить ямл для пода, если значения не меняются напрямую, например command:
kubectl run test --image=nginx
kubectl run redis --image=redis -n finance
kubectl run redis --image=redis:alpine -l='tier=db' - run pod with label
kubectl run custom-nginx --image=nginx --port=8080 - run pod named nginx with port 8080
kubectl explain replicaset | grep VERSION
kubectl scale rs new-replica-set --replicas=5
kubectl scale --replicas -f replicaset-definition.yml
kubectl run webapp-color --image=kodekloud/webapp-color -l=name=webapp-color --env="APP_COLOR=green" - запустить поду с лейблом webapp-color и env APP_COLOR=green
kubectl run pvviewer --image=redis --serviceaccount=pvviewer
kubectl get pods -A --sort-by='metadata.uid' > /root/pods.txt
kubectl get pods -A --sort-by='metadata.creationTimestamp' > /root/creation.txt
==================================================generate yaml files==================================
kubectl run nginx --image=nginx --dry-run=client -o yaml
kubectl create deployment nginx --image=nginx
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml
kubectl create deployment nginx --image=nginx --dry-run=test -o yaml > test-deploy.yaml - запись ямл в файл
kubectl create deployment nginx --image=nginx --replicas=4 --dry-run=client -o yaml > nginx-deployment.yaml
kubectl run webapp-green --image=kodekloud/webapp-color --dry-run=client -o yaml -- command --color=green > asd.yaml - создать файл yaml с аргументом или же
kubectl run webapp-green --image=kodekloud/webapp-color -- --color green
============================================deployments=================================================
kubectl create deployment httpd-frontend --image=httpd:2.4-alpine --replicas=3
kubectl create deploy redis-deploy --image=redis --replicas=2 -n dev-ns
kubectl set image deployment nginx nginx=nginx:1.15
kubectl scale deployment nginx --replicas=5
kubectl expose deployment nginx --port 80
kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1
kubectl rollout status deployment/myapp-deployment
kubectl rollout history deployment/myapp-deployment
kubectl create –f deployment-definition.yml
kubectl rollout status deployment/myapp-deployment
kubectl rollout history deployment/myapp-deployment
kubectl get deployments
kubectl apply –f deployment-definition.yml
kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1
kubectl rollout undo deployment/myapp-deployment
kubectl -n admin2406 get deployment -o custom-columns=DEPLOYMENT:.metadata.name,CONTAINER_IMAGE:.spec.template.spec.containers[].image,READY_REPLICAS:.status.readyReplicas,NAMESPACE:.metadata.namespace --sort-by=.metadata.name > /opt/admin2406_data
==================================================services==============================================
kubectl expose deploy minio --type=NodePort --port=9001 --target-port=9001 --dry-run=client -o yaml > minio-svc.yaml
kubectl expose pod redis --port=6379 --name redis-service
kubectl run httpd --image=httpd:alpine --port=80 --expose
kubectl expose pod redis --port=6379 --name redis-service --dry-run=client -o yaml - create service named redis-service of type ClusterIP to expose pod redis on port 6379 OR you can use
kubectl create service clusterip redis --tcp=6379:6378 --dry-run=client -o yaml
kubectl expose pod nginx --type=NodePort --port=80 --name=nginx-service --dry-run=client -o yaml - Create a Service named nginx of type NodePort to expose pod nginx's port 80 on port 30080 on the nodes OR
kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --dry-run=client -o yaml
================================================scheduler===============================================
Run the command: kubectl get pods --namespace kube-system to see the status of scheduler pod. We have removed the scheduler from this Kubernetes cluster. As a result, as it stands, the pod will remain in a pending state forever.
если нет поды scheduler то в yaml файл нужно добавить в секцию spec, containers строку nodeName
===================================================labels and selectors=================================================
kubectl get pods --selector env=dev --no-headers | wc -l - показать поды с лейблом dev
kubectl get pods --selector='bu=finance' | wc -l - показать поды с лейблом bu=finance
kubectl get all --selector='env=prod' | wc -l
kubectl get all --selector env=prod,bu=finance,tier=frontend - найти под который запущен с несколькими лейблами.
======================================================taint and tolerations=========================================================
kubectl taint nodes node01.test.kz spray=mortein:NoSchedule - применить taint
kubectl taint nodes node01.test.kz spray=mortein:NoSchedule- - убрать taint
=====================================================NodeSelector==============================================
kubectl label node node01.test.kz size=Super
=====================================================61 - NodeAffinity ПОВТОРИТЬ=========================================================
=====================================================DaemonSet======================================================================
создать деплоймент, удалить оттуда replicas,strategy,status
=====================================================Static Pods====================================================================
ls -l /etc/kubernetes/manifests/
ps -aux | grep /usr/bin/kubelet - найти запущеннный kubelet, затем найти строку --config=/var/lib/kubelet/config.yaml
grep -i staticpod /var/lib/kubelet/config.yaml
kubectl run static-busybox --image=busybox --dry-run=client -o yaml --command -- sleep 1000 - generate pod yaml file with command sleep 1000
kubectl run --restart=Never --image=busybox:1.28.4 static-busybox --dry-run=client -o yaml --command -- sleep 1000 > /etc/kubernetes/manifests/static-busybox.yaml
=====================================================78 - Multiple Schedulers ПРОЙТИ ТЕСТ ЕЩЕ РАЗ ДЛЯ ЗАКРЕПЛЕНИЯ==============================================================
kubectl get events -o wide
=====================================================80 - Logging and Monitoring ==============================================================================================
kubectl logs -f event-simulator-pod
kubectl top node
kubectl top pod
kubectl top pods --containers=true
==========================================================ConfigMap===========================================================================================================
kubectl describe cm db-config
kubectl create configmap webapp-config-map --from-literal=APP_COLOR=darkblue
==========================================================initContainers===================================================================
kubectl logs orange -c init-myservice - проверка лога initContainer
==========================================================Cluster Maintenance==============================================================
kubectl drain node-1 - убрать поды с ноды
kubectl cordon node-2 - на существующей ноде не будут запускаться новые поды, запущенные поды на ноде продолжат работу.
kubectl uncordon node-1
kubectl upgrade plan
kubectl upgrade apply
kubectl drain node01 --ignore-daemonsets --force - удалить поды даже если есть Job, ReplicaSet, ReplicationController
==========================================================ETCD=============================================================================
kubectl describe pod etcd-controlplane -n kube-system
etcdctl version
########backup etcd
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /opt/snapshot-pre-boot.db
########restore etcd
ETCDCTL_API=3 etcdctl snapshot restore /opt/snapshot-pre-boot.db --data-dir /var/lib/etcd-from-backup
==========================================================TLS and certificates======================================================
cat akshay.csr | base64 -w 0
kubectl certificate approve akshay
kubectl get csr agent-smith -o yaml
kubectl delete csr agent-smith
===========================================================kubeconfig and context===================================================
kubectl config get-contexts
kubectl config current-context
kubectl config view
kubectl config --kubeconfig=/root/my-kube-config use-context research - переключиться на контекст research
===========================================================RBAC=====================================================================
kubectl get roles
kubectl get rolebindings
kubect describe role developer
kubectl describe rolebinding devuser-developer-binding
kubectl auth can-i create deployments - for example 'yes'
kubectl auth can-i delete node - for example 'no'
kubectl auth can-i create deployments --as dev-user
kubectl auth can-i create pods --as dev-user
==========================================================Role and Rolebinding=============================================================
kubectl create role developer --namespace=default --verb=list,create,delete --resource=pods
kubectl create rolebinding dev-user-binding --namespace=default --role=developer --user=dev-user
kubectl create role developer --verb=create --verb=get --verb=delete --verb=list --resource=pods --verb=create --verb=list --verb=delete --verb=get --resource=deployments --namespace=blue
==========================================================ClusterRole===============================================================
kubectl get clusterrolebindings --no-headers | wc -l
kubectl create clusterrole nodes --verb=create --verb=list --verb=delete --verb=watch --resource=nodes
kubectl create clusterrolebinding nodes-admin --clusterrole=nodes --user=michelle
kubectl create clusterrole storage-admin --verb=list,create,watch,list --resource=persistentvolumes,storageclasses
kubectl create clusterrolebinding michelle-storage-admin --clusterrole=storage-admin --user=michelle
==========================================================ServiceAccount=============================================================
kubectl create sa dashboard-sa
kubectl create token dashboard-sa
==========================================================helmsman serviceaccount===================================================================
kubectl create clusterrole deployment-change --verb=get --verb=delete --verb=create --verb=list --verb=patch --verb=watch --resource=rs,deployment,secrets,services -n altyn-le-dev
kubectl create clusterrolebinding cr-deployment-change --clusterrole=deployment-change --serviceaccount=altyn-le-dev:deployer -n altyn-le-dev
==========================================================SecurityContext=======================================================
kubectl exec ubuntu-sleeper -- whoami
==========================================================PV/PVC================================================================
kubectl describe pvc local-pvc
==========================================================DNS===================================================================
kubectl exec -it hr -- nslookup mysql.payroll > /root/CKA/nslookup.out
==========================================================Ingress + 1.20 =======================================================
kubectl create ingress minio-dev --dry-run=client -o yaml --rule="minio-dev.halykmarket.com/=minio:9000,tls=wildcard.halykmarket.com" -n minio-dev
kubectl create ingress ingress-test --rule="wear.my-online-store.com/wear*=wear-service:80"
kubectl create ingress pay-ingress --rule="/pay=pay-service:8282" --dry-run=client -o yaml -n critical-space > pay-ing.yaml
kubectl create ingress shop --rule='/wear=wear-service:8080' --rule='/watch=video-service:8080' -n app-space
=============================================================Troubleshooting====================================================
kubectl get nodes
service kube-apiserver status
service kube-controller-manager status
service kube-scheduler status
service kubelet status
service kube-proxy status
kubectl logs kube-apiserver-master -n kube-system
sudo journalctl -u kube-apiserver
kubectl describe node worker-1
sudo journalctl –u kubelet
openssl x509 -in /var/lib/kubelet/worker-1.crt -text
openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt
openssl x509 -enddate -noout -text -in /etc/kubernetes/pki/apiserver.crt
/var/lib/kubelet/config.yaml - kubelet config file
vi /etc/kubernetes/kubelet.conf - проверить этот файл на воркеках если ошибка node not found
=========================================================Pods exec ===============================================================
k run dns-resolver1 --image=busybox:1.28 --restart=Never --rm -it --command -- nslookup nginx-resolver-service > /root/CKA/nginx.svc
k run dns-resolver2 --image=busybox:1.28 --restart=Never --rm -it --command -- nslookup 10.244.192.4 > /root/CKA/nginx.pod
k run --rm -ti tshoot --image=nicolaka/netshoot --command -- nc -z -v -w -2 10.244.192.1 80
========================================================JSONPath==================================================================
kubectl get nodes -o json | jq -c 'paths'
kubectl get nodes -o json | jq -c 'paths' | grep type | grep -v "metadata" | grep address
===================================================crictl==========================================================================
crictl logs 2354z34edhyd43 >& /opt/log/container.log - записать логи в файл
====================================================kubeadm join===================================================================
kubeadm token list - на мастер ноде, заттем удалить token и генерим новый токен kubeadm token create --print-join-command
kubeadm certs check-expiration - проверить сертификаты
ps -aux | grep kubelet | grep --color container-runtime-endpoint - найти socket
/opt/cni/bin - The CNI binaries are located under
ls /etc/cni/net.d/ - show CNI plugin by default
cat /etc/cni/net.d/10-flannel.conflist - check type
ip route
default via 172.25.1.1 dev eth1
10.57.230.0/24 dev eth0 proto kernel scope link src 10.57.230.6
10.244.0.0/16 dev weave proto kernel scope link src 10.244.192.0 <<<======= pods default gateway example
172.25.1.0/24 dev eth1 proto kernel scope link src 172.25.1.11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment