第1题:权限控制RBAC
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets
kubectl -n app-team1 create serviceaccount cicd-token
kubectl -n app-team1 create rolebinding cicd-token-rolebinding --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token
kubectl -n app-team1 describe rolebinding cicd-token-rolebinding
第2题:查看pod的CPU
kubectl top pod -l name=cpu-loader --sort-by=cpu -A
echo "查出来的 Pod Name" > /opt/KUTR000401/KUTR00401.txt
echo redis-test-5db498bbd-h2mfj > /opt/KUTR000401/KUTR00401.txt
cat /opt/kutr000401/kutr00401.txt
第3题:配置网络策略NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-port-from-namespace
namespace: my-app
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: echo
ports:
- protocol: TCP
port: 9000
kubectl apply -f networkpolicy.yaml
kubectl describe networkpolicy -n my-app
kubectl get pods -n my-app -o wide
kubectl get pods -n echo -o wide
kubectl exec -it networkpolicy-busyboxplus5dc96b7c6b-gg497 sh -n echo
curl 10.244.122.223:9000
第4题:暴露服务service
kubectl get deployment front-end -o wide
kubectl edit deployment front-end
ports: #添加这 4 行
- name: http
containerPort: 80
protocol: TCP
kubectl expose deployment front-end --type=NodePort --port=80 --target-port=80 --name=front-end-svc
kubectl get svc front-end-svc -o wide
kubectl get deployment front-end -o wide
kubectl describe svc front-end-svc
curl NODE-NAME:NODEPORT
第5题: 创建Ingress
vim ingressclass.yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: k8s.io/ingress-nginx
vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ping
namespace: ing-internal
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx #这里调用上面新建的 ingressClassName 为 nginx
rules:
- http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello
port:
number: 5678
kubectl apply -f ingress.yaml
kubectl get ingress -n ing-internal
curl <ingress 的 ip 地址>/hello
第6题: 扩容 deployment 副本数量
kubectl get deployments presentation -o wide
kubectl get pod -l app=presentation
kubectl scale deployment presentation -replicas=4
kubectl get deployments presentation -o wide
kubectl get pod -l app=presentation
第7题 : 调度pod到指定节点
apiVersion: v1
kind: Pod
metadata:
name: nginx-kusc00401
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disk: ssd
kubectl apply -f pod-disk-ssd.yaml
kubectl get pod nginx-kusc00401 -o wide
第8题:查看可用节点数量
kubectl get nodes
kubectl describe nodes | grep -i Taints
echo "查出来的数字" > /opt/KUSC00402/kusc00402.txt
cat /opt/KUSC00402/kusc00402.txt
第9题:创建多容器的 pod
apiVersion: v1
kind: Pod
metadata:
name: kucc8
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
- name: consul
image: consul
imagePullPolicy: IfNotPresent
kubectl apply -f pod-kucc.yaml
kubectl get pod kucc8
kubectl create clusterrole deployment-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets
kubectl -n app-team1 create serviceaccount cicd-token
kubectl -n app-team1 create rolebinding cicd-token-rolebinding --clusterrole=deployment-clusterrole --serviceaccount=app-team1:cicd-token
kubectl -n app-team1 describe rolebinding cicd-token-rolebinding
第2题:查看pod的CPU
kubectl top pod -l name=cpu-loader --sort-by=cpu -A
echo "查出来的 Pod Name" > /opt/KUTR000401/KUTR00401.txt
echo redis-test-5db498bbd-h2mfj > /opt/KUTR000401/KUTR00401.txt
cat /opt/kutr000401/kutr00401.txt
第3题:配置网络策略NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-port-from-namespace
namespace: my-app
spec:
podSelector:
matchLabels: {}
policyTypes:
- Ingress
ingress:
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: echo
ports:
- protocol: TCP
port: 9000
kubectl apply -f networkpolicy.yaml
kubectl describe networkpolicy -n my-app
kubectl get pods -n my-app -o wide
kubectl get pods -n echo -o wide
kubectl exec -it networkpolicy-busyboxplus5dc96b7c6b-gg497 sh -n echo
curl 10.244.122.223:9000
第4题:暴露服务service
kubectl get deployment front-end -o wide
kubectl edit deployment front-end
ports: #添加这 4 行
- name: http
containerPort: 80
protocol: TCP
kubectl expose deployment front-end --type=NodePort --port=80 --target-port=80 --name=front-end-svc
kubectl get svc front-end-svc -o wide
kubectl get deployment front-end -o wide
kubectl describe svc front-end-svc
curl NODE-NAME:NODEPORT
第5题: 创建Ingress
vim ingressclass.yaml
apiVersion: networking.k8s.io/v1
kind: IngressClass
metadata:
labels:
app.kubernetes.io/component: controller
name: nginx
annotations:
ingressclass.kubernetes.io/is-default-class: "true"
spec:
controller: k8s.io/ingress-nginx
vim ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: ping
namespace: ing-internal
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx #这里调用上面新建的 ingressClassName 为 nginx
rules:
- http:
paths:
- path: /hello
pathType: Prefix
backend:
service:
name: hello
port:
number: 5678
kubectl apply -f ingress.yaml
kubectl get ingress -n ing-internal
curl <ingress 的 ip 地址>/hello
第6题: 扩容 deployment 副本数量
kubectl get deployments presentation -o wide
kubectl get pod -l app=presentation
kubectl scale deployment presentation -replicas=4
kubectl get deployments presentation -o wide
kubectl get pod -l app=presentation
第7题 : 调度pod到指定节点
apiVersion: v1
kind: Pod
metadata:
name: nginx-kusc00401
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disk: ssd
kubectl apply -f pod-disk-ssd.yaml
kubectl get pod nginx-kusc00401 -o wide
第8题:查看可用节点数量
kubectl get nodes
kubectl describe nodes | grep -i Taints
echo "查出来的数字" > /opt/KUSC00402/kusc00402.txt
cat /opt/KUSC00402/kusc00402.txt
第9题:创建多容器的 pod
apiVersion: v1
kind: Pod
metadata:
name: kucc8
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
- name: consul
image: consul
imagePullPolicy: IfNotPresent
kubectl apply -f pod-kucc.yaml
kubectl get pod kucc8
