Outline
Set up
Kubernetes
Kubernetes
Components
What's
LXC?
Docker
overview
Command line tool
(kubectl)
kubectl
Cheat Sheet
kubectl
Commands
Namespaces
Pods
Debugging
with container exec
Ephemeral
Containers
Debugging
with an ephemeral debug container
Init
Containers
How
Pods manage multiple containers
Using
a sidecar container with the logging agent
Static
Pods
Create
static Pods
Labels
and Selectors
Annotations
ReplicaSet
Deployments
Creating
a Deployment
Updating
a Deployment
Rolling
Back a Deployment
Scaling
a Deployment
Rolling
Update Deployment
DaemonSet
Jobs
CronJob
Service
Service
resources
Virtual
IPs and service proxies
Defining
a Service
Connecting
Applications with Services
Discovering
services
Publishing
Services (ServiceTypes)
METALLB
Headless
Services
StatefulSets
Stable
Network ID
StatefulSet
Basics
Ingress
Controllers
ingress-nginx
Ingress
Types
of Ingress
Rewrite
Container
probes
Configure
Liveness, Readiness and Startup Probes
Volumes
emptyDir
hostPath
nfs
Persistent
Volumes
Reclaiming
Access
Modes
PersistentVolumeClaims
Claims
As Volumes
Storage
Classes
NFS
Dynamic
Volume Provisioning
ConfigMaps
Define
container environment variables using ConfigMap data
Add
ConfigMap data to a Volume
Secrets
Using
Secrets as files from a Pod
Using
Secrets as environment variables
Container
image pull secrets
Assigning
Pods to Nodes
nodeSelector
Affinity
and anti-affinity
nodeName
Taints
and Tolerations
Resource
Quotas
Limit
Ranges
Authenticating
Users
in Kubernetes
Normal
user
Add
ImagePullSecrets to a service account
Using
RBAC Authorization
Role
and ClusterRole
RoleBinding
and ClusterRoleBinding
ServiceAccount
permissions
Network
Policies
The
NetworkPolicy resource
Behavior
of to and from selectors
Safely
Drain a Node
Horizontal
Pod Autoscaling
HorizontalPodAutoscaler
Walkthrough
Kubernetes
Metrics Server
Operating
etcd clusters for Kubernetes
Backing
up an etcd cluster
Restoring
an etcd cluster
Upgrading
kubeadm clusters
Practice
创建 ClusterRole 并绑定到 ServiceAccount
Using
RBAC Authorization
1 2 3 4 kubectl create clusterrole -h kubectl create serviceaccount -h kubectl create rolebinding -h kubectl get clusterrole <clusterrole name> -o yaml
设置 Node 不可用
Safely
Drain a Node
1 2 kubectl drain -h --ignore-daemonsets=true
升级 kubeadm 集群
Upgrading
kubeadm clusters
1 2 kubeadm upgrade apply -h --etcd-upgrade=false
备份、恢复 etcd
Backing
up an etcd cluster
Snapshot
using etcdctl options
1 2 3 4 5 6 7 kubectl get pods -n kube-system <etcd pod name> -o yaml kubectl exec -it -n kube-system <etcd pod name> sh cp /usr/local/bin/etcdctl /var/lib/etcd/etcdctlmv /var/lib/etcd/etcdctl /bin/
1 2 kubectl get pods -n kube-system <etcd pod name> -o yaml
1 2 ETCDCTL_API=3 etcdctl snapshot save -h ETCDCTL_API=3 etcdctl snapshot status -h
Restoring
an etcd cluster
1 2 3 4 5 6 7 grep staticPodPath /var/lib/kubelet/config.yaml mv /etc/kubernetes/manifests/kube-apiserver.yaml /tmp/mv /etc/kubernetes/manifests/etcd.yaml /tmp/tar -cvf /tmp/etcd.bak.tar /var/lib/etcd/ rm -rf /var/lib/etcd/member/
1 2 ETCDCTL_API=3 etcdctl snapshot restore -h ETCDCTL_API=3 etcdctl endpoint health -h
配置网络策略
Network
Policies
编辑 Deployment,Service
1 2 3 4 5 kubectl explain Deployment.spec.template.spec.containers.ports kubectl create service nodeport -h kubectl expose deployment -h
创建 Ingress
Ingress
1 2 3 4 5 kubectl explain Ingress.spec.ingressClassName kubectl get ingressclasses.networking.k8s.io --all-namespaces kubectl get services --all-namespaces | grep ingress
Scale the Deployment
Schedule a Pod
Assign
Pods to Nodes
统计有污点的节点
1 kubectl describe nodes | grep -i taint
多容器 Pod
Communicate
Between Containers in the Same Pod Using a Shared Volume
创建 hostPath 类型的 PersistentVolume
Configure
a Pod to Use a PersistentVolume for Storage
1 2 kubectl explain PersistentVolume.spec.hostPath
hostPath
配置 Pod 挂载 PersistentVolume
Configure
a Pod to Use a PersistentVolume for Storage
查看 Pod 日志
添加 Sidecar Container
Using
a sidecar container with the logging agent
查看 Pod 资源使用
1 2 kubectl top pod -h -A, --all-namespaces
排查 Node 状态为 NotReady
1 2 3 4 5 systemctl stop kubelet.service systemctl status kubelet.service systemctl start kubelet.service systemctl enable kubelet.service
What
is the difference between "systemctl start" and "systemctl
enable"?
Exam Simulator
Question 1 | Contexts
1 2 kubectl config -h cat ~/.kube/config | grep current
Question 4 | Pod Ready if Service is reachable
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 apiVersion: v1 kind: Pod metadata: name: ready-if-service-ready spec: containers: - image: nginx:1.16.1-alpine name: nginx livenessProbe: exec: command: - 'true' readinessProbe: exec: command: - sh - -c - 'wget -T2 -O- http://service-am-i-ready:80' restartPolicy: Always
Question 8 | Get Master Information
1 2 3 4 5 find /etc/systemd/system/ | grep kube find /etc/systemd/system/ | grep etcd find /etc/kubernetes/manifests/
Question 9 | Kill Scheduler, Manual Scheduling
nodeName
1 2 kubectl replace -h --force
Question 10 | RBAC ServiceAccount Role
RoleBinding
Question 12 | Deployment on all Nodes
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 apiVersion: apps/v1 kind: Deployment metadata: name: deploy-important namespace: project-tiger labels: id: very-important spec: replicas: 3 selector: matchLabels: id: very-important template: metadata: labels: id: very-important spec: containers: - name: container1 image: 'nginx:1.17.6-alpine' - name: container2 image: 'kubernetes/pause' affinity: podAntiAffinity: requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: matchExpressions: - key: id operator: In values: - very-important topologyKey: kubernetes.io/hostname
Question 13 | Multi Containers and Pod shared
Volume
Expose
Pod Information to Containers Through Environment Variables
Question 14 | Find out Cluster Information
1 2 3 4 5 cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep rangefind /etc/cni/net.d/
Question 15 | Cluster Event Logging
1 kubectl get events -A --sort-by=.metadata.creationTimestamp
Question 16 | Namespaces and Api Resources
1 2 3 4 5 6 kubectl api-resources -h -o name | wc -l