자격증/CKA (30) 썸네일형 리스트형 [CKA] Network Policy [문제] - Create a new NetworkPolicy named allow-port-from-namespace in the existing namespace devops. - Ensure that the new NetworkPolicy allows Pods in namespace migops to connect to port 80 of Pods in namespace devpos. [풀이] - 검색 키워드 : network policy 1. pod 및 namespace의 label 확인 migops namespace label 확인 # kubectl get namespaces migops --show-labels NAME STATUS AGE LABELS migops Active 48s kubern.. [CKA] Kube-DNS [문제] * Create a nginx pod called nginx-resolver using image nginx, expose it internally with a service called nginx-resolver-service. * Test that you are able to look up the service and pod names from within the cluster. Use the image busybox:1.28 for dns lookup - Record result in /tmp/nginx.svc and /tmp/nginx.pod - pod: nginx-resolver created - Service DNS Resolution recorded correctly - Pod DN.. [CKA] ServiceAccount Role Binding [문제] - Create a new ClusterRole named deployment-clusterrole, which only allows to create the following resource types: Deployment StatefulSet DaemonSet - Create a new ServiceAccount named cicd-token in the existing in the existing namespace apps. - Bind the new Cluster Role deployment-clusterrole to the new ServiceAccount cicd-token, limited to the namespace apps. [풀이] ServiceAccount 생성 아래 링크 참.. [CKA] ServiceAccount Role Binding ServiceAccount - 모든 동작중인 컨테이너에는 ServiceAccount가 부여 - 기본적으로 default 계정 사용 - 모니터링 컨테이너 또는 관리 컨테이너에 제한된 권한을 부여할때 사용 [문제] Create the ServiceAccount named pod-access in a new namespace called apps. Create a Role with the name pod-role, and the RoleBinding named pod-rolebinding. Map the Service Account from the previous step to the API resources Pods with the operations watch, list, get. [풀이] 검색 키워드 :.. [CKA] User Cluster Role Binding Role, CluterRole 차이점 Role - 특정 namespace에서만 작업할 수 있도록 제한된 권한 부여 ClusterRole - 클러스터 단위로 Role을 설정하면 클러스터 내의 namespace에 대해 Role이 설정되어 권한을 부여 [문제] - Create a new ClusterRole named app-clusterrole which only allows to get,watch,list the following resource types: deployment, service. - Bind the new ClusterRole app-clusterrole to the new user ckauser. - User ckauser and ckauser clusters are already con.. [CKA] User Role Binding [문제] Cluster : kubectl config use-context k8s TASK: Create the kubeconfig named ckauser. - username : ckauser - certificate location : /data/cka/ckauser.csr, /data/cka/ckauser.key - context-name : ckauser - kubernetes cluster must be operated with the privileges of the ckauser account. Create a role named pod-role that can create, delete, watch, list, get pods. Create the following rolebinding. .. [CKA] Kubernetes Troubleshooting (2) [문제] Not Ready 상태의 노드 활성화 A Kubernetes worker node, named hk8s-w2 is in state NotReady. Investigate why this is the case, and perform any appropriate steps to bring the node to a Ready state, ensuring that any chnages are made permanent. Troubleshooting 문제 풀이 방법 - docker, kubelet , kube-proxy, cni 가 동작중인지 확인 필요 (단계별로 점검) [풀이] Not Ready 상태 노드 확인 및 접근 Not Ready 상태 노드 확인 # kubectl get nodes Not Rea.. [CKA] Kubernetes Troubleshooting (1) [문제] Not Ready 상태의 노드 활성화 A kubernetes worker node, named kh8s-w2 is in state NotReady. Investigate why this is the case, and perform any appropriate steps to bbring the node to a Ready state, ensuring that any changes are mate permanent. ※ worker node의 동작 원리 work node 구성 요소 - docker : 컨테이너를 동작시켜주는 엔진 - kubelet : 클러스터를 운영해주는 역할 - kube-proxy : 쿠버네티스 환경에서 클라이언트 커넥션을 받아주는 역할(네트워크 구성) worker 노드에는 다음.. 이전 1 2 3 4 다음
