12. CKA Practice

K8s Cluster Upgrade

---

# k8s apt repository 리스트 파일 수정
echo -e "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /" > /etc/apt/sources.list.d/kubernetes.list

# apt 업데이트 후 kubeadm 최신 버전 확인
apt update
apt-cache madison kubeadm

apt-get install kubeadm=1.32.0-1.1

kubeadm upgrade plan v1.32.0
kubeadm upgrade apply v1.32.0
kubectl get nodes

apt-get install kubelet=1.32.0-1.1
systemctl restart kubelet
kubectl get nodes

# 먼저 node01 에 실행중인 Pod 을 drain 하고
kubectl drain node01

# node01 으로 접속한 뒤
ssh node01

# k8s apt repository 리스트 파일 수정
echo -e "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.32/deb/ /" > /etc/apt/sources.list.d/kubernetes.list

# apt 업데이트 후 kubeadm 최신 버전 확인
apt update
apt-cache madison kubeadm

apt-get install kubeadm=1.32.0-1.1

kubeadm upgrade node config --kubelet-version v1.32.0

apt-get install kubelet=1.32.0-1.1
systemctl restart kubelet

exit

kubectl uncordon node01

• 공식문서 참조

Extracting JSON information

---

k get deployments.apps -n=admin2406 -o=json
k get deployments.apps -n=admin2406 -o=custom-columns=DEPLOYMENT:.metadata.name,CONTAINER_IMAGE:.spec.template.spec.containers[0].image,READY_REPLICAS:.status.readyReplicas,NAMESPACE:.metadata.namespace > /opt/admin2406_data

• 공식문서 참조

Fix kubeconfig

---

# kubeconfig 파일을 확인하고
kubectl get pods --kubeconfig /root/CKA/admin.kubeconfig

# 기본 설정을 확인한 뒤
cat ~/.kube/config

# 틀린 부분을 수정하고
vi /root/CKA/admin.kubeconfig

# 다시 kubeconfig 파일을 확인
kubectl get pods --kubeconfig /root/CKA/admin.kubeconfig

Rolling Update

---

kubectl create deployment nginx-deploy --image=nginx:1.16
kubectl set image deployment/nginx-deploy nginx=nginx:1.17

• 공식문서 참조

Fix PVC

---

# Deployment 확인
kubectl get deployment -n alpha alpha-mysql  -o yaml | yq e .spec.template.spec.containers -

# Pod 에러 확인
kubectl get pods -n alpha
kubectl describe pod -n alpha alpha-mysql-xxxxxxxx-xxxxx

# PV 확인
kubectl get pv alpha-pv

# PVC 수정
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-alpha-pvc
  namespace: alpha
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: slow

ETCD Backup

---

# etcd 스냅샷 생성
export ETCDCTL_API=3
etcdctl snapshot save /opt/etcd-backup.db \
  --cacert=/etc/kubernetes/pki/etcd/ca.crt \
  --cert=/etc/kubernetes/pki/etcd/server.crt \
  --key=/etc/kubernetes/pki/etcd/server.key
etcdctl snapshot status snapshot.db

• 공식문서 참조

Create Pod with Command and Secret Volume

---

# YAML 파일 생성
kubectl run secret-1401 -n admin1401 --image busybox --dry-run=client -o yaml --command -- sleep 4800 > admin.yaml

vi admin.yaml

# 필요한 부분 추가
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: secret-1401
  name: secret-1401
  namespace: admin1401
spec:
  volumes:
  - name: secret-volume
    secret:
      secretName: dotfile-secret
  containers:
  - command:
    - sleep
    - "4800"
    image: busybox
    name: secret-admin
    volumeMounts:
    - name: secret-volume
      readOnly: true
      mountPath: /etc/secret-volume

• 공식문서 참조

유형

1. ETCD Backup, Restore
2. Control Plane Upgrade, kubeadm, kubelet, kubectl
3. Network Policy 배포
4. Ingress 배포
5. Deployment 배포
6. Pod 에 label 할당 후 배포
7. WorkerNode Not Ready to Ready 트러블슈팅
8. Node Selector 를 통해 특정 Node 에 Pod 배포
9. PVC 생성 (PV 와 SC 는 주어짐) + kubectl edit 또는 kubectl patch 로 용량 변경
10. Pod 로그 확인하여 특정 단어가 들어간 로그 추출

Create Pod with multiple containers (8)

k -n mc-namespace run mc-pod --image=nginx:1-alpine -o=yaml --dry-run=client > mc-pod.yaml

vi mc-pod.yaml

# mc-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  namespace: mc-namespace
  name: mc-pod
spec:
  containers:
  - name: mc-pod-1
    image: nginx:1-alpine
    env:
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          fieldPath: spec.nodeName
  - name: mc-pod-2
    image: busybox:1
    command:
    - "sh"
    - "-c"
    - "while true; do date >> /var/log/shared/date.log; sleep 1; done"
    volumeMounts:
    - name: shared-volume
      mountPath: /var/log/shared
  - name: mc-pod-3
    image: busybox:1
    command:
    - "sh"
    - "-c"
    - "tail -f /var/log/shared/date.log"
    volumeMounts:
    - name: shared-volume
      mountPath: /var/log/shared
  volumes:
  - name: shared-volume
    emptyDir: {}

k -n mc-namespace get pod
k -n mc-namespace logs mc-pod -c mc-pod-3 -f

Install container runtime (7)

~ ssh bob@node01
bob@node01's password:

bob@node01 ~ sudo su

root@node01 /home/bob cd /root

root@node01 ~ ls
cri-docker_0.3.16.3-0.debian.deb

root@node01 ~ dpkg -i ./cri-docker_0.3.16.3-0.debian.deb

root@node01 ~ systemctl enable cri-docker

root@node01 ~ systemctl status cri-docker

root@node01 ~ systemctl is-enabled cri-docker
enabled

Expose pod with Service (8)

controlplane ~ k get pods
NAME        READY   STATUS    RESTARTS   AGE
messaging   1/1     Running   0          4m2s

controlplane ~ k expose pod messaging --port=6379 --name=messaging-service
service/messaging-service exposed

controlplane ~ k get svc
NAME                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
kubernetes          ClusterIP   172.20.0.1     <none>        443/TCP    48m
messaging-service   ClusterIP   172.20.26.32   <none>        6379/TCP   6s

References

---

• Udemy - Certified Kubernetes Administrator (CKA) with Practice Tests