12. CKA Practice

K8s Cluster Upgrade

# k8s apt repository 리스트 파일 수정
echo -e "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.34/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
 
# apt 업데이트 후 kubeadm 최신 버전 확인
apt update
apt-cache madison kubeadm
 
# kubeadm 1.34.0-1.1 설치
apt-mark unhold kubeadm && \
apt-get update && apt-get install -y kubeadm=1.34.0-1.1 && \
apt-mark hold kubeadm
 
# kubeadm 1.34.0-1.1 설치 확인
kubeadm version
 
# kubernetes 컴포넌트 업그레이드
kubeadm upgrade plan v1.34.0
kubeadm upgrade apply v1.34.0
 
# kubelet, kubectl 1.34.0-1.1 설치
apt-mark unhold kubelet kubectl && \
apt-get update && apt-get install -y kubelet=1.34.0-1.1 kubectl=1.34.0-1.1 && \
apt-mark hold kubelet kubectl
 
# kubelet 재시작
sudo systemctl daemon-reload
sudo systemctl restart kubelet
 
# kubelet 1.34.0 업그레이드 확인
kubectl get nodes

# 먼저 node01 에 실행중인 Pod 을 drain 하고
kubectl drain node01 --ignore-daemonsets
 
# node01 으로 접속한 뒤
ssh node01
 
# k8s apt repository 리스트 파일 수정
echo -e "deb [signed-by=/etc/apt/keyrings/kubernetes-apt-keyring.gpg] https://pkgs.k8s.io/core:/stable:/v1.34/deb/ /" > /etc/apt/sources.list.d/kubernetes.list
 
# apt 업데이트 후 kubeadm 최신 버전 확인
apt update
apt-cache madison kubeadm
 
# kubeadm 1.34.0-1.1 설치
apt-mark unhold kubeadm && \
apt-get update && apt-get install -y kubeadm=1.34.0-1.1 && \
apt-mark hold kubeadm
 
# 워커노드 로컬 kubelet 업그레이드
sudo kubeadm upgrade node
 
# kubelet, kubectl 1.34.0-1.1 설치
apt-mark unhold kubelet kubectl && \
apt-get update && apt-get install -y kubelet=1.34.0-1.1 kubectl=1.34.0-1.1 && \
apt-mark hold kubelet kubectl
 
# kubelet 재시작
sudo systemctl daemon-reload
sudo systemctl restart kubelet
 
# controlplane 으로 복귀
exit
 
# 워커노드 cordon 해제
kubectl uncordon node01
 
# 워커노드 kubelet 1.34.0 업그레이드 확인
kubectl get nodes

공식문서 참조

Extracting JSON information

k -n=admin2406 get deployments.apps -o=json
k -n=admin2406 get deployments.apps -o=custom-columns=DEPLOYMENT:.metadata.name,CONTAINER_IMAGE:.spec.template.spec.containers[0].image,READY_REPLICAS:.status.readyReplicas,NAMESPACE:.metadata.namespace > /opt/admin2406_data

공식문서 참조

Fix kubeconfig

# kubeconfig 파일을 확인하고
kubectl get pods --kubeconfig /root/CKA/admin.kubeconfig
 
# 기본 설정을 확인한 뒤
cat ~/.kube/config
 
# 틀린 부분을 수정하고
vi /root/CKA/admin.kubeconfig
 
# 다시 kubeconfig 파일을 확인
kubectl get pods --kubeconfig /root/CKA/admin.kubeconfig

Rolling Update

kubectl create deployment nginx-deploy --image=nginx:1.16
kubectl set image deployment/nginx-deploy nginx=nginx:1.17

공식문서 참조

Fix PVC

# Deployment 확인
kubectl get deployment -n alpha alpha-mysql  -o yaml | yq e .spec.template.spec.containers -
 
# Pod 에러 확인
kubectl get pods -n alpha
kubectl describe pod -n alpha alpha-mysql-xxxxxxxx-xxxxx
 
# PV 확인
kubectl get pv alpha-pv

# PVC 수정
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: mysql-alpha-pvc
  namespace: alpha
spec:
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 1Gi
  storageClassName: slow

Create Pod with Command and Secret Volume

# YAML 파일 생성
kubectl run secret-1401 -n admin1401 --image busybox --dry-run=client -o yaml --command -- sleep 4800 > admin.yaml
 
vi admin.yaml
 
# 필요한 부분 추가
apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: secret-1401
  name: secret-1401
  namespace: admin1401
spec:
  volumes:
  - name: secret-volume
    secret:
      secretName: dotfile-secret
  containers:
  - command:
    - sleep
    - "4800"
    image: busybox
    name: secret-admin
    volumeMounts:
    - name: secret-volume
      readOnly: true
      mountPath: /etc/secret-volume

공식문서 참조

Node Troubleshooting

# 클러스터에서 NotReady 상태의 노드 확인
# 원인 파악, 해당 노드를 Ready 상태로 만들기
# 1. containerd 가 작동하고 있어야 함
# 2. kubelet 이 작동하고 있어야 함
# 3. cni 가 작동하고 있어야 함
kubectl get nodes
ssh hk8s-worker2
systemctl status containerd
systemctl status kubelet # 보통 kubelet 이 inactive 상태임
systemctl enable --now kubelet
systemctl status kubelet
exit
kubectl get nodes

유형

Control Plane Upgrade, kubeadm, kubelet, kubectl
Pod 에 label 할당 후 배포
Node Selector 를 통해 특정 Node 에 Pod 배포
Pod 로그 확인하여 특정 단어가 들어간 로그 추출

2025-02-28 이후 유형

Deployment 배포
Priority Class
(Trouble Shooting) Pod
WorkerNode Not Ready to Ready 트러블슈팅
1. 보통 kubelet
2. etcd 인증 관련 이슈
Service Expose
1. 이미 배포된 Deployment 의 ContainerPort 를 NodePort 로 expose
Storage Class, PV, PVC
1. PVC 생성 (PV 와 SC 는 주어짐) + kubectl edit 또는 kubectl patch 로 용량 변경
2. PV - PVC - Pod 마운트
3. StorageClass 는 보통 docs 복붙 후 필드 수정으로 간단함
Gateway API 및 TLS 연동
1. Ingres 설정을 GatewayAPI/HTTPRoute 와 연계 적용
2. TLS 연동 Gateway yaml
Helm 명령어
CNI 및 Network Policy 배포
1. NetworkPolicy 적용이 가능한 Calico 설치
CRI
1. dpkg -i 명령으로 .deb 파일 설치
2. 설치 후 net.ipv4.ip_forward = 1 등 네트워크 설정 (sysctl -p /etc/sysctl.d/k8s.conf)
Multi Container
1. 로그 수집 목적 사이드카 컨테이너 추가
HPA
1. CPU max/min 설정, Stabilization window 구현
2. 보통 docs 복붙 후 필드 수정으로 간단함
Taint, Toleration, NodeAffinity
RBAC
1. ServiceAccount
2. ClusterRole/Role
3. ClusterRoleBinding

Create Pod with multiple containers (8)

k -n mc-namespace run mc-pod --image=nginx:1-alpine -o=yaml --dry-run=client > mc-pod.yaml

vi mc-pod.yaml

# mc-pod.yaml
apiVersion: v1
kind: Pod
metadata:
  namespace: mc-namespace
  name: mc-pod
spec:
  containers:
  - name: mc-pod-1
    image: nginx:1-alpine
    env:
    - name: NODE_NAME
      valueFrom:
        fieldRef:
          fieldPath: spec.nodeName
  - name: mc-pod-2
    image: busybox:1
    command:
    - "sh"
    - "-c"
    - "while true; do date >> /var/log/shared/date.log; sleep 1; done"
    volumeMounts:
    - name: shared-volume
      mountPath: /var/log/shared
  - name: mc-pod-3
    image: busybox:1
    command:
    - "sh"
    - "-c"
    - "tail -f /var/log/shared/date.log"
    volumeMounts:
    - name: shared-volume
      mountPath: /var/log/shared
  volumes:
  - name: shared-volume
    emptyDir: {}

k -n mc-namespace get pod
k -n mc-namespace logs mc-pod -c mc-pod-3 -f

Install container runtime (7)

~ ssh bob@node01
bob@node01's password:

bob@node01 ~ sudo su

root@node01 /home/bob cd /root

root@node01 ~ ls
cri-docker_0.3.16.3-0.debian.deb

root@node01 ~ dpkg -i ./cri-docker_0.3.16.3-0.debian.deb

root@node01 ~ systemctl start cri-docker

root@node01 ~ systemctl enable cri-docker

root@node01 ~ systemctl status cri-docker

root@node01 ~ systemctl is-enabled cri-docker
enabled

Expose pod with Service (8)

controlplane ~ k get pods
NAME        READY   STATUS    RESTARTS   AGE
messaging   1/1     Running   0          4m2s
 
controlplane ~ k expose pod messaging --port=6379 --name=messaging-service
service/messaging-service exposed
 
controlplane ~ k get svc
NAME                TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)    AGE
kubernetes          ClusterIP   172.20.0.1     <none>        443/TCP    48m
messaging-service   ClusterIP   172.20.26.32   <none>        6379/TCP   6s

Create Deployment (10)

controlplane ~ k create deployment hr-web-app --image=kodekloud/webapp-color --replicas=2

Expose Depolyment with Service (8)

controlplane ~ k expose deployment hr-web-app --type=NodePort --port=8080 --name=hr-web-app-service --dry-run=client -o=yaml > hr-svc.yaml
 
controlplane ~ vi hr-svc.yaml 
 
controlplane ~ k apply -f hr-svc.yaml 
service/hr-web-app-service created
 
controlplane ~ k describe svc hr-web-app-service 
Name:                     hr-web-app-service
Namespace:                default
Labels:                   app=hr-web-app
Annotations:              <none>
Selector:                 app=hr-web-app
Type:                     NodePort
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       172.20.13.84
IPs:                      172.20.13.84
Port:                     <unset>  8080/TCP
TargetPort:               8080/TCP
NodePort:                 <unset>  30082/TCP
Endpoints:                172.17.0.11:8080,172.17.0.10:8080
Session Affinity:         None
External Traffic Policy:  Cluster
Internal Traffic Policy:  Cluster
Events:                   <none>

Create PV (8)

controlplane ~ vi pv-analytics.yaml
 
controlplane ~ cat pv-analytics.yaml 
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pv-analytics
spec:
  capacity:
    storage: 100Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  hostPath:
    path: /pv/data-analytics
 
controlplane ~ k apply -f pv-analytics.yaml 
persistentvolume/pv-analytics created
 
controlplane ~ k get pv
NAME           CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
pv-analytics   100Mi      RWX            Retain           Available                          <unset>                          2s

Create HPA (10)

controlplane ~ ➜  vi webapp-hpa.yaml 
 
controlplane ~ ➜  cat webapp-hpa.yaml 
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: webapp-hpa
  namespace: default
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: kkapp-deploy
  minReplicas: 2
  maxReplicas: 10
  metrics:
   - type: Resource
     resource:
       name: cpu
       target:
         type: Utilization
         averageUtilization: 50
  behavior:
    scaleDown:
      stabilizationWindowSeconds: 300
 
controlplane ~ ➜  k apply  -f webapp-hpa.yaml 
horizontalpodautoscaler.autoscaling/webapp-hpa created
 
controlplane ~ ➜  k get hpa
NAME         REFERENCE                 TARGETS              MINPODS   MAXPODS   REPLICAS   AGE
webapp-hpa   Deployment/kkapp-deploy   cpu: <unknown>/50%   2         10        0          5s

Create VPA (9)

controlplane ~ ➜  vi analytics-vpa.yaml 
 
controlplane ~ ➜  cat analytics-vpa.yaml 
apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: analytics-vpa
  namespace: default
spec:
  targetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: analytics-deployment
  updatePolicy:
    updateMode: Auto
 
controlplane ~ ➜  k apply -f analytics-vpa.yaml 
verticalpodautoscaler.autoscaling.k8s.io/analytics-vpa created
 
controlplane ~ ➜  k get vpa
NAME            MODE   CPU   MEM   PROVIDED   AGE
analytics-vpa   Auto               False      38s

Create Gateway (6)

controlplane ~ ➜  vi web-gateway.yaml
 
controlplane ~ ➜  cat web-gateway.yaml 
apiVersion: gateway.networking.k8s.io/v1
kind: Gateway
metadata:
  name: web-gateway
  namespace: nginx-gateway
spec:
  gatewayClassName: nginx
  listeners:
  - name: http
    protocol: HTTP
    port: 80
 
controlplane ~ ➜  k apply -f web-gateway.yaml 
gateway.gateway.networking.k8s.io/web-gateway created
 
controlplane ~ ➜  k -n nginx-gateway get gateway
NAME          CLASS   ADDRESS   PROGRAMMED   AGE
web-gateway   nginx             True         13s

Helm Chart upgrade (8)

controlplane ~ ➜  helm list -n kk-ns
NAME            NAMESPACE       REVISION        UPDATED                                 STATUS          CHART           APP VERSION
kk-mock1        kk-ns           1               2025-11-06 14:28:24.255194099 +0000 UTC deployed        nginx-18.1.0    1.27.0     
 
controlplane ~ ➜  helm repo list
NAME            URL                               
kk-mock1        https://charts.bitnami.com/bitnami
 
controlplane ~ ➜  helm repo update
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "kk-mock1" chart repository
Update Complete. ⎈Happy Helming!⎈
 
controlplane ~ ➜  helm repo list
NAME            URL                               
kk-mock1        https://charts.bitnami.com/bitnami
 
controlplane ~ ➜  helm search repo nginx
NAME                                    CHART VERSION   APP VERSION   DESCRIPTION                                       
kk-mock1/nginx                          22.2.4          1.29.3        NGINX Open Source is a web server that can be a...
kk-mock1/nginx-ingress-controller       12.0.7          1.13.1        NGINX Ingress Controller is an Ingress controll...
kk-mock1/nginx-intel                    2.1.15          0.4.9         DEPRECATED NGINX Open Source for Intel is a lig...
 
controlplane ~ ➜  helm search repo nginx --versions | grep 18.1.15
kk-mock1/nginx                          18.1.15         1.27.1        NGINX Open Source is a web server that can be a...
 
controlplane ~ ➜  helm upgrade kk-mock1 kk-mock1/nginx --version=18.1.5 -n kk-ns
Release "kk-mock1" has been upgraded. Happy Helming!
NAME: kk-mock1
LAST DEPLOYED: Thu Nov  6 14:31:52 2025
NAMESPACE: kk-ns
STATUS: deployed
REVISION: 2
TEST SUITE: None
NOTES:
CHART NAME: nginx
CHART VERSION: 18.1.5
APP VERSION: 1.27.0
 
** Please be patient while the chart is being deployed **
NGINX can be accessed through the following DNS name from within your cluster:
 
    kk-mock1-nginx.kk-ns.svc.cluster.local (port 80)
 
To access NGINX from outside the cluster, follow the steps below:
 
1. Get the NGINX URL by running these commands:
 
  NOTE: It may take a few minutes for the LoadBalancer IP to be available.
        Watch the status with: 'kubectl get svc --namespace kk-ns -w kk-mock1-nginx'
 
    export SERVICE_PORT=$(kubectl get --namespace kk-ns -o jsonpath="{.spec.ports[0].port}" services kk-mock1-nginx)
    export SERVICE_IP=$(kubectl get svc --namespace kk-ns kk-mock1-nginx -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
    echo "http://${SERVICE_IP}:${SERVICE_PORT}"
 
WARNING: There are "resources" sections in the chart not set. Using "resourcesPreset" is not recommended for production. For production installations, please set the following values according to your workload needs:
  - cloneStaticSiteFromGit.gitSync.resources
  - resources
+info https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/
 
⚠ SECURITY WARNING: Original containers have been substituted. This Helm chart was designed, tested, and validated on multiple platforms using a specific set of Bitnami and Tanzu Application Catalog containers. Substituting other containers is likely to cause degraded security and performance, broken chart features, and missing environment variables.
 
Substituted images detected:
  - %!s(<nil>)/:%!s(<nil>)
 
controlplane ~ ➜  helm list -n kk-ns
NAME            NAMESPACE       REVISION        UPDATED                                        STATUS          CHART           APP VERSION
kk-mock1        kk-ns           2               2025-11-06 14:31:52.339403678 +0000 UTC        deployed        nginx-18.1.5    1.27.0

Create StorageClass (6)

controlplane ~ ➜  vi local-sc.yaml
 
controlplane ~ ➜  k apply -f local-sc.yaml 
storageclass.storage.k8s.io/local-sc created
 
controlplane ~ ➜  k get sc
NAME                 PROVISIONER                    RECLAIMPOLICY   VOLUMEBINDINGMODE      ALLOWVOLUMEEXPANSION   AGE
local-sc (default)   kubernetes.io/no-provisioner   Delete          WaitForFirstConsumer   true                   4s
 
controlplane ~ ➜  cat local-sc.yaml
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: local-sc
  annotations:
    storageclass.kubernetes.io/is-default-class: "true"
provisioner: kubernetes.io/no-provisioner
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer

Create Deployment (10)

controlplane ~ ➜  k create deployment logging-deployment --image=busybox --namespace=logging-ns --replicas=1 --dry-run=client -o=yaml > logging-deployment.yaml
 
controlplane ~ ➜  vi logging-deployment.yaml 
 
controlplane ~ ➜  cat logging-deployment.yaml 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: logging-deployment
  namespace: logging-ns
spec:
  replicas: 1
  selector:
    matchLabels:
      app: logging-deployment
  template:
    metadata:
      labels:
        app: logging-deployment
    spec:
      volumes:
      - name: shared-volume
        emptyDir: {}
      containers:
      - image: busybox
        name: app-container
        command:
        - "sh"
        - "-c"
        - "while true; do echo 'Log entry' >> /var/log/app/app.log; sleep 5; done"
        resources: {}
        volumeMounts:
         - mountPath: /var/log/app
           name: shared-volume
      - image: busybox
        name: log-agent
        command:
        - "sh"
        - "-c"
        - "tail -f /var/log/app/app.log"
        volumeMounts:
         - mountPath: /var/log/app
           name: shared-volume
status: {}
 
controlplane ~ ➜  k create -f logging-deployment.yaml 
deployment.apps/logging-deployment created

Create Ingress (10)

controlplane ~ ➜  k -n ingress-ns get deploy
NAME            READY   UP-TO-DATE   AVAILABLE   AGE
webapp-deploy   1/1     1            1           10m
 
controlplane ~ ➜  k -n ingress-ns get svc
NAME         TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
webapp-svc   ClusterIP   172.20.133.154   <none>        80/TCP    10m
 
controlplane ~ ➜  vi webapp-ingress.yaml 
 
controlplane ~ ➜  cat webapp-ingress.yaml 
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: webapp-ingress
  namespace: ingress-ns
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  ingressClassName: nginx
  rules:
  - host: "kodekloud-ingress.app"
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: webapp-svc
            port:
              number: 80
 
 
controlplane ~ ➜  k create -f webapp-ingress.yaml 
ingress.networking.k8s.io/webapp-ingress created
 
controlplane ~ ➜  k -n ingress-ns get ingress
NAME             CLASS   HOSTS                   ADDRESS   PORTS   AGE
webapp-ingress   nginx   kodekloud-ingress.app             80      9s
 
controlplane ~ ➜  curl -s http://kodekloud-ingress.app/
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
 
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
 
<p><em>Thank you for using nginx.</em></p>
</body>
</html>

Create Role and RoleBinding (10)

controlplane ~ ➜  cat /root/CKA/john.csr | base64 | tr -d '\n'
LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZEQ0NBVHdDQVFBd0R6RU5NQXNHQTFVRUF3d0VhbTlvYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUp6Nm51VE5XK3NjenMrdk5veWMzT2ZhOFhCMUZWYVhsbS9SUGtmMFdnWjhHbG0yCnkyU1paQ0YzUmtJKzJFamQ0V1RlYVN3dnFiNUdPU0o3N2ZiaUx6aUd2SS80VTdQM1JvMnNWVG5Ra0RCb2VQczIKQm5SK2FzVjRnbmZuWDUrZklWRFJaMmt2eFRoeXFFZStWQ3p0eDkyYTNSVWszWk9xa0J0Y24vOFd5TURjaFFSagpteXZ6MmtEZTBWbFc4eC9yUHpPZGpNSCtia3N6YjRxcVczUVllTkRKUklMMHVMOXdXUy9PRTl6eklKeXhDbFQ1Cm5UWTRWam5VaGE5MjFYSld5a3dvMkVaMW8vbnRBUG5uWHlJL3lJQ3htSW5QY3RLRFJLMWhPVWg1QlRwMXl1dFYKOG1oa1F2RWNkTW1FU0FWOTJIQXpub2VQMjRlaitwbkt5a1lFdlZrQ0F3RUFBYUFBTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlJlSGhBWDBMT21ab3U1dEtPcDRkZ0tSRmNoV3FpRkpaaWptWTNaTkVJcDIzSGErZ1crWHp5CkU3a2h5VUt1QzBIRkFBYURVQ1I1SE9qSlBPL3owV21aRGpDc3gxM1BnVmxlZmJINkIwQkI4RVpWVXBzWnFraGgKQ1l5Y05VaHdycU5BcWxPU3ZPdmkvUEdldXp1NUZxaE0vK3JXdFRrbWdYSDlyZTlLNXhCWVM5UXR0TDVBTlY1SgpldkFYY3B2UDZRS2dkYWJHbDEzc3F5bGdsdWg1VEZSNXhTOUlDSnhYSm9Od3BtdEd6RG1PaFpFNllid250Z2thCjd5bkJ4eUNoRmlTLzloNDFDeXd6dFlUK0s0d2ROeTczUnk0TEd5eEl2ZkIySS96L2dkQ0cvTTljOFVEWUplQmcKSmMwdlVGalVCMzBHTTR2MjdOV0VjeFhHb21KWHFRKzQKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
controlplane ~ ➜  vi csr.yaml 
 
controlplane ~ ➜  cat csr.yaml 
apiVersion: certificates.k8s.io/v1
kind: CertificateSigningRequest
metadata:
  name: john-developer
spec:
  signerName: kubernetes.io/kube-apiserver-client
  request: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURSBSRVFVRVNULS0tLS0KTUlJQ1ZEQ0NBVHdDQVFBd0R6RU5NQXNHQTFVRUF3d0VhbTlvYmpDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUp6Nm51VE5XK3NjenMrdk5veWMzT2ZhOFhCMUZWYVhsbS9SUGtmMFdnWjhHbG0yCnkyU1paQ0YzUmtJKzJFamQ0V1RlYVN3dnFiNUdPU0o3N2ZiaUx6aUd2SS80VTdQM1JvMnNWVG5Ra0RCb2VQczIKQm5SK2FzVjRnbmZuWDUrZklWRFJaMmt2eFRoeXFFZStWQ3p0eDkyYTNSVWszWk9xa0J0Y24vOFd5TURjaFFSagpteXZ6MmtEZTBWbFc4eC9yUHpPZGpNSCtia3N6YjRxcVczUVllTkRKUklMMHVMOXdXUy9PRTl6eklKeXhDbFQ1Cm5UWTRWam5VaGE5MjFYSld5a3dvMkVaMW8vbnRBUG5uWHlJL3lJQ3htSW5QY3RLRFJLMWhPVWg1QlRwMXl1dFYKOG1oa1F2RWNkTW1FU0FWOTJIQXpub2VQMjRlaitwbkt5a1lFdlZrQ0F3RUFBYUFBTUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQlJlSGhBWDBMT21ab3U1dEtPcDRkZ0tSRmNoV3FpRkpaaWptWTNaTkVJcDIzSGErZ1crWHp5CkU3a2h5VUt1QzBIRkFBYURVQ1I1SE9qSlBPL3owV21aRGpDc3gxM1BnVmxlZmJINkIwQkI4RVpWVXBzWnFraGgKQ1l5Y05VaHdycU5BcWxPU3ZPdmkvUEdldXp1NUZxaE0vK3JXdFRrbWdYSDlyZTlLNXhCWVM5UXR0TDVBTlY1SgpldkFYY3B2UDZRS2dkYWJHbDEzc3F5bGdsdWg1VEZSNXhTOUlDSnhYSm9Od3BtdEd6RG1PaFpFNllid250Z2thCjd5bkJ4eUNoRmlTLzloNDFDeXd6dFlUK0s0d2ROeTczUnk0TEd5eEl2ZkIySS96L2dkQ0cvTTljOFVEWUplQmcKSmMwdlVGalVCMzBHTTR2MjdOV0VjeFhHb21KWHFRKzQKLS0tLS1FTkQgQ0VSVElGSUNBVEUgUkVRVUVTVC0tLS0tCg==
  usages:
  - digital signature
  - key encipherment
  - client auth
 
controlplane ~ ➜  k apply -f csr.yaml 
certificatesigningrequest.certificates.k8s.io/john-developer created
 
controlplane ~ ➜  k get csr
NAME             AGE   SIGNERNAME                                    REQUESTOR                  REQUESTEDDURATION   CONDITION
csr-f79dh        38m   kubernetes.io/kube-apiserver-client-kubelet   system:bootstrap:pr9dl6    <none>              Approved,Issued
csr-wgd7n        39m   kubernetes.io/kube-apiserver-client-kubelet   system:node:controlplane   <none>              Approved,Issued
john-developer   4s    kubernetes.io/kube-apiserver-client           kubernetes-admin           <none>              Pending
 
controlplane ~ ➜  k certificate approve john-developer
certificatesigningrequest.certificates.k8s.io/john-developer approved
 
controlplane ~ ➜  k get csr
NAME             AGE   SIGNERNAME                                    REQUESTOR                  REQUESTEDDURATION   CONDITION
csr-f79dh        39m   kubernetes.io/kube-apiserver-client-kubelet   system:bootstrap:pr9dl6    <none>              Approved,Issued
csr-wgd7n        40m   kubernetes.io/kube-apiserver-client-kubelet   system:node:controlplane   <none>              Approved,Issued
john-developer   28s   kubernetes.io/kube-apiserver-client           kubernetes-admin           <none>              Approved,Issued
 
controlplane ~ ➜  vi rbac.yaml 
 
controlplane ~ ➜  cat rbac.yaml 
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
  namespace: development
  name: developer
rules:
- apiGroups: [""]
  resources: ["pods"]
  verbs: ["create", "get", "update", "list", "delete"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: john-dev-role-binding
  namespace: development
subjects:
- kind: User
  name: john
  apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: Role
  name: developer 
  apiGroup: rbac.authorization.k8s.io
 
 
controlplane ~ ➜  k apply -f rbac.yaml 
role.rbac.authorization.k8s.io/developer created
rolebinding.rbac.authorization.k8s.io/john-dev-role-binding created
 
controlplane ~ ➜  k auth can-i create pods --as=john -n development
yes
 
controlplane ~ ➜  k auth can-i create pods --as=john
no

Create ClusterIP Service and test dns lookup (10)

controlplane ~ ➜  k run nginx-resolver --image=nginx
pod/nginx-resolver created
 
controlplane ~ ➜  k expose pod nginx-resolver --name=nginx-resolver-svc --port=80 --target-port=80 --type=ClusterIP
service/nginx-resolver-svc exposed
 
controlplane ~ ➜  k get svc
NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
kubernetes           ClusterIP   172.20.0.1      <none>        443/TCP   51m
nginx-resolver-svc   ClusterIP   172.20.137.21   <none>        80/TCP    4s
 
controlplane ~ ➜  k describe svc nginx-resolver-svc 
Name:                     nginx-resolver-svc
Namespace:                default
Labels:                   run=nginx-resolver
Annotations:              <none>
Selector:                 run=nginx-resolver
Type:                     ClusterIP
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       172.20.137.21
IPs:                      172.20.137.21
Port:                     <unset>  80/TCP
TargetPort:               80/TCP
Endpoints:                172.17.1.15:80
Session Affinity:         None
Internal Traffic Policy:  Cluster
Events:                   <none>
 
controlplane ~ ➜  k get pod -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP            NODE     NOMINATED NODE   READINESS GATES
nginx-deploy-5846bc77f5-2szm4   1/1     Running   0          20m   172.17.1.14   node01   <none>           <none>
nginx-resolver                  1/1     Running   0          85s   172.17.1.15   node01   <none>           <none>
 
controlplane ~ ➜  k run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup nginx-resolver-svc > /root/CKA/nginx.svc
All commands and output from this session will be recorded in container logs, including credentials and sensitive information passed through the command prompt.
If you don't see a command prompt, try pressing enter.
 
controlplane ~ ➜  cat /root/CKA/nginx.svc 
Address 1: 172.20.0.10 kube-dns.kube-system.svc.cluster.local
 
Name:      nginx-resolver-svc
Address 1: 172.20.137.21 nginx-resolver-svc.default.svc.cluster.local
pod "test-nslookup" deleted from default namespace
 
controlplane ~ ➜  k run test-nslookup --image=busybox:1.28 --rm -it --restart=Never -- nslookup 172-17-1-15.default.pod > /r
oot/CKA/nginx.pod
All commands and output from this session will be recorded in container logs, including credentials and sensitive information passed through the command prompt.
If you don't see a command prompt, try pressing enter.
 
controlplane ~ ➜  cat /root/CKA/nginx.pod
Address 1: 172.20.0.10 kube-dns.kube-system.svc.cluster.local
 
Name:      172-17-1-15.default.pod
Address 1: 172.17.1.15 172-17-1-15.nginx-resolver-svc.default.svc.cluster.local
pod "test-nslookup" deleted from default namespace

Create StaticPod on node01 (10)

controlplane ~ ➜  k get nodes
NAME           STATUS   ROLES           AGE   VERSION
controlplane   Ready    control-plane   59m   v1.34.0
node01         Ready    <none>          59m   v1.34.0
 
controlplane ~ ➜  k run nginx-critical --image=nginx --dry-run=client -o=yaml > static.yaml
 
controlplane ~ ➜  cat static.yaml 
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: nginx-critical
  name: nginx-critical
spec:
  containers:
  - image: nginx
    name: nginx-critical
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
 
controlplane ~ ➜  ssh node01
Welcome to Ubuntu 22.04.5 LTS (GNU/Linux 5.15.0-1083-gcp x86_64)
 
 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro
 
This system has been minimized by removing packages and content that are
not required on a system that users do not log into.
 
To restore this content, you can run the 'unminimize' command.
 
node01 ~ ➜  cd /etc/kubernetes/manifests/
 
node01 /etc/kubernetes/manifests ➜  ls
 
node01 /etc/kubernetes/manifests ➜  vi static.yaml
 
node01 /etc/kubernetes/manifests ➜  cat static.yaml 
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: nginx-critical
  name: nginx-critical
spec:
  containers:
  - image: nginx
    name: nginx-critical
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}
 
node01 /etc/kubernetes/manifests ➜  exit
logout
Connection to node01 closed.
 
controlplane ~ ➜  k get pod -o wide
NAME                            READY   STATUS    RESTARTS   AGE   IP            NODE     NOMINATED NODE   READINESS GATES
nginx-critical-node01           1/1     Running   0          23s   172.17.1.23   node01   <none>           <none>
nginx-deploy-5846bc77f5-2szm4   1/1     Running   0          31m   172.17.1.14   node01   <none>           <none>
nginx-resolver                  1/1     Running   0          12m   172.17.1.15   node01   <none>           <none>

Create HPA (10)

controlplane ~ ➜  ls
CKA  csr.yaml  local-sc.yaml  logging-deploy.yaml  rbac.yaml  static.yaml  webapp-hpa.yaml  webapp-ingress.yaml
 
controlplane ~ ➜  vi webapp-hpa.yaml 
 
controlplane ~ ➜  cat webapp-hpa.yaml 
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: backend-hpa
  namespace: backend
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: backend-deployment
  minReplicas: 3
  maxReplicas: 15
  metrics:
  - type: Resource
    resource:
      name: memory
      target:
        type: Utilization
        averageUtilization: 65
 
controlplane ~ ➜  k apply -f webapp-hpa.yaml 
horizontalpodautoscaler.autoscaling/backend-hpa unchanged
 
controlplane ~ ➜  k -n backend describe hpa
Name:                                                     backend-hpa
Namespace:                                                backend
Labels:                                                   <none>
Annotations:                                              <none>
CreationTimestamp:                                        Sat, 08 Nov 2025 11:57:11 +0000
Reference:                                                Deployment/backend-deployment
Metrics:                                                  ( current / target )
  resource memory on pods  (as a percentage of request):  <unknown> / 65%
Min replicas:                                             3
Max replicas:                                             15
Deployment pods:                                          3 current / 0 desired
Conditions:
  Type           Status  Reason                   Message
  ----           ------  ------                   -------
  AbleToScale    True    SucceededGetScale        the HPA controller was able to get the target's current scale
  ScalingActive  False   FailedGetResourceMetric  the HPA was unable to compute the replica count: failed to get memory utilization: unable to get metrics for resource memory: unable to fetch metrics from resource metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)
Events:
  Type     Reason                        Age               From                       Message
  ----     ------                        ----              ----                       -------
  Warning  FailedGetResourceMetric       4s (x6 over 79s)  horizontal-pod-autoscaler  failed to get memory utilization: unable to get metrics for resource memory: unable to fetch metrics from resource metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)
  Warning  FailedComputeMetricsReplicas  4s (x6 over 79s)  horizontal-pod-autoscaler  invalid metrics (1 invalid out of 1), first error is: failed to get memory resource metric value: failed to get memory utilization: unable to get metrics for resource memory: unable to fetch metrics from resource metrics API: the server could not find the requested resource (get pods.metrics.k8s.io)

Configure HTTPS Gateway (10)

controlplane ~ ➜  k -n cka5673 get gateway
NAME          CLASS       ADDRESS   PROGRAMMED   AGE
web-gateway   kodekloud             Unknown      8s
 
controlplane ~ ➜  k -n cka5673 get gateway -o yaml
apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
  kind: Gateway
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"gateway.networking.k8s.io/v1","kind":"Gateway","metadata":{"annotations":{},"name":"web-gateway","namespace":"cka5673"},"spec":{"gatewayClassName":"kodekloud","listeners":[{"name":"http","port":80,"protocol":"HTTP"}]}}
    creationTimestamp: "2025-11-08T12:05:44Z"
    generation: 1
    name: web-gateway
    namespace: cka5673
    resourceVersion: "10291"
    uid: d2ffe126-d82f-4213-94a9-86970e31b0a2
  spec:
    gatewayClassName: kodekloud
    listeners:
    - allowedRoutes:
        namespaces:
          from: Same
      name: http
      port: 80
      protocol: HTTP
  status:
    conditions:
    - lastTransitionTime: "1970-01-01T00:00:00Z"
      message: Waiting for controller
      reason: Pending
      status: Unknown
      type: Accepted
    - lastTransitionTime: "1970-01-01T00:00:00Z"
      message: Waiting for controller
      reason: Pending
      status: Unknown
      type: Programmed
kind: List
metadata:
  resourceVersion: ""
 
controlplane ~ ➜  k -n cka5673 get gateway -o yaml > web-gateway.yaml
 
controlplane ~ ➜  k -n cka5673 get secret
NAME            TYPE                DATA   AGE
kodekloud-tls   kubernetes.io/tls   2      2m18s
 
controlplane ~ ➜  cat web-gateway.yaml 
apiVersion: v1
items:
- apiVersion: gateway.networking.k8s.io/v1
  kind: Gateway
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"gateway.networking.k8s.io/v1","kind":"Gateway","metadata":{"annotations":{},"name":"web-gateway","namespace":"cka5673"},"spec":{"gatewayClassName":"kodekloud","listeners":[{"name":"http","port":80,"protocol":"HTTP"}]}}
    creationTimestamp: "2025-11-08T12:05:44Z"
    generation: 1
    name: web-gateway
    namespace: cka5673
    resourceVersion: "10291"
    uid: d2ffe126-d82f-4213-94a9-86970e31b0a2
  spec:
    gatewayClassName: kodekloud
    listeners:
    - allowedRoutes:
        namespaces:
          from: Same
      name: https
      port: 443
      protocol: HTTPS
      hostname: kodekloud.com
      tls:
        certificateRefs:
        - name: kodekloud-tls
  status:
    conditions:
    - lastTransitionTime: "1970-01-01T00:00:00Z"
      message: Waiting for controller
      reason: Pending
      status: Unknown
      type: Accepted
    - lastTransitionTime: "1970-01-01T00:00:00Z"
      message: Waiting for controller
      reason: Pending
      status: Unknown
      type: Programmed
kind: List
metadata:
  resourceVersion: ""
 
controlplane ~ ➜  k apply -f web-gateway.yaml 
gateway.gateway.networking.k8s.io/web-gateway configured

Helm (10)

controlplane ~ ➜  helm list -A
NAME                    NAMESPACE               REVISION        UPDATED                                 STATUS          CHART                       APP VERSION
atlanta-page-apd        atlanta-page-04         1               2025-11-08 10:57:43.405721672 +0000 UTC deployed        atlanta-page-apd-0.1.0      1.16.0     
digi-locker-apd         digi-locker-02          1               2025-11-08 10:57:40.988036054 +0000 UTC deployed        digi-locker-apd-0.1.0       1.16.0     
security-alpha-apd      security-alpha-01       1               2025-11-08 10:57:40.109579755 +0000 UTC deployed        security-alpha-apd-0.1.0    1.16.0     
web-dashboard-apd       web-dashboard-03        1               2025-11-08 10:57:41.989424936 +0000 UTC deployed        web-dashboard-apd-0.1.0     1.16.0     
 
controlplane ~ ➜  helm get manifest atlanta-page-apd -n atlanta-page-04
---
# Source: atlanta-page-apd/templates/serviceaccount.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  name: atlanta-page-sa
  labels:
    app: atlanta-page-apd
---
# Source: atlanta-page-apd/templates/service.yaml
apiVersion: v1
kind: Service
metadata:
  name: atlanta-page-svc
  labels:
    app: atlanta-page-apd-svc
spec:
  type: NodePort
  ports:
    - port: 80
      targetPort: http
      protocol: TCP
      name: http
  selector:
    app: atlanta-page-apd
---
# Source: atlanta-page-apd/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: atlanta-page-apd
  labels:
    app: atlanta-page-apd
spec:
  replicas: 4
  selector:
    matchLabels:
      app: atlanta-page-apd
  template:
    metadata:
      labels:
        app: atlanta-page-apd
    spec:
      serviceAccountName: atlanta-page-sa
      containers:
        - name: atlanta-page-apd
          image: "kodekloud/webapp-color:v1"
          imagePullPolicy: IfNotPresent
 
 
controlplane ~ ➜  helm get manifest atlanta-page-apd -n atlanta-page-04 | grep -i webapp-color:v1
          image: "kodekloud/webapp-color:v1"
 
controlplane ~ ➜  helm uninstall atlanta-page-apd -n atlanta-page-04
release "atlanta-page-apd" uninstalled

NetworkPolicy (6)

controlplane ~ ➜  ls
CKA       kodekloud.crt  local-sc.yaml        net-pol-1.yaml  net-pol-3.yaml  static.yaml      webapp-ingress.yaml
csr.yaml  kodekloud.key  logging-deploy.yaml  net-pol-2.yaml  rbac.yaml       webapp-hpa.yaml  web-gateway.yaml
 
controlplane ~ ➜  cat net-pol-1.yaml 
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: net-policy-1
  namespace: backend
spec:
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          access: allowed
    ports:
    - protocol: TCP
      port: 80
 
controlplane ~ ➜  cat net-pol-2.yaml 
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: net-policy-2
  namespace: backend
spec:
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend
    - namespaceSelector:
        matchLabels:
          name: databases
    ports:
    - protocol: TCP
      port: 80
 
controlplane ~ ➜  cat net-pol-3.yaml 
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: net-policy-3
  namespace: backend
spec:
  podSelector: {}
  ingress:
  - from:
    - namespaceSelector:
        matchLabels:
          name: frontend
    ports:
    - protocol: TCP
      port: 80
 
controlplane ~ ➜  k get ns --show-labels
NAME                STATUS   AGE     LABELS
atlanta-page-04     Active   75m     kubernetes.io/metadata.name=atlanta-page-04
backend             Active   18m     kubernetes.io/metadata.name=backend,name=backend
cka5673             Active   7m30s   kubernetes.io/metadata.name=cka5673
default             Active   81m     kubernetes.io/metadata.name=default
development         Active   51m     kubernetes.io/metadata.name=development
digi-locker-02      Active   75m     kubernetes.io/metadata.name=digi-locker-02
frontend            Active   93s     kubernetes.io/metadata.name=frontend,name=frontend
ingress-nginx       Active   66m     app.kubernetes.io/instance=ingress-nginx,app.kubernetes.io/name=ingress-nginx,kubernetes.io/metadata.name=ingress-nginx
ingress-ns          Active   66m     kubernetes.io/metadata.name=ingress-ns
kube-node-lease     Active   81m     kubernetes.io/metadata.name=kube-node-lease
kube-public         Active   81m     kubernetes.io/metadata.name=kube-public
kube-system         Active   81m     kubernetes.io/metadata.name=kube-system
logging-ns          Active   72m     kubernetes.io/metadata.name=logging-ns
nginx-gateway       Active   75m     kubernetes.io/metadata.name=nginx-gateway
security-alpha-01   Active   75m     kubernetes.io/metadata.name=security-alpha-01
web-dashboard-03    Active   75m     kubernetes.io/metadata.name=web-dashboard-03
 
controlplane ~ ➜  k apply -f net-pol-3.yaml 
networkpolicy.networking.k8s.io/net-policy-3 created

Adjusting network parameters with kubeadm (6)

# sysctl params required by setup, params persist across reboots
cat <<EOF | sudo tee /etc/sysctl.d/k8s.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-iptables = 1
EOF
 
# Apply sysctl params without reboot
sudo sysctl --system

공식문서 참조

Create ServiceAccount, ClusterRole, ClusterRoleBinding (8)

controlplane ~ ➜  k create serviceaccount pvviewer
serviceaccount/pvviewer created

controlplane ~ ➜  k get sa
NAME       SECRETS   AGE
default    0         19m
pvviewer   0         4s

controlplane ~ ➜  k create clusterrole pvviewer-role --resource=persistentvolumes --verb=list
clusterrole.rbac.authorization.k8s.io/pvviewer-role created

controlplane ~ ➜  k describe clusterrole pvviewer-role 
Name:         pvviewer-role
Labels:       <none>
Annotations:  <none>
PolicyRule:
  Resources          Non-Resource URLs  Resource Names  Verbs
  ---------          -----------------  --------------  -----
  persistentvolumes  []                 []              [list]

controlplane ~ ➜  k create clusterrolebinding pvviewer-role-binding --clusterrole=pvviewer-role --serviceaccount=default:pvviewer
clusterrolebinding.rbac.authorization.k8s.io/pvviewer-role-binding created

controlplane ~ ➜  k describe clusterrolebindings pvviewer-role-binding
Name:         pvviewer-role-binding
Labels:       <none>
Annotations:  <none>
Role:
  Kind:  ClusterRole
  Name:  pvviewer-role
Subjects:
  Kind            Name      Namespace
  ----            ----      ---------
  ServiceAccount  pvviewer  default

controlplane ~ ➜  k run pvviewer --image=redis --dry-run=client -o yaml
apiVersion: v1
kind: Pod
metadata:
  labels:
    run: pvviewer
  name: pvviewer
spec:
  containers:
  - image: redis
    name: pvviewer
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

controlplane ~ ➜  vi redis.yaml

controlplane ~ ➜  k apply -f redis.yaml 
pod/pvviewer created

controlplane ~ ➜  k get pod
NAME       READY   STATUS    RESTARTS   AGE
pvviewer   1/1     Running   0          6s

Create StorageClass (6)

controlplane ~ ➜  vi sc.yaml

controlplane ~ ➜  cat sc.yaml 
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
  name: rancher-sc
provisioner: rancher.io/local-path
allowVolumeExpansion: true
volumeBindingMode: WaitForFirstConsumer

controlplane ~ ➜  k apply -f sc.yaml 
storageclass.storage.k8s.io/rancher-sc created

Create ConfigMap (8)

controlplane ~ ➜  k create configmap app-config -n cm-namespace --from-literal=ENV=production --from-literal=LOG_LEVEL=info
configmap/app-config created

controlplane ~ ➜  k -n cm-namespace get cm
NAME               DATA   AGE
app-config         2      13s
kube-root-ca.crt   1      58s

controlplane ~ ➜  k -n cm-namespace get deployment
NAME        READY   UP-TO-DATE   AVAILABLE   AGE
cm-webapp   1/1     1            1           2m26s

controlplane ~ ➜  k edit -n cm-namespace deployment cm-webapp 
...
    spec:
      containers:
      - image: nginx
        imagePullPolicy: Always
        name: nginx
        # ConfigMap 설정 추가
        envFrom:
          - configMapRef:
              name: app-config
...
deployment.apps/cm-webapp edited

Create PriorityClass (8)

controlplane ~ ➜  k create priorityclass low-priority --value=50000
priorityclass.scheduling.k8s.io/low-priority created

controlplane ~ ➜  k -n low-priority get pod
NAME     READY   STATUS    RESTARTS   AGE
lp-pod   1/1     Running   0          41s

controlplane ~ ➜  k -n low-priority edit pod lp-pod 
error: pods "lp-pod" is invalid
A copy of your changes has been stored to "/tmp/kubectl-edit-1609190342.yaml"
error: Edit cancelled, no valid changes were saved.

controlplane ~ ✖ k replace -f /tmp/kubectl-edit-1609190342.yaml --force 
pod "lp-pod" deleted from low-priority namespace
Error from server (Forbidden): pods "lp-pod" is forbidden: the integer value of priority (0) must not be provided in pod spec; priority admission controller computed 50000 from the given PriorityClass name

# spec.priority 제거
controlplane ~ ✖ vi /tmp/kubectl-edit-1609190342.yaml 

controlplane ~ ➜  k replace -f /tmp/kubectl-edit-1609190342.yaml --force 
pod/lp-pod replaced

Create NetworkPolicy (8)

controlplane ~ ➜  k get pod --show-labels 
NAME        READY   STATUS    RESTARTS   AGE     LABELS
np-test-1   1/1     Running   0          4m27s   run=np-test-1
pvviewer    1/1     Running   0          16m     <none>

controlplane ~ ➜  cat np.yaml 
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: ingress-to-nptest
  namespace: default
spec:
  podSelector:
    matchLabels:
      run: np-test-1
  policyTypes:
  - Ingress
  ingress:
    - ports:
      - protocol: TCP
        port: 80

controlplane ~ ➜  k apply -f np.yaml 
networkpolicy.networking.k8s.io/ingress-to-nptest created

Taint and Toleration (12)

controlplane ~ ➜  k get nodes
NAME           STATUS   ROLES           AGE   VERSION
controlplane   Ready    control-plane   36m   v1.34.0
node01         Ready    <none>          35m   v1.34.0

controlplane ~ ➜  k taint node node01 env_type=production:NoSchedule
node/node01 tainted

controlplane ~ ➜  k describe node node01 | grep -i taint
Taints:             env_type=production:NoSchedule

controlplane ~ ➜  k run dev-redis --image=redis:alpine
pod/dev-redis created

controlplane ~ ➜ vi prod-redis.yaml

controlplane ~ ➜  cat prod-redis.yaml 
apiVersion: v1
kind: Pod
metadata:
  name: prod-redis
spec:
  containers:
  - name: prod-redis
    image: redis:alpine
  tolerations:
  - key: "env_type"
    operator: "Equal"
    value: "production"
    effect: "NoSchedule"


controlplane ~ ➜  k apply -f prod-redis.yaml 
pod/prod-redis created

controlplane ~ ➜  k get pods -o wide
NAME         READY   STATUS    RESTARTS   AGE    IP           NODE           NOMINATED NODE   READINESS GATES
dev-redis    1/1     Running   0          3m5s   172.17.0.5   controlplane   <none>           <none>
np-test-1    1/1     Running   0          11m    172.17.1.8   node01         <none>           <none>
prod-redis   1/1     Running   0          7s     172.17.1.9   node01         <none>           <none>
pvviewer     1/1     Running   0          23m    172.17.1.3   node01         <none>           <none>

Inspect PVC and PV (6)

controlplane ~ ➜  k get pv
NAME     CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS      CLAIM   STORAGECLASS   VOLUMEATTRIBUTESCLASS   REASON   AGE
app-pv   1Gi        RWO            Retain           Available                          <unset>                          40s

controlplane ~ ➜  k get pvc -n storage-ns 
NAME      STATUS    VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
app-pvc   Pending                                                     <unset>                 59s

controlplane ~ ➜  k get pvc -n storage-ns -o yaml
apiVersion: v1
items:
- apiVersion: v1
  kind: PersistentVolumeClaim
  metadata:
    annotations:
      kubectl.kubernetes.io/last-applied-configuration: |
        {"apiVersion":"v1","kind":"PersistentVolumeClaim","metadata":{"annotations":{},"name":"app-pvc","namespace":"storage-ns"},"spec":{"accessModes":["ReadWriteMany"],"resources":{"requests":{"storage":"1Gi"}}}}
    creationTimestamp: "2025-11-26T14:04:47Z"
    finalizers:
    - kubernetes.io/pvc-protection
    name: app-pvc
    namespace: storage-ns
    resourceVersion: "5401"
    uid: e0092a4c-9d4d-47ad-b091-f23c1a8dfae4
  spec:
    accessModes:
    - ReadWriteMany
    resources:
      requests:
        storage: 1Gi
    volumeMode: Filesystem
  status:
    phase: Pending
kind: List
metadata:
  resourceVersion: ""

# accessModes 수정
controlplane ~ ➜  k edit pvc -n storage-ns app-pvc 
error: persistentvolumeclaims "app-pvc" is invalid
A copy of your changes has been stored to "/tmp/kubectl-edit-1829119349.yaml"
error: Edit cancelled, no valid changes were saved.

controlplane ~ ✖ k replace -f /tmp/kubectl-edit-1829119349.yaml --force 
persistentvolumeclaim "app-pvc" deleted from storage-ns namespace
persistentvolumeclaim/app-pvc replaced

controlplane ~ ➜  k get pvc -n storage-ns 
NAME      STATUS   VOLUME   CAPACITY   ACCESS MODES   STORAGECLASS   VOLUMEATTRIBUTESCLASS   AGE
app-pvc   Bound    app-pv   1Gi        RWO                           <unset>                 7s

Fix kubeconfig (8)

controlplane ~ ➜  cat CKA/super.kubeconfig 
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: ...
    server: https://controlplane:9999
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
users:
- name: kubernetes-admin
  user:
    client-certificate-data: ...
    client-key-data: ...

controlplane ~ ➜  k get node --kubeconfig=/root/CKA/super.kubeconfig
E1126 14:09:25.390277   46273 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://controlplane:9999/api?timeout=32s\": dial tcp 192.168.0.191:9999: connect: connection refused"
E1126 14:09:25.390610   46273 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://controlplane:9999/api?timeout=32s\": dial tcp 192.168.0.191:9999: connect: connection refused"
E1126 14:09:25.392730   46273 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://controlplane:9999/api?timeout=32s\": dial tcp 192.168.0.191:9999: connect: connection refused"
E1126 14:09:25.393061   46273 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://controlplane:9999/api?timeout=32s\": dial tcp 192.168.0.191:9999: connect: connection refused"
E1126 14:09:25.394498   46273 memcache.go:265] "Unhandled Error" err="couldn't get current server API group list: Get \"https://controlplane:9999/api?timeout=32s\": dial tcp 192.168.0.191:9999: connect: connection refused"
The connection to the server controlplane:9999 was refused - did you specify the right host or port?

controlplane ~ ✖ sudo netstat -tulnp | grep kube-apiserver
tcp6       0      0 :::6443                 :::*                    LISTEN      2847/kube-apiserver 

# port 수정
controlplane ~ ➜  vi /root/CKA/super.kubeconfig 

controlplane ~ ➜  k get node --kubeconfig=/root/CKA/super.kubeconfig
NAME           STATUS   ROLES           AGE   VERSION
controlplane   Ready    control-plane   49m   v1.34.0
node01         Ready    <none>          48m   v1.34.0

Fix controller-manager (10)

controlplane ~ ➜  k get deploy nginx-deploy 
NAME           READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deploy   1/1     1            1           5m36s

controlplane ~ ➜  k scale deployment nginx-deploy --replicas=3
deployment.apps/nginx-deploy scaled

controlplane ~ ➜  k get deploy nginx-deploy 
NAME           READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deploy   1/3     1            1           6m16s

# deployment-controller 에서 이벤트가 전달되지 않음
controlplane ~ ➜  k describe deploy nginx-deploy | grep -A5 Events
Events:
  Type    Reason             Age    From                   Message
  ----    ------             ----   ----                   -------
  Normal  ScalingReplicaSet  8m36s  deployment-controller  Scaled up replica set nginx-deploy-59874dbc6b from 0 to 1

# controller-manager 가 없음
controlplane ~ ➜  k get pod -n kube-system 
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-587f6db6c5-bkn26   1/1     Running   0          55m
canal-jg7mj                                2/2     Running   0          54m
canal-lmhj8                                2/2     Running   0          55m
coredns-6678bcd974-jkff2                   1/1     Running   0          55m
coredns-6678bcd974-wjcgs                   1/1     Running   0          55m
etcd-controlplane                          1/1     Running   0          55m
kube-apiserver-controlplane                1/1     Running   0          55m
kube-proxy-mqwb8                           1/1     Running   0          55m
kube-proxy-vcc8z                           1/1     Running   0          54m
kube-scheduler-controlplane                1/1     Running   0          55m

# manifest 수정
controlplane ~ ➜  vi /etc/kubernetes/manifests/kube-controller-manager.yaml 

controlplane ~ ➜  k get pod -n kube-system 
NAME                                       READY   STATUS    RESTARTS   AGE
calico-kube-controllers-587f6db6c5-bkn26   1/1     Running   0          58m
canal-jg7mj                                2/2     Running   0          57m
canal-lmhj8                                2/2     Running   0          58m
coredns-6678bcd974-jkff2                   1/1     Running   0          58m
coredns-6678bcd974-wjcgs                   1/1     Running   0          58m
etcd-controlplane                          1/1     Running   0          58m
kube-apiserver-controlplane                1/1     Running   0          58m
kube-controller-manager-controlplane       1/1     Running   0          21s
kube-proxy-mqwb8                           1/1     Running   0          58m
kube-proxy-vcc8z                           1/1     Running   0          57m
kube-scheduler-controlplane                1/1     Running   0          58m

controlplane ~ ➜  k get deploy nginx-deploy 
NAME           READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deploy   3/3     3            3           12m

Create HPA (6)

controlplane ~ ➜  vi hpa.yaml 

controlplane ~ ➜  cat hpa.yaml 
apiVersion: autoscaling/v2
kind: HorizontalPodAutoscaler
metadata:
  name: api-hpa
  namespace: api
spec:
  scaleTargetRef:
    apiVersion: apps/v1
    kind: Deployment
    name: api-deployment
  minReplicas: 1
  maxReplicas: 20
  metrics:
  - type: Pods
    pods:
      metric:
        name: requests_per_second
      target:
        type: AverageValue
        averageValue: "1000"

controlplane ~ ➜  k apply -f hpa.yaml 
horizontalpodautoscaler.autoscaling/api-hpa created

controlplane ~ ➜  k describe hpa -n api 
Name:                             api-hpa
Namespace:                        api
Labels:                           <none>
Annotations:                      <none>
CreationTimestamp:                Wed, 26 Nov 2025 14:29:06 +0000
Reference:                        Deployment/api-deployment
Metrics:                          ( current / target )
  "requests_per_second" on pods:  <unknown> / 1k
Min replicas:                     1
Max replicas:                     20
Deployment pods:                  0 current / 0 desired
Events:                           <none>

Create HTTPRoute (6)

controlplane ~ ➜  k get service
NAME              TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
kubernetes        ClusterIP   172.20.0.1       <none>        443/TCP   71m
np-test-service   ClusterIP   172.20.59.134    <none>        80/TCP    42m
web-service       ClusterIP   172.20.154.119   <none>        80/TCP    4m34s
web-service-v2    ClusterIP   172.20.191.4     <none>        80/TCP    4m34s

controlplane ~ ➜  k get gateway
NAME          CLASS   ADDRESS   PROGRAMMED   AGE
web-gateway   nginx             True         4m38s

controlplane ~ ➜  vi hr.yaml

controlplane ~ ➜  cat hr.yaml 
apiVersion: gateway.networking.k8s.io/v1
kind: HTTPRoute
metadata:
  name: web-route
spec:
  parentRefs:
  - name: web-gateway
  rules:
  - matches:
    - path:
        type: PathPrefix
        value: /
    backendRefs:
    - name: web-service
      port: 80
      weight: 80
    - name: web-service-v2
      port: 80
      weight: 20

controlplane ~ ➜  k apply -f hr.yaml 
httproute.gateway.networking.k8s.io/web-route created

Helm install (4)

controlplane ~ ➜  helm lint /root/new-version/
==> Linting /root/new-version/
[INFO] Chart.yaml: icon is recommended

1 chart(s) linted, 0 chart(s) failed

controlplane ~ ➜ helm install --generate-name /root/new-version/
NAME: new-version-1764167838
LAST DEPLOYED: Wed Nov 26 14:37:18 2025
NAMESPACE: default
STATUS: deployed
REVISION: 1
TEST SUITE: None

controlplane ~ ➜  helm list
NAME                    NAMESPACE       REVISION        UPDATED                                        STATUS          CHART                  APP VERSION
new-version-1764167838  default         1               2025-11-26 14:37:18.205659093 +0000 UTC        deployed        webpage-server-02-0.1.1v2         
webpage-server-01       default         1               2025-11-26 14:35:32.19008219 +0000 UTC         deployed        webpage-server-01-0.1.0v1         

controlplane ~ ➜  helm uninstall webpage-server-01
release "webpage-server-01" uninstalled

controlplane ~ ➜  helm list
NAME                    NAMESPACE       REVISION        UPDATED                                        STATUS          CHART                  APP VERSION
new-version-1764167838  default         1               2025-11-26 14:37:18.205659093 +0000 UTC        deployed        webpage-server-02-0.1.1v2

Identify pod CIDR (4)

controlplane ~ ➜  k get node
NAME           STATUS   ROLES           AGE   VERSION
controlplane   Ready    control-plane   77m   v1.34.0
node01         Ready    <none>          76m   v1.34.0

controlplane ~ ➜  k get node controlplane -o yaml | grep -A5 spec
spec:
  podCIDR: 172.17.0.0/24
  podCIDRs:
  - 172.17.0.0/24
status:
  addresses:

controlplane ~ ➜  k get node -o jsonpath='{.items[0].spec.podCIDR}' > /root/pod-cidr.txt

controlplane ~ ➜  cat /root/pod-cidr.txt 
172.17.0.0/24

Identify podSubnet (4)

controlplane ~ ✖ k -n kube-system get configmap kubeadm-config -o yaml
apiVersion: v1
data:
  ClusterConfiguration: |
    apiServer:
      certSANs:
      - controlplane
    apiVersion: kubeadm.k8s.io/v1beta4
    caCertificateValidityPeriod: 87600h0m0s
    certificateValidityPeriod: 8760h0m0s
    certificatesDir: /etc/kubernetes/pki
    clusterName: kubernetes
    controlPlaneEndpoint: controlplane:6443
    controllerManager: {}
    dns: {}
    encryptionAlgorithm: RSA-2048
    etcd:
      local:
        dataDir: /var/lib/etcd
    imageRepository: registry.k8s.io
    kind: ClusterConfiguration
    kubernetesVersion: v1.34.0
    networking:
      dnsDomain: cluster.local
      podSubnet: 172.17.0.0/16
      serviceSubnet: 172.20.0.0/16
    proxy: {}
    scheduler: {}
kind: ConfigMap
metadata:
  creationTimestamp: "2025-11-26T13:23:01Z"
  name: kubeadm-config
  namespace: kube-system
  resourceVersion: "247"
  uid: b191c302-a5a6-4a8e-b233-f53354780077

controlplane ~ ➜  kubectl -n kube-system get configmap kubeadm-config -o yaml | awk '/podSubnet:/{print $2}' > /root/pod-cidr.txt

controlplane ~ ➜  cat /root/pod-cidr.txt 
172.17.0.0/16

minikube 실습 환경 구성

minikube 설치

brew install minikube

minikube 실행

meatsby  ~  minikube start
😄  Darwin 15.6.1 (arm64) 의 minikube v1.37.0
✨  자동적으로 docker 드라이버가 선택되었습니다. 다른 드라이버 목록: virtualbox, ssh
📌  Docker Desktop 드라이버를 루트 권한으로 사용 중
👍  "minikube" 클러스터의 "minikube" primary control-plane 노드를 시작하는 중
🚜  기본 이미지 v0.0.48를 가져오는 중 ...
💾  쿠버네티스 v1.34.0 을 다운로드 중 ...
    > preloaded-images-k8s-v18-v1...:  332.38 MiB / 332.38 MiB  100.00% 22.68 M
🔥  docker container (CPUs=2, 메모리=4000MB) 를 생성하는 중 ...
🐳  쿠버네티스 v1.34.0 을 Docker 28.4.0 런타임으로 설치하는 중
🔗  bridge CNI (Container Networking Interface) 를 구성하는 중 ...
🔎  Kubernetes 구성 요소를 확인...
    ▪ 이미지 gcr.io/k8s-minikube/storage-provisioner:v5 사용 중
🌟  애드온 활성화 : storage-provisioner, default-storageclass
🏄  끝났습니다! kubectl이 "minikube" 클러스터와 "default" 네임스페이스를 기본적으로 사용하도록 구성되었습니다
 
meatsby  ~  k get componentstatuses
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE   ERROR
controller-manager   Healthy   ok
scheduler            Healthy   ok
etcd-0               Healthy   ok

dashboard 실행

meatsby  ~  minikube dashboard
🔌  대시보드를 활성화하는 중 ...
    ▪ 이미지 docker.io/kubernetesui/metrics-scraper:v1.0.8 사용 중
    ▪ 이미지 docker.io/kubernetesui/dashboard:v2.7.0 사용 중
💡  Some dashboard features require the metrics-server addon. To enable all features please run:
 
	minikube addons enable metrics-server
 
🤔  Dashboard 의 상태를 확인 중입니다 ...
🚀  프록시를 시작하는 중 ...
🤔  Proxy 의 상태를 확인 중입니다 ...
🎉  Opening http://127.0.0.1:57530/api/v1/namespaces/kubernetes-dashboard/services/http:kubernetes-dashboard:/proxy/ in your default browser...

Ingress 실습

# ingress addon 설치
meatsby  ~  minikube addons enable ingress
 
💡  ingress is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub.
You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS
💡  애드온이 활성화된 후 "minikube tunnel"을 실행하면 인그레스 리소스를 "127.0.0.1"에서 사용할 수 있습니다
    ▪ 이미지 registry.k8s.io/ingress-nginx/controller:v1.13.2 사용 중
    ▪ 이미지 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.2 사용 중
    ▪ 이미지 registry.k8s.io/ingress-nginx/kube-webhook-certgen:v1.6.2 사용 중
🔎  ingress 애드온을 확인 중입니다 ...
🌟  'ingress' 애드온이 활성화되었습니다
 
# nginx IngressClass 생성된다.
meatsby  ~  k get ingressclass
NAME    CONTROLLER             PARAMETERS   AGE
nginx   k8s.io/ingress-nginx   <none>       9s
 
# ingress-controller 로 nginx 파드가 구동중이다.
meatsby  ~  k get pods -n ingress-nginx
NAME                                       READY   STATUS      RESTARTS   AGE
ingress-nginx-admission-create-77dsb       0/1     Completed   0          14s
ingress-nginx-admission-patch-wgw4h        0/1     Completed   1          14s
ingress-nginx-controller-9cc49f96f-gf9mt   1/1     Running     0          14s
 
# 예제 ingress 를 배포해보자.
meatsby  ~  kubectl apply -f https://storage.googleapis.com/minikube-site-examples/ingress-example.yaml
pod/foo-app created
service/foo-service created
pod/bar-app created
service/bar-service created
ingress.networking.k8s.io/example-ingress created
 
# ingress 생성 확인.
meatsby  ~  k get ingress -w
NAME              CLASS   HOSTS   ADDRESS   PORTS   AGE
example-ingress   nginx   *                 80      6s
example-ingress   nginx   *       192.168.49.2   80      59s
 
# mac 은 minikube tunnel 을 실행해줘야한다.
meatsby  ~  minikube tunnel
✅  Tunnel successfully started
 
📌  NOTE: Please do not close this terminal as this process must stay alive for the tunnel to be accessible ...
 
❗  The service/ingress example-ingress requires privileged ports to be exposed: [80 443]
🔑  sudo permission will be asked for it.
🏃  example-ingress 서비스의 터널을 시작하는 중/

# minikube tunnel 실행 후 새로운 터미널에서 curl 요청을 보내보자.
# bar-app 으로 트래픽이 전달된다.
meatsby  ~  curl 127.0.0.1/bar
Request served by bar-app
 
HTTP/1.1 GET /bar
 
Host: 127.0.0.1
Accept: */*
User-Agent: curl/8.7.1
X-Forwarded-For: 10.244.0.1
X-Forwarded-Host: 127.0.0.1
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Scheme: http
X-Real-Ip: 10.244.0.1
X-Request-Id: 8fcbd14bfef458a7f88a9cef50b6698d
X-Scheme: http
 
# foo-app 으로 트래픽이 전달된다.
meatsby  ~  curl 127.0.0.1/foo
Request served by foo-app
 
HTTP/1.1 GET /foo
 
Host: 127.0.0.1
Accept: */*
User-Agent: curl/8.7.1
X-Forwarded-For: 10.244.0.1
X-Forwarded-Host: 127.0.0.1
X-Forwarded-Port: 80
X-Forwarded-Proto: http
X-Forwarded-Scheme: http
X-Real-Ip: 10.244.0.1
X-Request-Id: d1903d0f75a0cb744c3b5d01f08bd419
X-Scheme: http
 
# X-Forwarded-For: 10.244.0.1 가 뭔지 살펴보자.
meatsby  ~  minikube node list
minikube	192.168.49.2
 
# bridge 10.244.0.1 에서 Pod 로 전달된다.
meatsby  ~  minikube ssh
docker@minikube:~$ ip addr show | grep bridge: -A5
13: bridge: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 66:bc:1e:16:98:64 brd ff:ff:ff:ff:ff:ff
    inet 10.244.0.1/16 brd 10.244.255.255 scope global bridge
       valid_lft forever preferred_lft forever
    inet6 fe80::64bc:1eff:fe16:9864/64 scope link
       valid_lft forever preferred_lft forever

metrics-server 설치

# top 명령을 사용하려면 metrics-server 가 구동중이어야한다.
meatsby  ~  k top no
error: Metrics API not available
 
meatsby  ~  k top po
error: Metrics API not available
 
# metrics-server addon 설치
meatsby  ~  minikube addons enable metrics-server
💡  metrics-server is an addon maintained by Kubernetes. For any concerns contact minikube on GitHub.
You can view the list of minikube maintainers at: https://github.com/kubernetes/minikube/blob/master/OWNERS
    ▪ 이미지 registry.k8s.io/metrics-server/metrics-server:v0.8.0 사용 중
🌟  'metrics-server' 애드온이 활성화되었습니다
 
# addon list 확인
meatsby  ~  minikube addons list
┌────────────── ┬─────┬──────┬────────────────────┐
│         ADDON NAME          │ PROFILE  │   STATUS   │               MAINTAINER               │
├────────────── ┼─────┼──────┼────────────────────┤
│ ambassador                  │ minikube │ disabled   │ 3rd party (Ambassador)                 │
│ amd-gpu-device-plugin       │ minikube │ disabled   │ 3rd party (AMD)                        │
│ auto-pause                  │ minikube │ disabled   │ minikube                               │
│ cloud-spanner               │ minikube │ disabled   │ Google                                 │
│ csi-hostpath-driver         │ minikube │ disabled   │ Kubernetes                             │
│ dashboard                   │ minikube │ enabled ✅ │ Kubernetes                             │
│ default-storageclass        │ minikube │ enabled ✅ │ Kubernetes                             │
│ efk                         │ minikube │ disabled   │ 3rd party (Elastic)                    │
│ freshpod                    │ minikube │ disabled   │ Google                                 │
│ gcp-auth                    │ minikube │ disabled   │ Google                                 │
│ gvisor                      │ minikube │ disabled   │ minikube                               │
│ headlamp                    │ minikube │ disabled   │ 3rd party (kinvolk.io)                 │
│ inaccel                     │ minikube │ disabled   │ 3rd party (InAccel [info@inaccel.com]) │
│ ingress                     │ minikube │ enabled ✅ │ Kubernetes                             │
│ ingress-dns                 │ minikube │ disabled   │ minikube                               │
│ inspektor-gadget            │ minikube │ disabled   │ 3rd party (inspektor-gadget.io)        │
│ istio                       │ minikube │ disabled   │ 3rd party (Istio)                      │
│ istio-provisioner           │ minikube │ disabled   │ 3rd party (Istio)                      │
│ kong                        │ minikube │ disabled   │ 3rd party (Kong HQ)                    │
│ kubeflow                    │ minikube │ disabled   │ 3rd party                              │
│ kubetail                    │ minikube │ disabled   │ 3rd party (kubetail.com)               │
│ kubevirt                    │ minikube │ disabled   │ 3rd party (KubeVirt)                   │
│ logviewer                   │ minikube │ disabled   │ 3rd party (unknown)                    │
│ metallb                     │ minikube │ disabled   │ 3rd party (MetalLB)                    │
│ metrics-server              │ minikube │ enabled ✅ │ Kubernetes                             │
│ nvidia-device-plugin        │ minikube │ disabled   │ 3rd party (NVIDIA)                     │
│ nvidia-driver-installer     │ minikube │ disabled   │ 3rd party (NVIDIA)                     │
│ nvidia-gpu-device-plugin    │ minikube │ disabled   │ 3rd party (NVIDIA)                     │
│ olm                         │ minikube │ disabled   │ 3rd party (Operator Framework)         │
│ pod-security-policy         │ minikube │ disabled   │ 3rd party (unknown)                    │
│ portainer                   │ minikube │ disabled   │ 3rd party (Portainer.io)               │
│ registry                    │ minikube │ disabled   │ minikube                               │
│ registry-aliases            │ minikube │ disabled   │ 3rd party (unknown)                    │
│ registry-creds              │ minikube │ disabled   │ 3rd party (UPMC Enterprises)           │
│ storage-provisioner         │ minikube │ enabled ✅ │ minikube                               │
│ storage-provisioner-gluster │ minikube │ disabled   │ 3rd party (Gluster)                    │
│ storage-provisioner-rancher │ minikube │ disabled   │ 3rd party (Rancher)                    │
│ volcano                     │ minikube │ disabled   │ third-party (volcano)                  │
│ volumesnapshots             │ minikube │ disabled   │ Kubernetes                             │
│ yakd                        │ minikube │ disabled   │ 3rd party (marcnuri.com)               │
└────────────── ┴─────┴──────┴────────────────────┘
 
# 이제 metric 을 확인할 수 있다.
meatsby  ~  k top no
NAME       CPU(cores)   CPU(%)   MEMORY(bytes)   MEMORY(%)
minikube   309m         3%       1110Mi          14%
 
meatsby  ~  k top po
NAME      CPU(cores)   MEMORY(bytes)
bar-app   1m           8Mi
foo-app   1m           6Mi

multi-node cluster 구성

meatsby  ~  minikube node list
minikube	192.168.49.2
 
# worker node 3대 추가
meatsby  ~  minikube node add --worker
😄  노드 m02 를 클러스터 minikube 에 [worker] 로 추가합니다
❗  CNI 없이 클러스터가 생성되었으므로, 클러스터에 노드를 추가하면 네트워킹이 중단될 수 있습니다.
👍  "minikube" 클러스터의 "minikube-m02" worker 노드를 시작하는 중
🚜  기본 이미지 v0.0.48를 가져오는 중 ...
🔥  docker container (CPUs=2, 메모리=2200MB) 를 생성하는 중 ...
🐳  쿠버네티스 v1.34.0 을 Docker 28.4.0 런타임으로 설치하는 중
🔎  Kubernetes 구성 요소를 확인...
🏄  m02 를 minikube 에 성공적으로 추가하였습니다!
 
meatsby  ~  minikube node add --worker
😄  노드 m03 를 클러스터 minikube 에 [worker] 로 추가합니다
👍  "minikube" 클러스터의 "minikube-m03" worker 노드를 시작하는 중
🚜  기본 이미지 v0.0.48를 가져오는 중 ...
🔥  docker container (CPUs=2, 메모리=2200MB) 를 생성하는 중 ...
🐳  쿠버네티스 v1.34.0 을 Docker 28.4.0 런타임으로 설치하는 중
🔎  Kubernetes 구성 요소를 확인...
🏄  m03 를 minikube 에 성공적으로 추가하였습니다!
 
meatsby  ~  minikube node add --worker
😄  노드 m04 를 클러스터 minikube 에 [worker] 로 추가합니다
👍  "minikube" 클러스터의 "minikube-m04" worker 노드를 시작하는 중
🚜  기본 이미지 v0.0.48를 가져오는 중 ...
🔥  docker container (CPUs=2, 메모리=2200MB) 를 생성하는 중 ...
🐳  쿠버네티스 v1.34.0 을 Docker 28.4.0 런타임으로 설치하는 중
🔎  Kubernetes 구성 요소를 확인...
🏄  m04 를 minikube 에 성공적으로 추가하였습니다!
 
meatsby  ~  minikube node list
minikube	192.168.49.2
minikube-m02	192.168.49.3
minikube-m03	192.168.49.4
minikube-m04	192.168.49.5
 
meatsby  ~  k get nodes
NAME           STATUS   ROLES           AGE     VERSION
minikube       Ready    control-plane   3h39m   v1.34.0
minikube-m02   Ready    <none>          2m8s    v1.34.0
minikube-m03   Ready    <none>          114s    v1.34.0
minikube-m04   Ready    <none>          99s     v1.34.0
 
# worker node labeling
meatsby  ~  k label node minikube-m02 node-role.kubernetes.io/worker=worker
node/minikube-m02 labeled
 
meatsby  ~  k label node minikube-m03 node-role.kubernetes.io/worker=worker
node/minikube-m03 labeled
 
meatsby  ~  k label node minikube-m04 node-role.kubernetes.io/worker=worker
node/minikube-m04 labeled
 
meatsby  ~  k get nodes
NAME           STATUS   ROLES           AGE     VERSION
minikube       Ready    control-plane   3h40m   v1.34.0
minikube-m02   Ready    worker          2m52s   v1.34.0
minikube-m03   Ready    worker          2m38s   v1.34.0
minikube-m04   Ready    worker          2m23s   v1.34.0

References

Udemy - Certified Kubernetes Administrator (CKA) with Practice Tests

🪴 Quartz 4.0

Explorer

12. CKA Practice

K8s Cluster Upgrade

Extracting JSON information

Fix kubeconfig

Rolling Update

Fix PVC

유형

2025-02-28 이후 유형

Create Pod with multiple containers (8)

Install container runtime (7)

Expose pod with Service (8)

Create Deployment (10)

Expose Depolyment with Service (8)

Create PV (8)

Create HPA (10)

Create VPA (9)

Create Gateway (6)

Helm Chart upgrade (8)

Create StorageClass (6)

Create Deployment (10)

Create Ingress (10)

Create Role and RoleBinding (10)

Create ClusterIP Service and test dns lookup (10)

Create StaticPod on node01 (10)

Create HPA (10)

Configure HTTPS Gateway (10)

Helm (10)

NetworkPolicy (6)

Adjusting network parameters with kubeadm (6)

Create ServiceAccount, ClusterRole, ClusterRoleBinding (8)

Create StorageClass (6)

Create ConfigMap (8)

Create PriorityClass (8)

Create NetworkPolicy (8)

Taint and Toleration (12)

Inspect PVC and PV (6)

Fix kubeconfig (8)

Fix controller-manager (10)

Create HPA (6)

Create HTTPRoute (6)

Helm install (4)

Identify pod CIDR (4)

Identify podSubnet (4)

minikube 실습 환경 구성

minikube 설치

minikube 실행

dashboard 실행

Ingress 실습

metrics-server 설치

multi-node cluster 구성

References

Graph View

Table of Contents