CKA认证介绍(Certificated Kubernetes Administrator)
(1)面向Kubernetes管理员的认证项目
(2)考核日常运维k8s集群所需的
(3)知识、技能,以及熟练度
关键信息
费用:$300(含一次补考机会)
在线远程监考、3小时上机实操、开卷(可查K8S手册)
有效期 2 年
网络连通性、熟练度
查看考纲最新版本访问 https://github.com/cncf/curriculum
考纲解读
Kubernetes架构
Kubernetes工作原理
Kubernetes基本概念
Pod
一组功能相关的Container的封装
共享存储和Network Namespace
K8S调度和作业运行的基本单位(Scheduler调度,Kubelet运行)
容易“走失”,需要Workload和Service的“呵护”
Workloads (Deployment, StatefulSet, DaemonSet, Job...)
一组功能相关的Pod的封装
Service
Pod“防失联”
给一组pod设置反向代理
使用kubectl与集群交互
Basic Commands (Beginner):
create 从文件或stdin创建资源
expose 为deployment,pod创建Service。
run Run a particular image on the cluster
set Set specific features on objects
Basic Commands (Intermediate):
get 最基本的查询命令。如 kubectl get rs,kubectl get deploy,
kubectl get svc,kubectl get rs/foo
explain 查看资源定义。如 kubectl explain replicaset
edit 使用系统编辑器编辑资源。如 kubectl edit deploy/foo
delete 删除指定资源,支持文件名、资源名、label selector。
如 kubectl delete po -l foo=barDeploy Commands:
rollout Deployment, Daemonset的升级过程管理(查看状态、操作历史、暂停升级、恢复升级、回滚等)
rolling-update 客户端滚动升级,仅限ReplicationController
scale 修改Deployment, ReplicaSet, ReplicationController, Job的实例数
autoscale 为Deploy, RS, RC配置自动伸缩规则(依赖heapster和hpa)
Cluster Management Commands:
certificate Modify certificate resources.
cluster-info 查看集群信息
top 查看资源占用率(依赖heapster)
cordon 标记节点为unschedulable
uncordon 标记节点为schedulable
drain 驱逐节点上的应用,准备下线维护
taint 修改节点taint标记Troubleshooting and Debugging Commands:
describe 查看资源详情
logs 查看pod内容器的日志
attach Attach到pod内的一个容器
exec 在指定容器内执行命令
port-forward 为pod创建本地端口映射
proxy 为Kubernetes API server创建代理
cp 容器内外/容器间文件拷贝
Advanced Commands:
apply 从文件或stdin创建/更新资源
patch 使用strategic merge patch语法更新对象的某些字段
replace 从文件或stdin更新资源
convert 在不同API版本之间转换对象定义
Settings Commands:
label 给资源设置label
annotate 给资源设置annotation
completion 获取shell自动补全脚本(支持bash和zsh)
Other Commands:
api-versions Print the supported API versions on the server, in the form of "group/version"
config 修改kubectl配置(kubeconfig文件),如context
help Help about any command
version 查看客户端和Server端K8S版本
kubectl命令太多太长记不住?
查看资源缩写
kubectl describe 8
配置kubectl自动完成
source <(kubectl completion bash)
kubectl写yaml太累,找样例太麻烦?
用run命令生成
kubectl run --image=nginx my-deploy -o yaml --dry-run > my-deploy.yaml
用get命令导出
kubectl get statefulset/foo -o=yaml --export > new.yaml
Pod亲和性下面字段的拼写忘记了
kubectl explain pod.spec.affinity.podAffinity
使用CCE-kubectl镜像创建无状态负载
镜像地址
swr.cn-south-1.myhuaweicloud.com/kevin-wangzefeng/cce-kubectl:v1
设置环境变量PASSWORD=<你的密码>
暴露容器端口3000到外部服务
成功后通过http访问,用户名:term,密码:<你的密码>
一获取kubernetes配置文件
kubernetes配置文件路径
mkdir -p $HOME/.kube
mv -f kubeconfig.json $HOME/.kube/config
kubectl config use-context internal
二config配置文件内容大约如下
{"kind":"Config","apiVersion":"v1","preferences":{},"clusters":[{"name":"internalCluster","cluster":{"server":"https://192.168.47.160:5443","certificate-authority-data":"
DphMDoxNzowNTpiOToxMTpkNzo2Yjo3NTpiZDphYzo1Yjo2NjpkMDo5ODoKICAgICAgICA3OTo5Yjo0MDoxZTo0Yzo1YjpmOTo3ZDowYTpjYjo1YTpiZTo5YzpkZjpmMzo5MzozYzowNToKICAgICAgICBiNj"}}],"
""contexts":[{"name":"internal","context":{"cluster":"internalCluster","user":"user"}}],"current-context":"internal"}
三kubernetes常用命令
3.1查询kubernetes集群信息
[root@cce-21day-cluster-62954-81jwz ~]# kubectl version --help #查询kubectl version 帮助信息
Options:
-c, --client=false: Client version only (no server required).
-o, --output='': One of 'yaml' or 'json'.
--short=false: Print just the version number.
Usage:
kubectl version [options]
[root@cce-21day-cluster-62954-81jwz ~]# kubectl version -o json #输出以json串输出
{
"clientVersion": {
"major": "1",
"minor": "9",
"gitVersion": "v1.9.3",
"gitCommit": "d2835416544f298c919e2ead3be3d0864b52323b",
"gitTreeState": "clean",
"buildDate": "2018-02-07T12:22:21Z",
"goVersion": "go1.9.2",
"compiler": "gc",
"platform": "linux/amd64"
},
"serverVersion": {
"major": "1",
"minor": "9+",
"gitVersion": "v1.9.10-r1-CCE2.0.13.B003-1-g3f85ced01c8312",
"gitCommit": "3f85ced01c83125729a14d093bba815b549eb88e",
"gitTreeState": "clean",
"buildDate": "2018-12-04T11:56:45Z",
"goVersion": "go1.9.3",
"compiler": "gc",
"platform": "linux/amd64"
}
}
3.2查看kubernetes运行环境信息
[root@cce-21day-cluster-62954-81jwz ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.47.160:5443
KubeDNS is running at https://192.168.47.160:5443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
kubernetes-dashboard is running at https://192.168.47.160:5443/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
[root@cce-21day-cluster-62954-81jwz ~]#
3.3查看master组件健康状态
[root@cce-21day-cluster-62954-81jwz ~]# kubectl get componentstatus
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-4-events Healthy {"health": "true"}
etcd-5-events Healthy {"health": "true"}
etcd-3-events Healthy {"health": "true"}
etcd-2 Healthy {"health": "true"}
etcd-1 Healthy {"health": "true"}
etcd-0 Healthy {"health": "true"}
[root@cce-21day-cluster-62954-81jwz ~]#
3.4查看node健康状态
[root@cce-21day-cluster-62954-81jwz ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
192.168.162.50 Ready <none> 1d v1.9.10-r1-CCE2.0.13.B003-1-g1f7ee28e1931ac
192.168.98.57 Ready <none> 1d v1.9.10-r1-CCE2.0.13.B003-1-g1f7ee28e1931ac
3.5查看node节点的详细描述信息
[root@cce-21day-cluster-62954-81jwz ~]# kubectl describe node 192.168.162.50
Name: 192.168.162.50
Roles: <none>
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
failure-domain.beta.kubernetes.io/region=cn-north-1
failure-domain.beta.kubernetes.io/zone=cn-north-1a
kubernetes.io/availablezone=cn-north-1a
kubernetes.io/hostname=192.168.162.50
os.architecture=amd64
os.name=EulerOS_2.0_SP2
os.version=3.10.0-327.62.59.83.h96.x86_64
supportContainer=true
Annotations: huawei.com/gpu-status=[]
node.alpha.kubernetes.io/ttl=0
Taints: <none>
CreationTimestamp: Fri, 07 Dec 2018 11:00:57 +0800
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
---- ------ ----------------- ------------------ ------ -------
OutOfDisk False Sat, 08 Dec 2018 15:49:58 +0800 Fri, 07 Dec 2018 11:00:27 +0800 KubeletHasSufficientDisk kubelet has sufficient disk space available
MemoryPressure False Sat, 08 Dec 2018 15:49:58 +0800 Fri, 07 Dec 2018 11:00:27 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available
NetworkCardNotFound False Sat, 08 Dec 2018 15:49:58 +0800 Fri, 07 Dec 2018 11:00:27 +0800 NetworkCardFound network card has found
DiskPressure False Sat, 08 Dec 2018 15:49:58 +0800 Fri, 07 Dec 2018 11:00:27 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure
Ready True Sat, 08 Dec 2018 15:49:58 +0800 Fri, 07 Dec 2018 11:00:27 +0800 KubeletReady kubelet is posting ready status
Addresses:
InternalIP: 192.168.162.50
Hostname: 192.168.162.50
DataIP: 192.168.162.50
Capacity:
alpha.kubernetes.io/nvidia-gpu: 0
cpu: 4
memory: 7993828Ki
pods: 110
Allocatable:
alpha.kubernetes.io/nvidia-gpu: 0
cpu: 3920m
memory: 6265316Ki
pods: 110
System Info:
Machine ID: 05434ac1-f0a2-4c87-bf44-f9a54c90628d
System UUID: 84E8B460-053F-41F1-8849-1CD14237C318
Boot ID: f474a21d-e7c1-4983-900a-4224eb433879
Kernel Version: 3.10.0-327.62.59.83.h96.x86_64
OS Image: EulerOS 2.0 (SP2)
Operating System: linux
Architecture: amd64
Container Runtime Version: docker://17.6.1
Kubelet Version: v1.9.10-r1-CCE2.0.13.B003-1-g1f7ee28e1931ac
Kube-Proxy Version: v1.9.10-r1-CCE2.0.13.B003-1-g1f7ee28e1931ac
ExternalID: 192.168.162.50
Non-terminated Pods: (0 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits
--------- ---- ------------ ---------- --------------- -------------
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.)
CPU Requests CPU Limits Memory Requests Memory Limits
------------ ---------- --------------- -------------
0 (0%) 0 (0%) 0 (0%) 0 (0%)
Events: <none>
[root@cce-21day-cluster-62954-81jwz ~]#
3.6查看rc(replicationController)状态:kubectl get rc --namespace=zenap
3.7查看pod状态:kubectl get pod --namespace=zenap -o wide
3.8查看pod描述:kubectl describe pod f594d22e-d7e5-4087-aabe-f7d70075159d-1-9xnb5 --namespace=zenap
3.9查看pod日志:kubectl logs f594d22e-d7e5-4087-aabe-f7d70075159d-1-9xnb5 --namespace=zenap
3.10查看事件信息:kubectl get event --namespace=zenap
四常用命令
kubectl get pods
kubectl get rc
kubectl get service
kubectl get componentstatuses
kubectl get endpoints
kubectl create -f redis-master-controller.yaml
kubectl delete -f redis-master-controller.yaml
kubectl delete pod nginx-772ai
kubectl logs -f pods/heapster-xxxxx -n kube-system #查看日志
kubectl scale rc redis-slave --replicas=3 #修改RC的副本数量,来实现Pod的动态缩放
etcdctl cluster-health #检查网络集群健康状态
etcdctl --endpoints=https://192.168.71.221:2379 cluster-health #带有安全认证检查网络集群健康状态
etcdctl member list
etcdctl set /k8s/network/config '{ "Network": "10.1.0.0/16" }'
etcdctl get /k8s/network/config
基础进阶
kubectl get services kubernetes-dashboard -n kube-system #查看所有service
kubectl get deployment kubernetes-dashboard -n kube-system #查看所有发布
kubectl get pods --all-namespaces #查看所有pod
kubectl get pods -o wide --all-namespaces #查看所有pod的IP及节点
kubectl get pods -n kube-system | grep dashboard
kubectl describe service/kubernetes-dashboard --namespace="kube-system"
kubectl describe pods/kubernetes-dashboard-349859023-g6q8c --namespace="kube-system" #指定类型查看
kubectl describe pod nginx-772ai #查看pod详细信息
kubectl scale rc nginx --replicas=5 # 动态伸缩
kubectl scale deployment redis-slave --replicas=5 #动态伸缩
kubectl scale --replicas=2 -f redis-slave-deployment.yaml #动态伸缩
kubectl exec -it redis-master-1033017107-q47hh /bin/bash #进入容器
kubectl label nodes node1 zone=north #增加节点lable值 spec.nodeSelector: zone: north #指定pod在哪个节点
kubectl get nodes -lzone #获取zone的节点
kubectl label pod redis-master-1033017107-q47hh role=master #增加lable值 [key]=[value]
kubectl label pod redis-master-1033017107-q47hh role- #删除lable值
kubectl label pod redis-master-1033017107-q47hh role=backend --overwrite #修改lable值
kubectl rolling-update redis-master -f redis-master-controller-v2.yaml #配置文件滚动升级
kubectl rolling-update redis-master --image=redis-master:2.0 #命令升级
kubectl rolling-update redis-master --image=redis-master:1.0 --rollback #pod版本回滚本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
