overview
- 120 minutes exam
- 15~20 questions
- Free retake available
Time Management
- Setup, prepare
~/.bashrc. Don’t foget tosource ~/.bashrcafter change.
1 | |
-
ns [空格]可以取消 namespace 设置 -
k run test-pod --image=nginx $drc- get the basic pod template from client
- paste the content into a file
test-pod.yaml - then you can change the file and get the target yaml
-
vim settings:
:set nucan open “line number” function:set autoindentwhen create new line, will auto indent
-
k apply -f test-pod.yamlcreate pod -
k api-resourceuse shorthand names
Practice Approach
- Learning some courses
- Access to official docs
- Remote desktop
- Killer.sh
- the simulation exercise here is harder than real questions
Key Areas
- Volumes
- RBAC
- Labels, taints/tolerations
- Etcd snapshots
- Controlplane/kubelet debugging
practice
-
k create role my-role --verb=create --resource=pods $drs -
k create rolebinding --role=my-role my-role-binding --user=john $drc -
k auth can-i create pods --as=johnyes -
k auth can-i create pods --as=paulno -
k get nodes --show-labels -
k taint nodes minikube dedicated=special-user:NoSchedulenode/monikube tainted -
k get nodes -oyaml | grep -A3 taint1
2
3
4taints: - effect: NoSchedule key: dedicated value: special-user -
copy taints into
test-pod.yaml, change the field name to “tolerations”1
2
3
4
5
6spec: ... tolerations: - effect: NoSchedule key: dedicated value: special-user -
get pods -n kube-systemfind etcd pod name like “etcd-minikube” -
get pods -n kube-system etcd-minikube -oyaml1
2
3
4
5
6
7spec: containers: - command: - --cert-file=... - --key-file=... - --listen-client-urls=...(endpoints) - --trusted-ca-file=... -
ETCDCTL_API=3 etcdctl snapshot save /xx/xx/file.db --cacert --cert --key --endpoints=save etcd snapshot -
etcdctl snapshot statuscheck snapshot
Tips conclusion
- Know pluralities of fields
- Edit vs create
- Good Internet Connection
- Verifying answers($drs)
- Edit top level resources(or may be overwritten)