CKAD: Tips
1. how to run on master node?
nodeName: master
2. how to run command and args
commands: ["/bin/sh", "-c" "COMMAND"]
3. rolling update
Rolling update YAML
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
4. inside container
volumeMounts:
- mountPath:
5. Useful command
k explain pods --recursive
6. Environment Variable
env:
- name: ENV_NAME
valueFrom:
configMapKeyRef:
name: CM
key: KEY
- name: ENV_NAME
value: "VALUE"
envFrom:
- configMapRef:
name: CM_NAME
Same applies for secret
7. Empty Dir volume
volumes:
- name: VOL
emptyDir: {}
8. Ports inside container
ports:
- containerPort: AAAA
9. CPU limit
resources:
requests:
cpu: "0.2"
10. PVC at Pod
volumes:
- name: V_NAME
persistentVolumeClaim:
claimName: PVC_NAME
11.
A. Security Context for container
securityContext:
capabilities:
add:
- SYS_TIME
drop:
- SYS_TIME
securityContext:
runAsUser: UID
runAsGroup: GID
fsGroup: NA
fsGroupChangePolicy: NA
allowPrivilegeEscalation : true | false
privileged: true | false
B. Security Context for pod
securityContext:
systls:
- name: NAME
value: VALUE
12. Ingress
spec:
rules:
- host: HOST_URL
http:
paths:
- path: /PATH
backend:
serviceName: K8S_SVC
servicePort: PORT(note NODE_PORT)
For testing HOST_URL can be specified with -H option
curl -H "HOST_URL" http://IP_ADDRESS/PATH
13. PV
persistentVolumeReclaimPolicy: Retain | Recycle | Delete
14. netpol
Please define port also of service
podSelector:
matchLabels:
KEY: VALUE
policyTypes:
- Ingress
- Egress
ingress:
- from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
KEY: VALUE
- podSelector:
matchLabels:
KEY: VALUE
Same for egress, we shall use to
15 Job
activeDeadlineSeconds
completions
parallelism
restartPolicy : {Never | OnFailure } Default is Always. Default is not suitable for Job
backoffLimit
ttlSecondsAfterFinished default 'never'
16 Probe
A livenessProbe
B readinessProbe
C startupProbe
A
exec:
command:
- COMMAND1
- COMMAND2
B
httpGet:
path: /PATH
port: PORT
httpHeaders:
- name: Custom-Header
value: VALUE
C
tcpSocket:
port: PORT
For all:
initialDelaySeconds: 15
periodSeconds: 20
failureThreshold
11. k explain K8S_OBJECT --recursive
12. Rolling Update
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
13. Volumes at pod using secret and configmap
volumes:
name: VOLUME_NAME
configMap:
name: CM_NAME
volume:
name: VOLUME_NAME
secret:
secretName: S_NAME
14. For 'k create' commnad, first we shall specify name of K8s object and then other parameter. the exception is svc. For svc, first specify type of svc and then its name and then other parameters.
15. Inside YAML file, all type/parameter with plural name are list. E.g .volumes, volumemounts, containers, resources etc. Only exception is command. It is singular, yet list. However args is plural, no exception.
16. Find API version with command
k explain OBJECT --recursive | grep VERSION
17. compare to
k get po POD_NAME -o yaml
below command is better
k get po POD_NAME -o yaml --export
18. To change namespace
k config set-context --current --namespace=NAMESPACE
nodeName: master
2. how to run command and args
commands: ["/bin/sh", "-c" "COMMAND"]
3. rolling update
Rolling update YAML
strategy:
type: RollingUpdate
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
4. inside container
volumeMounts:
- mountPath:
5. Useful command
k explain pods --recursive
6. Environment Variable
env:
- name: ENV_NAME
valueFrom:
configMapKeyRef:
name: CM
key: KEY
- name: ENV_NAME
value: "VALUE"
envFrom:
- configMapRef:
name: CM_NAME
Same applies for secret
7. Empty Dir volume
volumes:
- name: VOL
emptyDir: {}
8. Ports inside container
ports:
- containerPort: AAAA
9. CPU limit
resources:
requests:
cpu: "0.2"
10. PVC at Pod
volumes:
- name: V_NAME
persistentVolumeClaim:
claimName: PVC_NAME
11.
A. Security Context for container
securityContext:
capabilities:
add:
- SYS_TIME
drop:
- SYS_TIME
securityContext:
runAsUser: UID
runAsGroup: GID
fsGroup: NA
fsGroupChangePolicy: NA
allowPrivilegeEscalation : true | false
privileged: true | false
B. Security Context for pod
securityContext:
systls:
- name: NAME
value: VALUE
12. Ingress
spec:
rules:
- host: HOST_URL
http:
paths:
- path: /PATH
backend:
serviceName: K8S_SVC
servicePort: PORT(note NODE_PORT)
For testing HOST_URL can be specified with -H option
curl -H "HOST_URL" http://IP_ADDRESS/PATH
13. PV
persistentVolumeReclaimPolicy: Retain | Recycle | Delete
14. netpol
Please define port also of service
podSelector:
matchLabels:
KEY: VALUE
policyTypes:
- Ingress
- Egress
ingress:
- from:
- ipBlock:
cidr: 172.17.0.0/16
except:
- 172.17.1.0/24
- namespaceSelector:
matchLabels:
KEY: VALUE
- podSelector:
matchLabels:
KEY: VALUE
Same for egress, we shall use to
15 Job
activeDeadlineSeconds
completions
parallelism
restartPolicy : {Never | OnFailure } Default is Always. Default is not suitable for Job
backoffLimit
ttlSecondsAfterFinished default 'never'
16 Probe
A livenessProbe
B readinessProbe
C startupProbe
A
exec:
command:
- COMMAND1
- COMMAND2
B
httpGet:
path: /PATH
port: PORT
httpHeaders:
- name: Custom-Header
value: VALUE
C
tcpSocket:
port: PORT
For all:
initialDelaySeconds: 15
periodSeconds: 20
failureThreshold
11. k explain K8S_OBJECT --recursive
12. Rolling Update
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
13. Volumes at pod using secret and configmap
volumes:
name: VOLUME_NAME
configMap:
name: CM_NAME
volume:
name: VOLUME_NAME
secret:
secretName: S_NAME
14. For 'k create' commnad, first we shall specify name of K8s object and then other parameter. the exception is svc. For svc, first specify type of svc and then its name and then other parameters.
15. Inside YAML file, all type/parameter with plural name are list. E.g .volumes, volumemounts, containers, resources etc. Only exception is command. It is singular, yet list. However args is plural, no exception.
16. Find API version with command
k explain OBJECT --recursive | grep VERSION
17. compare to
k get po POD_NAME -o yaml
below command is better
k get po POD_NAME -o yaml --export
18. To change namespace
k config set-context --current --namespace=NAMESPACE
0 comments:
Post a Comment