CKAD: Tips


1. how to run on master node?
nodeName: master

2. how to run command and args
commands: ["/bin/sh", "-c" "COMMAND"]

3. rolling update
Rolling update YAML
  strategy:
        type: RollingUpdate
        rollingUpdate:
           maxSurge: 1
           maxUnavailable: 1

4. inside container
volumeMounts:
     - mountPath: 

5. Useful command
k explain pods --recursive

6. Environment Variable

env: 
- name: ENV_NAME
  valueFrom: 
    configMapKeyRef:
      name: CM
      key: KEY 
- name: ENV_NAME
  value: "VALUE"


envFrom:
      - configMapRef:
          name: CM_NAME

Same applies for secret

7. Empty Dir volume

volumes: 
- name: VOL
  emptyDir: {}

8. Ports inside container

ports:
- containerPort: AAAA

9. CPU limit

resources:
  requests:
    cpu: "0.2"

10. PVC at Pod

volumes:
        - name: V_NAME
          persistentVolumeClaim:

            claimName: PVC_NAME

11. 

A. Security Context for container 

    securityContext:
      capabilities:
        add:
        - SYS_TIME
        drop: 
        - SYS_TIME

    securityContext:
    runAsUser: UID
    runAsGroup: GID
    fsGroup: NA
    fsGroupChangePolicy: NA
    allowPrivilegeEscalation : true | false
    privileged: true | false

B. Security Context for pod

    securityContext:
      systls: 
        - name: NAME
          value: VALUE

12. Ingress

spec:
  rules:
  - host: HOST_URL
    http:
      paths:
      - path: /PATH
        backend:
          serviceName: K8S_SVC
          servicePort: PORT(note NODE_PORT)



For testing HOST_URL can be specified with -H option

curl -H "HOST_URL" http://IP_ADDRESS/PATH 

13. PV

persistentVolumeReclaimPolicy: Retain | Recycle | Delete

14. netpol
Please define port also of service

  podSelector:
    matchLabels:
      KEY: VALUE
  policyTypes:
  - Ingress
  - Egress
  ingress:
  - from:
    - ipBlock:
        cidr: 172.17.0.0/16
        except:
        - 172.17.1.0/24
    - namespaceSelector:
        matchLabels:
          KEY: VALUE
    - podSelector:
        matchLabels:
          KEY: VALUE

Same for egress, we shall use to

15 Job

activeDeadlineSeconds
completions
parallelism
restartPolicy : {Never | OnFailure }  
Default is Always. Default is not suitable for Job
backoffLimit
ttlSecondsAfterFinished default 'never'


16 Probe

A livenessProbe
B readinessProbe
C startupProbe



exec:
  command: 
    - COMMAND1
    - COMMAND2

B

      httpGet:
        path: /PATH
        port: PORT
        httpHeaders:
        - name: Custom-Header
          value: VALUE

C

      tcpSocket:
        port: PORT

For all:

      initialDelaySeconds: 15
      periodSeconds: 20
      failureThreshold

11. k explain K8S_OBJECT --recursive

12. Rolling Update

  strategy:
    rollingUpdate:
      maxSurge: 1
      maxUnavailable: 1

    type: RollingUpdate

13. Volumes at pod using secret and configmap

volumes:
  name: VOLUME_NAME
  configMap:
    name: CM_NAME

volume:
  name: VOLUME_NAME
  secret:
    secretName: S_NAME

14. For 'k create' commnad, first we shall specify name of K8s object and then other parameter. the exception is svc. For svc, first specify type of svc and then its name and then other parameters. 

15. Inside YAML file, all type/parameter with plural name are list. E.g .volumes, volumemounts, containers, resources etc. Only exception is command. It is singular, yet list. However args is plural, no exception. 

16. Find API version with command

k explain OBJECT --recursive | grep VERSION

17. compare to 

k get po POD_NAME -o yaml 

below command is better

k get po POD_NAME -o yaml --export


18. To change namespace

k config set-context --current --namespace=NAMESPACE


0 comments:

Post a Comment