Study for CKAD exam

[oomichi]

オンライン教育受講

• CKA受験の経験から、たぶん資料を読む勉強より実際に触る勉強のほうが良い
• オンライン教育の LAB Exercise の部分を演習する

進捗

いったん受講完了

メモ

• https://kubernetes.io/docs/ 配下は参照可能
• Podの作成
• Deploymentの作成
• 作成したDeploymentのexpose (Service作成）
• Secretの作成とPodでの利用（環境変数での利用）
• ConfigMapの作成とPodでの利用
• CronJobの作成（activedeadlineSecondsの設定も含む）
• 既存DeploymentへのreadinessProbeとlivenessProbeの追加設定（httpによるチェック /healthz, /starts エンドポイント）
• 既存DeploymentへのServiceAccountの紐付け
• 既存Deploymentのローリングアップグレード、ロールバック（imageバージョンの変更）
• 既存Deploymentの修正（指定image名がtypo）
• 負荷の高いPodの特定（kubectl top pod コマンドの実施）
• DeploymentのmaxUnavailable, maxSurge設定
• Network PolicyのPodへの適用

感想

• 3章の簡単なpythonアプリからDockerfileをベースにDockerイメージを作るところはAPP開発向け入門に役立ちそう。

[oomichi]

2. deploy a master node using kubeadm

   prepare 2 nodes:

   $ nova boot --key-name mykey --flavor m1.medium --image fc29755b-4468-4951-b7e3-0278b0fb3682 --nic net-name=provider ckad-master
   $ nova boot --key-name mykey --flavor m1.medium --image fc29755b-4468-4951-b7e3-0278b0fb3682 --nic net-name=provider ckad-cpu01

   deploy a master node:

   $ sudo swapoff -a
   $ sudo apt-get update && sudo apt-get upgrade -y
   $ sudo apt-get install -y docker.io
   $ sudo sh -c "echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list"
   $ sudo sh -c "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -"
   $ sudo apt-get update
   $ sudo apt-get install kubeadm kubelet kubectl
   $ sudo kubeadm init --pod-network-cidr 192.168.0.0/16

   configure kubeconfig:

   $ mkdir -p $HOME/.kube
   $ sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
   $ sudo chown $(id -u):$(id -g) $HOME/.kube/config

   deploy calico:

   $ wget https://tinyurl.com/yb4xturm -O rbac-kdd.yaml
   $ wget https://tinyurl.com/y8lvqc9g -O calico.yaml
   $ kubectl apply -f rbac-kdd.yaml
   $ kubectl apply -f calico.yaml

[oomichi]

3. Deploy a minion node

install packages:

$ sudo swapoff -a
$ sudo apt-get update && sudo apt-get upgrade -y
$ sudo apt-get install -y docker.io
$ sudo sh -c "echo 'deb http://apt.kubernetes.io/ kubernetes-xenial main' >> /etc/apt/sources.list.d/kubernetes.list"
$ sudo sh -c "curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add -"
$ sudo apt-get update
$ sudo apt-get install kubeadm kubelet kubectl

kubeadm init:

$ sudo kubeadm join 192.168.1.111:6443 --token gpejnc.sh2sezq4d27p13zy \
    --discovery-token-ca-cert-hash sha256:bc2d5176770dbd74d92bd545a285650c7a4d1a499eef31e2f3b572902b0c0638

check node status:

$ kubectl get nodes
NAME          STATUS   ROLES    AGE   VERSION
ckad-cpu01    Ready    <none>   78s   v1.14.0
ckad-master   Ready    master   23m   v1.14.0

[oomichi]

Configure the master node

make the master node usable for pod:

$ kubectl describe nodes | grep -i Taint
Taints:             <none>
Taints:             node-role.kubernetes.io/master:NoSchedule
$ kubectl taint nodes ckad-master node-role.kubernetes.io/master:NoSchedule-
$ kubectl describe nodes | grep -i Taint
Taints:             <none>
Taints:             <none>
$

[oomichi]

Create a basic pod

check pod API resource:

$ kubectl api-resources
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
...
pods                              po                                          true         Pod
podtemplates                                                                  true         PodTemplate
...

create a yaml file:

$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: basicpod
spec:
  containers:
  - name: webcont
    image: nginx

create a pod:

$ kubectl create -f pod.yaml
pod/basicpod created

check a running pod:

$ kubectl get pods
NAME       READY   STATUS              RESTARTS   AGE
basicpod   0/1     ContainerCreating   0          26s
$ kubectl get pods
NAME       READY   STATUS    RESTARTS   AGE
basicpod   1/1     Running   0          5m55s

delete the pod:

$ kubectl delete pod basicpod

[oomichi]

Create a pod with the service

create yaml files:

$ cat pod.yaml
apiVersion: v1
kind: Pod
metadata:
  name: basicpod
  labels:
    type: webserver
spec:
  containers:
  - name: webcont
    image: nginx
    ports:
    - containerPort: 80
$ cat service.yaml
apiVersion: v1
kind: Service
metadata:
  name: basicservice
spec:
  selector:
    type: webserver
  ports:
  - protocol: TCP
    port: 80

create a pod and the service:

$ kubectl create -f pod.yaml
pod/basicpod created
$ kubectl create -f service.yaml
service/basicservice created
$ kubectl get services
NAME           TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
basicservice   ClusterIP   10.106.249.240   <none>        80/TCP    22s
kubernetes     ClusterIP   10.96.0.1        <none>        443/TCP   93m
$ curl http://10.106.249.240
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
...

[oomichi]

Install python:

$ sudo apt-get -y install python

Create a simple python file:

$ mkdir app1
$ cd app1/
$ cat simple.py
#!/usr/bin/python
import time
import socket

while True :
    host = socket.gethostname()
    date = time.strftime("%Y-%m-%d %H:%M:%S")
    now = str(date)

    f = open("date.out", "a")
    f.write(now + "\n")
    f.write(host + "\n")
    f.close()
    time.sleep(5)
$ chmod +x simple.py

create a Dockerfile:

$ cat Dockerfile
FROM python:2
ADD simple.py /
CMD [ "python", "./simple.py" ]

create a docker image:

$ sudo docker build -t simpleapp .
...
$ sudo docker images
REPOSITORY                           TAG                 IMAGE ID            CREATED             SIZE
simpleapp                            latest              b920e7a64411        3 minutes ago       914MB

Test the docker image:

$ sudo docker run simpleapp
$ sudo su -
# cat /var/lib/docker/overlay2/e4826d8957176316eebc47e00ad4f8527a7cf51c81b30eca6c88e57043b48ade/diff/date.out
2019-04-03 01:19:15
6fc98e083086
2019-04-03 01:19:20
6fc98e083086
2019-04-03 01:19:25
6fc98e083086
2019-04-03 01:19:30
6fc98e083086
2019-04-03 01:19:35
6fc98e083086

[oomichi]

3. Configure local repo

Create docker compose environment:

$ sudo apt-get install -y docker-compose apache2-utils
$ sudo su -
# mkdir -p /localdocker/data
# cd /localdocker/
# cat docker-compose.yaml
nginx:
  image: "nginx:1.12"
  ports:
  - 443:443
  links:
  - registry:registry
  volumes:
  - /localdocker/nginx/:/etc/nginx/conf.d
registry:
  image: registry:2
  ports:
  - 127.0.0.1:5000:5000
  environment:
    REGISTRY_STORAGE_FILESYSTEM_ROOTDIRECTORY: /data
  volumes:
  - /localdocker/data:/data

Run docker compose for local repo:

# docker-compose up

Use another terminal and test the http of local repo:

$ curl http://localhost:5000/v2
<a href="/v2/">Moved Permanently</a>.

Stop the process of docker-compose on the original terminal with CTRL + C. Download kompose:

# wget https://github.com/kubernetes/kompose/releases/download/v1.1.0/kompose-linux-amd64
# mv kompose-linux-amd64 /usr/local/bin/kompose
# exit

Create two volumes:

/etc/docker/daemon.json

{"insecure-registries":["xxx.xxx.xxx.xxx:5000"]}

[oomichi]

• (完了) Podの作成
• (完了) Deploymentの作成
• (完了) 作成したDeploymentのexpose (Service作成）
• (完了) Secretの作成とPodでの利用（環境変数での利用）
• (完了) ConfigMapの作成とPodでの利用
• (完了) CronJobの作成（activedeadlineSecondsの設定も含む）
• (完了) 既存DeploymentへのreadinessProbeとlivenessProbeの追加設定（httpによるチェック /healthz, /starts エンドポイント）
• (完了) 既存Deploymentのローリングアップグレード、ロールバック（imageバージョンの変更）
• DeploymentのmaxUnavailable, maxSurge設定
• 既存DeploymentへのServiceAccountの紐付け
• 既存Deploymentの修正（指定image名がtypo）
• 負荷の高いPodの特定（kubectl top pod コマンドの実施）

[oomichi]

合格したので クローズ