Extra Qusestion 1 | Find Pods first to be terminated
Use context: kubectl config use-context k8s-c1-H
Check all available Pods in the Namespace project-c13 and find the names of those that would probably be terminated first if the nodes run out of resources (cpu or memory) to schedule all Pods. Write the Pod names into /opt/course/e1/pods-not-stable.txt.
Answer:
k -n project-c13 describe pod | less -p Requests # 모든 파드를 설명하고 Requests 강조
//or
k -n project-c13 describe pod | egrep "^(Name:| Requests:)" -A1
//jsonpath
k -n project-c13 get pod -o jsonpath="{range .items[*]} {.metadata.name}{.spec.containers[*].resources}{'\n'}"
//or
k get pods -n project-c13 -o jsonpath="{range .items[*]}{.metadata.name} {.status.qosClass}{'\n'}"https://kubernetes.io/docs/tasks/configure-pod-container/quality-service-pod/
Configure Quality of Service for Pods
This page shows how to configure Pods so that they will be assigned particular Quality of Service (QoS) classes. Kubernetes uses QoS classes to make decisions about evicting Pods when Node resources are exceeded. When Kubernetes creates a Pod it assigns on
kubernetes.io
Extra Qusestion 2 | Curl Manually Contact API
Use context: kubectl config use-context k8s-c1-H
There is an existing ServiceAccount secret-reader in Namespace project-hamster. Create a Pod of image curlimages/curl:7.65.3 named tmp-api-contact which uses this ServiceAccount. Make sure the container keeps running.
Exec into the Pod and use curl to access the Kubernetes Api of that cluster manually, listing all available secrets. You can ignore insecure https connection. Write the command(s) for this into file /opt/course/e4/list-secrets.sh.
시나리오:
1. --dry-run=client -o yaml 이용해서 pod yaml 파일 작성 후 serviceAccountName 과 namespace 추가하기
2. pod apply 하고 k exec -it -- sh 이용해서 생성한 파드 접속
3. curl
curl https://kubernetes.default
curl -k https://kubernetes.default # 불안전한 연결 무시
curl -k https://kubernetes.default/api/v1/secrets # 403 Forbidden4. 파일에 명령어 입력
# /opt/course/e4/list-secrets.sh
TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
curl -k https://kubernetes.default/api/v1/secrets -H "Authorization: Bearer ${TOKEN}"
ps) 불완전한 연결 해결방법
// 암호화된 https 연결 실행하려면
CACERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
curl --cacert ${CACERT} https://kubernetes.default/api/v1/secrets -H "Authorization: Bearer ${TOKEN}"https://kubernetes.io/docs/tasks/run-application/access-api-from-pod/
Accessing the Kubernetes API from a Pod
This guide demonstrates how to access the Kubernetes API from within a pod. Before you begin You need to have a Kubernetes cluster, and the kubectl command-line tool must be configured to communicate with your cluster. It is recommended to run this tutoria
kubernetes.io
'Cloud > CKA' 카테고리의 다른 글
| [CKA] killer.sh ( Preview Question 1 ~ 3 ) (0) | 2024.07.05 |
|---|---|
| [CKA] killer.sh ( Question 21 ~ Question 25 ) (0) | 2024.07.03 |
| [CKA] killer.sh ( Question 11 ~ Question 20 ) (1) | 2024.07.02 |
| [CKA] killer.sh ( Question 1 ~ Question 10 ) (0) | 2024.06.30 |
| [CKA] PSI Bridge 시험 환경 적응하기 (0) | 2024.06.28 |