Udemy Labs - Certified Kubernetes Application Developer - Lab: Lightning Lab - 2 문제 풀이
Kubernetes
1/5
We have deployed a few pods in this cluster in various namespaces. Inspect them and identify the pod which is not in a Ready state. Troubleshoot and fix the issue.
Next, add a check to restart the container on the same pod if the command ls /var/www/html/file_check fails. This check should start after a delay of 10 seconds and run every 60 seconds.
You may delete and recreate the object. Ignore the warnings from the probe.
참고
- Define a TCP liveness probe: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-a-tcp-liveness-probe
정답
1. 에러 파드 확인
controlplane ~ ➜ kubectl get pods --all-namespaces
NAMESPACE NAME READY STATUS RESTARTS AGE
default dev-pod-dind-878516 3/3 Running 0 39s
default pod-xyz1123 1/1 Running 0 39s
default webapp-color 1/1 Running 0 38s
dev0403 nginx0403 1/1 Running 0 39s
dev0403 pod-dar85 1/1 Running 0 39s
dev1401 nginx1401 0/1 Running 0 39s
controlplane ~ ➜ k describe po nginx1401 -n dev1401
Name: nginx1401
Namespace: dev1401
Priority: 0
Service Account: default
Node: node01/192.168.139.50
Start Time: Thu, 30 Jan 2025 10:31:54 +0000
Labels: run=nginx
Annotations: cni.projectcalico.org/containerID: 9d62220f765425a9ea5b4003d6f827493b8e64d35cc155c86a3128a773578c90
cni.projectcalico.org/podIP: 172.17.1.2/32
cni.projectcalico.org/podIPs: 172.17.1.2/32
Status: Running
IP: 172.17.1.2
IPs:
IP: 172.17.1.2
Containers:
nginx:
Container ID: containerd://ad1b44c2d69fa98694620d673693f930eff723c0e658ef9b4aacba93767e3579
Image: kodekloud/nginx
Image ID: docker.io/kodekloud/nginx@sha256:2862900861517dfaf9e0ed0f4fa199744a7410f4f78520866031c725c386bb5e
Port: 9080/TCP
Host Port: 0/TCP
State: Running
Started: Thu, 30 Jan 2025 10:32:00 +0000
Ready: False
Restart Count: 0
Readiness: http-get http://:8080/ delay=0s timeout=1s period=10s #success=1 #failure=3
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-tggbm (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
kube-api-access-tggbm:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 10m default-scheduler Successfully assigned dev1401/nginx1401 to node01
Normal Pulling 10m kubelet Pulling image "kodekloud/nginx"
Normal Pulled 10m kubelet Successfully pulled image "kodekloud/nginx" in 4.429s (4.429s including waiting). Image size: 50986074 bytes.
Normal Created 10m kubelet Created container nginx
Normal Started 10m kubelet Started container nginx
Warning Unhealthy 28s (x70 over 10m) kubelet Readiness probe failed: Get "http://172.17.1.2:8080/": dial tcp 172.17.1.2:8080: connect: connection refused
controlplane ~ ➜
- yaml파일 수정
apiVersion: v1
kind: Pod
metadata:
labels:
run: nginx
name: nginx1401
namespace: dev1401
spec:
containers:
- image: kodekloud/nginx
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 9080
protocol: TCP
readinessProbe:
httpGet:
path: /
port: 9080
livenessProbe:
exec:
command:
- ls
- /var/www/html/file_check
initialDelaySeconds: 10
periodSeconds: 602 / 5
Weight: 20
Create a cronjob called dice that runs every one minute. Use the Pod template located at /root/throw-a-dice. The image throw-dice randomly returns a value between 1 and 6. The result of 6 is considered success and all others are failure.
The job should be non-parallel and complete the task once. Use a backoffLimit of 25.
If the task is not completed within 20 seconds the job should fail and pods should be terminated.
You don't have to wait for the job completion. As long as the cronjob has been created as per the requirements.
참고:
- crobjob: https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
- job: https://kubernetes.io/docs/concepts/workloads/controllers/job/#job-termination-and-cleanup
정답
controlplane ~ ➜ cat dice.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: dice
spec:
schedule: "1 * * * *"
jobTemplate:
spec:
backoffLimit: 25
activeDeadlineSeconds: 20
template:
spec:
containers:
- image: kodekloud/throw-dice
name: throw-dice
restartPolicy: Never3 / 5
Weight: 20
Create a pod called my-busybox in the dev2406 namespace using the busybox image. The container should be called secret and should sleep for 3600 seconds.
The container should mount a read-only secret volume called secret-volume at the path /etc/secret-volume. The secret being mounted has already been created for you and is called dotfile-secret.
Make sure that the pod is scheduled on controlplane and no other node in the cluster.
Pod created correctly?
참고
- secret volume: https://kubernetes.io/docs/concepts/configuration/secret/#use-case-dotfiles-in-a-secret-volume
- pod scheduled to specific node: https://kubernetes.io/docs/tasks/configure-pod-container/assign-pods-nodes/#create-a-pod-that-gets-scheduled-to-specific-node
정답
controlplane ~ ➜ cat my-busybox.yaml
apiVersion: v1
kind: Pod
metadata:
name: my-busybox
namespace: dev2406
spec:
nodeSelector:
kubernetes.io/hostname: controlplane
volumes:
- name: secret-volume
secret:
secretName: dotfile-secret
containers:
- name: secret
image: busybox
command:
- sleep
args:
- "3600"
volumeMounts:
- name: secret-volume
readOnly: true
mountPath: "/etc/secret-volume"또는
controlplane ~ ➜ cat my-busybox.yaml
apiVersion: v1
kind: Pod
metadata:
name: my-busybox
namespace: dev2406
spec:
nodeName: controlplane
volumes:
- name: secret-volume
secret:
secretName: dotfile-secret
containers:
- name: secret
image: busybox
command:
- sleep
args:
- "3600"
volumeMounts:
- name: secret-volume
readOnly: true
mountPath: "/etc/secret-volume"4 / 5
Weight: 20
Create a single ingress resource called ingress-vh-routing. The resource should route HTTP traffic to multiple hostnames as specified below:
The service video-service should be accessible on http://watch.ecom-store.com:30093/video
The service apparels-service should be accessible on http://apparels.ecom-store.com:30093/wear
To ensure that the path is correctly rewritten for the backend service, add the following annotation to the resource:
nginx.ingress.kubernetes.io/rewrite-target: /
Here 30093 is the port used by the Ingress Controller
Ingress resource configured correctly?
참고
- ingress annotation: https://kubernetes.io/docs/concepts/services-networking/ingress/#the-ingress-resource
- ingress host: https://kubernetes.io/docs/concepts/services-networking/ingress/#hostname-wildcards
정답
- 그리고 솔루션 답을 똑같이 복붙해서 k apply -f 해도 자꾸 틀렸다고 뜬다;; 왜이럴까 -> 4번 문제를 가서 svc가 셋팅된걸 보고 문제를 풀어야함..
- svc의 port가 8080이니까 ingress의 port도 8080으로 맞춰줘야 함
controlplane ~ ➜ k get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
apparels-service ClusterIP 172.20.77.7 <none> 8080/TCP 4s
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 8m2s
video-service ClusterIP 172.20.201.219 <none> 8080/TCP 4skind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: ingress-vh-routing
annotations:
nginx.ingress.kubernetes.io/rewrite-target: / # 빼먹지말기
spec:
rules:
- host: watch.ecom-store.com # 쌍따옴표 없음
http:
paths:
- pathType: Prefix
path: "/video" # 쌍따옴표있음
backend:
service:
name: video-service
port:
number: 8080
- host: apparels.ecom-store.com
http:
paths:
- pathType: Prefix
path: "/wear"
backend:
service:
name: apparels-service
port:
number: 80805 / 5
Weight: 20
A pod called dev-pod-dind-878516 has been deployed in the default namespace. Inspect the logs for the container called log-x and redirect the warnings to /opt/dind-878516_logs.txt on the controlplane node
Redirect warnings to file
정답
-c: 파드 내에 여러 컨테이너가 있을 경우, -c 옵션을 통해 특정 컨테이너를 지정할 수 있음
controlplane ~ ➜ k logs dev-pod-dind-878516 -c log-x | grep WARNING > /opt/dind-878516_logs.txt
controlplane ~ ✖ cat /opt/dind-878516_logs.txt
[2025-01-30 12:10:12,562] WARNING in event-simulator: USER5 Failed to Login as the account is locked due to MANY FAILED ATTEMPTS.
[2025-01-30 12:10:15,564] WARNING in event-simulator: USER7 Order failed as the item is OUT OF STOCK.
[2025-01-30 12:10:17,567] WARNING in event-simula