☑ quiz 1
kubectl get pod -n quiz 를 했을 때 아래와 같은 결과가 나와야 합니다
root@manager:~/k8s-quiz/quiz1# k get pod -n quiz1
NAME READY STATUS RESTARTS AGE
my-nginx-deployment-7484748b57-bdvgp 1/1 Running 0 51s
my-nginx-deployment-7484748b57-crlpd 1/1 Running 0 51s
my-nginx-deployment-7484748b57-rf6zh 1/1 Running 0 51sapiVersion: v1
kind: Namespace
metadata:
name: quiz1
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-nginx-deployment
namespace: quiz1
spec:
replicas: 3
selector:
matchLabels:
app: my-nginx #
template:
metadata:
name: my-nginx-pod
labels:
app: my-nginx #
spec:
containers:
- name: nginx
image: nginx:1.10
ports:
- containerPort: 80☑ quiz 2
Q. 적절한 configmap 을 생성하고 파일을 통해 Pod 를 배포했을 때 아래와 같은 결과를 얻을 수 있어야 함
root@manager:~/k8s-quiz/quiz2# k get pod -n quiz2
NAME READY STATUS RESTARTS AGE
container-env-example 1/1 Running 0 20s
root@manager:~/k8s-quiz/quiz2# kubectl exec container-env-example -n quiz2 -- env
...
container=docker
k8s=kubernetes
...apiVersion: v1
kind: Namespace
metadata:
name: quiz2
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: quiz2
name: start-k8s
data:
container: docker
k8s: kubernetes
---
apiVersion: v1
kind: Pod
metadata:
namespace: quiz2
name: container-env-example
spec:
containers:
- name: my-container
image: busybox
args: ['tail', '-f', '/dev/null']
envFrom:
- configMapRef:
name: start-k8s☑ quiz 3
Q. kubectl apply -f '파일명' 입력한 뒤 포드와 서비스(노드포트) 를 배포했을 때 아래와 같은 결과가 출력되어야 한다. 이때 노드포트는 랜덤으로 할당된다.
root@manager:~/k8s-quiz/quiz3# k get svc -n quiz3
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
webserver-nodeport NodePort 10.101.201.102 <none> 8080:31714/TCP 65s또한 위와 같은 결과를 확인했을 경우 윈도우에서 브라우저를 열고 주소창에 'http://211.183.3.101:31714' 과 같이 입력했을 경우 nginx 의 페이지가 출력되어야 한다
apiVersion: v1
kind: Namespace
metadata:
name: quiz3
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: quiz3
name: test-deploy
spec:
replicas: 3
selector:
matchLabels:
app: webserver # label이 같아야 함
template:
metadata:
name: my-webserver
labels:
app: webserver # label이 같아야 함
spec:
containers:
- name: my-webserver
image: nginx:1.10
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
namespace: quiz3
name: webserver-nodeport
spec:
selector:
app: webserver # label이 같아야 함
ports:
- name: web-port
port: 8080
targetPort: 80
type: NodePort
☑ quiz 4
Q. ./deploy.sh 를 실행했을 경우 아래와 같은 결과가 출력되어야 하며 EXTERNAL-IP 주소를 웹브라우저에 입력했을 경우 nginx 페이지가 보여야 한다
root@manager:~/k8s-quiz/quiz4# k get svc -n quiz4
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx LoadBalancer 10.104.139.235 211.183.3.201 80:32495/TCP 13s- deploy.sh
#!/bin/bash
kubectl apply -f namespace.yaml
kubectl apply -f https://raw.githubusercontent.com/metallb/metallb/v0.12.1/manifests/metallb.yaml
kubectl apply -f deploy-lb-q.yaml- namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: metallb-system
labels:
app: metallb- deploy-lb-q.yaml
apiVersion: v1
kind: Namespace
metadata:
name: quiz4
---
apiVersion: v1
kind: ConfigMap
metadata:
namespace: metallb-system # MetalLB의 ConfigMap은 namespace가 metallb-system임
name: config
data:
config: |
address-pools:
- name: default
protocol: layer2
addresses:
- 211.183.3.201-211.183.3.239
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: quiz4
name: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
namespace: quiz4
name: nginx
labels:
app: nginx
spec:
externalTrafficPolicy: Local
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx
type: LoadBalancer
☑ quiz 5
Q. kubectl apply -f ingress-q.yaml 을 실행했을 경우 아래와 같은 결과가 출력되어야 하고
ADDRESS 의 주소로 웹 접속했을 경우 nginx 주소가 보여야 한다
root@manager:~/k8s-quiz/quiz5# k get ing -n quiz5
NAME CLASS HOSTS ADDRESS PORTS AGE
example-ingress <none> * 211.183.3.201 80 16m
root@manager:~/k8s-quiz/quiz5#또한 http://211.183.3.201/http 로 접속했을 때에는 httpd 의 기본페이지 내용인 "It works!" 가 보여야 한다
사전에 metallb 와 ingress-controller 가 설치되어 있어야 한다.
- ingress.sh
#!/bin/bash
kubectl apply -f \
https://raw.githubusercontent.com/kubernetes/ingress-nginx/controller-v1.1.2/deploy/static/provider/cloud/deploy.yaml
kubectl delete validatingwebhookconfiguration ingress-nginx-admission
kubectl apply -f ingress-q.yaml- ingress-q.yaml
apiVersion: v1
kind: Namespace
metadata:
name: quiz5
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: example-ingress
namespace: quiz5
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
kubernetes.io/ingress.class: "nginx"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: testweb-service
port:
number: 80
- path: /http
pathType: Prefix
backend:
service:
name: testhttp-service
port:
number: 80
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: quiz5
name: nginx-deployment
spec:
replicas: 3
selector:
matchLabels:
app: webserver
template:
metadata:
name: my-webserver
labels:
app: webserver
spec:
containers:
- name: my-webserver
image: nginx
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: testweb-service
namespace: quiz5
spec:
ports:
- name: web-port
port: 80
targetPort: 80
nodePort: 30001
selector:
app: webserver
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: quiz5
name: http-deployment
spec:
replicas: 3
selector:
matchLabels:
app: httpserver
template:
metadata:
name: my-httpserver
labels:
app: httpserver
spec:
containers:
- name: my-httpserver
image: httpd
ports:
- containerPort: 80
---
apiVersion: v1
kind: Service
metadata:
name: testhttp-service
namespace: quiz5
spec:
ports:
- name: http-port
port: 80
targetPort: 80
nodePort: 30002
selector:
app: httpserver
type: NodePort
☑ quiz 6
Q. 211.183.3.100 에 /voltest 를 생성하고 index.html 파일을 만들어둔다. 이후 nfs 서버를 실행한다.
kubectl apply -f 파일명 으로 포드를 배포한 뒤, kubectl get pod -n quiz6 를 통해 포드이름을 확인하고 "kubectl exec 포드이름 -n quiz6 -- curl localhost" 했을 때 /voltest/index.html 의 내용을 확인할 수 있어야 한다
apiVersion: v1
kind: Namespace
metadata:
name: quiz6
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: quiz6
name: static-nfs
spec:
replicas: 3
selector:
matchLabels:
app: nfs
template:
metadata:
labels:
app: nfs
spec:
containers:
- name: nginx
image: nginx
volumeMounts:
- name: nfs-volume
mountPath: /usr/share/nginx/html
volumes:
- name: nfs-volume
nfs:
server: 211.183.3.100
path: /voltestroot@manager:~/k8s-quiz/quiz6# k get pod -n quiz6
NAME READY STATUS RESTARTS AGE
static-nfs-c65566444-dt64z 1/1 Running 0 11s
static-nfs-c65566444-jnc26 1/1 Running 0 11s
static-nfs-c65566444-scv56 1/1 Running 0 11sroot@manager:~/k8s-quiz/quiz6# k exec static-nfs-c65566444-dt64z -n quiz6 -- curl http://localhost
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
100 6 100 6 0 0 857 0 --:--:-- --:--:-- --:--:-- 1000
Hello☑ quiz 7
Q. PVC를 연결한 포드는 배포된 뒤, 100MB 를 동일한 PV 와 연결된다
- pvpvc-q.yaml
apiVersion: v1
kind: Namespace
metadata:
name: quiz7
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: nfs-pv
spec:
storageClassName: "pvpvctest"
capacity:
storage: "100Mi"
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
server: 211.183.3.100
path: /voltest
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nfs-pvc
namespace: quiz7
spec:
storageClassName: "pvpvctest"
accessModes:
- ReadWriteMany
resources:
requests:
storage: "100Mi"
---
apiVersion: v1
kind: ResourceQuota
metadata:
namespace: quiz7
name: stgquota
spec:
hard:
persistentvolumeclaims: "4"
requests.storage: "400Mi"
---
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: quiz7
name: nfs-pv-pvc
spec:
replicas: 3
selector:
matchLabels:
app: nfs-pvc
template:
metadata:
labels:
app: nfs-pvc
spec:
containers:
- name: nginxpod
image: nginx
volumeMounts:
- name: nfs-vol
mountPath: /root
volumes:
- name: nfs-vol
persistentVolumeClaim:
claimName: nfs-pvc
☑ quiz 8
Q. 아래와 같이 testuser 계정으로 명령 실행시 service 에 대한 목록확인만 가능하도록 하시오.
root@manager:~/k8s-quiz/quiz8# kubectl get svc -n quiz8 --as system:serviceaccount:quiz8:testuser
No resources found in quiz8 namespace.
root@manager:~/k8s-quiz/quiz8#
root@manager:~/k8s-quiz/quiz8#
root@manager:~/k8s-quiz/quiz8# kubectl get pod -n quiz8 --as system:serviceaccount:quiz8:testuser
Error from server (Forbidden): pods is forbidden: User "system:serviceaccount:quiz8:testuser" cannot list resource "pods" in API group "" in the namespace "quiz8"- sa-q.yaml
apiVersion: v1
kind: Namespace
metadata:
name: quiz8
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: testuser
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: quiz8
name: test-service
rules:
- apiGroups: ["", "apps"]
resources: ["services"]
verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
namespace: quiz8
name: testrolebinding
subjects:
- kind: ServiceAccount
name: testuser
namespace: quiz8
roleRef:
kind: Role
name: test-service
apiGroup: rbac.authorization.k8s.io
take a look