-
Notifications
You must be signed in to change notification settings - Fork 532
/
Copy pathfeb25.txt
288 lines (288 loc) · 12.6 KB
/
feb25.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
1 git clone https://github.com/sandervanvugt/cka
2 cd cka
3 ls
4 ./setup-container.sh
5 systemctl status containerd
6 history
7 ls
8 ./setup-kubetools.sh
9 sudo kubeadm init
10 mkdir -p $HOME/.kube
11 kubectl get all
12 vim ~/.kube/config
13 kubectl config view
14 history
15 kubectl get pods -n kube-system
16 kubectl apply -f https://docs.projectcalico.org/manifests/calico.yaml
17 kubectl get pods -n kube-system
18 kubectl get nodes
19 history
20 kubectl kustomize https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gatway-api/standard?ref=v1.5.1 | kubectl apply -f -
21 kubectl kustomize https://github.com/nginxinc/nginx-gateway-fabric/config/crd/gateway-api/standard?ref=v1.5.1 | kubectl apply -f -
22 helm install ngf oci://ghcr.io/nginxinc/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway
23 helm
24 snap install helm
25 sudo snap install helm
26 sudo snap install helm --classic
27 helm install ngf oci://ghcr.io/nginxinc/charts/nginx-gateway-fabric --create-namespace -n nginx-gateway
28 kubectl get pods,svc -n nginx-gateway
29 kubectl get gc
30 source <(kubectl completion bash)
31 kubectl edit -n nginx-gateway svc ngf-nginx-gateway-fabric
32 kubectl create deploy nginxgw --image=nginx --replicas=3
33 kubectl expose deploy nginxgw --port=80
34 kubectl get endpoints
35 vim http-routing.yaml
36 kubectl apply -f http-routing.yaml
37 sudo vim /etc/hosts
38 kubectl -n nginx-gateway port-forward pods/ngf-nginx-gateway-fabric-cdc5dfc94-62l6x 8080:80 8443:443
39 bg
40 curl whatever.com:8080
41 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=whatever.com"
42 kubectl create secret tls gateway-tls --cert=tls.crt --key=tls.key
43 vim tls-gateway.yaml
44 kubectl apply -f tls-gateway.yaml
45 vim tls-gateway.yaml
46 kubectl apply -f tls-gateway.yaml
47 vim https-routing.yaml
48 kubectl apply -f https-routing.yaml
49 sudo apt install socat
50 sudo socat TCP4-LISTEN:80,fork TCP4:127.0.0.1:32080 &
51 sudo socat TCP4-LISTEN:443,fork TCP4:127.0.0.1:32443 &
52 curl -k https://whatever.com
53 ./counter.sh 12
54 vim tls-gateway.yaml
55 history
56 kubectl create quota qtest --help | less
57 #kubectl create quota qtest --hard pods=3,cpu=100m,memory=500Mi --namespace limited
58 kubectl create ns limited
59 kubectl create quota qtest --hard pods=3,cpu=100m,memory=500Mi --namespace limited
60 kubectl describe ns limited
61 kubectl create deploy nginx --image=nginx:latest --replicas=3 -n limited
62 kubectl get all -n limited
63 kubectl describe -n limited rs nginx-54c98b4f84
64 kubectl set resources deploy nginx --requests cpu=100m,memory=5Mi --limits cpu=200m,memory=200Mi -n limited
65 kubectl get pods -n limited
66 kubectl describe ns limited
67 kubectl edit quota -n limited
68 kubectl describe ns limited
69 kubectl explain limitrange.spec
70 kubectl explain limitrange.spec.limits
71 kubectl get ns
72 vim limitrange.yaml
73 kubectl get quota -n limited
74 kubectl delete quota -n limited
75 kubectl delete quota qtest -n limited
76 kubectl apply -f limitrange.yaml -n limited
77 kubectl describe ns limited
78 kubectl run limitpod --image=nginx -n limited
79 kubectl describe pod limitpod -n limiteds
80 kubectl describe pod limitpod -n limited
81 kubectl cordon worker1
82 kubectl edit node worker1
83 kubectl uncordon worker1
84 kubectl edit node control
85 kubectl get nodes
86 kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
87 kubectl get pods -n kube-system
88 kubectl edit deploy -n kube-system metrics-server
89 kubectl get pods -n kube-system
90 kubectl top pods
91 kubectl create deploy webstress --image=nginx
92 kubectl autoscale deploy webstress --min=2 --max=3 --cpu-percent=80
93 kubectl get hpa
94 kubectl autoscale deploy webstress --min=2 --max=5 --cpu-percent=80
95 kubectl get deploy webstress
96 history > /tmp/feb25.txt
97 kubectl edit deploy -n kube-system metrics-server
98 helm
99 helm repo add argo https://argoproj.github.io/argo-helm
100 helm repo update
101 helm search repo argo/argo-cd
102 helm template my-argo-cd argo/argo-cd --version 7.8.3 > argo-cd-template.yaml
103 vim argo-cd-template.yaml
104 helm show values argo/argo-cd > values.yaml
105 vim values.yaml
106 helm template my-argocd argo/argo-cd -f values.yaml > argo-cd-template.yaml
107 kubectl apply -f argo-cd-template.yaml
108 kubectl get svc
109 vim nwpolicy-complete-example.yaml
110 kubectl apply -f nwpolicy-complete-example.yaml
111 kubectl expose pod nginx --port=80
112 kubectl exec -it busybox -- wget --spider --timeout=1
113 kubectl exec -it busybox -- wget --spider --timeout=1 nginx
114 kubectl get svc
115 kubectl get nwp
116 kubectl get netpol
117 kubectl describe netpol access-nginx
118 kubectl label pod busybox access=true
119 kubectl exec -it busybox -- wget --spider --timeout=1 nginx
120 history
121 kubectl create ns nwp-namespace
122 vim nwp-lab10-1.yaml
123 kubectl create -f nwp-lab10-1.yaml
124 kubectl expose pod nwp-nginx --port=80
125 kubectl exec -it nwp-busybox -n nwp-namespace -- wget --spider --timeout=1 nwp-nginx
126 kubectl exec -it nwp-busybox -n nwp-namespace -- nslookup nwp-nginx
127 kubectl exec -it nwp-busybox -n nwp-namespace -- wget --spider --timeout=1 nwp-nginx.default.svc.cluster.local
128 vim nwp-lab10-2.yaml
129 kubectl apply -f nwp-lab10-2.yaml
130 kubectl exec -it nwp-busybox -n nwp-namespace -- wget --spider --timeout=1 nwp-nginx.default.svc.cluster.local
131 kubectl create deploy busybox --image=busybox -- sleep 3600
132 kubectl exec -it busybox-5c684d4858-9ckll -- wget --spider --timeout=1 nwp-nginx
133 kubectl exec -it busybox-5c684d4858-9ckll -- cat /etc/resolv.conf
134 kubectl cluster-info
135 kubectl cluster-info dump | less
136 history
137 kubectl delete netpol access-nginx
138 kubectl delete netpol deny-from-other-namespaces
139 kubectl create ns restricted
140 kubectl run -h | less
141 kubectl run nginx --image=nginx -n restricted
142 kubectl -n restricted expose pod nginx
143 kubectl -n restricted expose pod nginx --port=80
144 kubectl get pods
145 kubectl get pods --show-labels
146 history
147 kubectl delete -f argo-cd-template.yaml
148 vim apiVersion: networking.k8s.io/v1
149 kind: NetworkPolicy
150 metadata:
151 spec:
152 vim netpol.yaml
153 kubectl get pods -n restricted --show-labels
154 vim netpol.yaml
155 kubectl get ns --show-labels
156 vim netpol.yaml
157 kubectl expose -n restricted nginx --port=80
158 kubectl expose -n restricted pod nginx --port=80
159 kubectl get pods
160 history | grep wget
161 kubectl exec -it busybox -- wget --spider --timeout=1 nginx.restricted.svc.cluster.local
162 kubectl get netpol -n restricted
163 kubectl apply -f netpol.yaml
164 vim netpol.yaml
165 kubectl apply -f netpol.yaml
166 kubectl exec -it busybox -- wget --spider --timeout=1 nginx.restricted.svc.cluster.local
167 kubectl label pod busybox access-
168 kubectl label pod busybox access="yes"
169 kubectl get pods --show-labels
170 kubectl exec -it busybox -- wget --spider --timeout=1 nginx.restricted.svc.cluster.local
171 history
172 cat netpol.yaml
173 kubectl describe node worker1
174 kubectl top node
175 kubectl top pods
176 kubectl get pods -n kube-system
177 cd /etc/kubernetes/manifests/
178 ls
179 vim kube-apiserver.yaml
180 sudo vim kube-apiserver.yaml
181 cd
182 kubectl run staticpod --image=nginx --dry-run=client -o yaml
183 kubectl get pods
184 ps aux | grep kubelet
185 sudo vim /var/lib/kubelet/config.yaml
186 kubectl top pods
187 sudo apt install etcd-client
188 sudo etcdctl --help
189 ls /etc/pki/
190 ls /etc/kubernetes/pki/etcd/
191 ps aux | grep etcd
192 sudo etcdctl --endpoint=localhost:2379 --cacert /etc/kubernetes/pki/etc/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etc/server.key get / --prefix --keys-only
193 sudo etcdctl --endpoints=localhost:2379 --cacert /etc/kubernetes/pki/etc/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etc/server.key get / --prefix --keys-only
194 sudo etcdctl --endpoints=localhost:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key get / --prefix --keys-only
195 sudo etcdctl --endpoints=localhost:2379 --cacert /etc/kubernetes/pki/etcd/ca.crt --cert /etc/kubernetes/pki/etcd/server.crt --key /etc/kubernetes/pki/etcd/server.key snapshot save /tmp/etcdbackup.db
196 ls -l /tmp/etcdbackup.db
197 sudo etcdctl --write-out=table snapshot status /tmp/etcdbackup.db
198 cp /tmp/etcdbackup.db /tmp/etcdbackup.db.bak
199 sudo cp /tmp/etcdbackup.db /tmp/etcdbackup.db.bak
200 kubectl get deploy
201 kubectl delete deploy busybox nginxgw webstress
202 cd /etc/kubernetes/manifests/
203 ls
204 sudo mv * ..
205 ls
206 sudo crictl ps
207 sudo mv /var/lib/etcd /var/lib/etcd-backup
208 sudo etcdctl snapshot restore /tmp/etcdbackup.db --data-dir /var/lib/etcd
209 sudo ls -l /var/lib/etcd
210 sudo ls -l /var/lib/etcd/member
211 cd ..
212 cd manifests/
213 ls
214 sudo mv ../*.yaml .
215 sudo crictl ps
216 kubectl get deploy
217 sudo apt update
218 sudo apt-cache madison kubeadm
219 kubectl get nodes
220 cd
221 cd cka/
222 vim selector-pod.yaml
223 kubectl apply -f selector-pod.yaml
224 vim selector-pod.yaml
225 kubectl apply -f selector-pod.yaml
226 kubectl get pods
227 kubectl describe pod nginxabc
228 kubectl label nodes worker2 disktype=ssd
229 kubectl get pods
230 history
231 kubectl get nodes
232 kubectl get pods -o wide
233 kubectl describe node worker1
234 kubectl create deploy taintet --image=nginx --replicas=10
235 kubectl get pods -o wide
236 kubectl get nodes
237 kubectl describe node worker1 | less
238 kubectl edit node worker1
239 kubectl describe node worker1 | less
240 kubectl taint nodes worker1 storage=ssd:NoSchedule
241 kubectl describe nodes worker1 | less
242 kubectl create deploy nginx-taint --image=nginx --replicas=3
243 kubectl get pods -o wide
244 kubectl delete deploy taintet
245 kubectl delete deploy nginx-taint
246 vim taint-toleration.yaml
247 kubectl get pods -o wide
248 kubectl create -f taint-toleration.yaml
249 kubectl get pods -o wide
250 kubectl delete -f taint-toleration.yaml
251 kubectl create deploy taintet --image=nginx --replicas=10
252 kubectl get pods -o wide
253* kubectl create -f taint-toleration.yaml
254 kubectl get pods -o wide | grep toler
255 vim taint-toleration2.yaml
256 kubectl apply -f taint-toleration2.yaml
257 kubectl get pods -o wide | grep toler
258 kubectl get pods -o wide | grep hdd
259 kubectl edit node worker1
260 kubectl get pod -o wide
261 kubectl create role --help | less
262 kubectl create ns roles
263 kubectl create role --help | less
264 kubectl create role viewer --verb=get --verb=list --verb=watch --resource=pods -n roles
265 kubectl get pods nginx -o yaml | less
266 kubectl create sa viewers -n roles
267 kubectl create rolebinding --help | less
268 # kubectl create rolebinding admin-binding --role=admin --serviceaccount=monitoring:sa-dev
269 kubectl create rolebinding viewers --role-viewer --serviceaccount=roles:viewers -n roles
270 kubectl create rolebinding viewers --role=viewer --serviceaccount=roles:viewers -n roles
271 kubectl run viewpod --image=nginx --dry-run=client -o yaml
272 vim viewoid.yaml
273 kubectl apply -f viewoid.yaml
274 vim viewoid.yaml
275 kubectl apply -f viewoid.yaml
276 kubectl get pods viewpod -n roles -o yaml | less
277 kubectl describe -n roles rolebindings.rbac.authorization.k8s.io
278 kubectl run mypod --image=alpine -- sleep 3600
279 kubectl get pods mypod -o yaml
280 kubectl exec -it mypod -- sh
281 kubectl create sa mysa
282 kubectl create role list-pods --resource=pods --verb=list
283 kubectl create rolebinding list-pods --role=list-pods --serviceaccount=default:mysa
284 cat mysapod.yaml
285 kubectl apply -f mysapod.yaml
286 kubectl exec -it mysapod -- sh
287 history
288 history > /tmp/feb25.txt