901 お客様のコメント
質問 1:
Set Configuration Context:
[student@node-1] $ | kubectl
Config use-context k8s
Context
A container within the poller pod is hard-coded to connect the nginxsvc service on port 90 . As this port changes to 5050 an additional container needs to be added to the poller pod which adapts the container to connect to this new port. This should be realized as an ambassador container within the pod.
Task
* Update the nginxsvc service to serve on port 5050.
* Add an HAproxy container named haproxy bound to port 90 to the poller pod and deploy the enhanced pod.
Use the image haproxy and inject the configuration located at /opt/KDMC00101/haproxy.cfg, with a ConfigMap named haproxy-config, mounted into the container so that haproxy.cfg is available at /usr/local/etc
/haproxy/haproxy.cfg. Ensure that you update the args of the poller container to connect to localhost instead of nginxsvc so that the connection is correctly proxied to the new service endpoint. You must not modify the port of the endpoint in poller's args . The spec file used to create the initial poller pod is available in /opt
/KDMC00101/poller.yaml
正解:
See the solution below.
Explanation:
Solution:
To update the nginxsvc service to serve on port 5050, you will need to edit the service's definition yaml file.
You can use the kubectl edit command to edit the service in place.
kubectl edit svc nginxsvc
This will open the service definition yaml file in your default editor. Change the targetPort of the service to
5050 and save the file.
To add an HAproxy container named haproxy bound to port 90 to the poller pod, you will need to edit the pod's definition yaml file located at /opt/KDMC00101/poller.yaml.
You can add a new container to the pod's definition yaml file, with the following configuration:
containers:
- name: haproxy
image: haproxy
ports:
- containerPort: 90
volumeMounts:
- name: haproxy-config
mountPath: /usr/local/etc/haproxy/haproxy.cfg
subPath: haproxy.cfg
args: ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
This will add the HAproxy container to the pod and configure it to listen on port 90. It will also mount the ConfigMap haproxy-config to the container, so that haproxy.cfg is available at /usr/local/etc/haproxy/haproxy.
cfg.
To inject the configuration located at /opt/KDMC00101/haproxy.cfg to the container, you will need to create a ConfigMap using the following command:
kubectl create configmap haproxy-config --from-file=/opt/KDMC00101/haproxy.cfg You will also need to update the args of the poller container so that it connects to localhost instead of nginxsvc. You can do this by editing the pod's definition yaml file and changing the args field to args:
["poller","--host=localhost"].
Once you have made these changes, you can deploy the updated pod to the cluster by running the following command:
kubectl apply -f /opt/KDMC00101/poller.yaml
This will deploy the enhanced pod with the HAproxy container to the cluster. The HAproxy container will listen on port 90 and proxy connections to the nginxsvc service on port 5050. The poller container will connect to localhost instead of nginxsvc, so that the connection is correctly proxied to the new service endpoint.
Please note that, this is a basic example and you may need to tweak the haproxy.cfg file and the args based on your use case.
質問 2:
You nave a Deployment tnat runs an application that requires specific environment variables to be set. These variables snould be different for each Pod in the Deployment- How would you use a Daemonset to generate unique environment variables for each Pod based on its hostname?
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Create a DaemonSet:
- Define a Daemonset named 'env-generator' that will run a container on every node in the cluster.
- The container in the Daemonset will be responsible tor generating unique environment variables for each Pod.
- Replace 'your-env-generator-image:latest with the actual image you want to use for the DaemonSet.
質問 3:
You are working on a Kubernetes application that requires a scheduled job to run a data processing script every day at midnight. The script takes approximately 30 minutes to complete and requires access to a persistent volume to store its output dat a. How would you create a Job resource that meets these requirements?
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Create a Persistent Volume Claim:
- Define a Persistent Volume Claim (PVC) to request the necessary storage space.
- Specify the access mode and storage class according to your cluster configuration.
2. Define the Job Resource: - Create a Job resource With a 'cronJob' schedule to trigger the execution at midnight every day. - Specify the 'backoffLimit' to control the number of retries in case of failures. - Define the 'spec-template.spec.containers' section for the container running the data processing script. - Mount the PVC to the container using 'volumeMounts'.
3. Create the Job: - Apply the Job YAML file using 'kubectl apply -f data-processing-job.yamr 4. Verify Job Execution: - Use 'kubectl get jobS to monitor the status of the Job. - Check the 'status. completionTime' to verify that the Job completed successfully. - Verity that the output data is stored in the mounted persistent volume. 5. Update the Script - Update the 'your-data-processing-script.sh" with the necessary commands to process the data and store the output in the "ldata' directory. 6. Monitor the Job: - Continuously monitor the Job's status and logs using 'kubectl logs' to ensure it runs correctly. Note: Replace 'your-image-namelatest and 'your-data-processing-scriptsh' with the actual image name and script file respectively,
質問 4:
Task:
1) Create a secret named app-secret in the default namespace containing the following single key-value pair:
Key3: value1
2) Create a Pod named ngnix secret in the default namespace.Specify a single container using the nginx:stable image.
Add an environment variable named BEST_VARIABLE consuming the value of the secret key3.
正解:
See the solution below.
Explanation:
Solution:
質問 5:
You have a Kustomization file that defines a Deployment with two replicas. You want to configure the deployment to use a different image tag based on the environment it is deployed to- For example, in the 'dev' environment, the image tag should be 'example/nginx:dev' , while in the 'prod' environment, it should be 'example:nginx:prod'. Describe how to achieve this using Kustomize.
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a base Kustomization file:
resources :
- deployment. yaml
2. Create a deployment-yaml file:
3. Create environment-specific overlays: - For dev environment
- For prod environment:
4. Create a patch.yaml file:
5. Apply Kustomize: - For dev environment: bash Kustomize dev I oubect1 apply -f - - For prod environment: bash Kustomize prod I oubect1 apply -f - - The base customization file defines the resources that are included in the deployment. - The environment-specific overlays patch the base resources With the appropriate image tag. - The patchesStrategicMerge' field applies the patch.yaml tile to the deployment. - The '{{.environment}Y placeholder in the patch file is replaced with the actual environment name when Kustomize is applied. This approach allows you to easily manage and deploy your applications to different environments with specific configuration settings.
質問 6:
You need to configure a PodSecurityPolicy to restrict tne capabilities of pods running in your Kubernetes cluster. You want to create a policy that allows pods to use only specific capabilities and prevent them from accessing host resources.
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a P0dSecurityP01icy:
- Create a PodSecurityPolicy YAML configuration file:
2. Apply the PodSecurityPolicy: - Apply the PodSecurityPolicy configuration to your Kubernetes cluster: basn kubectl apply -f restricted-pod-policy-yaml 3. Bind the Policy to ServiceAccount: - Create a RoleBinding or ClusterRoleBinding to bind the PodSecurityPolicy to a specific ServiceAccount or all users. - For example, to bind it to a ServiceAccount:
4. Test tne Policy: - Create a pod using the ServiceAccount that has the PodSecurityPolicy applied. - Verify that tne pod cannot access host resources or use unauthorized capabilities.
Set Configuration Context:
[student@node-1] $ | kubectl
Config use-context k8s
Context
A container within the poller pod is hard-coded to connect the nginxsvc service on port 90 . As this port changes to 5050 an additional container needs to be added to the poller pod which adapts the container to connect to this new port. This should be realized as an ambassador container within the pod.
Task
* Update the nginxsvc service to serve on port 5050.
* Add an HAproxy container named haproxy bound to port 90 to the poller pod and deploy the enhanced pod.
Use the image haproxy and inject the configuration located at /opt/KDMC00101/haproxy.cfg, with a ConfigMap named haproxy-config, mounted into the container so that haproxy.cfg is available at /usr/local/etc
/haproxy/haproxy.cfg. Ensure that you update the args of the poller container to connect to localhost instead of nginxsvc so that the connection is correctly proxied to the new service endpoint. You must not modify the port of the endpoint in poller's args . The spec file used to create the initial poller pod is available in /opt
/KDMC00101/poller.yaml
正解:
See the solution below.
Explanation:
Solution:
To update the nginxsvc service to serve on port 5050, you will need to edit the service's definition yaml file.
You can use the kubectl edit command to edit the service in place.
kubectl edit svc nginxsvc
This will open the service definition yaml file in your default editor. Change the targetPort of the service to
5050 and save the file.
To add an HAproxy container named haproxy bound to port 90 to the poller pod, you will need to edit the pod's definition yaml file located at /opt/KDMC00101/poller.yaml.
You can add a new container to the pod's definition yaml file, with the following configuration:
containers:
- name: haproxy
image: haproxy
ports:
- containerPort: 90
volumeMounts:
- name: haproxy-config
mountPath: /usr/local/etc/haproxy/haproxy.cfg
subPath: haproxy.cfg
args: ["haproxy", "-f", "/usr/local/etc/haproxy/haproxy.cfg"]
This will add the HAproxy container to the pod and configure it to listen on port 90. It will also mount the ConfigMap haproxy-config to the container, so that haproxy.cfg is available at /usr/local/etc/haproxy/haproxy.
cfg.
To inject the configuration located at /opt/KDMC00101/haproxy.cfg to the container, you will need to create a ConfigMap using the following command:
kubectl create configmap haproxy-config --from-file=/opt/KDMC00101/haproxy.cfg You will also need to update the args of the poller container so that it connects to localhost instead of nginxsvc. You can do this by editing the pod's definition yaml file and changing the args field to args:
["poller","--host=localhost"].
Once you have made these changes, you can deploy the updated pod to the cluster by running the following command:
kubectl apply -f /opt/KDMC00101/poller.yaml
This will deploy the enhanced pod with the HAproxy container to the cluster. The HAproxy container will listen on port 90 and proxy connections to the nginxsvc service on port 5050. The poller container will connect to localhost instead of nginxsvc, so that the connection is correctly proxied to the new service endpoint.
Please note that, this is a basic example and you may need to tweak the haproxy.cfg file and the args based on your use case.
質問 2:
You nave a Deployment tnat runs an application that requires specific environment variables to be set. These variables snould be different for each Pod in the Deployment- How would you use a Daemonset to generate unique environment variables for each Pod based on its hostname?
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Create a DaemonSet:
- Define a Daemonset named 'env-generator' that will run a container on every node in the cluster.
- The container in the Daemonset will be responsible tor generating unique environment variables for each Pod.
- Replace 'your-env-generator-image:latest with the actual image you want to use for the DaemonSet.
質問 3:
You are working on a Kubernetes application that requires a scheduled job to run a data processing script every day at midnight. The script takes approximately 30 minutes to complete and requires access to a persistent volume to store its output dat a. How would you create a Job resource that meets these requirements?
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
I). Create a Persistent Volume Claim:
- Define a Persistent Volume Claim (PVC) to request the necessary storage space.
- Specify the access mode and storage class according to your cluster configuration.
2. Define the Job Resource: - Create a Job resource With a 'cronJob' schedule to trigger the execution at midnight every day. - Specify the 'backoffLimit' to control the number of retries in case of failures. - Define the 'spec-template.spec.containers' section for the container running the data processing script. - Mount the PVC to the container using 'volumeMounts'.
3. Create the Job: - Apply the Job YAML file using 'kubectl apply -f data-processing-job.yamr 4. Verify Job Execution: - Use 'kubectl get jobS to monitor the status of the Job. - Check the 'status. completionTime' to verify that the Job completed successfully. - Verity that the output data is stored in the mounted persistent volume. 5. Update the Script - Update the 'your-data-processing-script.sh" with the necessary commands to process the data and store the output in the "ldata' directory. 6. Monitor the Job: - Continuously monitor the Job's status and logs using 'kubectl logs' to ensure it runs correctly. Note: Replace 'your-image-namelatest and 'your-data-processing-scriptsh' with the actual image name and script file respectively,
質問 4:
Task:
1) Create a secret named app-secret in the default namespace containing the following single key-value pair:
Key3: value1
2) Create a Pod named ngnix secret in the default namespace.Specify a single container using the nginx:stable image.
Add an environment variable named BEST_VARIABLE consuming the value of the secret key3.
正解:
See the solution below.
Explanation:
Solution:
質問 5:
You have a Kustomization file that defines a Deployment with two replicas. You want to configure the deployment to use a different image tag based on the environment it is deployed to- For example, in the 'dev' environment, the image tag should be 'example/nginx:dev' , while in the 'prod' environment, it should be 'example:nginx:prod'. Describe how to achieve this using Kustomize.
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a base Kustomization file:
resources :
- deployment. yaml
2. Create a deployment-yaml file:
3. Create environment-specific overlays: - For dev environment
- For prod environment:
4. Create a patch.yaml file:
5. Apply Kustomize: - For dev environment: bash Kustomize dev I oubect1 apply -f - - For prod environment: bash Kustomize prod I oubect1 apply -f - - The base customization file defines the resources that are included in the deployment. - The environment-specific overlays patch the base resources With the appropriate image tag. - The patchesStrategicMerge' field applies the patch.yaml tile to the deployment. - The '{{.environment}Y placeholder in the patch file is replaced with the actual environment name when Kustomize is applied. This approach allows you to easily manage and deploy your applications to different environments with specific configuration settings.
質問 6:
You need to configure a PodSecurityPolicy to restrict tne capabilities of pods running in your Kubernetes cluster. You want to create a policy that allows pods to use only specific capabilities and prevent them from accessing host resources.
正解:
See the solution below with Step by Step Explanation.
Explanation:
Solution (Step by Step) :
1. Create a P0dSecurityP01icy:
- Create a PodSecurityPolicy YAML configuration file:
2. Apply the PodSecurityPolicy: - Apply the PodSecurityPolicy configuration to your Kubernetes cluster: basn kubectl apply -f restricted-pod-policy-yaml 3. Bind the Policy to ServiceAccount: - Create a RoleBinding or ClusterRoleBinding to bind the PodSecurityPolicy to a specific ServiceAccount or all users. - For example, to bind it to a ServiceAccount:
4. Test tne Policy: - Create a pod using the ServiceAccount that has the PodSecurityPolicy applied. - Verify that tne pod cannot access host resources or use unauthorized capabilities.
Ohtani -
豊富な例題と確認問題で実力もアップできると思う。この本を使って、今年合格しました。