4 - Configuration Flashcards

1
Q

Create a configmap named config with values foo=lala,foo2=lolo

A

kubectl create configmap config –from-literal=foo=lala –from-literal=foo2=lolo

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Display its values

A

kubectl get cm config -o yaml
# or
kubectl describe cm config

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Create and display a configmap from a file

A

echo -e “foo3=lili\nfoo4=lele” > config.txt

kubectl create cm configmap2 –from-file=config.txt
kubectl get cm configmap2 -o yaml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Create and display a configmap from a .env file
Create the file with the command

echo -e “var1=val1\n# this is a comment\n\nvar2=val2\n#anothercomment” > config.env

A

kubectl create cm configmap3 –from-env-file=config.env
kubectl get cm configmap3 -o yaml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Create and display a configmap from a file, giving the key ‘special’
Create the file with

echo -e “var3=val3\nvar4=val4” > config4.txt

A

kubectl create cm configmap4 –from-file=special=config4.txt
kubectl describe cm configmap4
kubectl get cm configmap4 -o yaml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Create a configMap called ‘options’ with the value var5=val5. Create a new nginx pod that loads the value from variable ‘var5’ in an env variable called ‘option’

A

kubectl create cm options –from-literal=var5=val5
kubectl run nginx –image=nginx –restart=Never –dry-run=client -o yaml > pod.yaml
vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
env:
- name: option # name of the env variable
valueFrom:
configMapKeyRef:
name: options # name of config map
key: var5 # name of the entity in config map
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
kubectl create -f pod.yaml
kubectl exec -it nginx – env | grep option # will show ‘option=val5’

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Create a configMap ‘anotherone’ with values ‘var6=val6’, ‘var7=val7’. Load this configMap as env variables into a new nginx pod

A

kubectl create configmap anotherone –from-literal=var6=val6 –from-literal=var7=val7
kubectl run –restart=Never nginx –image=nginx -o yaml –dry-run=client > pod.yaml
vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
envFrom: # different than previous one, that was ‘env’
- configMapRef: # different from the previous one, was ‘configMapKeyRef’
name: anotherone # the name of the config map
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
kubectl create -f pod.yaml
kubectl exec -it nginx – env

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Create a configMap ‘cmvolume’ with values ‘var8=val8’, ‘var9=val9’. Load this as a volume inside an nginx pod on path ‘/etc/lala’. Create the pod and ‘ls’ into the ‘/etc/lala’ directory.

A

kubectl create configmap cmvolume –from-literal=var8=val8 –from-literal=var9=val9
kubectl run nginx –image=nginx –restart=Never -o yaml –dry-run=client > pod.yaml
vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
volumes: # add a volumes list
- name: myvolume # just a name, you’ll reference this in the pods
configMap:
name: cmvolume # name of your configmap
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
volumeMounts: # your volume mounts are listed here
- name: myvolume # the name that you specified in pod.spec.volumes.name
mountPath: /etc/lala # the path inside your container
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
kubectl create -f pod.yaml
kubectl exec -it nginx – /bin/sh
cd /etc/lala
ls # will show var8 var9
cat var8 # will show val8

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Create the YAML for an nginx pod that runs with the user ID 101. No need to create the pod

A

kubectl run nginx –image=nginx –restart=Never –dry-run=client -o yaml > pod.yaml
vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
securityContext: # insert this line
runAsUser: 101 # UID for the user
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Create the YAML for an nginx pod that has the capabilities “NET_ADMIN”, “SYS_TIME” added to its single container

A

kubectl run nginx –image=nginx –restart=Never –dry-run=client -o yaml > pod.yaml
vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
securityContext: # insert this line
capabilities: # and this
add: [“NET_ADMIN”, “SYS_TIME”] # this as well
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Create an nginx pod with requests cpu=100m,memory=256Mi and limits cpu=200m,memory=512Mi

A

kubectl run nginx –image=nginx –dry-run=client -o yaml > pod.yaml
vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
memory: “256Mi”
cpu: “100m”
limits:
memory: “512Mi”
cpu: “200m”
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Create a namespace named limitrange with a LimitRange that limits pod memory to a max of 500Mi and min of 100Mi

A

kubectl create ns one
vi 1.yaml

apiVersion: v1
kind: LimitRange
metadata:
name: ns-memory-limit
namespace: one
spec:
limits:
- max: # max and min define the limit range
memory: “500Mi”
min:
memory: “100Mi”
type: Container
kubectl apply -f 1.yaml

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Describe the namespace limitrange

A

kubectl describe limitrange ns-memory-limit -n one

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Create an nginx pod that requests 250Mi of memory in the limitrange namespace

A

apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
namespace: one
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
memory: “250Mi”
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Create ResourceQuota in namespace one with hard requests cpu=1, memory=1Gi and hard limits cpu=2, memory=2Gi.

A

apiVersion: v1
kind: ResourceQuota
metadata:
name: my-rq
namespace: one
spec:
hard:
requests.cpu: “1”
requests.memory: 1Gi
limits.cpu: “2”
limits.memory: 2Gi
kubectl apply -f rq-one.yaml
or

kubectl create quota my-rq –namespace=one –hard=requests.cpu=1,requests.memory=1Gi,limits.cpu=2,limits.memory=2Gi

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Attempt to create a pod with resource requests cpu=2, memory=3Gi and limits cpu=3, memory=4Gi in namespace one

A

vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
namespace: one
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
memory: “3Gi”
cpu: “2”
limits:
memory: “4Gi”
cpu: “3”
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}
kubectl create -f pod.yaml

17
Q

Create a pod with resource requests cpu=0.5, memory=1Gi and limits cpu=1, memory=2Gi in namespace one

A

apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
namespace: one
spec:
containers:
- image: nginx
name: nginx
resources:
requests:
memory: “1Gi”
cpu: “0.5”
limits:
memory: “2Gi”
cpu: “1”
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}

18
Q

Create a secret called mysecret with the values password=mypass

A

kubectl create secret generic mysecret –from-literal=password=mypass

19
Q

Create a secret called mysecret2 that gets key/value from a file
Create a file called username with the value admin:

echo -n admin > username

A

kubectl create secret generic mysecret2 –from-file=username

20
Q

Get the value of mysecret2

A

kubectl get secret mysecret2 -o yaml
echo -n YWRtaW4= | base64 -d # on MAC it is -D, which decodes the value and shows ‘admin’
Alternative using –jsonpath:

kubectl get secret mysecret2 -o jsonpath=’{.data.username}’ | base64 -d # on MAC it is -D

21
Q

Create an nginx pod that mounts the secret mysecret2 in a volume on path /etc/foo

A

apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
volumes: # specify the volumes
- name: foo # this name will be used for reference inside the container
secret: # we want a secret
secretName: mysecret2 # name of the secret - this must already exist on pod creation
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
volumeMounts: # our volume mounts
- name: foo # name on pod.spec.volumes
mountPath: /etc/foo #our mount path
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}

22
Q

Delete the pod you just created and mount the variable ‘username’ from secret mysecret2 onto a new nginx pod in env variable called ‘USERNAME’

A

apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
env: # our env variables
- name: USERNAME # asked name
valueFrom:
secretKeyRef: # secret reference
name: mysecret2 # our secret’s name
key: username # the key of the data in the secret
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}
kubectl create -f pod.yaml
kubectl exec -it nginx – env | grep USERNAME | cut -d ‘=’ -f 2 # will show ‘admin’

23
Q

Create a Secret named ‘ext-service-secret’ in the namespace ‘secret-ops’. Then, provide the key-value pair API_KEY=LmLHbYhsgWZwNifiqaRorH8T as literal.

A

export ns=”-n secret-ops”
export do=”–dry-run=client -oyaml”
k create secret generic ext-service-secret –from-literal=API_KEY=LmLHbYhsgWZwNifiqaRorH8T $ns $do > sc.yaml
k apply -f sc.yaml

24
Q

Consuming the Secret. Create a Pod named ‘consumer’ with the image ‘nginx’ in the namespace ‘secret-ops’ and consume the Secret as an environment variable. Then, open an interactive shell to the Pod, and print all environment variables.

A

export ns=”-n secret-ops”
export do=”–dry-run=client -oyaml”
k run consumer –image=nginx $ns $do > nginx.yaml
vi nginx.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: consumer
name: consumer
namespace: secret-ops
spec:
containers:
- image: nginx
name: consumer
resources: {}
env:
- name: API_KEY
valueFrom:
secretKeyRef:
name: ext-service-secret
key: API_KEY
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}

25
Q

Create a Secret named ‘my-secret’ of type ‘kubernetes.io/ssh-auth’ in the namespace ‘secret-ops’. Define a single key named ‘ssh-privatekey’, and point it to the file ‘id_rsa’ in this directory.

A

Tips, export to variable

export do=”–dry-run=client -oyaml”
export ns=”-n secret-ops”

ssh-keygen

k create secret generic my-secret $ns –type=”kubernetes.io/ssh-auth” –from-file=ssh-privatekey=id_rsa $do > sc.yaml
k apply -f sc.yaml

26
Q

Create a Pod named ‘consumer’ with the image ‘nginx’ in the namespace ‘secret-ops’, and consume the Secret as Volume. Mount the Secret as Volume to the path /var/app with read-only access. Open an interactive shell to the Pod, and render the contents of the file.

A

Tips, export to variable

export ns=”-n secret-ops”
export do=”–dry-run=client -oyaml”
k run consumer –image=nginx $ns $do > nginx.yaml
vi nginx.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: consumer
name: consumer
namespace: secret-ops
spec:
containers:
- image: nginx
name: consumer
resources: {}
volumeMounts:
- name: foo
mountPath: “/var/app”
readOnly: true
volumes:
- name: foo
secret:
secretName: my-secret
optional: true
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}

27
Q

See all the service accounts of the cluster in all namespaces

A

kubectl get sa –all-namespaces

28
Q

Create a new serviceaccount called ‘myuser’

A

kubectl create sa myuser
Alternatively:

let’s get a template easily
kubectl get sa default -o yaml > sa.yaml
vim sa.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: myuser
kubectl create -f sa.yaml

29
Q

Create an nginx pod that uses ‘myuser’ as a service account

A

kubectl run nginx –image=nginx –restart=Never -o yaml –dry-run=client > pod.yaml
vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: nginx
name: nginx
spec:
serviceAccountName: myuser # we use pod.spec.serviceAccountName
containers:
- image: nginx
imagePullPolicy: IfNotPresent
name: nginx
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Never
status: {}

30
Q

Generate an API token for the service account ‘myuser’

A

kubectl create token myuser