1. Identify the certificate file used for the kube-api server
cat /ect/kubernetes/manifess/kube-apiserver.yaml
A) /etc/kubernetes/apiserver.crt
2. Identify the Certificate file used to authenticate kube-apiserver as a client to ETCD Server
A) /etc/kubernetes/pki/apiserver-etcd-client.crt
3.Identify the key used to authenticate kubeapi-server to the kubelet server
A) etc/kubernetes/pki/apiserver-kubelet-client.key
4.Identify the ETCD Server Certificate used to host ETCD server
k describe pod etcd-controlplane -n kube-system
A) /etc/kubernetes/pki/etcd/server.crt
5.Identify the ETCD Server CA Root Certificate used to serve ETCD Server.
ETCD can have its own CA. So this may be a different CA certificate than the one used by kube-api server.
A) etc/kubernetes/pki/etcd/ca.crt
6.What is the Common Name (CN) configured on the Kube API Server Certificate?
OpenSSL Syntax: openssl x509 -in file-path.crt -text -noout
# cat /etc/kubernetes/manifests/kube-apiserver.yaml
: --tls-cert-file 경로 찾기
# openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text
A) kube-apiserver
7. What is the name of the CA who issued the Kube API Server Certificate?
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text
A) kubernetes
8.Which of the below alternate names is not configured on the Kube API Server Certificate?
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text
A) kubernets-Master
9.What is the Common Name (CN) configured on the ETCD Server certificate?
?? 왜지.. ??
A) controlplane
10.How long, from the issued date, is the Kube-API Server Certificate valid for?
File: /etc/kubernetes/pki/apiserver.crt
A) 1 year
11.How long, from the issued date, is the Root CA Certificate valid for? File: /etc/kubernetes/pki/ca.crt
kubeadm certs check-expiration
A) 10years
12.Kubectl suddenly stops responding to your commands. Check it out! Someone recently modified the /etc/kubernetes/manifests/etcd.yaml file
You are asked to investigate and fix the issue. Once you fix the issue wait for sometime for kubectl to respond. Check the logs of the ETCD container.
-
Fix the kube-api server
(전)
(후)
A) ok
13.The kube-api server stopped again! Check it out. Inspect the kube-api server logs and identify the root cause and fix the issue.
Run docker ps -a command to identify the kube-api server container. Run docker logs container-id command to view the logs.
docker ps -a | grep apiserver
vi kube-apiserver.yaml
A) ok
'cloud > k8s(문제풀이)' 카테고리의 다른 글
| [cka]kodekloud-kubeconfig (마지막문제 ..) (0) | 2022.06.27 |
|---|---|
| [cka]kodekloud-certificates API (0) | 2022.06.27 |
| [cka] kodekloud-Backup and Restore (0) | 2022.06.22 |
| [cka]kodekloud-cluster upgrade process (0) | 2022.06.22 |
| [cka]kodekloud-os UPgrade (0) | 2022.06.21 |
