It's taken me nearly a year, but I finally figured out one of the questions that stumped me in my CKAD (writeup: https://blenderfox.com/2019/12/01/ckad-writeup/)
In the exam, the question was to terminate a cronjob if it lasts longer than 17 seconds. There’s a startup deadline but not a duration deadline. It could be implemented within the command of the application itself, or by specifying to replace any previous running version of the jobs.
Well, I finally had that situation recently at work and wanted to terminate a cronjob if it was active more than 5 minutes, since the job shouldn't take that long. Finally found out that the answer was not in the CronJob documentation, but in the Job documentation.
CronJobs spawn a Job resource, and within the specification, you can include spec.activeDeadlineSeconds. This will terminate the job pod at that time and will consider the job as failed.
5 questions I could not answer, and one I could, but arguably that question was ambiguous
Fix a broken cluster -- kubelet was started but couldn't connect to itself.
Add node to cluster. Nodes do not have kubeadm installed.
Static pod. Couldn't find where the path was to put the manifests for the yaml.
4 and 5 I can't remember the questions but will update if I remember
Ambiguous Question:
Create a pod with a persistent volume, that isn't persistent, and doesn't tell you how big to make the PV. I used emptyDir, but that's not really a PV (didn't create a PV or a PVC)
Well, it was due to happen eventually, but I got an email saying my LPIC-1 certification is going to expire in 9 months, and I never got to finish LPIC-2.
Well, maybe I’ll redo it after I got my Kubernetes certifications
Finally while writing this post, I notice that Wordpress is now removing Google+ support because Google are shutting it down. A pity really, since I did like Google+ and while it didn’t take off, a lot of the features were in G+ because general use, like Hangouts.
So I haven’t been posting here much recently so here are some updates.
Been slowing trying to get back into running, have been slacking off WAAAAY too much lately. Tried using Aaptiv (@aaptiv) which is a training fitness app that has trainers talking you through the stuff, there are a few problems with it.
When you use a stretch/strength training routine or yoga routine, you're reliant on them telling you what to do, there's no video guide to show you the correct form, and that's bad. Other apps like FitBit Coach has videos where you can copy the coach to make sure you have the right form.
On Treadmill/Running routines, they talk in mph, but treadmills here in the UK go in km/h, which requires conversion (1.0 mph = 1.6 kph)
On a separate note, I have bought another attempt at the CKA exam, but this time bought the bundle with the Kubernetes Fundamentals Training from Linux Foundation. Let’s see how different that is to Linux Academy’s training….
I took my CKA exam for the second time – and failed again. This time. however got much closer to the pass mark than my first time.
Things I think I fluffed on:
Cluster DNS
pods, services and how they can show up using nslookup. I got caught up in trying to figure out why my DNS wasn’t working, and I think it’s because I was trying to nslookup from outside the cluster, which obviously would not resolve the “.cluster.local” domain correctly. I forgot that you can do an interactive, in-cluster shell using
[code lang=text]
kubectl run -i –tty busybox –image=busybox – sh
[/code]
Not to mention that doing nslookup {service}.svc.cluster.local won’t work, and you have to use -type=a to nslookup to get the ip address of the service to confirm it is resolving
etcd Snapshots
This got me both times. The first time I had no idea why doing a snapshot command was failing. The second time I figured out how to do the backup and how to invoke it from the pod, but still got it wrong. Now I figured out (and it was right in front of my face):
[code lang=text]
<br />WARNING:
Environment variable ETCDCTL_API is not set; defaults to etcdctl v2.
Set environment variable ETCDCTL_API=3 to use v3 API or ETCDCTL_API=2 to use v2 API.
I wasn’t using the ETCDCTL_API variable beforehand so it was falling back to V2 api, which doesn’t have the snapshot command:
[code lang=text]
<br /># etcdctl
NAME:
etcdctl - A simple command line client for etcd.
WARNING:
Environment variable ETCDCTL_API is not set; defaults to etcdctl v2.
Set environment variable ETCDCTL_API=3 to use v3 API or ETCDCTL_API=2 to use v2 API.
COMMANDS:
backup backup an etcd directory
cluster-health check the health of the etcd cluster
mk make a new key with a given value
mkdir make a new directory
rm remove a key or a directory
rmdir removes the key if it is an empty directory or a key-value pair
get retrieve the value of a key
ls retrieve a directory
set set the value of a key
setdir create a new directory or update an existing directory TTL
update update an existing key with a given value
updatedir update an existing directory
watch watch a key for changes
exec-watch watch a key for changes and exec an executable
member member add, remove and list subcommands
user user add, grant and revoke subcommands
role role add, grant and revoke subcommands
auth overall auth controls
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
–debug output cURL commands which can be used to reproduce the request
–no-sync don’t synchronize cluster information before sending request
–output simple, -o simple output response in the given format (simple, extended or json) (default: “simple”)
–discovery-srv value, -D value domain name to query for SRV records describing cluster endpoints
–insecure-discovery accept insecure SRV records describing cluster endpoints
–peers value, -C value DEPRECATED - “–endpoints” should be used instead
–endpoint value DEPRECATED - “–endpoints” should be used instead
–endpoints value a comma-delimited list of machine addresses in the cluster (default: “http://127.0.0.1:2379,http://127.0.0.1:4001”)
–cert-file value identify HTTPS client using this SSL certificate file
–key-file value identify HTTPS client using this SSL key file
–ca-file value verify certificates of HTTPS-enabled servers using this CA bundle
–username value, -u value provide username[:password] and prompt if password is not supplied.
–timeout value connection timeout per request (default: 2s)
–total-timeout value timeout for the command execution (except watch) (default: 5s)
–help, -h show help
–version, -v print the version
ETCDCTL_API=3 etcdctl
NAME:
etcdctl - A simple command line client for etcd3.
USAGE:
etcdctl
VERSION:
3.2.18
API VERSION:
3.2
COMMANDS:
get Gets the key or a range of keys
put Puts the given key into the store
del Removes the specified key or range of keys [key, range_end)
txn Txn processes all the requests in one transaction
compaction Compacts the event history in etcd
alarm disarm Disarms all alarms
alarm list Lists all alarms
defrag Defragments the storage of the etcd members with given endpoints
endpoint health Checks the healthiness of endpoints specified in --endpoints flag
endpoint status Prints out the status of endpoints specified in --endpoints flag
watch Watches events stream on keys or prefixes
version Prints the version of etcdctl
lease grant Creates leases
lease revoke Revokes leases
lease timetolive Get lease information
lease keep-alive Keeps leases alive (renew)
member add Adds a member into the cluster
member remove Removes a member from the cluster
member update Updates a member in the cluster
member list Lists all members in the cluster
snapshot save Stores an etcd node backend snapshot to a given file
snapshot restore Restores an etcd member snapshot to an etcd directory
snapshot status Gets backend snapshot status of a given file
make-mirror Makes a mirror at the destination etcd cluster
migrate Migrates keys in a v2 store to a mvcc store
lock Acquires a named lock
elect Observes and participates in leader election
auth enable Enables authentication
auth disable Disables authentication
user add Adds a new user
user delete Deletes a user
user get Gets detailed information of a user
user list Lists all users
user passwd Changes password of user
user grant-role Grants a role to a user
user revoke-role Revokes a role from a user
role add Adds a new role
role delete Deletes a role
role get Gets detailed information of a role
role list Lists all roles
role grant-permission Grants a key to a role
role revoke-permission Revokes a key from a role
check perf Check the performance of the etcd cluster
help Help about any command
OPTIONS:
–cacert="" verify certificates of TLS-enabled secure servers using this CA bundle
–cert="" identify secure client using this TLS certificate file
–command-timeout=5s timeout for short running command (excluding dial timeout)
–debug[=false] enable client-side debug logging
–dial-timeout=2s dial timeout for client connections
–endpoints=[127.0.0.1:2379] gRPC endpoints
-h, –help[=false] help for etcdctl
–hex[=false] print byte strings as hex encoded strings
–insecure-skip-tls-verify[=false] skip server certificate verification
–insecure-transport[=true] disable transport security for client connections
–key="" identify secure client using this TLS key file
–user="" username[:password] for authentication (prompt if password is not supplied)
-w, –write-out=“simple” set the output format (fields, json, protobuf, simple, table)
[/code]
And then I can run
ETCDCTL_API=3 etcdctl snapshot save snapshot.db –cacert=/etc/kubernetes/pki/etcd/ca.crt –cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt –key=/etc/kubernetes/pki/etcd/healthcheck-client.key
To create the snapshot.
Certificate Rotation
I need to look this one up – I had no idea how to rotate the certificates
Static Pods
I’d never directly dealt with static pods before this exam, and I don’t think I had this question in my first run, so it was one I didn’t know the answer do. A bit of hunting on the k8s side led me to figure out it was a static pod question, but I couldn’t find out where the exam cluster was looking for its static pod manifests. The question told me a directory, but my yaml didn’t seem to be picked up by the kubelet.
Final note
Generally, a lot of the questions from my first exam run showed up again in this run, which let me run through over half of the exam fairly quickly. I thought I was going to do better than my first run, and I did, but not by much.
Well, exam is done – for the most part it went okay. A few questions were a bit ambiguous and there were several regarding etcd and low-level tinkering with the kubelet – which I hadn’t had too much experience with unfortunately. I’m hoping I did OK, though…
With less than 24 hours to go before my exam, I’m going to spend those last hours going through the review questions and see if I can still remember the content.
I am seriously considering studying for a CEH (Certified Ethical Hacker) certification. Given the recent spate of cyber attacks, being able to lock-down and test the security of your own network is proving to be more and more crucial…
I have received confirmation of my LPIC Certification. So I expect I’ll get something in the post to confirm this. Now starting work on LPIC-2. Whether or not this changes my employability, we shall see.
Interestingly, I decided to look at some other courses offered by the online course site I got my learning material from and there’s some Ethical Hacking and Computer Forensics courses there. I might look at these courses at some point in the future, perhaps after I finished LPIC-2.
Finished my second LPIC-1 test. Scraped through with a thumping migraine and half-blindness, but literally, just made it. Quite a few gaps in my knowledge which I need to work on. Next step, LPIC-2
[caption id="" align=“alignright” width=“234” class=“zemanta-img”] Linux Professional Institute Logo (Photo credit: Wikipedia)[/caption]
First step achieved towards LPIC-1. Part 1 complete, part 2 commence! :)
Score was 710. Pass mark was 500. Score ranges from 200 to 800, so if my score was 710/800, that makes it 88.75%. Not a bad score.
I arrived 30 minutes early, and the test centre allowed me to take the test early, although we had some troubles getting the exam started (technology, eh?)
However, once started, I clicked through the questions, and felt reasonably happy with the level of questions, even though I evidently got quite a few wrong on the System Architecture section.
I chuckled when the receptionist asked to take a picture of me to compare against the last picture (to verify I was who I said I was) and then promptly asked me “have you lost weight since the last time you were here?”
I’ve finished studying for the first of two exams for the LPIC-1 certification, and I have found some exam questions (about 600 of them), and have started to go through them.
The first thing that struck me about these questions is either I’ve not been studying all the topics, or some topics have been removed out of the exam. For example, some of the questions reference LILO, but according to the LPI page on the 101 exam, there’s no mention of LILO (but there is mention of Grub 2 and Grub Legacy). Then again LILO and Grub Legacy are quite limited by today’s standards, so it could be that they really are removed out of the exam. Guess I’ll have to take that chance.
I’m going to make the leap and go for my first Linux Exam this week. I’m taking the introductory exam - the Linux Essentials exam. Whilst not a mandatory requirement for the main LPIC certification, it is a recommended one. And it can’t hurt knowing more than needed. Besides, I’ve already booked a proper training (seminar/group) week next year for the LPIC-1 course. I’ll probably book the LPIC-2 course too, whilst I can still afford it. :-\
