1 00:00:00,150 --> 00:00:06,150 Hello everyone and welcome to the cabinet is seek a mock exam 3 solution section. 2 00:00:06,150 --> 00:00:11,810 My name is and policy and this section they will attempt to solve the questions together. 3 00:00:12,630 --> 00:00:15,610 Ok to start off let's click on the example. 4 00:00:15,950 --> 00:00:23,670 And this is the mock exam 3 and this consists of nine quests and total and just like the previous mock 5 00:00:23,670 --> 00:00:24,580 exam. 6 00:00:24,690 --> 00:00:30,870 This is created out of hundred percentage of each year to secure a 74 percent to pass as more kicks 7 00:00:30,870 --> 00:00:31,070 in. 8 00:00:31,810 --> 00:00:39,090 OK so let's start off at the question number one and the first one is create a new service account with 9 00:00:39,090 --> 00:00:44,940 the name TV viewer Grant granted service account access to a list all business and volumes and they 10 00:00:44,940 --> 00:00:51,870 cluster by creating an appropriate cluster all called Peavey view world and cluster all binding called 11 00:00:51,880 --> 00:00:54,060 BBVA were role binding. 12 00:00:54,210 --> 00:00:59,400 Next create a board called Peavey viewer with the image for this answer. 13 00:00:59,500 --> 00:01:05,640 There's a county viewer and the default namespace so global three to four times that we need to do the 14 00:01:05,640 --> 00:01:13,650 first task that has to be accomplished is to create a service account by the name of TV viewer and let's 15 00:01:14,010 --> 00:01:17,400 go to the component as documentation just to see how. 16 00:01:17,840 --> 00:01:26,050 So a second can be configured for a port so if you go to call when it does dock starts configure part 17 00:01:26,050 --> 00:01:34,410 container configure a service icon you'll see a pod description where you can create a service account 18 00:01:34,420 --> 00:01:35,230 name. 19 00:01:35,230 --> 00:01:42,000 So basically in this case we are creating a custom service account and we're using that service account 20 00:01:42,010 --> 00:01:50,380 name to be used when a port has created by default default service account is created for every namespace 21 00:01:50,800 --> 00:01:52,960 but in this case we are creating a custom one. 22 00:01:54,550 --> 00:01:58,900 OK so let's create the PIF if you were a service icon first. 23 00:01:58,900 --> 00:02:04,540 So for those we can use the imperative way quickly I just run 20 and one main first. 24 00:02:07,330 --> 00:02:08,790 So this is a large cluster. 25 00:02:08,800 --> 00:02:20,750 It has four loads in total one monster and three will cannot. 26 00:02:21,150 --> 00:02:23,000 So that's the first task out of the way. 27 00:02:23,010 --> 00:02:25,770 So it does create three for service a second called if you were. 28 00:02:26,130 --> 00:02:31,560 And since I'm not specifying a namespace it'll create it and the default namespace. 29 00:02:31,740 --> 00:02:36,960 The second task is to grab the service account access to list all process and while loops. 30 00:02:36,960 --> 00:02:43,530 So we have to create a cluster rule and the name of it has to be perfectly where all and we have to 31 00:02:43,530 --> 00:02:49,330 create a classroom binding adapting that rules to the service account and that's to be called as a preview 32 00:02:49,430 --> 00:02:51,710 were rule binding. 33 00:02:51,720 --> 00:02:59,880 So let's do that now and we can make use of the imperative we can to create the necessary class or 34 00:03:05,550 --> 00:03:09,080 just copy the name on the question. 35 00:03:09,090 --> 00:03:14,810 There are no typos there. 36 00:03:16,040 --> 00:03:20,150 And the resource in this case as well as processing volumes 37 00:03:27,090 --> 00:03:30,580 and a verb is list then that's highlighted here. 38 00:03:36,070 --> 00:03:38,090 So the container level is created. 39 00:03:39,340 --> 00:03:41,830 And next let's create a classroom binding 40 00:03:55,200 --> 00:03:58,000 again then copy the name from the question 41 00:04:07,650 --> 00:04:14,130 plus serial as the one that we created in the previous step we'll call it from here 42 00:04:19,760 --> 00:04:24,410 and in this case it has to be the service account and sort of a user. 43 00:04:24,530 --> 00:04:25,910 Now there's a trick to this. 44 00:04:26,000 --> 00:04:28,090 We have to specify the namespace as well. 45 00:04:28,400 --> 00:04:37,560 So if I just give you the viewer it'll complain of an error saying that there was a con must be in the 46 00:04:37,590 --> 00:04:41,450 format syntax namespace followed by the name. 47 00:04:41,570 --> 00:04:48,640 So I should add default here and now it should have been created. 48 00:04:48,730 --> 00:04:50,070 There you go. 49 00:04:50,670 --> 00:04:58,470 The next task is to create a path which can make use of the service account and it's the last bit of 50 00:04:58,470 --> 00:04:59,940 this question again to next year. 51 00:04:59,940 --> 00:05:03,170 Create a board called PD viewer with the image. 52 00:05:03,230 --> 00:05:05,610 It is answer the a Concord video. 53 00:05:06,570 --> 00:05:11,160 OK so what does not create a template first. 54 00:05:34,170 --> 00:05:42,160 So now that the the template has been created I'll updated to make use of the service account. 55 00:05:43,640 --> 00:05:49,290 Now let's go back to the quote when it is documentation and as you can see here the the parameter that 56 00:05:49,290 --> 00:05:54,340 we have to add is so I can't so there's a code name 57 00:05:59,000 --> 00:06:04,250 just get rid of these additional parameters which is not needed in this case 58 00:06:11,330 --> 00:06:17,720 and this case you don't have to specify the namespace name and the service account name that will be 59 00:06:17,720 --> 00:06:20,000 taken care by default. 60 00:06:20,120 --> 00:06:23,480 When you create the board depending upon the needs is that it's deployed. 61 00:06:25,760 --> 00:06:26,880 Now let's create the. 62 00:06:32,580 --> 00:06:33,630 The pot is created. 63 00:06:33,950 --> 00:06:38,970 Let's just quickly check whether it's created according to the question. 64 00:06:46,920 --> 00:06:47,940 That's a container. 65 00:06:54,800 --> 00:06:58,120 And you should have a secret name. 66 00:06:58,340 --> 00:07:01,640 And that is created with the name of the service account. 67 00:07:02,180 --> 00:07:07,260 So that's one way to make sure that the question has been attempted correctly. 68 00:07:07,760 --> 00:07:16,040 So whenever a port is created a default service account is associated with it and a token is created 69 00:07:16,040 --> 00:07:17,850 with that specific cause. 70 00:07:17,850 --> 00:07:21,820 So as I can't as a secret and that's the one which is monitored on a port. 71 00:07:21,830 --> 00:07:27,100 So in this case we created the service that can best be viewed and hence you can see the name here reflect 72 00:07:27,130 --> 00:07:27,900 NPV view. 73 00:07:28,220 --> 00:07:30,730 So that's the first question out of the event. 74 00:07:30,790 --> 00:07:37,660 Let's move on to the next one all right let's go to the next question now. 75 00:07:37,840 --> 00:07:45,520 The second question is less the internal IP of all North of the cluster save that also to a file called 76 00:07:45,670 --> 00:07:54,280 slash root slash mode underscore eyepiece answer should be in the format internal IP of master space 77 00:07:54,370 --> 00:07:55,960 until IP of Node 1. 78 00:07:56,010 --> 00:08:03,130 Space Internet IP of Node 2 and space finally IP off no treat all in a single line. 79 00:08:04,900 --> 00:08:12,700 So this is a decent but specific question and this let's jump to the Covenant as documentation and see 80 00:08:12,700 --> 00:08:21,200 a reference example so if you go to the cube CTO cheat sheet page here you'll see a lot of examples 81 00:08:21,200 --> 00:08:23,300 for decent part which is quite handy. 82 00:08:23,660 --> 00:08:25,760 And let's go to the specific one here. 83 00:08:25,760 --> 00:08:26,010 Good. 84 00:08:26,040 --> 00:08:27,680 Excellent I off on those. 85 00:08:27,920 --> 00:08:31,760 So here we are running cube CTO get nodes hyphen adjacent park. 86 00:08:31,810 --> 00:08:38,440 And here for all items status address and for the type x IP let's solve the emphasis. 87 00:08:38,810 --> 00:08:46,700 So in this case specific question we do not have an external IP we have an internal IP so we can replace 88 00:08:47,150 --> 00:08:49,100 this whole X exercise. 89 00:08:49,100 --> 00:08:55,220 But just replacing the excellent IP with internal IP and that should give us the required result. 90 00:08:55,610 --> 00:08:57,970 So let's call Pete. 91 00:09:03,850 --> 00:09:06,710 Before we save it we'll just run it as it is. 92 00:09:06,760 --> 00:09:08,770 And they should return up empty. 93 00:09:08,770 --> 00:09:12,900 So as I said we do not have an excellent IP for this cluster. 94 00:09:13,030 --> 00:09:17,700 So that's straight place that that internal IP is again. 95 00:09:17,780 --> 00:09:25,180 It gives you the safe space separated into IP for all the not so 172 dots empty nodes in a lot sixteen 96 00:09:25,370 --> 00:09:30,680 once 172 or some kind of nineteen twenty four and 28. 97 00:09:31,030 --> 00:09:43,320 So we can redirect the output to that specific file. 98 00:09:43,640 --> 00:09:49,270 Another way to check is because we do not we just have an internal IP. 99 00:09:49,270 --> 00:09:55,600 You can replace me you can remove the entire contents of this switch here 100 00:09:58,490 --> 00:10:00,430 and that should return you the same thing. 101 00:10:00,430 --> 00:10:07,430 Because in this case we only have internal IP should not have any other type of IP so as part of this 102 00:10:07,430 --> 00:10:08,750 arena in the address here. 103 00:10:09,020 --> 00:10:17,290 So even without a specific type that we're searching for internal IP our excellent IP it would select 104 00:10:17,290 --> 00:10:25,830 a new decree Benson let's quickly identify that the answer has been recorded. 105 00:10:26,800 --> 00:10:27,830 So that should be it. 106 00:10:27,880 --> 00:10:33,570 We can mount this question complete and more onto the next question okay. 107 00:10:33,580 --> 00:10:35,950 So let's move on to the third question. 108 00:10:36,040 --> 00:10:37,720 This is an easy one. 109 00:10:37,780 --> 00:10:43,870 This is to create a port called multiple with two containers container one name is Alfa with Image Engine 110 00:10:43,870 --> 00:10:49,870 X container to name as beta but the image Busy Box and it should run a sleep come on for forty eight 111 00:10:49,870 --> 00:10:55,720 hundred seconds and each of the container have environment variables that we need to define for the 112 00:10:55,720 --> 00:10:56,630 port. 113 00:10:57,110 --> 00:10:59,770 Okay so let's go to Daytona. 114 00:10:59,980 --> 00:11:06,430 The easiest way to do this is to make sure that we have a template file first so let's create that 115 00:11:18,580 --> 00:11:22,320 you know that the first container name is alpha and they meet us in the next 116 00:11:29,220 --> 00:11:33,280 directors to profile call us multiple not Emma 117 00:11:36,080 --> 00:11:45,630 that strong edit said things that's needed the name of the container and such should be multiple 118 00:11:49,640 --> 00:11:50,820 not meeting people. 119 00:11:50,810 --> 00:11:52,230 Here are some tremendous 120 00:11:55,360 --> 00:11:55,920 images. 121 00:11:55,930 --> 00:11:59,560 Correct name is also correct. 122 00:11:59,800 --> 00:12:07,880 Turn on the lights here. 123 00:12:07,970 --> 00:12:15,380 This has an environment variable that we need to define the name and it was I was wrong for the name 124 00:12:15,710 --> 00:12:16,190 as name 125 00:12:26,920 --> 00:12:27,370 no. 126 00:12:27,400 --> 00:12:29,490 That's the first container done. 127 00:12:29,500 --> 00:12:31,030 Let's create the second one. 128 00:12:37,220 --> 00:12:38,020 For distance. 129 00:12:38,160 --> 00:12:38,690 Xbox 130 00:12:45,290 --> 00:12:47,860 and beta. 131 00:12:47,870 --> 00:12:49,010 This should be alarming. 132 00:12:49,040 --> 00:12:49,840 Oh come on. 133 00:12:59,980 --> 00:13:04,640 12 seconds can be a little hard to define the word devils. 134 00:13:09,540 --> 00:13:10,320 This one. 135 00:13:10,540 --> 00:13:15,070 And when meant to be defined by his name as name and value as beta. 136 00:13:22,650 --> 00:13:25,240 We double check the books all right. 137 00:13:25,240 --> 00:13:26,760 The name is multiple. 138 00:13:27,280 --> 00:13:28,870 Not needing the labels. 139 00:13:28,950 --> 00:13:29,530 It's not. 140 00:13:29,540 --> 00:13:33,880 That's one of the questions I read more than the container one is. 141 00:13:33,960 --> 00:13:37,260 I'll they may they may change in Exeter in and enlightenment here. 142 00:13:39,290 --> 00:13:44,300 The media will this that's a key value pair with the name. 143 00:13:44,300 --> 00:13:51,440 Which incidentally is also name the value for that as alpha and similarly for container to the name 144 00:13:51,440 --> 00:13:52,170 is beta. 145 00:13:52,250 --> 00:13:59,300 Using the image Xbox running will come on stream for the 800 and the environment similar to the previous 146 00:13:59,300 --> 00:14:02,450 one name as name value as returned to skips. 147 00:14:02,570 --> 00:14:03,460 Let's create this point 148 00:14:11,460 --> 00:14:13,160 from QCT or describe 149 00:14:20,480 --> 00:14:27,300 make sure that two containers have been created and are running since it's two container creating statements 150 00:14:27,330 --> 00:14:28,420 looks again. 151 00:14:30,110 --> 00:14:31,860 So container beta is running. 152 00:14:31,860 --> 00:14:33,180 It's running these sleep. 153 00:14:33,180 --> 00:14:33,980 Come on here. 154 00:14:33,990 --> 00:14:40,440 It has called the environment definition underneath need that some lowly Alpha container is also running 155 00:14:40,830 --> 00:14:42,810 it has got the environment disturbed here. 156 00:14:42,870 --> 00:14:43,800 So that looks good. 157 00:14:43,800 --> 00:14:48,270 Just making sure that the name is right and everything is not running straight. 158 00:14:48,590 --> 00:14:48,920 OK. 159 00:14:48,930 --> 00:14:50,580 So that's the and of. 160 00:14:50,610 --> 00:14:52,000 Let's move onto the next one. 161 00:14:57,060 --> 00:15:05,890 OK so the fourth question we had to create a port called land with inmates this fine said DCP limited 162 00:15:05,890 --> 00:15:09,920 to sleep and memory limit to find it might be. 163 00:15:10,030 --> 00:15:15,880 So this is a resource specific question that we are supposed to set limit. 164 00:15:17,190 --> 00:15:19,890 OK so let's go back to the terminal. 165 00:15:20,200 --> 00:15:24,040 And for those we can make use of one or two new templates that we used before. 166 00:15:24,040 --> 00:15:25,310 So I'm just going to use that 167 00:15:28,220 --> 00:15:38,090 in this copy template that we created for the very first question to a file called landlord Yama. 168 00:15:38,680 --> 00:15:42,210 Again we don't need to use this specific case. 169 00:15:42,220 --> 00:15:45,270 I'm just going to repeat the name Ryan 170 00:15:48,130 --> 00:15:51,540 and you can make it is this fine. 171 00:15:53,990 --> 00:16:01,270 I mean there was a done in this case or just get rid of that and let's jump to the call when it does 172 00:16:01,280 --> 00:16:10,210 documentation to see how limits are configured so if you go to the dogs concepts and how portable resource 173 00:16:10,230 --> 00:16:17,260 limits are we can see an example here where a resource section has been defined but both request and 174 00:16:17,270 --> 00:16:22,680 limits in this case we don't have to specify the request field just ask for limits of interest that 175 00:16:23,670 --> 00:16:25,940 so it's under the container definition here. 176 00:16:26,040 --> 00:16:29,790 And again see you have to create resources and limits 177 00:16:54,460 --> 00:16:55,900 so to seek you 178 00:17:01,500 --> 00:17:03,810 memory should be standard 179 00:17:09,360 --> 00:17:11,140 that should be internet screening at this point. 180 00:17:16,880 --> 00:17:25,020 The has been created as obviously its funding capacity or describe on the board name to make sure it's 181 00:17:25,070 --> 00:17:26,510 being created properly. 182 00:17:26,800 --> 00:17:27,970 And it's an ironic center. 183 00:17:27,980 --> 00:17:34,540 It is a running said the name that's lion the call as line as well. 184 00:17:34,710 --> 00:17:40,980 And here are the resources so limits set to musical to 2 and memories equal to 400. 185 00:17:41,030 --> 00:17:47,750 And my SO THAT'S THIS QUESTION Although David we can move onto the next question. 186 00:17:47,750 --> 00:17:50,950 All right so let's get started with this question number five. 187 00:17:52,020 --> 00:17:57,780 We have deployed a new port called NDP heaven test hyphen one and a service called NDP heaven test hyphen 188 00:17:57,780 --> 00:18:05,280 service income and connections to the service as are not working troubleshoot and fix it create network 189 00:18:05,280 --> 00:18:11,130 policy by the name in grace to end protests that allows incoming connections to the service or port 190 00:18:11,160 --> 00:18:15,450 80 but do not delete any current objects which are deployed. 191 00:18:15,840 --> 00:18:18,600 So this is a network policy related question. 192 00:18:18,780 --> 00:18:26,550 So it looks like a board has already been created which is exposed using a service and looks like the 193 00:18:26,550 --> 00:18:29,310 connections that's the ingress connections to this. 194 00:18:29,310 --> 00:18:30,460 So this is not work. 195 00:18:30,510 --> 00:18:32,550 So let's take that first. 196 00:18:33,110 --> 00:18:33,400 Okay. 197 00:18:33,420 --> 00:18:34,840 So let's take the port. 198 00:18:34,840 --> 00:18:35,560 It's the first 199 00:18:41,030 --> 00:18:42,170 and that is. 200 00:18:43,310 --> 00:18:46,040 So that's created here called us and p test one 201 00:18:53,300 --> 00:18:59,430 and that has a label called us from and B test one and which images a trauma. 202 00:18:59,450 --> 00:19:03,560 So it's funding engine X and that's about it. 203 00:19:04,640 --> 00:19:06,650 Let's check the service. 204 00:19:06,670 --> 00:19:09,770 There has also been created by the name of Peter service 205 00:19:17,020 --> 00:19:23,810 and as you can see that one is actually routing the connection to the port. 206 00:19:23,820 --> 00:19:26,910 But the label run as equal to protest one. 207 00:19:26,930 --> 00:19:29,750 That's the port and we just checked out the dominant part. 208 00:19:30,600 --> 00:19:37,650 And that has one end point which is upon itself and it's running on the container port 80. 209 00:19:37,660 --> 00:19:45,690 Now let's test the connectivity for incoming connections incoming traffic into that particular port 210 00:19:46,020 --> 00:19:47,220 using the service. 211 00:19:47,250 --> 00:19:56,340 So for those we can use a busy box container and test the connectivity using net cat or to let let's 212 00:19:56,340 --> 00:19:57,890 create that port first 213 00:20:13,140 --> 00:20:26,550 let's call it as test and be neutral policy not an image of port Xerox 1 2 8 214 00:20:30,660 --> 00:20:33,680 1 the container to be removed once we're on the tech 215 00:20:36,760 --> 00:20:40,240 that's on our shell station interdependent 216 00:20:48,150 --> 00:20:56,550 so we'll run on net cat command and see if instead we have an W2 for two iterations and we know the 217 00:20:57,090 --> 00:21:09,090 name of these services and p test service and no chance on port 80. 218 00:21:09,120 --> 00:21:12,110 So as you can see here the connection has timed out. 219 00:21:12,180 --> 00:21:17,460 So it looks like the ingress traffic is not working from within the same namespace. 220 00:21:18,420 --> 00:21:21,820 So let's see why that is. 221 00:21:22,020 --> 00:21:25,120 So if we're on QCT I'll get it Paul. 222 00:21:25,170 --> 00:21:30,470 But just a short run import network policy we shouldn't be seeing a default tonight here. 223 00:21:30,560 --> 00:21:42,970 So let's find a quick look up on this network policy and see what it does. 224 00:21:44,640 --> 00:21:53,760 So this is running on the default namespace the name as default denying the port selector as not allowing 225 00:21:53,760 --> 00:21:57,380 the specific traffic to all ports in the same space. 226 00:21:57,480 --> 00:22:02,070 And so it is affecting all ports within the default namespace. 227 00:22:02,250 --> 00:22:07,350 And if you see here a living English traffic monitor it does not allowing any egress traffic so all 228 00:22:07,350 --> 00:22:11,370 ports are isolated for ingress and egress in this case. 229 00:22:11,370 --> 00:22:14,250 But the policy time that is specified is in. 230 00:22:14,260 --> 00:22:16,740 So all incoming connections are blocked. 231 00:22:16,740 --> 00:22:24,270 So in order to fix this and make sure that the NDP service is accessible from for example a the Xbox 232 00:22:24,930 --> 00:22:30,540 port which is also created in the same default namespace we'll have to create another namespace and 233 00:22:30,960 --> 00:22:34,040 permit that particular connection specifically. 234 00:22:34,050 --> 00:22:35,570 So let's do that now. 235 00:22:36,480 --> 00:22:41,800 So let's say the component is documentation first and check what it's got to offer. 236 00:22:42,630 --> 00:22:47,460 So if you go to Google and those are your dog's concepts and network policies here you'll see a lot 237 00:22:47,460 --> 00:22:50,040 of examples for network policy resources as well. 238 00:22:50,490 --> 00:22:57,960 So in this specific case there is a network policy created called test type for network policy and that 239 00:22:58,020 --> 00:23:02,850 is applied to a specific part which is exactly what we need to do here. 240 00:23:02,850 --> 00:23:10,830 We want to make sure that the port call this NDP 77 1 which is x plus where the service is actually 241 00:23:10,860 --> 00:23:13,200 accessible for any ingress traffic. 242 00:23:13,200 --> 00:23:18,920 So we have to apply a port selector here and we have to make sure that the correct labels are contracted 243 00:23:19,290 --> 00:23:22,030 so that it targets the correct port. 244 00:23:22,110 --> 00:23:27,830 And in our case the policy tab should be angry so we will not use egress as shown here. 245 00:23:27,930 --> 00:23:38,310 And for Inglis we'll have to make sure that these connections from all the ports are open and all these 246 00:23:38,310 --> 00:23:43,750 sources are available and it hits a specific port on that specific port. 247 00:23:43,800 --> 00:23:48,360 And we know that it runs on port 80 because it's running an 18 x based image. 248 00:23:48,780 --> 00:23:56,340 So we will configure the port as port 80 the remaining things are not applicable here because we don't 249 00:23:56,340 --> 00:24:01,480 have an air space or an IP block specific race that we want to restrict or allow. 250 00:24:01,740 --> 00:24:07,290 So in our case we would only be using a port selector and this will also be a blank statement because 251 00:24:07,590 --> 00:24:10,320 we wanted to work for all ports. 252 00:24:10,380 --> 00:24:17,430 So we will remove all of these and just specify the ports field here and once that's done we'll test 253 00:24:17,430 --> 00:24:22,870 again to make sure that the connectivity is working Turkey so to begin with. 254 00:24:22,870 --> 00:24:31,990 Let me call free some of the lines from network policy file and then we can create one of our own. 255 00:24:32,880 --> 00:24:39,590 I'm going to call those files and BDO tantalum. 256 00:24:40,200 --> 00:24:44,090 Then again let's make use of Cuba's Excel API versions 257 00:24:52,980 --> 00:24:59,800 and if it check for network that's the current EPA version so it should be networking not case or I'll 258 00:25:01,390 --> 00:25:03,750 which is what is being defined Kanazawa 259 00:25:15,310 --> 00:25:17,980 just make sure the name is created. 260 00:25:17,990 --> 00:25:22,190 As for the question just copied from there. 261 00:25:22,610 --> 00:25:25,140 So the name as it to end pre-test 262 00:25:33,030 --> 00:25:36,060 and on the prospect field may help Port selector 263 00:25:46,800 --> 00:25:55,360 and if you remember correctly labeling for that port is run with the value and p test. 264 00:26:02,360 --> 00:26:03,520 So you can take it from here. 265 00:26:21,640 --> 00:26:25,160 So the port selector definition is complete. 266 00:26:25,420 --> 00:26:28,370 Now we have to specify the policy types 267 00:26:36,410 --> 00:26:39,200 in this case we aren't just going to make use of race 268 00:26:45,650 --> 00:26:57,360 and following that will define the ingress specification. 269 00:26:58,080 --> 00:27:03,570 As I mentioned before we have to make sure that the incoming traffic works from all parts but then the 270 00:27:03,570 --> 00:27:08,730 default namespace so we are not going to specify any of these here. 271 00:27:08,850 --> 00:27:11,960 No from field because it should be from all. 272 00:27:12,370 --> 00:27:15,600 So we will not specify any of these. 273 00:27:15,600 --> 00:27:19,940 The only thing that we have to specify is the port. 274 00:27:20,380 --> 00:27:21,710 We can copy it from here 275 00:27:44,950 --> 00:27:46,390 so that looks all right. 276 00:27:46,510 --> 00:27:53,620 It's applied to the correct port in Greece policy alone and we have specified the port. 277 00:27:54,670 --> 00:27:56,290 Let's create this little policy 278 00:28:01,080 --> 00:28:02,120 that has been created. 279 00:28:02,130 --> 00:28:12,260 Now let's do the same exercises before I'm going to run this temporary port call this test NDP again 280 00:28:13,130 --> 00:28:15,830 and execute into the shell. 281 00:28:22,020 --> 00:28:25,460 Surround the net get against it and see her family. 282 00:28:25,510 --> 00:28:34,120 I definitely got you to copy these so this name from your port should be 80 283 00:28:38,590 --> 00:28:41,570 they now it's accessible it's open. 284 00:28:41,950 --> 00:28:46,400 So that means that the NATO policy that we configured is working properly. 285 00:28:46,600 --> 00:28:50,500 And we didn't have to delete or modify any of the existing objects 286 00:28:53,800 --> 00:28:55,350 which was one of the prerequisites. 287 00:28:55,360 --> 00:29:02,170 So important don't alter any existing objects network policy applied to all sources incoming traffic 288 00:29:02,170 --> 00:29:09,010 from all parts into a policy is using the code because you have specified port 80 and as applied to 289 00:29:09,010 --> 00:29:18,610 the code part because your secret label with the name and b I test F and 1 attack shouldn't be the answer 290 00:29:18,610 --> 00:29:20,250 for this specific question. 291 00:29:20,260 --> 00:29:21,600 Let's move on to the next one. 292 00:29:23,180 --> 00:29:25,190 So let's move on to the next question. 293 00:29:25,190 --> 00:29:27,580 This is question number six. 294 00:29:27,590 --> 00:29:30,320 Dante look a node nodes are one to be unsure. 295 00:29:30,320 --> 00:29:31,800 Do little one stand. 296 00:29:31,800 --> 00:29:34,170 Create a board called Dave from Reuters. 297 00:29:34,190 --> 00:29:38,660 But the image for this Alpine torrential workloads are not scheduled. 298 00:29:38,660 --> 00:29:45,610 This will not finally create a new port called product from readers with the same image but the toleration 299 00:29:45,620 --> 00:29:47,220 to be sure do it on nodes or one. 300 00:29:47,240 --> 00:29:53,020 And here are the specs so the key is in the underscore type value as production and the operators no 301 00:29:53,030 --> 00:30:01,470 should do and we just have to make sure that the nodes no one was tainted and then create a board called 302 00:30:01,490 --> 00:30:07,620 evidence without any toleration and another board called PRISM reduced which has a toleration. 303 00:30:07,660 --> 00:30:10,290 So it should be it can be should do alone with sort of one. 304 00:30:10,740 --> 00:30:13,540 So let's go back to the terminal. 305 00:30:15,110 --> 00:30:18,560 So the first thing to be done as a team though. 306 00:30:18,560 --> 00:30:24,380 CONAN So let's check the environment again so it can still get nodes. 307 00:30:24,400 --> 00:30:28,990 There are three local nodes all of which we have to taint this node sort of 1. 308 00:30:29,770 --> 00:30:30,970 So let's do that right now. 309 00:30:31,170 --> 00:30:35,300 CTO attained Node Node 2 to 1. 310 00:30:35,350 --> 00:30:40,540 And let's take the specification from the question of the Q A LOOP as in we type 311 00:30:44,560 --> 00:30:51,490 zip code to. 312 00:30:53,140 --> 00:30:58,930 And the effect is not should you just copy from your 313 00:31:05,140 --> 00:31:16,220 SO node sort of understated Conan CUPE CTO describe Lord Seattle one group or 13 and you should see 314 00:31:16,220 --> 00:31:16,620 that here. 315 00:31:16,620 --> 00:31:23,280 So Ian Reed type production and the effect is mostly due to that first part of the question which is 316 00:31:23,280 --> 00:31:25,380 completed. 317 00:31:25,620 --> 00:31:32,370 So for the second part of the question we have to create a board called Dave five hundred US and what 318 00:31:32,390 --> 00:31:39,190 the specific can which And we'll see if it's able to start on nodes or what 319 00:31:43,320 --> 00:31:43,640 again 320 00:32:05,910 --> 00:32:06,790 that's a little bit 321 00:32:10,210 --> 00:32:11,600 different this is created. 322 00:32:11,840 --> 00:32:12,870 That's fine. 323 00:32:12,920 --> 00:32:16,330 Kim your kid What's that. 324 00:32:16,370 --> 00:32:17,770 All right. 325 00:32:20,160 --> 00:32:23,150 And there it is as you can see it's running on Node so 3. 326 00:32:23,990 --> 00:32:30,740 So because this does not have a toleration it should not be scheduled on Node 1 at any point of time. 327 00:32:31,460 --> 00:32:34,650 And that's what we will try to do next. 328 00:32:34,650 --> 00:32:41,930 So we'll create a toleration for deprived of much close contest products and readers. 329 00:32:42,290 --> 00:32:47,420 And I told her she should allow it to we should do it on loans that one doesn't mean that it has to 330 00:32:47,420 --> 00:32:48,590 necessarily go there. 331 00:32:48,680 --> 00:32:54,530 So the scheduler might decide to put it elsewhere but it should have the ability to be scheduled on 332 00:32:54,530 --> 00:32:55,100 nodes or what. 333 00:32:55,100 --> 00:33:00,820 So let's create the product from respond next. 334 00:33:00,890 --> 00:33:12,690 So back to the term kid people that we just created called us to override us and redirect that to fraud 335 00:33:12,720 --> 00:33:13,700 hide from predators 336 00:33:18,150 --> 00:33:19,490 that say that this fun 337 00:33:26,900 --> 00:33:28,190 the name should be proud. 338 00:33:45,210 --> 00:33:51,440 I'll remove these sections here which are not needed nonsensically did an expert. 339 00:33:51,440 --> 00:33:54,220 You can see that there is a toleration field here. 340 00:33:55,920 --> 00:33:57,260 Which you can make yourself 341 00:34:01,720 --> 00:34:08,120 so in our case the effect is no schedule. 342 00:34:08,460 --> 00:34:09,120 The key 343 00:34:15,310 --> 00:34:19,540 is let's go back to the press and the key should be in Windows good time. 344 00:34:21,420 --> 00:34:22,450 In one one type 345 00:34:26,800 --> 00:34:28,510 the operator should be equal 346 00:34:32,230 --> 00:34:39,960 make a television seconds we need people and in our case though. 347 00:34:40,000 --> 00:34:41,470 Well we should in production 348 00:34:47,390 --> 00:34:51,570 so let's confirm that everything is contracted correctly. 349 00:34:51,580 --> 00:34:53,930 The name should be brought out from Reuters. 350 00:34:55,900 --> 00:35:05,030 And they may just decide upon and the toleration is for key in municipal type of value as protection 351 00:35:05,030 --> 00:35:08,970 operator as equal and effective is no sugar. 352 00:35:09,510 --> 00:35:11,060 So let's create this partner 353 00:35:18,460 --> 00:35:19,290 it's created 354 00:35:23,560 --> 00:35:26,060 let's run this again. 355 00:35:26,060 --> 00:35:29,530 And in this case the profit is created on NATO too. 356 00:35:29,620 --> 00:35:36,480 So as I said it does not necessarily mean that the old will only be scheduled on NATO one. 357 00:35:36,730 --> 00:35:43,370 It means that it can be scheduled on roads on notes or one because it has got a toleration. 358 00:35:43,490 --> 00:35:47,520 So in any case the scheduler has decided to put this on another note. 359 00:35:48,040 --> 00:35:48,720 But that's OK. 360 00:35:48,730 --> 00:35:54,290 So let's move on to the next question because this one is complete. 361 00:35:54,480 --> 00:36:01,880 OK so this is question number seven and we have to create a port called a chart from Port in the a child 362 00:36:01,880 --> 00:36:06,610 namespace belonging to production environment and front end tier. 363 00:36:06,610 --> 00:36:13,030 So these are labels a made should be read as outlined the use of appropriate labels and create all the 364 00:36:13,030 --> 00:36:17,480 required objects if it's not existing in the system already. 365 00:36:17,710 --> 00:36:22,040 So each our port label red wine production a type of label that from time to. 366 00:36:22,460 --> 00:36:23,980 OK so let's go back to the terminal. 367 00:36:24,820 --> 00:36:33,780 So first thing to check as if there is a namespace called as a char. 368 00:36:33,960 --> 00:36:35,700 So as you can see it does not exist. 369 00:36:35,710 --> 00:36:42,980 So let's create one. 370 00:36:43,420 --> 00:36:45,520 Now it has been created. 371 00:36:45,520 --> 00:36:50,880 Next step is to create a board to clear the screen 372 00:36:58,820 --> 00:37:14,520 me is nature infant born the image is this Alpine contest copied from the question. 373 00:37:15,350 --> 00:37:19,010 You've got two labels to be created and one minute as production 374 00:37:29,050 --> 00:37:34,820 these can be done little commerce oppression and the second one. 375 00:37:34,960 --> 00:37:36,750 But here is equal to front end 376 00:37:50,890 --> 00:37:57,280 and I mess to specify the namespace here so let's leave that part from the default namespace 377 00:38:01,570 --> 00:38:03,020 and recreate it. 378 00:38:03,230 --> 00:38:05,110 Read the current namespace 379 00:38:17,380 --> 00:38:20,510 let's run the cubes until half men. 380 00:38:20,530 --> 00:38:28,450 The namespace H.R. get positive over the labels say to our partners running and we have the correct 381 00:38:28,450 --> 00:38:30,840 label set. 382 00:38:30,970 --> 00:38:32,940 That's an easy question. 383 00:38:33,300 --> 00:38:39,560 When everything has been completed the pot has been labeled with two labels one as environment as equal 384 00:38:39,560 --> 00:38:40,490 to protection. 385 00:38:40,540 --> 00:38:42,580 The other one just here is the front end. 386 00:38:42,580 --> 00:38:46,720 We created the namespace first and then it's using decode made. 387 00:38:46,720 --> 00:38:48,200 So this one does complete. 388 00:38:48,220 --> 00:38:50,440 Let's move on to the next one. 389 00:38:51,050 --> 00:38:53,610 OK so this is the question number eight. 390 00:38:54,020 --> 00:39:00,940 And for this one a cube config file called super dark Q config has been created in Slash. 391 00:39:00,970 --> 00:39:06,010 There is something wrong with the configuration troubleshoot and fix it. 392 00:39:06,010 --> 00:39:10,140 So let's go back to the domino here. 393 00:39:10,180 --> 00:39:17,440 So by default we have a cube config file which is created under the hidden directory called as Dot cube 394 00:39:17,590 --> 00:39:20,920 slash conflict and that's what all our commands use. 395 00:39:21,010 --> 00:39:30,290 So when I run cube CTO get nodes it's basically using the conflict file which is created under the dot 396 00:39:30,310 --> 00:39:31,870 cube that actually 397 00:39:34,740 --> 00:39:43,480 so if I just had this particular file you'll see that the user for this configuration circle in it is 398 00:39:44,260 --> 00:39:48,800 an admin and the cluster which is created as called as coordinator. 399 00:39:48,800 --> 00:39:54,310 So the context name that we're using is when it is hyphen and when article when it is. 400 00:39:54,310 --> 00:39:59,800 And if you scroll up you'll see the details of the cluster. 401 00:39:59,890 --> 00:40:07,720 So for the cluster the server name which is the cube API server is this particular you are L which is 402 00:40:07,720 --> 00:40:13,320 a CTP is the IP address of the master node followed by the cube API. 403 00:40:13,330 --> 00:40:20,950 So we'll put that Atlas on still which is 6 4 4 3 and you know that as DC cert as well. 404 00:40:23,110 --> 00:40:29,120 Now let's go back to the question and it seems that a super dot cube config has been created on this 405 00:40:29,130 --> 00:40:29,540 lateral. 406 00:40:29,550 --> 00:40:30,950 So let's go to a special 407 00:40:33,750 --> 00:40:45,680 and here's the cube config so let's try to run a command using that specific cube conflict crop so cluster 408 00:40:45,690 --> 00:40:51,920 in four different I think kill conflict so that we can override the default cube configuration file 409 00:40:51,920 --> 00:40:53,320 and specify this one. 410 00:40:58,390 --> 00:41:04,960 So as you can see here there is an error that says the connection to the server was refused to do specify 411 00:41:04,960 --> 00:41:11,000 the right host of Court so straightaway you can see that the target's using seems to be incorrect. 412 00:41:11,040 --> 00:41:19,420 Suppose 2 3 7 9 which incidentally is the one which is used by the city but not the cube may a server. 413 00:41:19,420 --> 00:41:20,860 So we have to correct that. 414 00:41:23,780 --> 00:41:27,470 Let's go to the filed 415 00:41:32,570 --> 00:41:38,030 and this is using the same context that Colgan does underscore hyphenate men are commentators as the 416 00:41:38,030 --> 00:41:43,110 context where they use it as coordinator safe and adamant and the cluster as clarinetist. 417 00:41:43,130 --> 00:41:46,190 So here you can correct the board. 418 00:41:47,120 --> 00:41:50,260 Let's change it back to six foot four three. 419 00:41:50,360 --> 00:41:57,350 Remember that four cube config we don't have to apply any changes or create a use create or apply. 420 00:41:57,880 --> 00:42:01,910 But this is a static file and doesn't have to be created. 421 00:42:02,120 --> 00:42:10,700 So the contains within this thread by cube CTA and there's no other action that's needed in this case. 422 00:42:10,700 --> 00:42:17,910 So let's try to run that command again and this time it's able to return all the correct values. 423 00:42:17,910 --> 00:42:23,660 So the problem with that file was incorrect code and we'll fix that. 424 00:42:23,750 --> 00:42:24,720 Anything else to be done. 425 00:42:24,730 --> 00:42:28,520 No it's just fixing the cube config file. 426 00:42:28,790 --> 00:42:30,720 So it's a very simple question. 427 00:42:30,750 --> 00:42:31,980 Let's move on to the next one. 428 00:42:33,380 --> 00:42:39,690 So we have raised the final question after the smoke exam and then we should be done with this so let's 429 00:42:39,780 --> 00:42:41,330 finish this. 430 00:42:41,410 --> 00:42:47,650 We have created a new deployment called into next life and deploy scale the deployment to three replicas 431 00:42:48,060 --> 00:42:51,190 as the replicas increase troubleshoot the issue and fix it. 432 00:42:51,310 --> 00:42:54,370 So the deployment has three replicas that's the end goal. 433 00:42:54,970 --> 00:43:03,500 Let's go back to the terminal and check this deployment. 434 00:43:04,080 --> 00:43:06,870 So we have a deployment called into next deployed 435 00:43:09,560 --> 00:43:10,850 let's try again. 436 00:43:11,090 --> 00:43:13,040 It's updated as about. 437 00:43:13,100 --> 00:43:15,230 So let's try to scale this 438 00:43:22,940 --> 00:43:25,190 so that has been successfully completed. 439 00:43:25,200 --> 00:43:26,470 Let's run the command again 440 00:43:33,460 --> 00:43:39,030 so desired is equal to three and current as one up to date as one available as equal to zero. 441 00:43:39,050 --> 00:43:42,000 So there does definitely seems to be something wrong with this deployment. 442 00:43:42,290 --> 00:43:43,520 Let's try and describe 443 00:43:50,730 --> 00:43:57,310 to describe also say the same thing all the replicas the number of replicas designed as 3 1 updated 444 00:43:57,310 --> 00:43:58,640 1 2 2 0 the 445 00:44:01,640 --> 00:44:09,910 scroll down scale replicas set to enter next deploy and has a poor name and that's just wonder people 446 00:44:09,920 --> 00:44:11,360 said at this point of time. 447 00:44:11,360 --> 00:44:14,110 Let's try to see the pods 448 00:44:20,060 --> 00:44:27,410 as you can see that's the single that's clear all of this deployment and the replica set. 449 00:44:27,860 --> 00:44:33,950 And we do not have two additional ones which were created based on the scale the one that we use. 450 00:44:35,140 --> 00:44:43,490 So now the next logical thing to reject is the control plane component which was on the cube system 451 00:44:43,580 --> 00:44:44,240 namespace 452 00:44:50,270 --> 00:44:56,170 and if you see the status of the control pin incompetence you can see that there was an error for the 453 00:44:56,380 --> 00:45:01,600 controller manager part and immutable Volkoff. 454 00:45:01,600 --> 00:45:05,230 So let's try to investigate the root cause for this failure. 455 00:45:06,610 --> 00:45:12,080 So we know that the control plane competence in this case have been created as a static board. 456 00:45:12,100 --> 00:45:17,120 The easiest way to figure that out is that it's appended by hyphen node name. 457 00:45:17,320 --> 00:45:21,260 In the end of the report and in this case it this is running on the muzzle node. 458 00:45:21,320 --> 00:45:29,650 You can see that cube APL server cube control of manager Coop scheduler and these are all static ports 459 00:45:29,650 --> 00:45:34,970 because they have hyphen master at the end which is the name of our master server. 460 00:45:34,980 --> 00:45:39,000 So let's go to the default static board. 461 00:45:39,640 --> 00:45:44,160 But it is it is equal when it does manifest. 462 00:45:47,110 --> 00:45:50,040 And let's check the contents of this file 463 00:45:55,140 --> 00:46:03,080 that if you look closely and see that the word control nervousness misspelled and sort of seal or anti 464 00:46:03,090 --> 00:46:10,200 r or l there was a one here and that seems to be replicated everywhere. 465 00:46:10,380 --> 00:46:19,260 So the name is controller but then the one and sort of l the command that uses or is also of the same 466 00:46:20,340 --> 00:46:25,660 mistake then and the name and the place 467 00:46:34,990 --> 00:46:35,900 or the image 468 00:46:42,790 --> 00:46:46,100 is the image name is also incorrect. 469 00:46:46,100 --> 00:46:56,240 So let's correct all the places on this file where we have a typo and corrected but by replacing the 470 00:46:56,270 --> 00:46:57,540 one with an N. 471 00:46:58,260 --> 00:47:04,640 So there are two ways you can do that either replace all the mistakes which are there in the file by 472 00:47:04,640 --> 00:47:10,290 editing edit text editor such as we eye or we can use it as said. 473 00:47:10,340 --> 00:47:13,010 So just to make it easier I'm going to use the set. 474 00:47:13,010 --> 00:47:18,790 Come on it's not necessary to run this but makes things a little easier and quicker. 475 00:47:18,920 --> 00:47:20,720 So said I find I substitute 476 00:47:23,910 --> 00:47:35,120 I'm just going to copy this and change it we know that the mistake was the one insert often Al so that 477 00:47:35,130 --> 00:47:40,590 it may just non-farm which is why when we check the status of the control plane compliments I complained 478 00:47:40,710 --> 00:47:49,100 of unable to pull that specific image so I'm going to substitute all incorrect instances of this or 479 00:47:49,140 --> 00:47:49,930 plus train 480 00:47:55,020 --> 00:47:55,700 the file 481 00:48:02,230 --> 00:48:03,300 before I do that. 482 00:48:03,310 --> 00:48:04,750 Let me just quickly check 483 00:48:15,620 --> 00:48:20,320 whether they can see this as strong in five different locations. 484 00:48:21,520 --> 00:48:23,770 One nothing on No Name itself. 485 00:48:23,780 --> 00:48:29,450 The command that it's running and the image which is to maintain because it's not able to pull that 486 00:48:29,450 --> 00:48:31,400 specific image. 487 00:48:31,500 --> 00:48:35,340 So let's run that said come. 488 00:48:35,630 --> 00:48:38,840 As I said you can replace us individually on the file itself. 489 00:48:38,840 --> 00:48:40,400 This just makes it a little quicker. 490 00:48:41,980 --> 00:48:43,250 So that should be done. 491 00:48:43,250 --> 00:48:45,780 Knowledge should be zero. 492 00:48:45,990 --> 00:48:47,900 Let's check the status. 493 00:48:47,950 --> 00:48:48,340 Again 494 00:48:51,580 --> 00:48:55,310 so now looks like it's back running again. 495 00:48:55,370 --> 00:48:57,460 So keep control the manager. 496 00:48:57,460 --> 00:48:59,090 The name is correct and it's running. 497 00:48:59,090 --> 00:48:59,980 Cancer consultant. 498 00:48:59,990 --> 00:49:01,350 So that's good news. 499 00:49:01,420 --> 00:49:03,020 Now let's check our deployment 500 00:49:05,790 --> 00:49:11,870 now as you can see the number of available replicas has increased from one to three. 501 00:49:12,410 --> 00:49:13,410 That's 60 pots 502 00:49:19,320 --> 00:49:25,290 and you can see that about 17 seconds ago two new replicas were also created. 503 00:49:25,620 --> 00:49:29,520 So the issue was with the control manager not running. 504 00:49:29,940 --> 00:49:35,350 So the replica sets were not created because that's controlled by the control manager. 505 00:49:35,370 --> 00:49:42,240 And as soon as we fixed it that's intelligent enough to know that it needs three total replica sets 506 00:49:42,360 --> 00:49:45,260 replicas as it does add configuration. 507 00:49:45,300 --> 00:49:47,240 And it went ahead and created two more. 508 00:49:47,280 --> 00:49:50,610 So that brings us to the end of this exam. 509 00:49:52,440 --> 00:49:54,540 Let's mark this exam is complete 510 00:50:02,880 --> 00:50:07,770 and let the testing begin and hopefully we have attempted everything correctly. 511 00:50:07,770 --> 00:50:10,380 And we should get our results pretty quick 512 00:50:15,130 --> 00:50:20,770 so there you go all the questions have been created and it's OK we have done all the questions correctly 513 00:50:20,770 --> 00:50:22,790 so we've got 100 percent score. 514 00:50:22,870 --> 00:50:27,760 So thank you everyone for joining me on this section and I hope you enjoyed it by.