Kubectl: Difference between revisions
Jump to navigation
Jump to search
(32 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
< | <syntaxhighlight lang="bash"> | ||
brew info kubectl | |||
brew search kubectl | |||
brew install kubectl | |||
</syntaxhighlight> | |||
---- | |||
<syntaxhighlight lang="bash"> | |||
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key\ | |||
| sudo tee /etc/apt/keyrings/kubernetes.asc >/dev/null | |||
cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null | cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null | ||
deb [arch=$(dpkg --print-architecture)\ | deb [arch=$(dpkg --print-architecture)\ | ||
signed-by=/etc/apt/keyrings/kubernetes | signed-by=/etc/apt/keyrings/kubernetes.asc]\ | ||
https:// | https://pkgs.k8s.io/core:/stable:/v1.30/deb/ / | ||
EOF | EOF | ||
echo 'apt-get update;echo;apt list -a --upgradable'|sudo bash | |||
echo 'apt-get install -y kubectl'|sudo bash | |||
</ | kubectl version --client --output=json|jq . | ||
</syntaxhighlight> | |||
==Kubeconfig== | ==Kubeconfig== | ||
Line 26: | Line 33: | ||
< | <syntaxhighlight lang="bash"> | ||
export KUBECONFIG=$HOME/.kube/chorke-academia-kubeconfig.yaml | export KUBECONFIG=$HOME/.kube/chorke-academia-kubeconfig.yaml | ||
chmod 600 $HOME/.kube/chorke-academia-kubeconfig.yaml | chmod 600 $HOME/.kube/chorke-academia-kubeconfig.yaml | ||
</ | </syntaxhighlight> | ||
==Kube Export== | ==Kube Export== | ||
< | <syntaxhighlight lang="bash"> | ||
for n in $(kubectl get -o=name pvc,configmap,serviceaccount,\ | for n in $(kubectl get -o=name pvc,configmap,serviceaccount,\ | ||
secret,ingress,service,deployment,statefulset,hpa,job,cronjob);do | secret,ingress,service,deployment,statefulset,hpa,job,cronjob);do | ||
mkdir -p $(dirname $n); kubectl get -o=yaml --export $n > $n.yaml | mkdir -p $(dirname $n); kubectl get -o=yaml --export $n > $n.yaml | ||
done | done | ||
</ | </syntaxhighlight> | ||
< | <syntaxhighlight lang="bash"> | ||
for n in $(kubectl get -o=name pvc,configmap,ingress,service,secret,\ | for n in $(kubectl get -o=name pvc,configmap,ingress,service,secret,\ | ||
deployment,statefulset,hpa,job,cronjob | grep -v 'secret/default-token');do | deployment,statefulset,hpa,job,cronjob | grep -v 'secret/default-token');do | ||
kubectl get -o=yaml --export $n > $(dirname $n)_$(basename $n).yaml | kubectl get -o=yaml --export $n > $(dirname $n)_$(basename $n).yaml | ||
done | done | ||
</ | </syntaxhighlight> | ||
== | ==Swiss Knife== | ||
< | <syntaxhighlight lang="bash"> | ||
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh | kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh | ||
kubectl run -i --tty --rm debug --image=alpine --restart=Never -- sh | kubectl run -i --tty --rm debug --image=alpine --restart=Never -- sh | ||
</ | apk add inetutils-telnet | ||
kubectl config view --minify -o jsonpath='{.clusters[].name}' | |||
kubectl cluster-info | |||
kubectl config view | |||
</syntaxhighlight> | |||
==K8s Lens== | |||
<syntaxhighlight lang="bash"> | |||
# install from snapcraft | |||
sudo snap install kontena-lens --classic | |||
# license version | |||
curl -fsSL https://downloads.k8slens.dev/keys/gpg\ | |||
| sudo gpg --dearmor -o /etc/apt/keyrings/k8slens.gpg | |||
cat << EOF | sudo tee /etc/apt/sources.list.d/k8slens.list >/dev/null | |||
deb [arch=$(dpkg --print-architecture)\ | |||
signed-by=/etc/apt/keyrings/k8slens.gpg]\ | |||
https://downloads.k8slens.dev/apt/debian stable main | |||
EOF | |||
sudo apt install lens | |||
lens-desktop | |||
</syntaxhighlight> | |||
==Shortnames== | |||
kubectl api-resources | |||
{|class="wikitable" | |||
|- | |||
!scope="col"| Kind !!scope="col"| Name !!scope="col"| Shortnames | |||
|rowspan="31"| | |||
!scope="col"| Kind !!scope="col"| Name !!scope="col"| Shortnames | |||
|- | |||
| Binding || <code>bindings</code> || || LocalSubjectAccessReview || <code>localsubjectaccessreviews</code> || | |||
|- | |||
| ComponentStatus || <code>componentstatuses</code> || <code>cs</code> || SelfSubjectAccessReview || <code>selfsubjectaccessreviews</code> || | |||
|- | |||
| ConfigMap || <code>configmaps</code> || <code>cm</code> || SelfSubjectRulesReview || <code>selfsubjectrulesreviews</code> || | |||
|- | |||
| Endpoints || <code>endpoints</code> || <code>ep</code> || SubjectAccessReview || <code>subjectaccessreviews</code> || | |||
|- | |||
| Event || <code>events</code> || <code>ev</code> || HorizontalPodAutoscaler || <code>horizontalpodautoscalers</code> || <code>hpa</code> | |||
|- | |||
| LimitRange || <code>limitranges</code> || <code>limits</code> || CronJob || <code>cronjobs</code> || <code>cj</code> | |||
|- | |||
| Namespace || <code>namespaces</code> || <code>ns</code> || Job || <code>jobs</code> || | |||
|- | |||
| Node || <code>nodes</code> || <code>no</code> || CertificateSigningRequest || <code>certificatesigningrequests</code> || <code>csr</code> | |||
|- | |||
| PersistentVolumeClaim || <code>persistentvolumeclaims</code> || <code>pvc</code> || Lease || <code>leases</code> || | |||
|- | |||
| PersistentVolume || <code>persistentvolumes</code> || <code>pv</code> || EndpointSlice || <code>endpointslices</code> || | |||
|- | |||
| Pod || <code>pods</code> || <code>po</code> || Event || <code>events</code> || <code>ev</code> | |||
|- | |||
| PodTemplate || <code>podtemplates</code> || || FlowSchema || <code>flowschemas</code> || | |||
|- | |||
| ReplicationController || <code>replicationcontrollers</code> || <code>rc</code> || PriorityLevelConfiguration || <code>prioritylevelconfigurations</code> || | |||
|- | |||
| ResourceQuota || <code>resourcequotas</code> || <code>quota</code> || NodeMetrics || <code>nodes</code> || | |||
|- | |||
| Secret || <code>secrets</code> || || PodMetrics || <code>pods</code> || | |||
|- | |||
| ServiceAccount || <code>serviceaccounts</code> || <code>sa</code> || IngressClass || <code>ingressclasses</code> || | |||
|- | |||
| Service || <code>services</code> || <code>svc</code> || Ingress || <code>ingresses</code> || <code>ing</code> | |||
|- | |||
| MutatingWebhookConfiguration || <code>mutatingwebhookconfigurations</code> || || NetworkPolicy || <code>networkpolicies</code> || <code>netpol</code> | |||
|- | |||
| ValidatingAdmissionPolicy || <code>validatingadmissionpolicies</code> || || RuntimeClass || <code>runtimeclasses</code> || | |||
|- | |||
| ValidatingAdmissionPolicyBinding || <code>validatingadmissionpolicybindings</code> || || PodDisruptionBudget || <code>poddisruptionbudgets</code> || <code>pdb</code> | |||
|- | |||
| ValidatingWebhookConfiguration || <code>validatingwebhookconfigurations</code> || || ClusterRoleBinding || <code>clusterrolebindings</code> || | |||
|- | |||
| CustomResourceDefinition || <code>customresourcedefinitions</code> || <code>crd,crds</code> || ClusterRole || <code>clusterroles</code> || | |||
|- | |||
| APIService || <code>apiservices</code> || || RoleBinding || <code>rolebindings</code> || | |||
|- | |||
| ControllerRevision || <code>controllerrevisions</code> || || Role || <code>roles</code> || | |||
|- | |||
| DaemonSet || <code>daemonsets</code> || <code>ds</code> || PriorityClass || <code>priorityclasses</code> || <code>pc</code> | |||
|- | |||
| Deployment || <code>deployments</code> || <code>deploy</code> || CSIDriver || <code>csidrivers</code> || | |||
|- | |||
| ReplicaSet || <code>replicasets</code> || <code>rs</code> || CSINode || <code>csinodes</code> || | |||
|- | |||
| StatefulSet || <code>statefulsets</code> || <code>sts</code> || CSIStorageCapacity || <code>csistoragecapacities</code> || | |||
|- | |||
| SelfSubjectReview || <code>selfsubjectreviews</code> || || StorageClass || <code>storageclasses</code> || <code>sc</code> | |||
|- | |||
| TokenReview || <code>tokenreviews</code> || || VolumeAttachment || <code>volumeattachments</code> || | |||
|} | |||
==Knowledge== | ==Knowledge== | ||
Line 118: | Line 219: | ||
|valign='top'| | |valign='top'| | ||
sudo lsof -i -P -n | grep LISTEN | sudo lsof -i -P -n | grep LISTEN | ||
kubectl describe service academia -n academia | |||
kubectl describe service academia-auth -n academia | |||
nslookup '''<service-name>'''.'''<namespace>'''.svc.<cluster-domain> | |||
|valign='top'| | |||
nslookup '''<service-name>'''.'''<namespace>'''.svc.cluster.local | |||
nslookup '''academia-auth'''.'''academia'''.svc.cluster.local | |||
kubectl get all -n ingress-nginx | |||
apk add inetutils-telnet | |||
|- | |||
|colspan='3'| | |||
---- | |||
|- | |||
|valign='top'| | |||
<syntaxhighlight lang="bash"> | |||
kubectl config set-context minikube --cluster=minikue | |||
kubectl config set-context minikube | |||
kubectl config get-contexts | |||
kubectl config get-clusters | |||
kubectl config view | |||
</syntaxhighlight> | |||
|valign='top'| | |||
|valign='top'| | |valign='top'| | ||
Line 138: | Line 265: | ||
| valign="top" | | | valign="top" | | ||
* [https://medium.com/kubernetes-tutorials/kubernetes-dns-for-services-and-pods-664804211501 K8s » DNS for Services and Pods] | |||
* [https://stackoverflow.com/questions/50952240/ K8s » Connect to Host Database] | |||
* [https://georgepaw.medium.com/how-to-run-the-cheapest-kubernetes-cluster-at-1-per-day-9287abb90cee K8s » Cheapest Cluster $1/Day] | |||
* [https://stackoverflow.com/questions/57764237 K8s » Ingress » ExternalName] | |||
* [https://cert-manager.io/docs/ K8s » Ingress » Cert Manager] | |||
* [https://www.keycloak.org/server/hostname K8s » Keycloak » Hostname] | * [https://www.keycloak.org/server/hostname K8s » Keycloak » Hostname] | ||
* [https://getbetterdevops.io/k8s-ingress-with-letsencrypt/ K8s » Ingress » Letsencrypt] | |||
* [https://medium.com/@pczarkowski/kubernetes-tip-run-an-interactive-pod-d701766a12 K8s » Interactive Pod] | |||
* [https://spacelift.io/blog/restart-kubernetes-pods-with-kubectl K8s » Restart Pods] | |||
* [https://docs.k8slens.dev/getting-started/install-lens/ K8s » Lens] | |||
| valign="top" | | | valign="top" | | ||
* [https://www.alibabacloud.com/blog/pause-resume-and-scale-kubernetes-deployments_595019 K8s » Pause, Resume and Scale Deployments] | |||
* [https://stackoverflow.com/questions/72465216/ K8s » Resources Short Names] | |||
* [https://min.io/docs/minio/kubernetes/upstream/index.html K8s » MinIO] | |||
|- | |- | ||
Line 158: | Line 297: | ||
| valign="top" | | | valign="top" | | ||
* [https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/ <code>kubectl</code> » Extend with plugins] | |||
* [https://security.snyk.io/ Snyk Vulnerability DB] | * [https://security.snyk.io/ Snyk Vulnerability DB] | ||
* [[Linuxbrew]] | |||
* [https://sysdig.com/ Sysdig] | * [https://sysdig.com/ Sysdig] | ||
* [[EKSctl]] | |||
| valign="top" | | | valign="top" | | ||
|} | |} |
Latest revision as of 08:12, 16 August 2024
brew info kubectl
brew search kubectl
brew install kubectl
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key\
| sudo tee /etc/apt/keyrings/kubernetes.asc >/dev/null
cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/kubernetes.asc]\
https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /
EOF
echo 'apt-get update;echo;apt list -a --upgradable'|sudo bash
echo 'apt-get install -y kubectl'|sudo bash
kubectl version --client --output=json|jq .
Kubeconfig
Kubernetes components like kubelet
, kube-controller-manager
, or kubectl
use the kubeconfig
file to interact with the Kubernetes API. Usually, the kubectl
or oc
commands use the kubeconfig
file.
The kubeconfig
file's default location for kubectl
or oc
is the ~/.kube
directory. Instead of using the full kubeconfig
name, the file is just named config. The default location of the kubeconfig
file is ~/.kube/config
. There are other ways to specify the kubeconfig
location, such as the KUBECONFIG
environment variable or the kubectl --kubeconfig
parameter.
The kubeconfig
file is a YAML file containing groups of clusters, users, and contexts.
- A cluster is a Kubernetes or OpenShift cluster.
- A user is a credential used to interact with the Kubernetes API.
- A context is a combination of a cluster and a user. Every time you execute an
oc
orkubectl
command, you reference a context insidekubeconfig
.
export KUBECONFIG=$HOME/.kube/chorke-academia-kubeconfig.yaml
chmod 600 $HOME/.kube/chorke-academia-kubeconfig.yaml
Kube Export
for n in $(kubectl get -o=name pvc,configmap,serviceaccount,\
secret,ingress,service,deployment,statefulset,hpa,job,cronjob);do
mkdir -p $(dirname $n); kubectl get -o=yaml --export $n > $n.yaml
done
for n in $(kubectl get -o=name pvc,configmap,ingress,service,secret,\
deployment,statefulset,hpa,job,cronjob | grep -v 'secret/default-token');do
kubectl get -o=yaml --export $n > $(dirname $n)_$(basename $n).yaml
done
Swiss Knife
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
kubectl run -i --tty --rm debug --image=alpine --restart=Never -- sh
apk add inetutils-telnet
kubectl config view --minify -o jsonpath='{.clusters[].name}'
kubectl cluster-info
kubectl config view
K8s Lens
# install from snapcraft
sudo snap install kontena-lens --classic
# license version
curl -fsSL https://downloads.k8slens.dev/keys/gpg\
| sudo gpg --dearmor -o /etc/apt/keyrings/k8slens.gpg
cat << EOF | sudo tee /etc/apt/sources.list.d/k8slens.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/k8slens.gpg]\
https://downloads.k8slens.dev/apt/debian stable main
EOF
sudo apt install lens
lens-desktop
Shortnames
kubectl api-resources
Kind | Name | Shortnames | Kind | Name | Shortnames | |
---|---|---|---|---|---|---|
Binding | bindings |
LocalSubjectAccessReview | localsubjectaccessreviews |
|||
ComponentStatus | componentstatuses |
cs |
SelfSubjectAccessReview | selfsubjectaccessreviews |
||
ConfigMap | configmaps |
cm |
SelfSubjectRulesReview | selfsubjectrulesreviews |
||
Endpoints | endpoints |
ep |
SubjectAccessReview | subjectaccessreviews |
||
Event | events |
ev |
HorizontalPodAutoscaler | horizontalpodautoscalers |
hpa
| |
LimitRange | limitranges |
limits |
CronJob | cronjobs |
cj
| |
Namespace | namespaces |
ns |
Job | jobs |
||
Node | nodes |
no |
CertificateSigningRequest | certificatesigningrequests |
csr
| |
PersistentVolumeClaim | persistentvolumeclaims |
pvc |
Lease | leases |
||
PersistentVolume | persistentvolumes |
pv |
EndpointSlice | endpointslices |
||
Pod | pods |
po |
Event | events |
ev
| |
PodTemplate | podtemplates |
FlowSchema | flowschemas |
|||
ReplicationController | replicationcontrollers |
rc |
PriorityLevelConfiguration | prioritylevelconfigurations |
||
ResourceQuota | resourcequotas |
quota |
NodeMetrics | nodes |
||
Secret | secrets |
PodMetrics | pods |
|||
ServiceAccount | serviceaccounts |
sa |
IngressClass | ingressclasses |
||
Service | services |
svc |
Ingress | ingresses |
ing
| |
MutatingWebhookConfiguration | mutatingwebhookconfigurations |
NetworkPolicy | networkpolicies |
netpol
| ||
ValidatingAdmissionPolicy | validatingadmissionpolicies |
RuntimeClass | runtimeclasses |
|||
ValidatingAdmissionPolicyBinding | validatingadmissionpolicybindings |
PodDisruptionBudget | poddisruptionbudgets |
pdb
| ||
ValidatingWebhookConfiguration | validatingwebhookconfigurations |
ClusterRoleBinding | clusterrolebindings |
|||
CustomResourceDefinition | customresourcedefinitions |
crd,crds |
ClusterRole | clusterroles |
||
APIService | apiservices |
RoleBinding | rolebindings |
|||
ControllerRevision | controllerrevisions |
Role | roles |
|||
DaemonSet | daemonsets |
ds |
PriorityClass | priorityclasses |
pc
| |
Deployment | deployments |
deploy |
CSIDriver | csidrivers |
||
ReplicaSet | replicasets |
rs |
CSINode | csinodes |
||
StatefulSet | statefulsets |
sts |
CSIStorageCapacity | csistoragecapacities |
||
SelfSubjectReview | selfsubjectreviews |
StorageClass | storageclasses |
sc
| ||
TokenReview | tokenreviews |
VolumeAttachment | volumeattachments |
Knowledge
kubectl get deployment -A kubectl get configmap -A kubectl get service -A kubectl get secret -A kubectl get event -A kubectl get pod -A |
kubectl config --kubeconfig=./demo-config view --minify kubectl config view --minify kubectl config view kubectl get -n=argocd -o=yaml secret argocd-initial-admin-secret echo RE83Uk81QTU5clZyLTlsdg== | base64 --decode |
kubectl get pod academia-<hash> -n chorke -o yaml kubectl describe pod academia-<hash> -n chorke kubectl logs pod academia-<hash> -n chorke -p kubectl delete pod academia-<hash> -n chorke kubectl edit pod academia-<hash> -n chorke kubectl get pod academia-<hash> -n chorke |
| ||
kubectl get -n=argocd configmap kubectl get -n=argocd deployment kubectl get -n=argocd service kubectl get -n=argocd secret kubectl get -n=argocd event kubectl get -n=argocd pod |
kubectl edit -n=argocd configmap argocd-rbac-cm kubectl edit -n=argocd configmap argocd-cm kubectl edit -n=argocd deployment argocd-redis kubectl edit -n=argocd service argocd-redis kubectl edit -n=argocd secret argocd-secret kubectl edit -n=argocd pod argocd-app-ctrl-0 |
kubectl get -n=argocd -o=yaml configmap argocd-rbac-cm kubectl get -n=argocd -o=yaml configmap argocd-cm kubectl get -n=argocd -o=yaml deployment argocd-redis kubectl get -n=argocd -o=yaml service argocd-redis kubectl get -n=argocd -o=yaml secret argocd-secret kubectl get -n=argocd -o=yaml pod argocd-app-ctrl-0 |
| ||
sudo ss -tulwn | grep LISTEN sudo ss -tulpn | grep LISTEN sudo ss -tulpn | grep LISTEN | grep sshd sudo ss -tulpn | grep LISTEN | grep minio sudo ss -tulpn | grep LISTEN | grep resolve |
sudo lsof -i -P -n | grep LISTEN kubectl describe service academia -n academia kubectl describe service academia-auth -n academia nslookup <service-name>.<namespace>.svc.<cluster-domain> |
nslookup <service-name>.<namespace>.svc.cluster.local nslookup academia-auth.academia.svc.cluster.local kubectl get all -n ingress-nginx apk add inetutils-telnet |
| ||
kubectl config set-context minikube --cluster=minikue
kubectl config set-context minikube
kubectl config get-contexts
kubectl config get-clusters
kubectl config view
|
References
| ||