Kubectl: Difference between revisions

From Chorke Wiki
Jump to navigation Jump to search
 
(29 intermediate revisions by the same user not shown)
Line 1: Line 1:
<source lang="bash">
<syntaxhighlight lang="bash">
sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg\
brew info kubectl
  https://packages.cloud.google.com/apt/doc/apt-key.gpg
brew search kubectl
brew install kubectl
</syntaxhighlight>
----
<syntaxhighlight lang="bash">
curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key\
  | sudo tee /etc/apt/keyrings/kubernetes.asc >/dev/null


cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null
cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
deb [arch=$(dpkg --print-architecture)\
  signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg]\
  signed-by=/etc/apt/keyrings/kubernetes.asc]\
  https://apt.kubernetes.io/ kubernetes-xenial main
  https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /
EOF
EOF


sudo apt update
echo 'apt-get update;echo;apt list -a --upgradable'|sudo bash
sudo apt install kubectl
echo 'apt-get install -y kubectl'|sudo bash
</source>
kubectl version --client --output=json|jq .
</syntaxhighlight>


==Kubeconfig==
==Kubeconfig==
Line 26: Line 33:




<source lang="bash">
<syntaxhighlight lang="bash">
export KUBECONFIG=$HOME/.kube/chorke-academia-kubeconfig.yaml
export KUBECONFIG=$HOME/.kube/chorke-academia-kubeconfig.yaml
chmod 600 $HOME/.kube/chorke-academia-kubeconfig.yaml
chmod 600 $HOME/.kube/chorke-academia-kubeconfig.yaml
</source>
</syntaxhighlight>


==Kube Export==
==Kube Export==
<source lang="bash">
<syntaxhighlight lang="bash">
for n in $(kubectl get -o=name pvc,configmap,serviceaccount,\
for n in $(kubectl get -o=name pvc,configmap,serviceaccount,\
secret,ingress,service,deployment,statefulset,hpa,job,cronjob);do
secret,ingress,service,deployment,statefulset,hpa,job,cronjob);do
     mkdir -p $(dirname $n); kubectl get -o=yaml --export $n > $n.yaml
     mkdir -p $(dirname $n); kubectl get -o=yaml --export $n > $n.yaml
done
done
</source>
</syntaxhighlight>
<source lang="bash">
<syntaxhighlight lang="bash">
for n in $(kubectl get -o=name pvc,configmap,ingress,service,secret,\
for n in $(kubectl get -o=name pvc,configmap,ingress,service,secret,\
deployment,statefulset,hpa,job,cronjob | grep -v 'secret/default-token');do
deployment,statefulset,hpa,job,cronjob | grep -v 'secret/default-token');do
     kubectl get -o=yaml --export $n > $(dirname $n)_$(basename $n).yaml
     kubectl get -o=yaml --export $n > $(dirname $n)_$(basename $n).yaml
done
done
</source>
</syntaxhighlight>


==Switch Knife==
==Swiss Knife==
<source lang="bash">
<syntaxhighlight lang="bash">
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
kubectl run -i --tty --rm debug --image=alpine  --restart=Never -- sh
kubectl run -i --tty --rm debug --image=alpine  --restart=Never -- sh
apk add inetutils-telnet


kubectl config view --minify -o jsonpath='{.clusters[].name}'
kubectl config view --minify -o jsonpath='{.clusters[].name}'
kubectl cluster-info
kubectl cluster-info
</source>
kubectl config view
</syntaxhighlight>
 
==K8s Lens==
<syntaxhighlight lang="bash">
# install from snapcraft
sudo snap install kontena-lens --classic
 
# license version
curl -fsSL https://downloads.k8slens.dev/keys/gpg\
| sudo gpg --dearmor -o /etc/apt/keyrings/k8slens.gpg
 
cat << EOF | sudo tee /etc/apt/sources.list.d/k8slens.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/k8slens.gpg]\
https://downloads.k8slens.dev/apt/debian stable main
EOF
 
sudo apt install lens
lens-desktop
</syntaxhighlight>
 
==Shortnames==
kubectl api-resources
 
{|class="wikitable"
|-
!scope="col"| Kind !!scope="col"| Name !!scope="col"| Shortnames
|rowspan="31"|
!scope="col"| Kind !!scope="col"| Name !!scope="col"| Shortnames
|-
| Binding                          || <code>bindings</code>                          ||                        ||  LocalSubjectAccessReview          || <code>localsubjectaccessreviews</code>        ||                   
|-
| ComponentStatus                  || <code>componentstatuses</code>                || <code>cs</code>        ||  SelfSubjectAccessReview          || <code>selfsubjectaccessreviews</code>        ||                   
|-
| ConfigMap                        || <code>configmaps</code>                        || <code>cm</code>        ||  SelfSubjectRulesReview            || <code>selfsubjectrulesreviews</code>          ||                   
|-
| Endpoints                        || <code>endpoints</code>                        || <code>ep</code>        ||  SubjectAccessReview              || <code>subjectaccessreviews</code>            ||                   
|-
| Event                            || <code>events</code>                            || <code>ev</code>        ||  HorizontalPodAutoscaler          || <code>horizontalpodautoscalers</code>        || <code>hpa</code>   
|-
| LimitRange                        || <code>limitranges</code>                      || <code>limits</code>    ||  CronJob                          || <code>cronjobs</code>                        || <code>cj</code>   
|-
| Namespace                        || <code>namespaces</code>                        || <code>ns</code>        ||  Job                              || <code>jobs</code>                            ||                   
|-
| Node                              || <code>nodes</code>                            || <code>no</code>        ||  CertificateSigningRequest        || <code>certificatesigningrequests</code>      || <code>csr</code>   
|-
| PersistentVolumeClaim            || <code>persistentvolumeclaims</code>            || <code>pvc</code>      ||  Lease                            || <code>leases</code>                          ||                   
|-
| PersistentVolume                  || <code>persistentvolumes</code>                || <code>pv</code>        ||  EndpointSlice                    || <code>endpointslices</code>                  ||                   
|-
| Pod                              || <code>pods</code>                              || <code>po</code>        ||  Event                            || <code>events</code>                          || <code>ev</code>   
|-
| PodTemplate                      || <code>podtemplates</code>                      ||                        ||  FlowSchema                        || <code>flowschemas</code>                      ||                   
|-
| ReplicationController            || <code>replicationcontrollers</code>            || <code>rc</code>        ||  PriorityLevelConfiguration        || <code>prioritylevelconfigurations</code>      ||                   
|-
| ResourceQuota                    || <code>resourcequotas</code>                    || <code>quota</code>    ||  NodeMetrics                      || <code>nodes</code>                            ||                   
|-
| Secret                            || <code>secrets</code>                          ||                        ||  PodMetrics                        || <code>pods</code>                            ||                   
|-
| ServiceAccount                    || <code>serviceaccounts</code>                  || <code>sa</code>        ||  IngressClass                      || <code>ingressclasses</code>                  ||                   
|-
| Service                          || <code>services</code>                          || <code>svc</code>      ||  Ingress                          || <code>ingresses</code>                        || <code>ing</code>   
|-
| MutatingWebhookConfiguration      || <code>mutatingwebhookconfigurations</code>    ||                        ||  NetworkPolicy                    || <code>networkpolicies</code>                  || <code>netpol</code>
|-
| ValidatingAdmissionPolicy        || <code>validatingadmissionpolicies</code>      ||                        ||  RuntimeClass                      || <code>runtimeclasses</code>                  ||                   
|-
| ValidatingAdmissionPolicyBinding  || <code>validatingadmissionpolicybindings</code> ||                        ||  PodDisruptionBudget              || <code>poddisruptionbudgets</code>            || <code>pdb</code>   
|-
| ValidatingWebhookConfiguration    || <code>validatingwebhookconfigurations</code>  ||                        ||  ClusterRoleBinding                || <code>clusterrolebindings</code>              ||                   
|-
| CustomResourceDefinition          || <code>customresourcedefinitions</code>        || <code>crd,crds</code>  ||  ClusterRole                      || <code>clusterroles</code>                    ||                   
|-
| APIService                        || <code>apiservices</code>                      ||                        ||  RoleBinding                      || <code>rolebindings</code>                    ||                   
|-
| ControllerRevision                || <code>controllerrevisions</code>              ||                        ||  Role                              || <code>roles</code>                            ||                   
|-
| DaemonSet                        || <code>daemonsets</code>                        || <code>ds</code>        ||  PriorityClass                    || <code>priorityclasses</code>                  || <code>pc</code>   
|-
| Deployment                        || <code>deployments</code>                      || <code>deploy</code>    ||  CSIDriver                        || <code>csidrivers</code>                      ||                   
|-
| ReplicaSet                        || <code>replicasets</code>                      || <code>rs</code>        ||  CSINode                          || <code>csinodes</code>                        ||                   
|-
| StatefulSet                      || <code>statefulsets</code>                      || <code>sts</code>      ||  CSIStorageCapacity                || <code>csistoragecapacities</code>            ||                   
|-
| SelfSubjectReview                || <code>selfsubjectreviews</code>                ||                        ||  StorageClass                      || <code>storageclasses</code>                  || <code>sc</code>   
|-
| TokenReview                      || <code>tokenreviews</code>                      ||                        ||  VolumeAttachment                  || <code>volumeattachments</code>                ||                   
|}


==Knowledge==
==Knowledge==
Line 121: Line 219:
|valign='top'|
|valign='top'|
  sudo lsof -i -P -n | grep LISTEN
  sudo lsof -i -P -n | grep LISTEN
  nslookup academia-auth.academia.svc.cluster.local
   
  nslookup <service-name>.<namespace>.svc.<cluster-domain>
kubectl describe service academia -n academia
kubectl describe service academia-auth -n academia
nslookup '''<service-name>'''.'''<namespace>'''.svc.<cluster-domain>
 
|valign='top'|
  nslookup '''<service-name>'''.'''<namespace>'''.svc.cluster.local
nslookup '''academia-auth'''.'''academia'''.svc.cluster.local
kubectl get all -n ingress-nginx
apk add inetutils-telnet
 
|-
|colspan='3'|
----
|-
|valign='top'|
<syntaxhighlight lang="bash">
kubectl config set-context  minikube --cluster=minikue
kubectl config set-context  minikube
kubectl config get-contexts
kubectl config get-clusters
kubectl config view
</syntaxhighlight>
 
|valign='top'|


|valign='top'|
|valign='top'|
Line 143: Line 265:


| valign="top" |
| valign="top" |
* [https://medium.com/kubernetes-tutorials/kubernetes-dns-for-services-and-pods-664804211501 K8s » DNS for Services and Pods]
* [https://stackoverflow.com/questions/50952240/ K8s » Connect to Host Database]
* [https://georgepaw.medium.com/how-to-run-the-cheapest-kubernetes-cluster-at-1-per-day-9287abb90cee  K8s » Cheapest Cluster $1/Day]
* [https://stackoverflow.com/questions/57764237 K8s » Ingress » ExternalName]
* [https://cert-manager.io/docs/ K8s » Ingress » Cert Manager]
* [https://www.keycloak.org/server/hostname K8s » Keycloak » Hostname]
* [https://www.keycloak.org/server/hostname K8s » Keycloak » Hostname]
* [https://getbetterdevops.io/k8s-ingress-with-letsencrypt/ K8s » Ingress » Letsencrypt]
* [https://medium.com/@pczarkowski/kubernetes-tip-run-an-interactive-pod-d701766a12 K8s » Interactive Pod]
* [https://spacelift.io/blog/restart-kubernetes-pods-with-kubectl K8s » Restart Pods]
* [https://docs.k8slens.dev/getting-started/install-lens/ K8s » Lens]


| valign="top" |
| valign="top" |
* [https://www.alibabacloud.com/blog/pause-resume-and-scale-kubernetes-deployments_595019 K8s » Pause, Resume and Scale Deployments]
* [https://stackoverflow.com/questions/72465216/ K8s » Resources Short Names]
* [https://min.io/docs/minio/kubernetes/upstream/index.html K8s » MinIO]


|-
|-
Line 163: Line 297:


| valign="top" |
| valign="top" |
* [https://kubernetes.io/docs/tasks/extend-kubectl/kubectl-plugins/ <code>kubectl</code> » Extend with plugins]
* [https://security.snyk.io/ Snyk Vulnerability DB]
* [https://security.snyk.io/ Snyk Vulnerability DB]
* [[Linuxbrew]]
* [https://sysdig.com/ Sysdig]
* [https://sysdig.com/ Sysdig]
* [[EKSctl]]


| valign="top" |
| valign="top" |


|}
|}

Latest revision as of 08:12, 16 August 2024

brew info kubectl
brew search kubectl
brew install kubectl

curl -fsSL https://pkgs.k8s.io/core:/stable:/v1.30/deb/Release.key\
 | sudo tee /etc/apt/keyrings/kubernetes.asc >/dev/null

cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/kubernetes.asc]\
 https://pkgs.k8s.io/core:/stable:/v1.30/deb/ /
EOF

echo 'apt-get update;echo;apt list -a --upgradable'|sudo bash
echo 'apt-get install -y kubectl'|sudo bash
kubectl version --client --output=json|jq .

Kubeconfig

Kubernetes components like kubelet, kube-controller-manager, or kubectl use the kubeconfig file to interact with the Kubernetes API. Usually, the kubectl or oc commands use the kubeconfig file.

The kubeconfig file's default location for kubectl or oc is the ~/.kube directory. Instead of using the full kubeconfig name, the file is just named config. The default location of the kubeconfig file is ~/.kube/config. There are other ways to specify the kubeconfig location, such as the KUBECONFIG environment variable or the kubectl --kubeconfig parameter.


The kubeconfig file is a YAML file containing groups of clusters, users, and contexts.

  • A cluster is a Kubernetes or OpenShift cluster.
  • A user is a credential used to interact with the Kubernetes API.
  • A context is a combination of a cluster and a user. Every time you execute an oc or kubectl command, you reference a context inside kubeconfig.


export KUBECONFIG=$HOME/.kube/chorke-academia-kubeconfig.yaml
chmod 600 $HOME/.kube/chorke-academia-kubeconfig.yaml

Kube Export

for n in $(kubectl get -o=name pvc,configmap,serviceaccount,\
secret,ingress,service,deployment,statefulset,hpa,job,cronjob);do
    mkdir -p $(dirname $n); kubectl get -o=yaml --export $n > $n.yaml
done

for n in $(kubectl get -o=name pvc,configmap,ingress,service,secret,\
deployment,statefulset,hpa,job,cronjob | grep -v 'secret/default-token');do
    kubectl get -o=yaml --export $n > $(dirname $n)_$(basename $n).yaml
done

Swiss Knife

kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
kubectl run -i --tty --rm debug --image=alpine  --restart=Never -- sh
apk add inetutils-telnet

kubectl config view --minify -o jsonpath='{.clusters[].name}'
kubectl cluster-info
kubectl config view

K8s Lens

# install from snapcraft
sudo snap install kontena-lens --classic

# license version
curl -fsSL https://downloads.k8slens.dev/keys/gpg\
| sudo gpg --dearmor -o /etc/apt/keyrings/k8slens.gpg

cat << EOF | sudo tee /etc/apt/sources.list.d/k8slens.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
 signed-by=/etc/apt/keyrings/k8slens.gpg]\
 https://downloads.k8slens.dev/apt/debian stable main
EOF

sudo apt install lens
lens-desktop

Shortnames

kubectl api-resources
Kind Name Shortnames Kind Name Shortnames
Binding bindings LocalSubjectAccessReview localsubjectaccessreviews
ComponentStatus componentstatuses cs SelfSubjectAccessReview selfsubjectaccessreviews
ConfigMap configmaps cm SelfSubjectRulesReview selfsubjectrulesreviews
Endpoints endpoints ep SubjectAccessReview subjectaccessreviews
Event events ev HorizontalPodAutoscaler horizontalpodautoscalers hpa
LimitRange limitranges limits CronJob cronjobs cj
Namespace namespaces ns Job jobs
Node nodes no CertificateSigningRequest certificatesigningrequests csr
PersistentVolumeClaim persistentvolumeclaims pvc Lease leases
PersistentVolume persistentvolumes pv EndpointSlice endpointslices
Pod pods po Event events ev
PodTemplate podtemplates FlowSchema flowschemas
ReplicationController replicationcontrollers rc PriorityLevelConfiguration prioritylevelconfigurations
ResourceQuota resourcequotas quota NodeMetrics nodes
Secret secrets PodMetrics pods
ServiceAccount serviceaccounts sa IngressClass ingressclasses
Service services svc Ingress ingresses ing
MutatingWebhookConfiguration mutatingwebhookconfigurations NetworkPolicy networkpolicies netpol
ValidatingAdmissionPolicy validatingadmissionpolicies RuntimeClass runtimeclasses
ValidatingAdmissionPolicyBinding validatingadmissionpolicybindings PodDisruptionBudget poddisruptionbudgets pdb
ValidatingWebhookConfiguration validatingwebhookconfigurations ClusterRoleBinding clusterrolebindings
CustomResourceDefinition customresourcedefinitions crd,crds ClusterRole clusterroles
APIService apiservices RoleBinding rolebindings
ControllerRevision controllerrevisions Role roles
DaemonSet daemonsets ds PriorityClass priorityclasses pc
Deployment deployments deploy CSIDriver csidrivers
ReplicaSet replicasets rs CSINode csinodes
StatefulSet statefulsets sts CSIStorageCapacity csistoragecapacities
SelfSubjectReview selfsubjectreviews StorageClass storageclasses sc
TokenReview tokenreviews VolumeAttachment volumeattachments

Knowledge

kubectl get deployment -A
kubectl get configmap -A
kubectl get service -A
kubectl get secret -A
kubectl get event -A
kubectl get pod -A

kubectl config --kubeconfig=./demo-config view --minify
kubectl config view --minify
kubectl config view

kubectl get -n=argocd -o=yaml secret argocd-initial-admin-secret
echo  RE83Uk81QTU5clZyLTlsdg== | base64 --decode

kubectl get pod academia-<hash> -n chorke -o yaml
kubectl describe pod academia-<hash> -n chorke
kubectl logs pod academia-<hash> -n chorke -p
kubectl delete pod academia-<hash> -n chorke
kubectl edit pod academia-<hash> -n chorke
kubectl get pod academia-<hash> -n chorke

kubectl get -n=argocd configmap
kubectl get -n=argocd deployment
kubectl get -n=argocd service
kubectl get -n=argocd secret
kubectl get -n=argocd event
kubectl get -n=argocd pod

kubectl edit -n=argocd configmap  argocd-rbac-cm
kubectl edit -n=argocd configmap  argocd-cm
kubectl edit -n=argocd deployment argocd-redis
kubectl edit -n=argocd service    argocd-redis
kubectl edit -n=argocd secret     argocd-secret
kubectl edit -n=argocd pod        argocd-app-ctrl-0

kubectl get -n=argocd -o=yaml configmap  argocd-rbac-cm
kubectl get -n=argocd -o=yaml configmap  argocd-cm
kubectl get -n=argocd -o=yaml deployment argocd-redis
kubectl get -n=argocd -o=yaml service    argocd-redis
kubectl get -n=argocd -o=yaml secret     argocd-secret
kubectl get -n=argocd -o=yaml pod        argocd-app-ctrl-0

sudo ss -tulwn | grep LISTEN
sudo ss -tulpn | grep LISTEN
sudo ss -tulpn | grep LISTEN | grep sshd
sudo ss -tulpn | grep LISTEN | grep minio
sudo ss -tulpn | grep LISTEN | grep resolve

sudo lsof -i -P -n | grep LISTEN

kubectl describe service academia -n academia 
kubectl describe service academia-auth -n academia 
nslookup <service-name>.<namespace>.svc.<cluster-domain>

nslookup <service-name>.<namespace>.svc.cluster.local
nslookup academia-auth.academia.svc.cluster.local

kubectl get all -n ingress-nginx
apk add inetutils-telnet

kubectl config set-context  minikube --cluster=minikue
kubectl config set-context  minikube
kubectl config get-contexts
kubectl config get-clusters
kubectl config view

References

Retrieved from "https://cdn.chorke.org/weke/index.php?title=Kubectl&oldid=12591"