Kubectl: Difference between revisions
Jump to navigation
Jump to search
Line 76: | Line 76: | ||
==Abbreviation== | ==Abbreviation== | ||
kubectl api-resources | |||
{|class="wikitable" | |||
|- | |||
!scope="col"| Kind !!scope="col"| Name !!scope="col"| Shortnames | |||
|rowspan="32"| | |||
!scope="col"| Kind !!scope="col"| Name !!scope="col"| Shortnames | |||
|- | |||
| Binding || <code>bindings</code> || || LocalSubjectAccessReview || <code>localsubjectaccessreviews</code> || | |||
|- | |||
| ComponentStatus || <code>componentstatuses</code> || <code>cs</code> || SelfSubjectAccessReview || <code>selfsubjectaccessreviews</code> || | |||
|- | |||
| ConfigMap || <code>configmaps</code> || <code>cm</code> || SelfSubjectRulesReview || <code>selfsubjectrulesreviews</code> || | |||
|- | |||
| Endpoints || <code>endpoints</code> || <code>ep</code> || SubjectAccessReview || <code>subjectaccessreviews</code> || | |||
|- | |||
| Event || <code>events</code> || <code>ev</code> || HorizontalPodAutoscaler || <code>horizontalpodautoscalers</code> || <code>hpa</code> | |||
|- | |||
| LimitRange || <code>limitranges</code> || <code>limits</code> || CronJob || <code>cronjobs</code> || <code>cj</code> | |||
|- | |||
| Namespace || <code>namespaces</code> || <code>ns</code> || Job || <code>jobs</code> || | |||
|- | |||
| Node || <code>nodes</code> || <code>no</code> || CertificateSigningRequest || <code>certificatesigningrequests</code> || <code>csr</code> | |||
|- | |||
| PersistentVolumeClaim || <code>persistentvolumeclaims</code> || <code>pvc</code> || Lease || <code>leases</code> || | |||
|- | |||
| PersistentVolume || <code>persistentvolumes</code> || <code>pv</code> || EndpointSlice || <code>endpointslices</code> || | |||
|- | |||
| Pod || <code>pods</code> || <code>po</code> || Event || <code>events</code> || <code>ev</code> | |||
|- | |||
| PodTemplate || <code>podtemplates</code> || || FlowSchema || <code>flowschemas</code> || | |||
|- | |||
| ReplicationController || <code>replicationcontrollers</code> || <code>rc</code> || PriorityLevelConfiguration || <code>prioritylevelconfigurations</code> || | |||
|- | |||
| ResourceQuota || <code>resourcequotas</code> || <code>quota</code> || NodeMetrics || <code>nodes</code> || | |||
|- | |||
| Secret || <code>secrets</code> || || PodMetrics || <code>pods</code> || | |||
|- | |||
| ServiceAccount || <code>serviceaccounts</code> || <code>sa</code> || IngressClass || <code>ingressclasses</code> || | |||
|- | |||
| Service || <code>services</code> || <code>svc</code> || Ingress || <code>ingresses</code> || <code>ing</code> | |||
|- | |||
| MutatingWebhookConfiguration || <code>mutatingwebhookconfigurations</code> || || NetworkPolicy || <code>networkpolicies</code> || <code>netpol</code> | |||
|- | |||
| ValidatingAdmissionPolicy || <code>validatingadmissionpolicies</code> || || RuntimeClass || <code>runtimeclasses</code> || | |||
|- | |||
| ValidatingAdmissionPolicyBinding || <code>validatingadmissionpolicybindings</code> || || PodDisruptionBudget || <code>poddisruptionbudgets</code> || <code>pdb</code> | |||
|- | |||
| ValidatingWebhookConfiguration || <code>validatingwebhookconfigurations</code> || || ClusterRoleBinding || <code>clusterrolebindings</code> || | |||
|- | |||
| CustomResourceDefinition || <code>customresourcedefinitions</code> || <code>crd,crds</code> || ClusterRole || <code>clusterroles</code> || | |||
|- | |||
| APIService || <code>apiservices</code> || || RoleBinding || <code>rolebindings</code> || | |||
|- | |||
| ControllerRevision || <code>controllerrevisions</code> || || Role || <code>roles</code> || | |||
|- | |||
| DaemonSet || <code>daemonsets</code> || <code>ds</code> || PriorityClass || <code>priorityclasses</code> || <code>pc</code> | |||
|- | |||
| Deployment || <code>deployments</code> || <code>deploy</code> || CSIDriver || <code>csidrivers</code> || | |||
|- | |||
| ReplicaSet || <code>replicasets</code> || <code>rs</code> || CSINode || <code>csinodes</code> || | |||
|- | |||
| StatefulSet || <code>statefulsets</code> || <code>sts</code> || CSIStorageCapacity || <code>csistoragecapacities</code> || | |||
|- | |||
| SelfSubjectReview || <code>selfsubjectreviews</code> || || StorageClass || <code>storageclasses</code> || <code>sc</code> | |||
|- | |||
| TokenReview || <code>tokenreviews</code> || || VolumeAttachment || <code>volumeattachments</code> || | |||
|} | |||
==Knowledge== | ==Knowledge== |
Revision as of 09:36, 5 June 2024
sudo curl -fsSLo /etc/apt/keyrings/kubernetes-archive-keyring.gpg\
https://packages.cloud.google.com/apt/doc/apt-key.gpg
cat << EOF | sudo tee /etc/apt/sources.list.d/kubernetes.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/kubernetes-archive-keyring.gpg]\
https://apt.kubernetes.io/ kubernetes-xenial main
EOF
sudo apt update
sudo apt install kubectl
Kubeconfig
Kubernetes components like kubelet
, kube-controller-manager
, or kubectl
use the kubeconfig
file to interact with the Kubernetes API. Usually, the kubectl
or oc
commands use the kubeconfig
file.
The kubeconfig
file's default location for kubectl
or oc
is the ~/.kube
directory. Instead of using the full kubeconfig
name, the file is just named config. The default location of the kubeconfig
file is ~/.kube/config
. There are other ways to specify the kubeconfig
location, such as the KUBECONFIG
environment variable or the kubectl --kubeconfig
parameter.
The kubeconfig
file is a YAML file containing groups of clusters, users, and contexts.
- A cluster is a Kubernetes or OpenShift cluster.
- A user is a credential used to interact with the Kubernetes API.
- A context is a combination of a cluster and a user. Every time you execute an
oc
orkubectl
command, you reference a context insidekubeconfig
.
export KUBECONFIG=$HOME/.kube/chorke-academia-kubeconfig.yaml
chmod 600 $HOME/.kube/chorke-academia-kubeconfig.yaml
Kube Export
for n in $(kubectl get -o=name pvc,configmap,serviceaccount,\
secret,ingress,service,deployment,statefulset,hpa,job,cronjob);do
mkdir -p $(dirname $n); kubectl get -o=yaml --export $n > $n.yaml
done
for n in $(kubectl get -o=name pvc,configmap,ingress,service,secret,\
deployment,statefulset,hpa,job,cronjob | grep -v 'secret/default-token');do
kubectl get -o=yaml --export $n > $(dirname $n)_$(basename $n).yaml
done
Switch Knife
kubectl run -i --tty --rm debug --image=busybox --restart=Never -- sh
kubectl run -i --tty --rm debug --image=alpine --restart=Never -- sh
apk add inetutils-telnet
kubectl config view --minify -o jsonpath='{.clusters[].name}'
kubectl cluster-info
kubectl config view
K8s Lens
# install from snapcraft
sudo snap install kontena-lens --classic
# license version
curl -fsSL https://downloads.k8slens.dev/keys/gpg\
| sudo gpg --dearmor -o /etc/apt/keyrings/k8slens.gpg
cat << EOF | sudo tee /etc/apt/sources.list.d/k8slens.list >/dev/null
deb [arch=$(dpkg --print-architecture)\
signed-by=/etc/apt/keyrings/k8slens.gpg]\
https://downloads.k8slens.dev/apt/debian stable main
EOF
sudo apt install lens
lens-desktop
Abbreviation
kubectl api-resources
Kind | Name | Shortnames | Kind | Name | Shortnames | |
---|---|---|---|---|---|---|
Binding | bindings |
LocalSubjectAccessReview | localsubjectaccessreviews |
|||
ComponentStatus | componentstatuses |
cs |
SelfSubjectAccessReview | selfsubjectaccessreviews |
||
ConfigMap | configmaps |
cm |
SelfSubjectRulesReview | selfsubjectrulesreviews |
||
Endpoints | endpoints |
ep |
SubjectAccessReview | subjectaccessreviews |
||
Event | events |
ev |
HorizontalPodAutoscaler | horizontalpodautoscalers |
hpa
| |
LimitRange | limitranges |
limits |
CronJob | cronjobs |
cj
| |
Namespace | namespaces |
ns |
Job | jobs |
||
Node | nodes |
no |
CertificateSigningRequest | certificatesigningrequests |
csr
| |
PersistentVolumeClaim | persistentvolumeclaims |
pvc |
Lease | leases |
||
PersistentVolume | persistentvolumes |
pv |
EndpointSlice | endpointslices |
||
Pod | pods |
po |
Event | events |
ev
| |
PodTemplate | podtemplates |
FlowSchema | flowschemas |
|||
ReplicationController | replicationcontrollers |
rc |
PriorityLevelConfiguration | prioritylevelconfigurations |
||
ResourceQuota | resourcequotas |
quota |
NodeMetrics | nodes |
||
Secret | secrets |
PodMetrics | pods |
|||
ServiceAccount | serviceaccounts |
sa |
IngressClass | ingressclasses |
||
Service | services |
svc |
Ingress | ingresses |
ing
| |
MutatingWebhookConfiguration | mutatingwebhookconfigurations |
NetworkPolicy | networkpolicies |
netpol
| ||
ValidatingAdmissionPolicy | validatingadmissionpolicies |
RuntimeClass | runtimeclasses |
|||
ValidatingAdmissionPolicyBinding | validatingadmissionpolicybindings |
PodDisruptionBudget | poddisruptionbudgets |
pdb
| ||
ValidatingWebhookConfiguration | validatingwebhookconfigurations |
ClusterRoleBinding | clusterrolebindings |
|||
CustomResourceDefinition | customresourcedefinitions |
crd,crds |
ClusterRole | clusterroles |
||
APIService | apiservices |
RoleBinding | rolebindings |
|||
ControllerRevision | controllerrevisions |
Role | roles |
|||
DaemonSet | daemonsets |
ds |
PriorityClass | priorityclasses |
pc
| |
Deployment | deployments |
deploy |
CSIDriver | csidrivers |
||
ReplicaSet | replicasets |
rs |
CSINode | csinodes |
||
StatefulSet | statefulsets |
sts |
CSIStorageCapacity | csistoragecapacities |
||
SelfSubjectReview | selfsubjectreviews |
StorageClass | storageclasses |
sc
| ||
TokenReview | tokenreviews |
VolumeAttachment | volumeattachments |
Knowledge
kubectl get deployment -A kubectl get configmap -A kubectl get service -A kubectl get secret -A kubectl get event -A kubectl get pod -A |
kubectl config --kubeconfig=./demo-config view --minify kubectl config view --minify kubectl config view kubectl get -n=argocd -o=yaml secret argocd-initial-admin-secret echo RE83Uk81QTU5clZyLTlsdg== | base64 --decode |
kubectl get pod academia-<hash> -n chorke -o yaml kubectl describe pod academia-<hash> -n chorke kubectl logs pod academia-<hash> -n chorke -p kubectl delete pod academia-<hash> -n chorke kubectl edit pod academia-<hash> -n chorke kubectl get pod academia-<hash> -n chorke |
| ||
kubectl get -n=argocd configmap kubectl get -n=argocd deployment kubectl get -n=argocd service kubectl get -n=argocd secret kubectl get -n=argocd event kubectl get -n=argocd pod |
kubectl edit -n=argocd configmap argocd-rbac-cm kubectl edit -n=argocd configmap argocd-cm kubectl edit -n=argocd deployment argocd-redis kubectl edit -n=argocd service argocd-redis kubectl edit -n=argocd secret argocd-secret kubectl edit -n=argocd pod argocd-app-ctrl-0 |
kubectl get -n=argocd -o=yaml configmap argocd-rbac-cm kubectl get -n=argocd -o=yaml configmap argocd-cm kubectl get -n=argocd -o=yaml deployment argocd-redis kubectl get -n=argocd -o=yaml service argocd-redis kubectl get -n=argocd -o=yaml secret argocd-secret kubectl get -n=argocd -o=yaml pod argocd-app-ctrl-0 |
| ||
sudo ss -tulwn | grep LISTEN sudo ss -tulpn | grep LISTEN sudo ss -tulpn | grep LISTEN | grep sshd sudo ss -tulpn | grep LISTEN | grep minio sudo ss -tulpn | grep LISTEN | grep resolve |
sudo lsof -i -P -n | grep LISTEN kubectl describe service academia -n academia kubectl describe service academia-auth -n academia nslookup <service-name>.<namespace>.svc.<cluster-domain> |
nslookup <service-name>.<namespace>.svc.cluster.local nslookup academia-auth.academia.svc.cluster.local kubectl get all -n ingress-nginx apk add inetutils-telnet |
References
| ||