k8s kubernetes cheat sheet
Kubernetes Cheat Sheet¶
Create a yaml file to get started¶
kubectl run redis --image=redis --dry-run=client -o yaml > redis-definition.yaml
kubectl get events -o wide
kebectl get po -o wide
Create pod and expose with service of type ClusterIp¶
ReplicaSets commands¶
kubectl get replicasets
kubectl get rs
kubectl describe replicasets new-replica-set
kubectl explain replicaset | grep VERSION
kubectl explain rs
kubectl edit replicaset new-replica-set
kubectl scale rs new-replica-set --replicas=2
Kubernetes get everything¶
kubectl Usage Conventions¶
Create an NGINX Pod¶
Generate POD Manifest YAML file (-o yaml). Don't create it(--dry-run)¶
Create a deployment¶
deployment commands¶
kubectl expose deployment nginx --port=80
kubectl edit deployment nginx
kubectl scale deployment nginx --replicas=5
kubectl set image deployment nginx nginx=nginx:1.18
Generate Deployment YAML file¶
kubectl create deployment --image=nginx nginx --dry-run=client -o yaml
kubectl create deployment --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml
Generate Deployment YAML file with --replicas¶
kubectl create deployment --image=nginx nginx --replicas=4 --dry-run=client -o yaml > nginx-deployment.yaml
Create nodeport service template¶
kubectl create service nodeport webapp-service --tcp=8080:8080 --node-port=30080 --dry-run=client -o yaml
Service commands¶
kubectl get service
kubectl get svc
kubectl describe service kubernetes
kubectl expose pod redis --port=6379 --name redis-service --dry-run=client -o yaml #Create a Service named redis-service of type ClusterIP to expose pod redis on port 6379
kubectl create service nodeport webapp-service --tcp=8080:8080 --node-port=30080 --dry-run=client -o yaml > service.yml
kubectl create service clusterip redis --tcp=6379:6379 --dry-run=client -o yaml #Create a Service named redis-service of type ClusterIP to expose pod redis on port 6379
kubectl expose pod nginx --type=NodePort --port=80 --name=nginx-service --dry-run=client -o yaml #Create a Service named nginx of type NodePort to expose pod nginx's port 80 on port 30080 on the nodes
namespace commands¶
kubectl get ns
kubectl get namespace
kubectl get namespaces
kubectl create namespace dev
kubectl create namespace dev --dry-run=client -o yaml
kubectl get po --namespace=dev
kubectl get po -n=dev
kubectl config set-context $(kubectl config current-context) --namespace=dev # permanently change current namespace context
kubectl get pods --all-namespaces
kubectl get po -A
work with files¶
kubectl create -f nginx.yml
kubectl replace -f nginx.yml
kubectl replace --force -f nginx.yml
kubectl delete -f nginx.yml
# Apply command is declarative approach, it will figure out itself how to do
kubectl apply -f nginx.yml
add label¶
filtering and using selectors¶
kubectl get po --selector app=App1
kubectl get po --selector env=prod,bu=finance,tier=frontend
kubectl get po --selector app=App1 --no-headers | wc -l
Taints and Toleration¶
Nodes can be taint and pods can be tolerant
taint effect can be NoSchedule | PreferNoSchedule | NoExecute
kubectl taint nodes node-name key=value:taint-effect
kubectl taint nodes node-name app=blue:NoSchedule
kubectl describe node kubermaster | grep Taint
# Remove Taint from node
kubectl taint nodes controlplane key=value:NoSchedule-
Port Forwarding to local machine to test deployment and pods, works with remote kubernetes deployments also¶
k port-forward svc/<service-name> local-machine-port:target-port
# or
k port-forward <pod-name> local-machine-port:target-port
Node selector¶
DaemonSets¶
Static Pods¶
Basic monitoring¶
Basic Logging¶
Rollout and Rollback¶
kubectl rollout status deployment/myapp
kubectl rollout history deployment/myapp
kubectl rollout undo deployment/myapp
kubectl get replicasets
ConfigMaps¶
kubectl get configmap
kubectl get cm
kubectl describe configmaps db-config
kubectl create configmap webapp-config-map --from-literal=APP_COLOR=darkblue
kubectl create configmap webapp-config-map --from-literal=APP_COLOR=darkblue --from-literal=APP_BACKGROUND=pink
ConfigMaps¶
echo -n "mysql" | base64
echo -n "bx1cZax=" | base64 --decode
kubectl get secrets
kubectl describe secrets
kubectl describe secrets db-config
kubectl create secret generic webapp-config-map --from-literal=APP_COLOR=darkblue
kubectl create secret generic webapp-config-map --from-literal=APP_COLOR=darkblue --from-literal=APP_BACKGROUND=pink
execute commands¶
Os Upgrades % Cluster Upgrade¶
kubectl drain node01 --ignore-daemonsets #take out all pods in node so that node can go down for maintainance
kubectl uncordon node01 #bring back node
kubectl cordon node01 #do not create new pods
# Upgrade cluster
kubectl cordon controlplane
apt-get update
kubeadm upgrade plan
https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade/
apt-mark unhold kubeadm && apt-get update && apt-get install -y kubeadm=1.26.1-00 && apt-mark hold kubeadm
kubeadm upgrade node # only for worker nodes
kubeadm upgrade plan
kubeadm upgrade apply v1.26.0
apt search kubelet
apt upgrade kubelet=1.26.1-00
k get no
systemctl daemon-reload
systemctl restart kubelet
k get no
kubectl uncordon controlplane
Backup¶
kubectl get all --all-namespaces -0 yaml > all-deploy-services.yaml
etcdctl --version
kubectl get po -n=kube-system
kubectl describe pod etcd-controlplane -n kube-system
export ETCDCTL_API=3 # when working with etcdctl
etcdctl snapshot save -h
kubectl -n kube-system describe pod etcd-controlplane | grep '\--listen-client-urls' --listen-client-urls=https://127.0.0.1:2379,https://192.50.67.3:2379
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /opt/snapshot-pre-boot.db
ETCDCTL_API=3 etcdctl --data-dir /var/lib/etcd-from-backup \
snapshot restore /opt/snapshot-pre-boot.db
watch "crictl ps | grep etcd"
etcdctl snapshot restore -h
cluster config¶
Certificate Signing Request CSR¶
kubectl get csr
kubectl certificate approve <username>
kubectl get csr <username> -o yaml
kubectl certificate deny <username>
kubectl delete csr agent-smith
Config, user , permissions¶
kubectl config current-context --kubeconfig my-kube-config
kubectl config --kubeconfig=/root/my-kube-config use-context research
kubectl config --kubeconfig=/root/my-kube-config current-context
Authorization¶
kubectl get roles
kubectl get rolebindings
kubectl describe role developer
kubectl describe rolebindings <developer-role-binding>
# check if you have access
kubectl auth can-i create deployment
kubectl auth can-i delete nodes
kubectl auth can-i create deployment --as dev-user
kubectl auth can-i delete nodes --as dev-user
kubectl create role developer --namespace=default --verb=list,create,delete --resource=pods
kubectl create rolebinding dev-user-binding --namespace=default --role=developer --user=dev-user
kubectl create role developer --namespace=default --verb=list,create,delete --resource=pods --dry-run=client -o yaml > lab1.yml
kubectl create rolebinding dev-user-binding --namespace=default --role=developer --user=dev-user --dry-run=client -o yaml > lab2.yml
kubectl edit role developer -n blue
Namespace¶
Service Account¶
kubectl create serviceaccount dashboard-sa
kubectl get serviceaccount
kubectl describe serviceaccount dashboard-sa
kubectl describe secret dashboard-sa-token
Kubernetes Tool: kubectx & kubens¶
kubectx - change k8s context fast
kubens - change namespace fast
Install
Kubernetes Tool: kube-ps1¶
kubeon : turn on kube-ps1 status for this shell. Takes precedence over
global setting for current session
kubeon -g : turn on kube-ps1 status globally
kubeoff : turn off kube-ps1 status for this shell. Takes precedence over
global setting for current session
kubeoff -g : turn off kube-ps1 status globally