Kubernetes
Alternative interfaces
Set up short names for contexts
-
Open
~/.kube.config
-
Modify
contexts
section:contexts:- context:cluster: cluster1user: cluster1name: dev- context:cluster: cluster2namespace: namespace1user: cluster2name: namespace1- context:cluster: cluster3namespace: dbuser: cluster3name: prodcurrent-context: prod
Use specific context (i.e. cluster)
kubectl config use-context <context>
List namespaces
kubectl get ns
Set namespace
This will also update the relevant context’s namespace
value in the ~/.kube/config
file.
kubectl config set-context --current --namespace=<namespace>
List everything
kubectl get all
function k_get_all () { for i in $(kubectl api-resources --verbs=list --namespaced -o name | \ grep -v "events.events.k8s.io" | grep -v "events" | sort | uniq); do kubectl get --show-kind --ignore-not-found ${i}; done}
Show pod logs
kubectl logs pod/<pod>
Use ‘helm upgrade’ to install new version of a chart
This is far simpler than a more complex helm install
command with tons of --set
options.
helm upgrade <release name> <chart name> --reuse-values
More information here.
Get secret with a dot in its name
The normal access would be something like this:
kubectl get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d
But doing the same thing for a secret with a dot in its name wouldn’t work, thus:
kubectl get secret docker-config -o jsonpath="{.data.\.dockerconfigjson}" | base64 -d
An alternative would be to use go-template
:
kubectl get secret docker-config -o 'go-template={{index .data ".dockerconfigjson"}}' | base64 -d
List permissions
kubectl auth can-i --list
List all unique images
kubectl get nodes \ -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{range .status.images[*]}{"\t"}{.names[0]}{"\n"}{end}{end}' | \ awk -F '@' '{print $1}' | \ awk '{$1=$1;print}' | \ sort -u
Debug node with ‘crictl’
-
List nodes:
kubectl get nodes
-
Deploy debugging pod to node:
kubectl debug node/mynode -it --image=ubuntu
-
Refresh packages and install
curl
:apt update && apt install curl -y
-
Install
crictl
:Terminal window VER="v1.31.1"curl -sL https://github.com/kubernetes-sigs/cri-tools/releases/download/${VER}/crictl-${VER}-linux-amd64.tar.gz | \tar xzf - -C /usr/local/bin && \export \CONTAINER_RUNTIME_ENDPOINT=unix:///host/run/containerd/containerd.sock \IMAGE_SERVICE_ENDPOINT=unix:///host/run/containerd/containerd.sock
More information here and here.
Trigger an External Secret refresh
kubectl annotate es my-secret force-sync=$(date +%s) --overwrite
More information here.