Kubernetes

Note

These are currently specific to kubectl and there are tons more here.

Alternative interfaces

Click

K9s

Kty

Set up short names for contexts

1. Open ~/.kube.config

2. Modify contexts section:

   contexts:
   - context:
       cluster: cluster1
       user: cluster1
     name: dev
   - context:
       cluster: cluster2
       namespace: namespace1
       user: cluster2
     name: namespace1
   - context:
       cluster: cluster3
       namespace: db
       user: cluster3
     name: prod
   current-context: prod

Use specific context (i.e. cluster)

kubectl config use-context <context>

List namespaces

kubectl get ns

Set namespace

This will also update the relevant context’s namespace value in the ~/.kube/config file.

kubectl config set-context --current --namespace=<namespace>

List everything

Naive approach

kubectl get all

Actually list everything

function k_get_all () {
    for i in $(kubectl api-resources --verbs=list --namespaced -o name | \
        grep -v "events.events.k8s.io" | grep -v "events" | sort | uniq); do
            kubectl get --show-kind --ignore-not-found ${i};
    done
}

Note

May take awhile

Show pod logs

kubectl logs pod/<pod>

Use ‘helm upgrade’ to install new version of a chart

This is far simpler than a more complex helm install command with tons of --set options.

helm upgrade <release name> <chart name> --reuse-values

More information here.

Get secret with a dot in its name

The normal access would be something like this:

kubectl get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d

But doing the same thing for a secret with a dot in its name wouldn’t work, thus:

kubectl get secret docker-config -o jsonpath="{.data.\.dockerconfigjson}" | base64 -d

An alternative would be to use go-template:

kubectl get secret docker-config -o 'go-template={{index .data ".dockerconfigjson"}}' | base64 -d

List permissions

kubectl auth can-i --list

List all unique images

kubectl get nodes \
  -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{range .status.images[*]}{"\t"}{.names[0]}{"\n"}{end}{end}' | \
  awk -F '@' '{print $1}' | \
  awk '{$1=$1;print}' | \
  sort -u

Debug node with ‘crictl’

1. List nodes: kubectl get nodes

2. Deploy debugging pod to node: kubectl debug node/mynode -it --image=ubuntu

3. Refresh packages and install curl: apt update && apt install curl -y

4. Install crictl:

   VER="v1.31.1"
   curl -sL https://github.com/kubernetes-sigs/cri-tools/releases/download/${VER}/crictl-${VER}-linux-amd64.tar.gz | \
   tar xzf - -C /usr/local/bin && \
   export \
     CONTAINER_RUNTIME_ENDPOINT=unix:///host/run/containerd/containerd.sock \
     IMAGE_SERVICE_ENDPOINT=unix:///host/run/containerd/containerd.sock

More information here and here.

Trigger an External Secret refresh

kubectl annotate es my-secret force-sync=$(date +%s) --overwrite

More information here.