Kubernetes
Alternative interfaces
Section titled “Alternative interfaces”Set up short names for contexts
Section titled “Set up short names for contexts”-
Open
~/.kube.config -
Modify
contextssection:contexts:- context:cluster: cluster1user: cluster1name: dev- context:cluster: cluster2namespace: namespace1user: cluster2name: namespace1- context:cluster: cluster3namespace: dbuser: cluster3name: prodcurrent-context: prod
Use specific context (i.e. cluster)
Section titled “Use specific context (i.e. cluster)”kubectl config use-context <context>List namespaces
Section titled “List namespaces”kubectl get nsSet namespace
Section titled “Set namespace”This will also update the relevant context’s namespace value in the ~/.kube/config file.
kubectl config set-context --current --namespace=<namespace>List everything
Section titled “List everything”kubectl get allfunction k_get_all () { for i in $(kubectl api-resources --verbs=list --namespaced -o name | \ grep -v "events.events.k8s.io" | grep -v "events" | sort | uniq); do kubectl get --show-kind --ignore-not-found ${i}; done}Show pod logs
Section titled “Show pod logs”kubectl logs pod/<pod>Use ‘helm upgrade’ to install new version of a chart
Section titled “Use ‘helm upgrade’ to install new version of a chart”This is far simpler than a more complex helm install command with tons of --set options.
helm upgrade <release name> <chart name> --reuse-valuesMore information here.
Get secret with a dot in its name
Section titled “Get secret with a dot in its name”The normal access would be something like this:
kubectl get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -dBut doing the same thing for a secret with a dot in its name wouldn’t work, thus:
kubectl get secret docker-config -o jsonpath="{.data.\.dockerconfigjson}" | base64 -dAn alternative would be to use go-template:
kubectl get secret docker-config -o 'go-template={{index .data ".dockerconfigjson"}}' | base64 -dList permissions
Section titled “List permissions”kubectl auth can-i --listList all unique images
Section titled “List all unique images”kubectl get nodes \ -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}{range .status.images[*]}{"\t"}{.names[0]}{"\n"}{end}{end}' | \ awk -F '@' '{print $1}' | \ awk '{$1=$1;print}' | \ sort -uDebug node with ‘crictl’
Section titled “Debug node with ‘crictl’”-
List nodes:
kubectl get nodes -
Deploy debugging pod to node:
kubectl debug node/mynode -it --image=ubuntu -
Refresh packages and install
curl:apt update && apt install curl -y -
Install
crictl:Terminal window VER="v1.31.1"curl -sL https://github.com/kubernetes-sigs/cri-tools/releases/download/${VER}/crictl-${VER}-linux-amd64.tar.gz | \tar xzf - -C /usr/local/bin && \export \CONTAINER_RUNTIME_ENDPOINT=unix:///host/run/containerd/containerd.sock \IMAGE_SERVICE_ENDPOINT=unix:///host/run/containerd/containerd.sock
More information here and here.
Trigger an External Secret refresh
Section titled “Trigger an External Secret refresh”kubectl annotate es my-secret force-sync=$(date +%s) --overwriteMore information here.
List all pod images by namespace and pod name
Section titled “List all pod images by namespace and pod name”kubectl get pods -o jsonpath='{range .items[*]}{@.metadata.namespace}{" "}{@.metadata.name}{" "}{@..containers..image}{" "}{"\n"}{end}' | column -tThe output will have the name of the active namespace (or from all namespace if instead of -o the -Ao option is used), pod name, and the image names from all the containers in the pod. The ‘column’ command is used to nicely format the output as a table.