Kubernetes — cheatsheet

Pods

kubectl get pods

kubectl get pods -n kube-system

################################

Create Service Account and Binding

kubectl create serviceaccount — namespace kube-system <sa-name>

kubectl create clusterrolebinding <clusterrolebinding-name> -clusterrole=cluster-admin -serviceaccount=kube-system:<sa-name>

kubectl get rolebindings,clusterrolebindings \

-all-namespaces \

-o custom-columns=’KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,SERVICE_ACCOUNTS:subjects[?(@.kind==”ServiceAccount”)].name’ | grep “<SERVICE_ACCOUNT_NAME>”

################################

Logs

kubectl logs -n <ingress_namespace> <pod_name>

Kubectl logs -f <pod_name>

################################

Deployment Status

kubectl get deployments -n kube-system

kubectl rollout status deployment ${env.DEPLOYMENT_ONPREM} -n ${env.NAMESPACE_GKE} -kubeconfig ${KUBECONFIG_KEY}

################################

Kubectl run & service apps

kubectl run hello-app -image=gcr.io/google-samples/hello-app:1.0 -port=8080

kubectl get service <name>

kubectl get svc -all-namespaces

Kubectl set image deployment <name> app=<image-url>

kubectl exec -it -namespace=<namespace> <pod-name> -bash

kubectl get pods -o wide

################################

Applying Resource

kubectl apply -f sample.yaml

################################

Ingress/Service

kubectl get ingress <name>

Kubetcl get service <deployment-name>

################################

Describe Resources

kubectl describe ing <ingress-resource-name> -n <namespace-of-ingress-resource>

################################

Deploy

kubectl get deploy -n <namespace-of-ingress-controller>

################################

Contexts

kubectl config get-contexts # display list of contexts

kubectl config current-context # display the current-context

kubectl config use-context my-cluster-name # set the default contex

################################

Registry using GCR

kubectl create secret docker-registry app \

— docker-server="https://eu.gcr.io" \

— docker-username=_json_key \

— docker-email=not@val.id \

— docker-password=$(cat test.json)

kubectl create secret docker-registry app \

— docker-server=http://eu.gcr.io \

— docker-username=_json_key \

— docker-email=user@example.com \

— docker-password=”$(cat test.json)”

################################

HPA-Autoscale

kubectl autoscale deployment <name> -cpu-percent=50 -min=1 -max=10

kubectl get hpa

Put container under load :

kubectl run -i -tty load-generator -image=busybox /bin/sh

Hit enter for command prompt

while true; do wget -q -O- http://php-apache.default.svc.cluster.local; done

https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale-walkthrough/

################################

Configmaps

kubectl create configmap <name> -from-file <env-file-name>

################################

Secret TLS for SSL

1. create self singed cert

2.create cert and key in kubernetes secret/tls https://shocksolution.com/2018/12/14/creating-kubernetes-secrets-using-tls-ssl-as-an-example/

kubectl create secret tls test-tls -key=”tls.key” -cert=”tls.crt”

3. Add https part in istio gateway service

################################

Port Forward

kubectl port-forward <name> 10080:80

################################

Scaling Resources

kubectl scale -replicas=3 rs/foo # Scale a replicaset named ‘foo’ to 3

kubectl scale -replicas=3 -f foo.yaml # Scale a resource specified in “foo.yaml” to 3

kubectl scale -current-replicas=2 -replicas=3 deployment/mysql # If the deployment named mysql’s current size is 2, scale mysql to 3

kubectl scale -replicas=5 rc/foo rc/bar rc/baz

################################

Cleanup Resources — DELETE

kubectl delete -f ./pod.json # Delete a pod using the type and name specified in pod.json

kubectl delete pod,service baz foo # Delete pods and services with same names “baz” and “foo”

kubectl delete pods,services -l name=myLabel # Delete pods and services with label name=myLabel

kubectl -n my-ns delete po,svc -all # Delete all pods and services in namespace my-ns,

# Delete all pods matching the awk pattern1 or pattern2

kubectl get pods -n mynamespace -no-headers=true | awk ‘/pattern1|pattern2/{print $1}’ | xargs kubectl delete -n mynamespace pod

################################

Interacting with Running Pods

kubectl attach my-pod -i # Attach to Running Container

kubectl port-forward my-pod 5000:6000 # Listen on port 5000 on the local machine and forward to port 6000 on my-pod

kubectl exec my-pod -ls / # Run command in an existing pod (1 container case)

kubectl exec my-pod -c my-container -ls / # Run command in existing pod (multi-container case)

kubectl top pod POD_NAME -containers

################################

Interacting with nodes/cluster

kubectl cordon my-node # Mark my-node as unschedulable

kubectl drain my-node # Drain my-node in preparation for maintenance

kubectl uncordon my-node # Mark my-node as schedulable

kubectl top node my-node # Show metrics for a given node

kubectl cluster-info # Display addresses of the master and services

kubectl cluster-info dump # Dump current cluster state to stdout

kubectl cluster-info dump -output-directory=/path/to/cluster-state # Dump current cluster state to /path/to/cluster-state

# If a taint with that key and effect already exists, its value is replaced as specified.

kubectl taint nodes foo dedicated=special-user:NoSchedule

################################

Expose

kubectl expose deployment hello-server -type=”LoadBalancer”

################################

Labels

kubectl label pods secure-monolith ‘secure=enabled’

kubectl get pods secure-monolith -show-labels

################################

Reference :

https://kubernetes.io/docs/reference/kubectl/cheatsheet/

Written by

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store