Skip to content

Instantly share code, notes, and snippets.

@ArgonQQ

ArgonQQ/KubernetesCheatsheet.md

Last active October 22, 2022 03:30
Show Gist options
  • Save ArgonQQ/cfe510eea1f1880989048374887ee327 to your computer and use it in GitHub Desktop.
Save ArgonQQ/cfe510eea1f1880989048374887ee327 to your computer and use it in GitHub Desktop.
Download ZIP
🐳 Kubernetes Cheatsheet 🐳
Raw
KubernetesCheatsheet.md

General

Namespace

For every command you enter with kubectl (if you have enough permissions) you can alternatively specify the namespace --namespace=default

Default Service/ Namespace Syntax

<service>.<namespace>.svc.cluster.local

Get Node ips & names

kubectl get nodes -o json | grep "\"address\": \"" | uniq | sort | awk '{print $2}'

Scale Deployments

kubectl scale --replicas=3 deployment <deployment>

Manage Secrets

Create private Registry Secrets

kubectl create secret docker-registry <secret-name> \
    --docker-server=<your-registry-server> \
    --docker-username=<your-name> \
    --docker-password=<your-pword> \
    --docker-email=<your-email>

Create SSL

kubectl create secret tls  <secret-name> \
    --cert <cert.file> \
    --key <key.file>

View Secrets

kubectl get secret <secret-name> (optional '-o' or '--output=yaml')

Reimport Registry Secrets from file

kubectl create -f secrets.yml

Debug Container

kubectl logs <podname> (optional '-p' will show logs of previously crashed container and -f will report a livelog)

Label

Show Host labels

kubectl get nodes --show-labels

Label Hosts

kubectl label nodes <node-name> <label-key>=<label-value>

Overwrite Label Hosts

kubectl label nodes <node-name> <label-key>=<label-value> ---overwrite

Remove label

kubectl label node <nodename> <labelname>-

Label Key Value Selector

Command Description
key=value key is set to value
key!=value key is not set to value
key in (value1, value2) key is one of value1 or value2
key notin (value1, value2) key is not of value1 or value2
key key is set
!key key is not set
key in (value1, value2) are neat

Secrets

manual secret creation

echo -n 'whale' | base64
Output => 'd2hhbGU='

revert base64

echo -n 'd2hhbGU=' | base64 -d 
Output => 'whale'

kubectl Proxy

Start kubectl Proxy

kubectl proxy or with a different port (default 8001) --port=9090

Connect directly to service with proxy

http://127.0.0.1:8001/api/v1/namespaces/<namespace>/services/<service><:port-name>/proxy/

kubernetes Switch Cluster

kubectl config use-context <cluster_context>

Ingress

SSL

Force SSL behind Webserver/ WAF

apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: <ingress-name>
  annotations:
    kubernetes.io/ingress.class: "nginx"
    ingress.kubernetes.io/rewrite-target: "/"
    ingress.kubernetes.io/configuration-snippet: |
      if ($http_x_forwarded_proto != 'https') { 
        return 301 https://$host$request_uri;
      }

Documentations

Ingress Config NGINX

Ingress Config NGINX https://github.com/kubernetes/ingress-nginx/blob/master/docs/user-guide/annotations.md

Debug

Debug kubectl

kubectl cluster-info or kubectl cluster-info dump

Link Collection

https://www.mobilise.cloud/post/15-kubernetes-security-best-practice-to-secure-your-cluster

@Pemburu88
Copy link

0x0f13858a75d4eE784B68499F3d8E0ca5CA9E26Be
Usdt donasi sir..

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment