kubectl

kubectl.md

https://kubernetes.io/docs/reference/kubectl/cheatsheet/

Setting Up kubectl

export KUBECONFIG={cert-file} 
kubectl config use-context {context}

Discover

kubectl get pod --all-namespaces --show-all -o wide | less -S
kubectl get svc --all-namespaces --show-all -o wide | less -S

Proxy

kubectl proxy --port=8001

http://127.0.0.1:8001/api/v1/namespaces/<namespace>/services/<service_name>:<service_port>/proxy/

Port forward

kubectl -n vault get pods
kubectl -n vault port-forward vault-vault-5857c579c4-vdqht 8201:8200

Accessing the API from a POD

https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod

Kubernetes Auth Method for Vault (https://www.vaultproject.io/docs/auth/kubernetes.html)

cd /run/secrets/kubernetes.io/serviceaccount

vault write auth/kubernetes/config \
  token_reviewer_jwt=@token \
  kubernetes_host=https://kubernetes.default.svc:443 \
  [email protected]

vault write auth/kubernetes/role/demo \
    bound_service_account_names=default \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h