Skip to content

Instantly share code, notes, and snippets.

@vegaasen

vegaasen/docker-k8s-helm-commands-cheat-sheet.md

Last active October 10, 2023 10:37
Show Gist options
  • Save vegaasen/f6cd1ae3fb9689fb7e261de967ef9083 to your computer and use it in GitHub Desktop.
Save vegaasen/f6cd1ae3fb9689fb7e261de967ef9083 to your computer and use it in GitHub Desktop.
Download ZIP
K8s and Helm cheat sheet
Raw
docker-k8s-helm-commands-cheat-sheet.md

Introduction

Commands and whatnot

Docker

# Unable to deploy to docker? May have to log in first
docker login -u <username> -p <password> <(opt)hostname>
# or if you wnat to authorize with your own user (prefer this..!)
az acr login -n <common username for azure thing>

Azure service principals to access specific docker instance (aka ACR)

# Utilities:
az acr show --name <acr-name> --query id --output tsv
# 👆 use that one as the acr-instance-id

# 1. create the service principal
az ad sp create-for-rbac --name http://<name> --scopes <acr-instance-id> --role acrpull --role reader --output tsv
# 2. Update the roles, if they were not added
az role assignment create --assignee <name> --scope <acr-instance-id> --role acrpull --role reader 
# 3. Test the SP!
docker login <acr-instance-id>.azurecr.io --username <name> --password <>

Kubernetes / k8s

Minikube XOXO

# Set password for your docker registery (Azure here)
kubectl create secret docker-registry secret-ref --docker-server=<>.azurecr.io --docker-username=<uname> --docker-password=<pwd> [email protected]

# Add default imagePullSecret for a service account
k patch serviceaccounts default -p ‘{“imagePullSecrets”: [{“name”: “secret-ref”}]}’

k8s

# removes a context (use the listing of contexts prior to executing this one)
k config delete-context <context-id>

# removes an entire deployment + service + ingress
k delete -n <namespace> deployments/<identifier> service/<identifier> ingress/<identifier>

# perform a thread-dump of an running jvm
k exec -n <namespace> <pod-name> -it -- bash
jmap -dump:live,format=b,file=/tmp/thread-dumped.bin 1
k cp <pod-name>:<heap-file-path> thread-dumped.bin

# all contexts (can also see this in the docker meny thing)
kubectl config get-contexts 
# current context (can also see this in the docker meny thing)
kubectl config current-context
# tail existing log for a namespace
k logs -f <pod-id> --namespace <ns>

# log in to existing pod and be able to run commands and stuff
k exec <pod-id> --namespace <ns> -it -- bash

# get all pods in a namespace (with optional extra info 👉 -o)
k get pods --namespace <ns> -o wide

# port-forward a pod' port
k port-forward <pod-id> --namespace <ns> <local(to)>:<pod(from)>

# get all deployments
k get deployments --namespace <ns>

# remove a pod
k delete pod <pod-id> --namespace <ns>

# get information regarding a pod
k describe pods --namespace <ns>

# restart pods
k -n <namespace> rollout restart deployment <deployment-id>

# scale pods
k scale deployment <deployment-id> --replicas=<number>

Helm

# Get all artifacts/repos in helm on a namespace
helm list --namespace <ns>
helm repo list --namespace <ns>

# Upgrade an existing revision of a chart
helm upgrade <id> --install --namespace <ns> --set image.tag=latest ./deploy/ -f deploy/values.yaml -f deploy/qa/values.yaml

# Install a new chart
helm install <id> --namespace <ns> --set image.tag=latest ./deploy/ -f deploy/values.yaml -f deploy/qa/values.yaml

# Remove a chart by id / reference. This will remove all installed charts/versions of that id 😱
helm uninstall <id> --namespace <ns>

# Get status for a specific release
helm status <id> --namespace <ns>

#
# Get all artifacts in helm on a namespace

Problems?

Deployment-error: ImagePullBackOff: Failed to pull image (Error response from daemon)

This can happen when there is something odd with your configuration in e.g values.xml. It may be related to:

image:
  repository: <repository>.azurecr.io/<application>
  pullPolicy: IfNotPresent

Set the one above to:

pullPolicy: Always

..and try again :-)

Azure session: kubectl usage issue?

Seeing a similar issue?

E0310 11:01:11.333364   59642 azure.go:127] Failed to acquire a token: refreshing the expired token: refreshing token: adal: Refresh request failed. Status Code = '400'. Response body: {"error":"invalid_grant","error_description":"AADSTS50173: The provided grant has expired due to it being revoked, a fresh auth token is needed. The user might have changed or reset their password. The grant was issued on '2020-01-31T07:46:52.6984764Z' and the TokensValidFrom date (before which tokens are not valid) for this user is '2020-03-02T12:19:11.0000000Z'.\r\nTrace ID: c44a30e6-8811-4817-b85c-4c4c6da01000\r\nCorrelation ID: c738e254-10c7-4c2e-bf06-a24c15f94c9f\r\nTimestamp: 2020-03-10 10:01:11Z","error_codes":[50173],"timestamp":"2020-03-10 10:01:11Z","trace_id":"c44a30e6-8811-4817-b85c-4c4c6da01000","correlation_id":"c738e254-10c7-4c2e-bf06-a24c15f94c9f","error_uri":"https://login.microsoftonline.com/error?code=50173"}

The authorization and/or refresh token from Azure is most likely f00ked and needs an updated. Do the folling:

az login
az aks get-credentials -g <group> -n <kubernetes-name>
k cluster-info

Done ✅

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment