Skip to content

Instantly share code, notes, and snippets.

@ziamler
Forked from edsiper/kubernetes_commands.md
Created September 15, 2019 14:07
Show Gist options
  • Save ziamler/cf8d89308c44db84a85f6f7bfab69f3d to your computer and use it in GitHub Desktop.
Save ziamler/cf8d89308c44db84a85f6f7bfab69f3d to your computer and use it in GitHub Desktop.
Kubernetes Useful Commands

Kubernetes Commands

Helper setup to edit .yaml files with Vim:

List of general purpose commands for Kubernetes management:

VIM Setup for Yaml files

Put the following lines in ~/.vimrc:

" Yaml file handling
autocmd FileType yaml setlocal ts=2 sts=2 sw=2 expandtab
filetype plugin indent on
autocmd FileType yaml setl indentkeys-=<:>

" Copy paste with ctr+c, ctr+v, etc
:behave mswin
:set clipboard=unnamedplus
:smap <Del> <C-g>"_d
:smap <C-c> <C-g>y
:smap <C-x> <C-g>x
:imap <C-v> <Esc>pi
:smap <C-v> <C-g>p
:smap <Tab> <C-g>1> 
:smap <S-Tab> <C-g>1<

Keyboard hints:

  • ctrl + f: auto indent line (requires INSERT mode)

PODS

$ kubectl get pods
$ kubectl get pods --all-namespaces
$ kubectl get pod monkey -o wide
$ kubectl get pod monkey -o yaml
$ kubectl describe pod monkey

Create Deployments

Create single deployment

$ kubectl run monkey --image=monkey --record

Scaling PODs

$ kubectl scale deployment/POD_NAME --replicas=N

POD Upgrade and history

List history of deployments

$ kubectl rollout history deployment/DEPLOYMENT_NAME

Jump to specific revision

$ kubectl rollout undo deployment/DEPLOYMENT_NAME --to-revision=N

Services

List services

$ kubectl get services

Expose PODs as services (creates endpoints)

$ kubectl expose deployment/monkey --port=2001 --type=NodePort

Volumes

Lits Persistent Volumes and Persistent Volumes Claims:

$ kubectl get pv
$ kubectl get pvc

Secrets

$ kubectl get secrets
$ kubectl create secret generic --help
$ kubectl create secret generic mysql --from-literal=password=root
$ kubectl get secrets mysql -o yaml

ConfigMaps

$ kubectl create configmap foobar --from-file=config.js
$ kubectl get configmap foobar -o yaml

DNS

List DNS-PODs:

$ kubectl get pods --all-namespaces |grep dns

Check DNS for pod nginx (assuming a busybox POD/container is running)

$ kubectl exec -ti busybox -- nslookup nginx

Note: kube-proxy running in the worker nodes manage services and set iptables rules to direct traffic.

Ingress

Commands to manage Ingress for ClusterIP service type:

$ kubectl get ingress
$ kubectl expose deployment ghost --port=2368

Spec for ingress:

Horizontal Pod Autoscaler

When heapster runs:

$ kubectl get hpa
$ kubectl autoscale --help

DaemonSets

$ kubectl get daemonsets
$ kubectl get ds

Scheduler

NodeSelector based policy:

$ kubectl label node minikube foo=bar

Node Binding through API Server:

$ kubectl proxy 
$ curl -H "Content-Type: application/json" -X POST --data @binding.json http://localhost:8001/api/v1/namespaces/default/pods/foobar-sched/binding

Tains and Tolerations

$ kubectl taint node master foo=bar:NoSchedule

Troubleshooting

$ kubectl describe
$ kubectl logs
$ kubectl exec
$ kubectl get nodes --show-labels
$ kubectl get events

Docs Cluster:

Role Based Access Control

  • Role
  • ClusterRule
  • Binding
  • ClusterRoleBinding
$ kubectl create role fluent-reader --verb=get --verb=list --verb=watch --resource=pods
$ kubectl create rolebinding foo --role=fluent-reader --user=minikube
$ kubectl get rolebinding foo -o yaml

Security Contexts

Docs: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/

  • spec
  • securityCOntext
    • runAsNonRoot: true

Pod Security Policies

Docs: https://github.com/kubernetes/kubernetes/blob/master/examples/podsecuritypolicy/rbac/README.md

Network Policies

Network isolation at Pod level by using annotations

$ kubectl annotate ns <namespace> "net.beta.kubernetes.io/network-policy={\"ingress\": {\"isolation\": \"DefaultDeny\"}}"

More about Network Policies as a resource:

https://kubernetes.io/docs/tasks/administer-cluster/declare-network-policy/

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment