kubectl cheatsheet 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104

# Run
kubectl run nginx --image=nginx:1.10.0
kubectl run hello-node --image=gcr.io/$PROJECT_ID/hello-node:v1 --port=8080

# Services
kubect get svc
kubectl get services                          # List all services in the namespace
kubectl get services --sort-by=.metadata.name # List Services Sorted by Name
kubectl get services -n $NAMESPACE
kubectl get services $SERVICE_NAME
kubectl describe services $NAME
kubectl expose deployment hello-node --type="LoadBalancer"
kubectl expose deployment nginx --port 80 --type LoadBalancer

# Pods
kubectl get pods --all-namespaces             # List all pods in all namespaces
kubectl get pods -o wide                      # List all pods in the namespace, with more details
kubectl get pods --include-uninitialized      # List all pods in the namespace, including uninitialized ones
kubectl get pods --sort-by=la parte '.status.containerStatuses[0].restartCount' # listar pods por RestartCount
kubectl get pods --selector=app=cassandra rc -o jsonpath='{.items[*].metadata.labels.version}' # Ver el label `version` dede todas las instancias `cassandra`
kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq # listar secrets usados en un Pod
kubectl get pods -n $NAMESPACE
kubectl describe pod FOOBAR -n $NAMESPACE 
kubectl get pods --all-namespaces
kubectl get pods -l origin=voyager --all-namespaces

# Deployments
kubectl get deployment my-dep                 # List a particular deployment

# Rollout
kubectl rollout history deployment/hello
kubectl rollout pause deployment/hello
kubectl rollout resume deployment/hello
kubectl rollout status deployment/hello
kubectl rollout undo deployment/hello

# Replicas
kubectl scale deployment hello-node --replicas=4
kubectl get replicasets

# Secrets
kubectl -n default create secret generic testpass --from-literal=foo=bar
kubectl -n default get secrets
kubectl -n default describe secrets/testpass
kubectl -n default get secret testpass -o jsonpath='{.data.foo}' | base64 -d

# Nodes
kubectl get nodes
kubectl describe nodes
kubectl describe node kubminn-20sc8
kubectl describe nodes | grep -v "(0%)" | grep "%)"
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}' # Lista los ExternalIPs de todos los nodos
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
 && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True" # Lista de todos los nodos listos
kubectl get nodes --sort-by=".metadata.creationTimestamp"

# Describes
kubectl describe nodes my-node
kubectl describe pods my-pod
kubectl describe po mbatch-pod-3089507267-3gxxq -n $NAMESPACE

# Explain (Documentacion!)
kubectl explain deployment
kubectl explain deployment --recursive
kubectl explain deployment.metadata.name

# Labels
kubectl label pods secure-monolith 'secure=enabled'
kubectl get pods secure-monolith --show-labels

# Events
kubectl get events --sort-by=.metadata.creationTimestamp # Lista eventos ordenados por timestamp
kubectl get events -n qa1  | grep x5con

# Logs
kubectl logs $POD_NAME
kubectl logs --previous ${POD_NAME} ${CONTAINER_NAME}
kubectl logs ${POD_NAME} ${CONTAINER_NAME}
kubectl logs -l app=x5con-pod -n qa1
kubectl logs  -l app=$HELM_NAME -n $NAMESPACE
kubectl -n prod  logs deploy/zurra-api-prod
kubectl logs -f -l app.kubernetes.io/instance=aws-node-termination-handler -n kube-system --all-containers --max-log-requests 20 

# Cluster
kubectl cluster-info
kubectl config view

# Ingress
kubectl get ingress -n $ENV

# Exec
kubectl exec monolith --stdin --tty -c monolith /bin/sh

# Secrets ConfigMaps
kubectl create secret generic tls-certs --from-file tls/
kubectl create configmap nginx-proxy-conf --from-file nginx/proxy.conf

# Others
kubectl proxy
curl -ks https://`kubectl get svc frontend -o=jsonpath="{.status.loadBalancer.ingress[0].ip}"` # Curl to a service endpoint
kubectl get pods -o jsonpath --template='{range .items[*]}{.metadata.name}{"\t"}{"\t"}{.spec.containers[0].image}{"\n"}{end}' # Check what containers are running the pods

export POD_NAME=$(kubectl get pods -l "component=cd-jenkins-master" -o jsonpath="{.items[0].metadata.name}"); kubectl port-forward $POD_NAME 8080:8080 >> /dev/null & # Forward a port
printf $(kubectl get secret cd-jenkins -o jsonpath="{.data.jenkins-admin-password}" | base64 --decode);echo # Parse a secret

Service accounts 

1
2

# List service accounts on kube-system
kubect -n kube-system get sa

Dashboards 

1
2
3

kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value account)
kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/recommended/kubernetes-dashboard.yaml
kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token:

RBAC y autenticaciones 

1
2
3
4
5

kubectl create clusterrolebinding cluster-admin-binding --clusterrole=cluster-admin --user=$(gcloud config get-value account) # add ourselfs as admin in rbac :: jenkins

# Setear cluster-admin para el tiller de helm
kubectl create serviceaccount tiller --namespace kube-system
kubectl create clusterrolebinding tiller-admin-binding --clusterrole=cluster-admin --serviceaccount=kube-system:tiller

Desplegando una instalación de wordpress

Example: Deploying WordPress and MySQL with Persistent Volumes - Kubernetes

1
2
3
4
5
6
7
8
9

kubectl create secret generic mysql-pass --from-literal=password=superpassword
kubectl get secrets

kubectl create -f https://k8s.io/examples/application/wordpress/mysql-deployment.yaml
kubectl get pvc
kubectl get pods

kubectl create -f https://k8s.io/examples/application/wordpress/wordpress-deployment.yaml
kubectl get services wordpress

Limpieza 

1
2
3
4

kubectl delete secret mysql-pass
kubectl delete deployment -l app=wordpress
kubectl delete service -l app=wordpress
kubectl delete pvc -l app=wordpress

Namespaces 

1
2
3

kubectl get namespace
kubectl create namespace jenkins
kubectl create ns production

Endpoints 

1
2
3
4
5
6
7

# Get all ip address endpoints
~➤ kubectl get services -A | ag 32003
scylla-manager       scylla-service-node-0                                     NodePort       172.20.91.9      <none>                                                                          9042:32003/TCP                                                                        286d

for x in $(kubectl get endpoints -A | ag scylla | ag -w monitoring | awk {'print $2'}); do 
    kubectl -n scylla-monitoring describe endpoints $x;
done | tee -a ~/tmp/1.out