Kubernetes (k8s)
Preparations
egrep --color 'vmx|svm' /proc/cpuinfo
Installation
kubectl CLI installation
cat <<EOF | sudo tee /etc/yum.repos.d/kubernetes.repo
[kubernetes]
name=Kubernetes
baseurl=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/
enabled=1
gpgcheck=1
gpgkey=https://pkgs.k8s.io/core:/stable:/v1.28/rpm/repodata/repomd.xml.key
EOF
sudo yum install -y kubectl
Or:
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
curl -LO "https://dl.k8s.io/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl.sha256"
echo "$(cat kubectl.sha256) kubectl" | sha256sum --check
sudo install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl
Usage, tips and tricks
User config file: ~/.kube/config
kubectl config set-credentials USERNAME --token=USERTOKEN
kubectl config set-cluster CLUSTERNAME --server=https://URL --insecure-skip-tls-verify=true
kubectl config set-context CONTEXTNAME --cluster=CLUSTERNAME --user=USERNAME
kubectl config set-context --current --namespace=xyz-dev
kubectl --context=CONTEXTNAME cluster-info
kubectl config use-context context-xyz
kubectl create user USER_NAME
kubectl create role ROLE_NAME --verb=RIGHTS --resource=RESOURCE
kubectl create rolebinding BINDING_NAME --role=ROLE_NAME --user=USERNAME
kubectl cluster-info
# It's known, that the secret map doesn't exist, but since it is similar to a config map, we will use a similar syntax and terminology.
# -n NAMESPACE can be appended
kubectl apply -f xyz-namespace.yaml
kubectl apply -f xyz-config-map.yaml
kubectl apply -f xyz-secrets-map.yaml
kubectl apply -f xyz-nfs-persistent-volume.yaml
kubectl apply -f xyz-nfs-persistent-volume-claim.yaml
kubectl apply -f xyz-deployment.yaml
kubectl apply -f xyz-service.yaml
kubectl apply -f xyz-ingress.yaml
kubectl describe configmaps xyz-config-map
kubectl describe secret xyz-secrets-map
kubectl edit xyz-deployment
kubectl get pods
kubectl logs -f xyz-deployment-596744778-dcgtz
kubectl logs xyz-deployment-596744778-dcgtz -c containername --previous
kubectl describe pod xyz-deployment-596744778-dcgtz
# Restarts
kubectl delete pod xyz-deployment-596744778-dcgtz
kubectl proxy
kubectl port-forward xyz-deployment-596744778-dcgtz LOCALPORT:REMOTEPORT
kubectl exec -it xyz-deployment-596744778-dcgtz -- /bin/sh
kubectl get endpoints
kubectl get service
kubectl describe pv <persistent_volume_name>
kubectl describe pvc <persistent_volume_claim_name>
kubectl delete service xyz-service
kubectl delete deployment xyz-deployment
kubectl delete secrets xyz-secrets-map
kubectl delete configmap xyz-config-map
kubectl delete namespace xyz-namespace
kubectl exec --stdin --tty some-pod-596744778-dcgtz -- /bin/bash
# Kubernetes config update
aws sso login
# Or
AWS_DEFAULT_PROFILE=profilex
aws sso login
aws eks update-kubeconfig --region REGION --name OURSUPERCLUSTER
# Like: aws eks update-kubeconfig --region eu-central-1 --name xyzcluster
kubectl get pods --all-namespaces
kubectl get namespaces
# kubectl get ns
kubectl get namespace
kubectl config view --minify
# kubectl config view --minify --output 'jsonpath={..namespace}'; echo
kubectl config set-context --current --namespace=NAMESPACE
# Persistent volumes
kubectl get pv
# Persistent volume claims
kubectl get pvc
# POD data as yaml
kubectl get pod -o yaml
Volumes
xyz-nfs-persistent-volume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: xyz-nfs-persistent-volume
namespace: xyz-dev
spec:
capacity:
storage: 10Gi
accessModes:
- ReadWriteMany
persistentVolumeReclaimPolicy: Retain
nfs:
server: 127.0.0.1 # nfs.gintra
path: /var/opt/setmy.info/gintra
xyz-nfs-persistent-volume-claim.yaml
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: xyz-nfs-persistent-volume-claim
namespace: xyz-dev
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 5Gi
storageClassName: ""
volumeName: xyz-nfs-persistent-volume
Namespace
xyz-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: xyz-dev
Config map
xyz-config-map.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: xyz-config-map
namespace: xyz-dev
# <pod-name>.<service-name>.<namespace>.svc.cluster.local
# By default: .default.svc.cluster.local
pg-host: postgresql-1.postgresql-service.default.svc.cluster.local
data:
variable: "Value in quotations"
immutable: true
Secrets map
xyz-secrets-map.yaml
apiVersion: v1
kind: Secret
metadata:
name: xyz-secrets-map
namespace: xyz-dev
data:
secret-variable: U2VjcmV0IHZhbHVl
immutable: true
Deployment
xyz-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: xyz-deployment
namespace: xyz-dev
labels:
app: xyz-deployment
spec:
replicas: 3
selector:
matchLabels:
app: xyz-deployment
template:
metadata:
labels:
app: xyz-deployment
spec:
containers:
- name: xyz
image: xyz:latest
# For example, not needed in Minikube
# imagePullPolicy: Never
ports:
- name: xyz-port
containerPort: 8080
env:
# For Spring boot
- name: PROFILES_LIST
value: "dev,api-docs"
## From config-map
- name: VARIABLE
valueFrom:
configMapKeyRef:
name: xyz-config-map
key: variable
optional: false
## From secrets
- name: SECRET_VARIABLE
valueFrom:
secretKeyRef:
name: xyz-secrets-map
key: secret-variable
optional: false
volumeMounts:
- name: nfs-volume
mountPath: /mnt/gintra
volumes:
- name: nfs-volume
persistentVolumeClaim:
claimName: xyz-nfs-persistent-volume-claim
Service
xyz-service.yaml
apiVersion: v1
kind: Service
metadata:
name: xyz-service
namespace: xyz-dev
spec:
selector:
app.kubernetes.io/name: xyz
ports:
- protocol: TCP
port: 80
targetPort: xyz-port
Ingress
xyz-ingress.yaml
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: xyz-ingress
namespace: xyz-dev
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx-example
rules:
- http:
paths:
- path: /testpath
pathType: Prefix
backend:
service:
name: test
port:
number: 80
Kind complete list
kind: Pod
---
kind: Deployment
---
kind: Service
---
kind: Namespace
---
kind: ConfigMap
---
kind: Secret
---
kind: StatefulSet
---
kind: DaemonSet
---
kind: Ingress
---
kind: PersistentVolume
---
kind: PersistentVolumeClaim
---
kind: VolumeClaimTemplate
---
kind: Job
---
kind: CronJob
---
kind: HorizontalPodAutoscaler
---
kind: ServiceAccount
---
kind: Role
---
kind: RoleBinding
---
kind: PodDisruptionBudget
---
kind: Endpoint
---
kind: LimitRange
---
kind: NetworkPolicy
---
kind: StorageClass
---
kind: PodSecurityPolicy
---
kind: ReplicaSet
---
kind: PodTemplate
---
kind: ReplicationController
---
kind: ClusterRole
---
kind: ClusterRoleBinding
---
kind: ServiceMonitor
---
kind: VolumeSnapshot
---
kind: VolumeSnapshotClass
---
kind: VolumeSnapshotContent
---
kind: VolumeSnapshotDataSource
---
kind: VolumeAttachment
---
kind: StorageVersion
---
kind: TokenReview
---
kind: SelfSubjectAccessReview
---
kind: SelfSubjectRulesReview
---
kind: SubjectAccessReview
---
kind: PriorityClass
---
kind: PodSecurityPolicyReview
---