Skip to content

devcfgc/kubernetes101

Repository files navigation

KUBERNETES101

All this examples were done using minikube

TIPS AND TRICKS

When using Minikube, instead of pushing your Docker image to a registry, you can simply build the image using the same Docker host as the Minikube VM, so that the images are automatically present. To do so, make sure you are using the Minikube Docker daemon:

  • eval $(minikube docker-env)

  • eval $(minikube docker-env -u) # when you no longer wish to use the Minikube host, you can undo this change.

  • export CLUSTER_IP=$(kubectl get services/<SERVICE_NAME> -o go-template='{{(index .spec.clusterIP)}}') echo CLUSTER_IP=$CLUSTER_IP curl $CLUSTER_IP:80 # After deploying, the service can be accessed via the ClusterIP allocated

COMMANDS

kubectl cluster-info
kubectl config get-contexts
kubectl config use <CONTEXT-NAME>
kubectl get services                                    # List all services in the namespace
kubectl describe services <SERVICE_NAME>
kubectl get deployment my-dep                           # List a particular deployment
kubectl get nodes -o yaml
kubectl get rc                                          # Get the replication controller
kubectl get cs                                          # Get the component statuses
kubectl get deployments
kubectl get events                                      # Get cluster events
kubectl describe service <SERVICE_NAME> | grep NodePort # Get the assigned NodePort using kubectl.
kubectl describe svc/<SERVICE_NAME>
kubectl config view                                     # view kubectl config
kubectl create ns <NAMESPACE_NAME>                      # Create a namespace
kubectl get deployment/<DEEPLOYMENT_NAME> -o yaml       # Get deployment yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}') # Get user token

PODs

kubectl exec -it <POD_NAME> bash                                                     # Log into the pod
kubectl logs <POD_NAME>                                                              # Get logs from the pod
kubectl get pods --all-namespaces                                                    # List all pods in all namespaces
kubectl get pods -o wide                                                             # List all pods in the namespace, with more details
kubectl get pods -o wide --all-namespaces                                            # List all pods in all namespaces, with more details
kubectl get pods --include-uninitialized                                             # List all pods in the namespace, including uninitialized ones
kubectl get pods --sort-by=.metadata.name                                            # sorts pods by name
kubectl get pods -o wide --all-namespaces                                            # returns more details
kubectl get pods/<POD_NAME> -n <NAMESPACE_NAME> -o json                              # returns the pod json
kubectl get pods  -n <NAMESPACE_NAME> -o=jsonpath="{..image}" -l app=cart-dev        # searches cart-dev, and returns the image based on the jsonpath
kubectl get pods --all-namespaces -o jsonpath="{.items[*].spec.containers[*].image}" # all container images running

Show information about one specific namespace (ex: kube-system)

kubectl -n kube-system get pods
kubectl -n kube-system get nodes
kubectl -n kube-system get services
kubectl -n kube-system edit service kubernetes-dashboard
kubectl -n kube-system get nodes -o yaml
kubectl -n kube-system get services kube-dns

TOOLS

KUBECTL

# Download the latest stable kubectl binary
$ curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl

# Make the kubectl binary executable
$ chmod +x ./kubectl

# Move the kubectl binary to the PATH
$ sudo mv ./kubectl /usr/local/bin/kubectl

CALICO

kubectl apply -f http://docs.projectcalico.org/v2.1/getting-started/kubernetes/installation/hosted/kubeadm/1.6/calico.yaml # Install
kubectl annotate ns <NAMESPACE_NAME> "net.beta.kubernetes.io/network-policy={\"ingress\":{\"isolation\":\"DefaultDeny\"}}" # Annotate the <NAMESPACE_NAME> namespace to deny all incoming (ingress) traffic. Now, remote access to the pods inside the <NAMESPACE_NAME> should be unavailable, and you should receive a timeout warning.

HELM

helm install stable/grafana --name grafana -n <NAMESPACE_NAME>
helm install stable/prometheus --name prometheus -n <NAMESPACE_NAME>

API SERVER

APIs - without 'kubectl proxy'

Without kubectl proxy configured, we can get the Bearer Token using kubectl, and then send it with the API request. A Bearer Token is an access token which is generated by the authentication server (the API server on the master node) and given back to the client. Using that token, the client can connect back to the Kubernetes API server without providing further authentication details, and then, access resources.

# Get the token
$ TOKEN=$(kubectl describe secret $(kubectl get secrets | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t' | tr -d " ")

# Get the API server endpoint
$ APISERVER=$(kubectl config view | grep https | cut -f 2- -d ":" | tr -d " ")

# Make sure APISERVER is pointing to your Minikube's IP (for example, in our case, it is pointing to Minikube's IP 192.168.99.100:8443)
$ echo $APISERVER
https://192.168.99.100:8443

# Access the API Server using the curl command, as shown below
$ curl $APISERVER --header "Authorization: Bearer $TOKEN" --insecure
{
 "paths": [
   "/api",
   "/api/v1",
   "/apis",
   "/apis/apps",
   ......
   ......
   "/logs",
   "/metrics",
   "/swaggerapi/",
   "/ui/",
   "/version"
 ]
}%

About

This repository is my starting point for learning Kubernetes

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published