K8S Cheat Sheet
Kubernetes¶
# kubectl exec one of deployment pod
kubectl exec -it deploy/my-app -n bes -- bash
# kubectl get all resource includeing custom resource
kubectl get $(kubectl api-resources --namespaced=true --no-headers -o name | grep -v -E 'events|bindings$|localsubjectaccessreviews' | paste -s -d, - )
# kubectl show pod cpu and memory config of first container
kubectl get pod -o custom-columns=POD_NAME:.metadata.name,CONTAINER:.spec.containers[0].name,CPU_MIN:.spec.containers[0].resources.limits.cpu,CPU_MAX:.spec.containers[0].resources.requests.cpu,MEM_MAX:.spec.containers[0].resources.limits.memory,MEM_MIN:.spec.containers[0].resources.requests.memory,STATUS:.status.phase
# kubectl list all nodeport
kubectl get svc --all-namespaces -o go-template='{{range .items}}{{ $svc := . }}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{","}}{{if .name}}{{printf "%-10s" .name}}{{else}}{{printf "%-10s" ""}}{{end}}{{","}}{{$svc.metadata.namespace}}{{","}}{{$svc.metadata.name}}{{"\n"}}{{end}}{{end}}{{end}}'
# backup etcd data
sudo ETCDCTL_API=3 etcdctl --endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/apiserver-etcd-client.crt \
--key=/etc/kubernetes/pki/apiserver-etcd-client.key \
snapshot save ~/etcd_backup
# view container log
sudo docker logs -n 100 -f $(sudo docker ps -f name=k8s_kube-vip -q)
sudo docker logs -n 100 -f $(sudo docker ps -f name=k8s_etcd -q)
sudo docker logs -n 100 -f $(sudo docker ps -f name=k8s_kube-apiserver -q)
sudo docker logs -n 100 -f $(sudo docker ps -f name=k8s_kube-scheduler -q)
sudo docker logs -n 100 -f $(sudo docker ps -f name=k8s_kube-controller-manager -q)
Kubernetes - create nodeport svc¶
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Service
metadata:
name: my-svc
namespace: default
spec:
ports:
- port: 80
nodePort: 30002
selector:
app: my-app
type: NodePort
EOF
Kubernetes - Create kubeconfig file¶
NAMESPACE=default
USER_NAME=my-user
USER_TOKEN_NAME=$(kubectl get serviceaccount ${USER_NAME} -n ${NAMESPACE} -o=jsonpath='{.secrets[0].name}')
USER_TOKEN_VALUE=$(kubectl get secret/${USER_TOKEN_NAME} -n ${NAMESPACE} -o=go-template='{{.data.token}}' | base64 --decode)
CURRENT_CONTEXT=$(kubectl config current-context)
CURRENT_CLUSTER=$(kubectl config view --raw -o=go-template='{{range .contexts}}{{if eq .name "'''${CURRENT_CONTEXT}'''"}}{{ index .context "cluster" }}{{end}}{{end}}')
CLUSTER_CA=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}"{{with index .cluster "certificate-authority-data" }}{{.}}{{end}}"{{ end }}{{ end }}')
CLUSTER_SERVER=$(kubectl config view --raw -o=go-template='{{range .clusters}}{{if eq .name "'''${CURRENT_CLUSTER}'''"}}{{ .cluster.server }}{{end}}{{ end }}')
sudo tee ${USER_NAME}.kubeconfig <<EOF
apiVersion: v1
kind: Config
current-context: ${CURRENT_CONTEXT}
contexts:
- name: ${CURRENT_CONTEXT}
context:
cluster: ${CURRENT_CONTEXT}
user: ${USER_NAME}
namespace: ${NAMESPACE}
clusters:
- name: ${CURRENT_CONTEXT}
cluster:
certificate-authority-data: ${CLUSTER_CA}
server: ${CLUSTER_SERVER}
users:
- name: ${USER_NAME}
user:
token: ${USER_TOKEN_VALUE}
EOF
kubectl get pods -n ${NAMESPACE} --kubeconfig=${USER_NAME}.kubeconfig
Helm¶
# download helm chart
helm pull bitnami/redis --untar --untardir ./redis-helm-charts
# render helm template
helm template my-redis bitnami/redis --output-dir=./otuput-dir --dry-run -f="my-values.yaml"
# ls installed app
helm ls -A
# get installed values
helm get values my-redis -n redis
Helm chart¶
# add checksum to auto update deployment yaml if config map is changed
annotations:
checksum/configmap: { { include (print $.Template.BasePath "/configmap.yaml") . | sha256sum } }
# print yaml with nindent in every line
{{- toYaml .Values.resources | nindent 12 }}
# if else
{{- if .Values.enabled }}
{{- else }}
{{- end }}
# redefine root var in scrope
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
# avoid null error
{{- if (.Values.pvc).enabled -}}{{- end -}}
# rename var
{{- $ingressPath := .Values.ingress.path -}}
# prefer deploy pod in diff node
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: "{{ $name }}"
topologyKey: "kubernetes.io/hostname"
# loop key value
{{- range $key, $value := .Values.config }}
{{- if and (ne $key "my_key") }}
{{ $key }}: "{{ $value }}"
{{- end }}
# base64 encode for secret
{{ $value | b64enc }}
# default value
{{ $service.type | default "ClusterIP" }}
# add config as json file or key value
{{- if .Values.config }}
kind: ConfigMap
apiVersion: v1
metadata:
name: dotnet-config-cm
data:
{{- $config_json := .Values.config.config_json -}}
{{- if $config_json }}
config.json: |
{{ $config_json | indent 4 }}
{{- end }}
{{- range $key, $value := .Values.config_key_value }}
{{ $key }}: "{{ $value }}"
{{- end }}
{{- end }}
# distribute pod into diff node
# pod.spec.
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app: "{{ $app_name }}"
topologyKey: "kubernetes.io/hostname"
ArgoCD¶
Ref: https://argo-cd.readthedocs.io/en/stable/user-guide/commands/argocd/
# get init admin password
kubectl -n argocd get secret argocd-initial-admin-secret -o jsonpath="{.data.password}" | base64 -d; echo
# create container
docker run --rm -it argoproj/argocd
# login
argocd login "192.168.0.1" --insecure --username "isaac" --password "xxxxxx"
# restart deployment
argocd app actions run "my-app" restart --kind Deployment
# update password
argocd account update-password --account admin
# set app param
kubectl patch Application --type=merge -n=argocd -p '{"spec":{"source":{"helm":{"parameters":[{"name":"replicaCount","value":"0"}]}}}}' my-app
# set app param2
kubectl exec deploy/argocd-server -n argocd -- bash -c "argocd login 127.0.0.1:8080 --insecure --username admin --password 'XXXXXX'"
kubectl exec deploy/argocd-server -n argocd -- bash -c "argocd app set my-app -p replicaCount=0"