= Cheatsheet Kubernetes =
**Summary**: Kubernetes hints, tips, oneliners and best practices. \\
**Date**: 15 December 2024 \\
{{tag>cheatsheet kubernetes}}
== Kubectl ==
=== Basic commands and information ===
> Get cluster information
kubectl cluster-info
\\
> List all k8s objects from Cluster Control plane
kubectl get all --all-namespaces
\\
> Deploy and delete a manifest file
kubectl apply -f manifest.yaml
kubectl delete -f manifest.yaml
\\
> Deploy and delete a manifest folder
kubectl apply -f kube-manifests/
kubectl delete -f kube-manifests/
# Recursive
kubectl apply -R -f kube-manifests/
kubectl delete -R -f kube-manifests/
\\
> Deploy to a namespace
kubectl apply -f manifest.yaml -n dev1
\\
> Get the kubectl version
kubectl version
=== Nodes ===
> List all nodes
kubectl get nodes
kubectl get nodes -o wide
\\
> Get detailed information about a node
kubectl describe node aks-agentpool-20417106-vmss000001
\\
> Remove taint from a node
kubectl taint nodes aks-agentpool-20417106-vmss000001 CriticalAddonsOnly=true:NoSchedule-
\\
> Get node resource performance
kubectl top nodes
kubectl top nodes --sort-by=cpu
kubectl top nodes --sort-by=memory
# Sort from low to high
kubectl top nodes --sort-by=cpu --no-headers | sort -k3 -n
kubectl top nodes --sort-by=memory --no-headers | sort -k3 -n
==== Resources ====
> Get & Describe Limits
kubectl get limits -n dev3
kubectl describe limits default-cpu-mem-limit-range -n dev3
\\
> Get Resource Quota
kubectl get quota -n dev3
kubectl describe quota ns-resource-quota -n dev3
\\
> Check cpu and memory in pods, notice that this is actually the resources of the host
# cpu
cat /proc/cpuinfo | grep proc
# memory
free -h
=== Namespaces ===
> List all namespaces and work with namespaces for other objects
kubectl get namespaces
kubectl get ns
kubectl get pods --all-namespaces
> Create a namespace
kubectl create namespace dev1
kubectl create namespace dev2
> Delete a namespace
kubectl delete ns dev1
kubectl delete ns dev2
=== Pods ===
> List all pods
kubectl get pods
kubectl get po
> List all pods from a specific namespace
kubectl get pods -n dev1
\\
> Get logging from a pod
kubectl logs -f podname
# pods can have changing names, so you can use this command if you don't know the podname:
kubectl logs -f $(kubectl get po | egrep -o 'external-dns[A-Za-z0-9-]+')
\\
> Get detailed information about a pod
kubectl describe pod podname
kubectl describe pod myapp1-deployment-5bc58f6848-7vm2v
\\
> Get pod specifications like cpu and memory
kubectl get pod -o yaml
\\
> Get pod resource performance
kubectl top pods
kubectl top pods --sort-by=cpu
kubectl top pods --sort-by=memory
=== Deployments ===
> List all deployments
kubectl get deployments
kubectl get deploy
\\
> Restart a deployment
kubectl rollout restart deployment/kube-prometheus-stack-grafana
\\
> Apply a manifest
kubectl apply -f kube-prometheus-stack.yaml --server-side -n shared
kubectl apply -f kube-prometheus-stack.yaml --server-side --force-conflicts -n shared
=== Services ===
> List all services
kubectl get services
kubectl get svc
\\
> List all services from all namespaces
kubectl get services --all-namespaces
# Sorted on name
kubectl get services --all-namespaces --sort-by=.metadata.name
# Sorted on type
kubectl get services --all-namespaces --sort-by=.spec.type
# Get all services of type LoadBalancer
kubectl get services --all-namespaces | grep LoadBalancer
\\
> List services with a specific label
kubectl get service -l app.kubernetes.io/name=ingress-nginx --namespace ingress-basic
\\
> Describe a service
kubectl describe svc proxy-public --namespace dev1
=== StatefulSets ===
> List all StatefulSets
kubectl get statefulsets
kubectl get sts
\\
> Kill all the pods in a statefulSet by setting the number of replicas to 0
kubectl scale statefulset myapp1 --replicas=0
=== Storage ===
> List all storage classes
kubectl get storageclasses
kubectl get sc
\\
> List all persistent volumes claims
kubectl get pvc
\\
> List all persistent volumes (the actual storage)
kubectl get pv
\\
> Delete a persistent volume
kubectl delete pv my-pv
\\
> List all storage information at once
kubectl get sc,pvc,pv
=== Networking ===
> Get all ingress
kubectl get ingress
=== Secrets ===
> List all secrets
kubectl get secrets
\\
> Create a secret
kubectl create secret generic azure-config-file --from-file=azure.json
\\
> Decode a secret
echo "cGxhY2Vob2xkZXJwYXNzd29yZA==" | base64 --decode
\\
> Decode a secret with powershell
kubectl get secret argocd-initial-admin-secret --namespace ops -o json | ConvertFrom-Json | select -ExpandProperty data | % { $_.PSObject.Properties | % { $_.Name + [System.Environment]::NewLine + [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($_.Value)) + [System.Environment]::NewLine + [System.Environment]::NewLine } }
=== MISC ===
> Connect to MySQL using Kubectl by installing a sql client pod
kubectl run -it --rm --image=mysql:8.0 --restart=Never mysql-client -- mysql -h akswebappdb201.mysql.database.azure.com -u dbadmin -p
\\
> Reset Grafana admin password from within the pod
# Start k8s vscode extension -> vtxops -> configuration -> secrets -> kube-prometheus-stack-grafana -> Note down the admin-password
# opsnamespace -> workloads -> pods -> kube-prometheus-stack-grafana-xxxx
# Open the terminal (click terminal icon next to the name)
grafana cli admin reset-admin-password
== AKS ==
=== Cloud Shell ===
> Connect to AKS
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
# overwrite the existing context
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster --overwrite-existing
=== Local ===
> Connect to AKS
az login
az aks install-cli
# Add C:\Users\sjoer\.azure-kubectl to path
# Advanced System Settings -> Environment Variables -> User Variables -> Path -> New
# Configure Cluster Creds (kube config)
az aks get-credentials --resource-group aks-rg1 --name aksdemo1
=== Working with az cli ===
az aks nodepool show --resource-group aks-rg1 --cluster-name aksdemo1 --name agentpool
# Remove all taints (must be done from cloud shell as it does not work locally)
az aks nodepool update --resource-group aks-rg1 --cluster-name aksdemo1 --name agentpool --node-taints ""
# Get the resource group name of the AKS cluster
az aks show --resource-group aks-rg1 --name aksdemo1 --query nodeResourceGroup -o tsv
# Create a public IP address with a static allocation
az network public-ip create --resource-group --name myAKSPublicIPForIngress --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv
== Helm ==
=== Install Helm ===
# Install Helm3 (if not installed)
choco install kubernetes-helm
# Add a repository
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
=== Working with Helm ===
> Use Helm to deploy an NGINX ingress controller
helm install ingress-nginx ingress-nginx/ingress-nginx `
--namespace ingress-basic `
--set controller.replicaCount=2 `
--set controller.nodeSelector."kubernetes\.io/os"=linux `
--set defaultBackend.nodeSelector."kubernetes\.io/os"=linux `
--set controller.service.externalTrafficPolicy=Local `
--set controller.service.loadBalancerIP="172.205.120.177"