SHIFT-WIKI - Sjoerd Hooft's InFormation Technology

This WIKI is my personal documentation blog. Please enjoy it and feel free to reach out through blue sky if you have a question, remark, improvement or observation.

Cheatsheet Links

Summary: This is a list of technical links meant for people like system administrators and devops engineers that are useful in day-to-day work.
Date: 8 December 2024

Links

Microsoft Cloud

The Azure Graph Explorer is a visual tool to explore the Microsoft Graph API. It is useful to test queries and see the results. You can login to test the queries against your own data.

Azure Graph Explorer

Azure Cloud Shell is an interactive, authenticated, browser-accessible terminal for managing Azure resources. It provides the flexibility of choosing the shell experience that best suits the way you work, either Bash or PowerShell.

Azure Cloud Shell

DNS Info

Use the following link to check for DNS records for a domain. It is useful to check if changes records have been propagated yet.

DNS Info

Documentation

Tree is a tool to create a visual representation of a directory structure. I use this to create a visual representation of a directory structure for documentation.

tree.nathanfriend.com

Networking

The visual subnet calculator lets you play around with subnetting and see the results visually. It is useful to understand how subnetting works. You can add comments and share the results.

Visual subnet calculator

The Subnet Mask Cheat Sheet is a quick reference to see the subnet mask for a given CIDR notation.

Subnet mask cheat sheet

Security

The One Time Secret website allows you to share passwords securely. You can set a password and an expiration time. The recipient can only see the password once.

One Time Secret - Share passwords secure

2025/06/01 11:59

cheatsheet

Cheatsheet Kubernetes

Summary: Kubernetes hints, tips, oneliners and best practices.
Date: 15 December 2024

Kubectl

Basic commands and information

Get cluster information
kubectl cluster-info

List all k8s objects from Cluster Control plane
kubectl get all --all-namespaces

Deploy and delete a manifest file
kubectl apply -f manifest.yaml
kubectl delete -f manifest.yaml

Deploy and delete a manifest folder

kubectl apply -f kube-manifests/
kubectl delete -f kube-manifests/
# Recursive
kubectl apply -R -f kube-manifests/
kubectl delete -R -f kube-manifests/

Deploy to a namespace
kubectl apply -f manifest.yaml -n dev1

Get the kubectl version
kubectl version

Nodes

List all nodes

kubectl get nodes
kubectl get nodes -o wide

Get detailed information about a node
kubectl describe node aks-agentpool-20417106-vmss000001

Remove taint from a node

kubectl taint nodes aks-agentpool-20417106-vmss000001 CriticalAddonsOnly=true:NoSchedule-

Get node resource performance

kubectl top nodes
kubectl top nodes --sort-by=cpu
kubectl top nodes --sort-by=memory
# Sort from low to high
kubectl top nodes --sort-by=cpu --no-headers | sort -k3 -n
kubectl top nodes --sort-by=memory --no-headers | sort -k3 -n

Resources

Get & Describe Limits

kubectl get limits -n dev3
kubectl describe limits default-cpu-mem-limit-range -n dev3

Get Resource Quota

kubectl get quota -n dev3
kubectl describe quota ns-resource-quota -n dev3

Check cpu and memory in pods, notice that this is actually the resources of the host
# cpu
cat /proc/cpuinfo | grep proc
# memory
free -h

Namespaces

List all namespaces and work with namespaces for other objects
kubectl get namespaces
kubectl get ns
kubectl get pods --all-namespaces
Create a namespace
kubectl create namespace dev1
kubectl create namespace dev2
Delete a namespace
kubectl delete ns dev1
kubectl delete ns dev2

Pods

List all pods
kubectl get pods
kubectl get po
List all pods from a specific namespace
kubectl get pods -n dev1

Get logging from a pod

kubectl logs -f podname
# pods can have changing names, so you can use this command if you don't know the podname:
kubectl logs -f $(kubectl get po | egrep -o 'external-dns[A-Za-z0-9-]+')

Get detailed information about a pod

kubectl describe pod podname
kubectl describe pod myapp1-deployment-5bc58f6848-7vm2v

Get pod specifications like cpu and memory
kubectl get pod <pod-name> -o yaml

Get pod resource performance

kubectl top pods
kubectl top pods --sort-by=cpu
kubectl top pods --sort-by=memory

Deployments

List all deployments
kubectl get deployments
kubectl get deploy

Restart a deployment

kubectl rollout restart deployment/kube-prometheus-stack-grafana

Apply a manifest

kubectl apply -f kube-prometheus-stack.yaml --server-side -n shared
kubectl apply -f kube-prometheus-stack.yaml --server-side --force-conflicts -n shared

Services

List all services
kubectl get services
kubectl get svc

List all services from all namespaces

kubectl get services --all-namespaces
# Sorted on name
kubectl get services --all-namespaces --sort-by=.metadata.name
# Sorted on type
kubectl get services --all-namespaces --sort-by=.spec.type
# Get all services of type LoadBalancer
kubectl get services --all-namespaces | grep LoadBalancer

List services with a specific label

kubectl get service -l app.kubernetes.io/name=ingress-nginx --namespace ingress-basic

Describe a service

kubectl describe svc proxy-public --namespace dev1

StatefulSets

List all StatefulSets
kubectl get statefulsets
kubectl get sts

Kill all the pods in a statefulSet by setting the number of replicas to 0
kubectl scale statefulset myapp1 --replicas=0

Storage

List all storage classes
kubectl get storageclasses
kubectl get sc

List all persistent volumes claims
kubectl get pvc

List all persistent volumes (the actual storage)
kubectl get pv

Delete a persistent volume
kubectl delete pv my-pv

List all storage information at once
kubectl get sc,pvc,pv

Networking

Get all ingress
kubectl get ingress

Secrets

List all secrets
kubectl get secrets

Create a secret

kubectl create secret generic azure-config-file --from-file=azure.json

Decode a secret

echo "cGxhY2Vob2xkZXJwYXNzd29yZA==" | base64 --decode

Decode a secret with powershell

kubectl get secret argocd-initial-admin-secret --namespace ops -o json | ConvertFrom-Json | select -ExpandProperty data | % { $_.PSObject.Properties | % { $_.Name + [System.Environment]::NewLine + [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($_.Value)) + [System.Environment]::NewLine + [System.Environment]::NewLine } }

MISC

Connect to MySQL using Kubectl by installing a sql client pod

kubectl run -it --rm --image=mysql:8.0 --restart=Never mysql-client -- mysql -h akswebappdb201.mysql.database.azure.com -u dbadmin -p<password>

Reset Grafana admin password from within the pod

# Start k8s vscode extension -> vtxops -> configuration -> secrets -> kube-prometheus-stack-grafana -> Note down the admin-password
# opsnamespace -> workloads -> pods -> kube-prometheus-stack-grafana-xxxx
# Open the terminal (click terminal icon next to the name)
grafana cli admin reset-admin-password <admin-password>

AKS

Cloud Shell

Connect to AKS

az aks get-credentials --resource-group myResourceGroup --name myAKSCluster
# overwrite the existing context
az aks get-credentials --resource-group myResourceGroup --name myAKSCluster --overwrite-existing

Local

Connect to AKS

az login
az aks install-cli
# Add C:\Users\sjoer\.azure-kubectl to path
# Advanced System Settings -> Environment Variables -> User Variables -> Path -> New
# Configure Cluster Creds (kube config)
az aks get-credentials --resource-group aks-rg1 --name aksdemo1

Working with az cli

az aks nodepool show --resource-group aks-rg1 --cluster-name aksdemo1 --name agentpool
# Remove all taints (must be done from cloud shell as it does not work locally)
az aks nodepool update --resource-group aks-rg1 --cluster-name aksdemo1 --name agentpool --node-taints ""
# Get the resource group name of the AKS cluster
az aks show --resource-group aks-rg1 --name aksdemo1 --query nodeResourceGroup -o tsv
# Create a public IP address with a static allocation
az network public-ip create --resource-group <REPLACE-OUTPUT-RG-FROM-PREVIOUS-COMMAND> --name myAKSPublicIPForIngress --sku Standard --allocation-method static --query publicIp.ipAddress -o tsv

Helm

Install Helm

# Install Helm3 (if not installed)
choco install kubernetes-helm
# Add a repository
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update

Working with Helm

Use Helm to deploy an NGINX ingress controller

helm install ingress-nginx ingress-nginx/ingress-nginx `
    --namespace ingress-basic `
    --set controller.replicaCount=2 `
    --set controller.nodeSelector."kubernetes\.io/os"=linux `
    --set defaultBackend.nodeSelector."kubernetes\.io/os"=linux `
    --set controller.service.externalTrafficPolicy=Local `
    --set controller.service.loadBalancerIP="172.205.120.177"

2025/06/01 11:59

cheatsheet, kubernetes

Cheatsheet GIT

Summary: Git hints, tips, oneliners and best practices.
Date: 8 December 2024

General

Check git repository size
git count-objects -vH

Combine fetch and merge to completely update a repository
git pull

Log & Diff

Show git log
git log

Show the files which have changed between the branch and master
git diff --name-only master..branchtocheck

Branches

Create and immediately checkout a branch
git checkout -b "#123456-add-dns-resolving"

Show all branches
git branch -a

Show all active branches
git ls-remote --heads origin

Merge changes from master branch, perform from inside the branch
git merge master

Git Remotes

Show remote
git remote -v

Update the remote “origin” with a new url in case of a rename of the repo or project
git remote set-url origin https://getshifting@dev.azure.com/getshifting/Infra/_git/infraplayground

Commits

Add and commit a new file
git add .
git commit -m "Added new file"

Add and commit in 1 go for changed files
git commit -am "changed a file"

Co-Authoring / Pair coding commit message
Changed a couple of files

Co-Authored-By: Sjoerd <sjoerd @ getshifting.com>

Do not trigger CI in Azure DevOps
***NO_CI***

2025/06/01 11:59

cheatsheet, git

Cheatsheet Docker

Summary: Docker hints, tips, oneliners and best practices.
Date: 8 December 2024

Docker version

Show the docker version
docker version

Docker Images

Working with images from docker hub

# Logout from docker hub
docker logout
# Login to docker hub
docker login -u username -p password
# Pull the image from docker hub repository
docker pull image-info
# Pull the image from docker hub repository
docker pull stacksimplify/springboot-helloworld-rest-api:2.0.0-RELEASE
# Remove the docker image
docker rmi image-id

Docker Containers

Show running container
docker ps
# or
docker container ls

Show all containers, including stopped ones
docker ps -a

docker stop/start/restart containers

# Stop
docker stop container_id
# default grace time = 10
docker stop --time=5 container_id
# Start
docker start container_id
# Restart
# Restart apache container by name
docker container restart httpd_web

Remove containers

# Remove the stopped container
docker rm container-id or name
# Remove the running container forcefully
docker rm -f container-id or name

Get docker container info
docker inspect container_id

Get docker container compose info
docker inspect container_id | grep com.docker.compose

Copy a file from or to a container

docker cp tool_db:/var/lib/postgresql/data/pgdata/postgresql.conf ./postgresql.conf

Logging and Monitoring

Get logging from docker container
docker logs --tail 50 --follow --timestamps httpd_web

grep in logging

docker logs <container_name> 2>&1 | grep <string>

Note that docker logs to stderr do you need to redirect this to stdout

Get container stats (Display the running processes of a container)
docker top <container_name>

Get docker stats
docker stats

Work Inside a Container

Work in a container

docker exec -it container_id /bin/bash
# Connect to linux container and execute commands in container
docker exec -it container-name /bin/sh

As a different user

docker exec -u postgres -it container_id /bin/bash

Docker Compose

Docker compose files are used to start containers. By default, a docker-compose.yml or a docker-compose.yaml file is used.

Start and stop containers from docker-compose file
docker compose up -d
docker compose down

Note the -d switch to start the containers in the background.

See logging

# the logs from each of the services interleaved into a single stream
docker compose logs -f
# the logs just for app
docker compose logs -f app

Docker Build

Docker build, run and show logs of a custom app called privacy

# Build an image called privacyimage
docker build -t privacyimage .
# Run a container called privacycontainer from the image
docker run -d --name privacycontainer privacyimage
# Show the logs from the container
docker logs privacycontainer

# Show all steps in plain output and redo every step (don't use cached steps)
docker build --progress=plain --no-cache  -t consoleappdbtestimage .

Save an image to disk and import somewhere else

# Create a tar file from the consoleappimage
docker save -o ./consoleappimage.tar consoleappimage
# import the image
docker load -i /consoleappimage.tar

Dockerfile

A Dockerfile is used to create images:

Default .net app dockerfile:

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS build-env
WORKDIR /App
 
# Copy everything
COPY . ./
# Restore as distinct layers
RUN dotnet restore
# Build and publish a release
RUN dotnet publish -c Release -o out
 
# Build runtime image
FROM mcr.microsoft.com/dotnet/aspnet:6.0
WORKDIR /app
COPY --from=build-env /app/out .
ENTRYPOINT ["dotnet", "DockerConsoleApp.dll"]

Docker Azure DevOps Pipeline Task

  - task: Docker@2
    displayName: Build and push an image to container registry
    inputs:
      command: buildAndPush
      repository: $(repository)
      dockerfile: $(dockerFilePath)
      containerRegistry: "containerRegistry"
      tags: |
        $(imageName)
        $(Build.BuildId)
        latest

2025/06/01 11:59

cheatsheet, docker

<< Newer entries | Older entries >>

dokuwiki