kubectl cheatsheet¶
Connection details¶
To look at the connection details, we can either see the content of the ~/.kube/config file (on Linux) or run the following command:
$ kubectl config view
Cluster info¶
kubectl cluster-info
A Bearer Token is an access token which is generated by the authentication server (the API server on the master node) and given back to the client. Using that token, the client can connect back to the Kubernetes API server without providing further authentication details, and then, access resources.
Get the token:¶
$ TOKEN=$(kubectl describe secret -n kube-system $(kubectl get secrets -n kube-system | grep default | cut -f1 -d ' ') | grep -E '^token' | cut -f2 -d':' | tr -d '\t' | tr -d " ")
Get the API server endpoint:¶
$ APISERVER=$(kubectl config view | grep https | cut -f 2- -d ":" | tr -d " ")
Access the API server¶
$ curl $APISERVER --header "Authorization: Bearer $TOKEN" --insecure
Instead of the access token, we can extract the client certificate, client key, and certificate authority data from the .kube/config file. Once extracted, they are encoded and then passed with a curl command for authentication. The new curl command looks similar to:
$ curl $APISERVER --cert encoded-cert --key encoded-key --cacert encoded-ca
List the Pods¶
Along with their attached Labels¶
With the -L option to the kubectl get pods command, we add extra columns in the output to list Pods with their attached Label keys and their values. In the following example, we are listing Pods with the Label keys k8s-app and label2:
$ kubectl get pods -L k8s-app,label2
NAME READY STATUS RESTARTS AGE K8S-APP LABEL2
webserver-c8f4d5fbc-ggqkj 1/1 Running 0 16m webserver
webserver-c8f4d5fbc-hmh2t 1/1 Running 0 16m webserver
webserver-c8f4d5fbc-t2ntz 1/1 Running 0 16m webserver
Pods with a given Label¶
To use a selector with the kubectl get pods command, we can use the -l option. In the following example, we are selecting all the Pods that have the k8s-app Label key set to value webserver:
$ kubectl get pods -l k8s-app=webserver
NAME READY STATUS RESTARTS AGE
webserver-c8f4d5fbc-ggqkj 1/1 Running 0 23m
webserver-c8f4d5fbc-hmh2t 1/1 Running 0 24m
webserver-c8f4d5fbc-t2ntz 1/1 Running 0 23m
Look at a Pod's Details¶
We can look at an object's details using kubectl describe command. In the following example, you can see a Pod's description:
$ kubectl describe pod webserver-c8f4d5fbc-ggqkj
Name: webserver-c8f4d5fbc-ggqkj
Namespace: default
Priority: 0
Node: minikube/10.0.2.15
Start Time: Sat, 05 Oct 2019 14:37:34 +0300
Labels: k8s-app=webserver
pod-template-hash=c8f4d5fbc
Annotations: <none>
Status: Running
IP: 172.17.0.7
IPs:
IP: 172.17.0.7
Controlled By: ReplicaSet/webserver-c8f4d5fbc
Containers:
webserver:
Container ID: docker://b7d6bd7ce9eaefe48523d486f7174ac748571546bec4d8674b89d4438c8707da
Image: nginx:alpine
Image ID: docker-pullable://nginx@sha256:77f340700d08fd45026823f44fc0010a5bd2237c2d049178b473cd2ad977d071
Port: <none>
Host Port: <none>
State: Running
Started: Sat, 05 Oct 2019 14:37:36 +0300
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-r6llk (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-r6llk:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-r6llk
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled <unknown> default-scheduler Successfully assigned default/webserver-c8f4d5fbc-ggqkj to minikube
Normal Pulled 19m kubelet, minikube Container image "nginx:alpine" already present on machine
Normal Created 19m kubelet, minikube Created container webserver
Normal Started 19m kubelet, minikube Started container webserver
Exposing an Application¶
For a NodePort ServiceType, Kubernetes opens up a static port on all the worker nodes. If we connect to that port from any node, we are proxied to the ClusterIP of the Service. Next, let's use the NodePort ServiceType while creating a Service.
Create a webserver-svc.yaml file with the following content:
apiVersion: v1
kind: Service
metadata:
name: web-service
labels:
run: web-service
spec:
type: NodePort
ports:
- port: 80
protocol: TCP
selector:
app: nginx
$ kubectl create -f webserver-svc.yaml
service/web-service created
Expose a Deployment with the kubectl expose command:
$ kubectl expose deployment webserver --name=web-service --type=NodePort
service/web-service exposed
Create an NGINX Pod
kubectl run --generator=run-pod/v1 nginx --image=nginx
Generate POD Manifest YAML file (-o yaml). Don't create it(--dry-run)
kubectl run --generator=run-pod/v1 nginx --image=nginx --dry-run -o yaml
label Create a deployment
kubectl run --generator=deployment/v1beta1 nginx --image=nginx
Generate Deployment YAML file (-o yaml). Don't create it(--dry-run)
kubectl run --generator=deployment/v1beta1 nginx --image=nginx --dry-run -o yaml
Generate Deployment YAML file (-o yaml). Don't create it(--dry-run) with 4 Replicas (--replicas=4)
kubectl run --generator=deployment/v1beta1 nginx --image=nginx --dry-run --replicas=4 -o yaml
Save it to a file - (If you need to modify or add some other details)
kubectl run --generator=deployment/v1beta1 nginx --image=nginx --dry-run --replicas=4 -o yaml >Â nginx-deployment.yaml
more kubectl commands and manuals is here