Commands #
Reference: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands https://kubernetes.io/docs/reference/kubectl/conventions/
Controlplane #
| Action | Command |
|---|---|
| ETCD certficates | –cacert /etc/kubernetes/pki/etcd/ca.crt –cert /etc/kubernetes/pki/etcd/server.crt –key /etc/kubernetes/pki/etcd/server.key |
| ETCD commands | etcdctl snapshot save etcdctl endpoint health etcdctl get etcdctl put etcdctl version |
| Static pods default folder | /etc/kubernetes/manifests |
JSON PATH #
| Action | Command |
|---|---|
| Get restart count of a container | $.status.containerStatuses[?(@.name == 'redis-container')].restartCount |
| Query all the pod names | $[*].metadata.name |
| Query to get all user names. | $.users.[*].name |
| Get node names and export to file | k get nodes -o=jsonpath={'.items[*].metadata.name'} >> /opt/outputs/node_names.txt |
| Get node OS images | kubectl get nodes -o jsonpath='{.items[*].status.nodeInfo.osImage}' > /opt/outputs/nodes_os.txt |
| Get user names from kubeconfig file and export to file | k config view --kubeconfig=/root/my-kube-config -o=jsonpath={'.users[*]'} >> /opt/outputs/users.txt |
Containers #
| Action | Docker | Podman |
|---|---|---|
| Build dockerfile | docker build -t <imagename>:<tag> . |
podman build -t <imagename>:<tag> . |
| Run container image | docker run -d -p 8080:80 <imagename>:<tag> |
docker run -d -p 8080:80 <imagename>:<tag> |
| Get logs for container | docker logs <containername or containerid> |
podman logs <containername or containerid> |
| Interactive mode in container | docker exec -it <containername or containerid> sh |
podman exec -it <containername or containerid> sh |
| Get all running and exited containers | docker ps -a |
podman ps -a |
| Get images | docker images |
podman images |
| Remove image | docker image rm <imagename> |
podman image rm <imagename> |
| Remove all images not in use (dangling images) | docker image prune -a |
podman image prune -a |
| Remove all images | docker rmi ($docker images -q) |
podman rmi ($docker images -q) |
| Stop and remove all containers | docker stop $(docker ps -a -q) && docker rm $(docker ps -a -q) |
podman stop $(podman ps -a -q) && podman rm $(podman ps -a -q) |
Kubernetes #
Kubectl configurations #
| Action | Command |
|---|---|
| Set alias for kubectl in Bash | alias k=kubectl |
| Set alias for kubectl with completion in Bash | alias k=kubectl complete -o default -F __start_kubectl k |
| Set alias for kubectl in Powershell | Set-Alias -Name k -Value kubectl |
| Get kubectl version | kubectl version |
| Get cluster info |
kubectl cluster-info |
| Display kubeconfig settings | kubectl config view |
| Get kubeconfig contexts | kubectl config get-contexts |
| Get current context | kubectl config current-context |
| Set context | kubectl config set-context <contextname>kubectl config set-context <contextname> --namespace=<namespacename>kubectl config use-context nginx |
| Change to another context | kubectl config use-context <contextname> |
| Change namespace in current context | kubectl config set-context --current --namespace=<namespacename> |
| Delete context | kubectl config delete-context nginx |
Get Info #
| Action | Command |
|---|---|
| Get events | kubectl get eventskubectl get events --field-selector involvedObject.name=nginx |
| Show the total CPU and memory in use by the nodes | kubectl top nodes |
| Show Pods and their resource usage. By default it only displays Pods in the current namespace, but you can add the –all-namespaces flag to see resource usage by all Pods in the cluster. |
kubectl top podskubectl top pods --all-namespaces |
| Get all resources | Kubectl get all --all-namespaces |
| Get all resources based on labels | Kubectl get all --selector env=prodkubectl get all --selector env=prod,bu=finance,tier=frontend |
| Get all pods from all namespaces | kubectl get pod -A |
| Get pods based on labels | Kubectl get pods --selector env=devkubectl get pods --selector env=prod,bu=finance,tier=frontend |
| Get more information about a particular object | kubectl describe <resource-name> <obj-name>kubectl describe nodes node-1 |
Namespace #
| Action | Command |
|---|---|
| Create namespace | kubectl create ns \<namespacename> kubectl create -f .\namespaces.yml |
| Get all resources in a namespace | kubectl --namespace \<namespacename> get all |
| Change namespace context | kubectl config set-context --current --namespace \<namespacename> |
| Get namespaces | kubectl get namespace kubectl get ns |
| Get namespaces details | kubectl describe namespace kubectl describe ns |
Pods #
| Action | Command |
|---|---|
| Create pod - imperative | kubectl run nginx-app --image=nginx |
| Create pod - declarative | kubectl apply -f pod-manifest.yaml |
| Update pod - declarative | kubectl replace -f pod-manifest.yaml --force |
| Delete pod | kubectl delete pod <podname> |
| Get pod IP | kubectl get pods nginx -o jsonpath --template={.status.podIP} |
| Get logging for pod | kubectl logs nginx-podkubectl logs nginx-pod -c nginx-container# Stream logs kubectl logs nginx-pod -f |
| Generate Pod manifest file –dry-run: Will not create the resource, but whether the resource can be created and if your command is right. |
kubectl run nginx --image=nginx --dry-run=client -o yaml > nginx.yamlkubectl get pod nginx --dry-run=client -o yaml > nginx.yaml |
| Run temporary test pod | kubectl run --rm -i <podname> --image=<imagename> --restart=Never -- <command> <br><br> Example: <br>kubectl run --rm -i test-curl-pod --image=curlimages/curl --restart=Never -- curl -m 2 testnginx-svc<br>k run tmp --restart=Never --rm --image=nginx:alpine -i -- curl http://project-plt-6cc-svc.pluto:3333 |
| Execute a command in a running container This will provide an interactive shell inside the running container. |
kubectl exec -it nginx -- bash |
| Attach to the running process in a container This is usefull when there is no terminal like bash available in the container. It is similar to kubectl logs but allows to send input to the running process, assuming that process is set up to read from standard input. |
kubectl attach -it <pod-name> |
| Access pod through a secure network tunnel. Forwards network traffic from the local machine to the pod. Can be used for pods and services. (With services, the request will only be forwarded to a single Pod and will not go through the load balancer) |
kubectl port-forward <pod-name> 8080:80kubectl port-forward services/<service-name> 8080:80 |
| Copy local file to running container, or file from running container to local. Can also be used to specify directories. |
kubectl cp <pod-name>:</path/to/remote/file> </pat h/to/local/file>kubectl cp </pat h/to/local/file> <pod-name>:</path/to/remote/file> |
Change commands #
| Action | Command |
|---|---|
| Edit a Kubernetes resource (interactive instead of the local file) It downloads the latest object state and then launch an editor that contains the definition to change |
kubectl edit <resource-name> <obj-name> |
| Apply a Kubernetes manifest file The apply command also records the history of previous configurations in an annotation within the object. |
kubectl apply -f <filename>.yamlkubectl apply -f <filename>.yaml view-last-applied |
| Replace a Kubernetes resource with a Kubernetes manifest file | kubectl replace -f <filename>.yamlkubectl replace --force -f <filename>.yaml |
Services #
| Action | Command |
|---|---|
| Expose pod | kubectl expose pod <podname> --port=<portnumber> --name <servicename>kubectl expose pod <podname> --type=NodePort --port=<portnumber> --name <servicename> |
| Expose deployment | kubectl expose deployment <deploymentname> --port=<portnumber> --name <servicename>kubectl expose deployment <deploymentname> --type=NodePort --port=<portnumber> --name <servicename> |
| Create service (ClusterIP) | kubectl create service clusterip <servicename> --tcp=<port>:<targetport> |
| Create service (NodePort) | kubectl create service nodeport <servicename> --tcp=<port>:<targetport> |
| Delete Service | kubectl delete service <servicename>kubectl delete svc <servicename> |
Deployments #
| Action | Command |
|---|---|
| Get deployments | kubectl get deploymentskubectl get deploy |
| Create a deployment | kubectl create deployment --image=nginx nginx-deploymentkubectl create deployment --image=nginx nginx-deployment --replicas=4kubectl create -f <deploymentdefinition>.yaml |
| Update deployment | kubectl apply -f <deploymentdefinition>.yamlkubectl set image deployment/<deploymentname> <containername>=<newimagename>:<newimagetag> |
| Delete deployment | kubectl delete deployment nginx-deployment |
| Generate Deployment manifest file –dry-run: Will not create the resource, but whether the resource can be created and if your command is right. |
kubectl create deployment --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yamlkubectl create deployment --image=nginx nginx --replicas=4 --dry-run=client -o yaml > nginx-deployment.yamlkubectl get deployment nginx-deployment --dry-run=client -o yaml > nginx-deployment.yaml |
| Scale a deployment | kubectl scale deployment nginx --replicas=4 |
| Get deployment rollout status | kubectl rollout status deployment/nginxkubectl rollout history deployment/nginx |
| Rollback a deployment rollout | kubectl rollout undo deployment/nginx |
ReplicaSets #
| Action | Command |
|---|---|
| Get replicasets | kubectl get replicasetskubectl get rs |
| Create a replicasets | kubectl create -f <replicasetdefinition>.yaml |
| Update replicasets | kubectl edit replicaset <replicasetname>kubectl replace -f <replicasetdefinition>.yamlkubectl apply -f <replicasetdefinition>.yaml |
| Delete replicasets | kubectl delete replicaset nginx-replicaset |
| Generate Replicaset manifest file –dry-run: Will not create the resource, but whether the resource can be created and if your command is right. |
kubectl get replicaset nginx-replicaset --dry-run=client -o yaml > nginx-replicaset.yaml |
Secrets #
| Action | Command |
|---|---|
| Get secrets | kubectl get secretskubectl describe secret <secretname> |
| Create generic secret | kubectl create secret generic my-secret --from-literal=key1=supersecret --from-literal=key2=topsecret |
| Decode secret | kubectl get secret <secretname> -n <namespace> -o jsonpath={.data}echo <base64string> | base64 -d |
| Delete secret | kubectl delete secret <secretname> |
ACR #
| Action | Command |
|---|---|
| Login ACR | az acr login --name \<acrname> |
| Tag image | docker tag \<imagename>:\<tag> \<acrname>.azurecr.io/\<containername>:\<tag> |
| Push image to ACR | docker push \<acrname>.azurecr.io/\<containername>:\<tag> |
| List images in ACR | az acr repository list --name <acrname> --output table |
| Get image info | az acr repository show -n <imagename> --repository <acrname> |
| List tags for image | az acr repository show-tags --name <acrname> --repository <repositoryname> --output table |
| Import image from other ACR | az acr import --name <acrname> --source <imagename>:<imagetag> --image <destinationimagename>:<destinationimagetag> --registry /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/<resourcegroupname>/providers/Microsoft.ContainerRegistry/registries/<acrname>az acr import --name acrvcofitv3 --source cibuildagent:latest --image cibuildagent:latest --registry /subscriptions/25e085bc-32a8-432a-a062-581a222b9e17/resourceGroups/RG-AUTOMATION-EBPI/providers/Microsoft.ContainerRegistry/registries/acrvcofit |