Kubeadm and Kubectl commands

Publié le 26 juin 2020 par davidhxxx


Common

Set the log level verbosity :
: -v NUMBER
Example :
kubeadm -v 10 init

Kubeadm

Init a cluster (done on a node designed to be master) :
kubeadm init --pod-network-cidr=NETWORK_IP_START_RANGE :
Example :
kubeadm init --pod-network-cidr=192.168.0.0/16

Join a cluster (done on a node designed to be worker) :
kubeadm join API_SERVER_ENDPOINT --token TOKEN --discovery-token-ca-cert-hash sha256:TOKEN_CA_CERT_HASH
Example :
kubeadm join 173.17.92.196:6443 --token dng518.kt888az4ww5pw7ym --discovery-token-ca-cert-hash sha256:0ccce75559bf1403e4cf03308558c04fbc470b36f51617439adf2135827543bd

Revert changes done to the host by ‘kubeadm init’ or ‘kubeadm join’ :
kubeadm reset

Identify kubernetes version
kubeadm version

Kubectl basic

Namespaced resources

Some resources are resources aware. So some kubcetl commands may need to specify the namespace, otherwise the default namespace is used.
To specify a namespace, we add the flag : -n NAMESPACE or --namespace NAMESPACE.
For example kubectl -n kube-system get pods to get information about pods of the kube-system namespace.

Cluster Management Commands

List addresses of the master and services (label kubernetes.io/cluster-service=true) :
kubectl cluster-info

List current cluster state (very detailed information) :
kubectl cluster-info dump

Kubectl context command

Display existing contexts :
kubectl config get-contexts

Output namespace of the current context if the namespace was set otherwise outputs blank :
kubectl config view --minify | grep namespace

Set the namespace field of the current context :
kubectl config set-context --current --namespace=foo-ns

Create the gce context if not exist or set its user field without touching other values :
kubectl config set-context gce --user=cluster-admin

Troubleshooting and Debugging Commands

Get logs for a pod :
kubectl -n fooNs logs fooPod

Helpful flags :
-f : follow the output
--tail=LINE_NUMBER : show tail of the logs from the LINE_NUMBER
--since=NUMBER_AND_SUFFIX : Only return logs newer than a relative duration like 5s, 2m, or 3h. Defaults to all logs.

Resources/documentation information Commands

Print the supported API resources on the server :
kubectl api-resources

Sample output: 

NAME                              SHORTNAMES   APIVERSION                             NAMESPACED   KIND
bindings                                       v1                                     true         Binding
componentstatuses                 cs           v1                                     false        ComponentStatus
configmaps                        cm           v1                                     true         ConfigMap
endpoints                         ep           v1                                     true         Endpoints
events                            ev           v1                                     true         Event
limitranges                       limits       v1                                     true         LimitRange
namespaces                        ns           v1                                     false        Namespace
nodes                             no           v1                                     false        Node
persistentvolumeclaims            pvc          v1                                     true         PersistentVolumeClaim
persistentvolumes                 pv           v1                                     false        PersistentVolume
pods                              po           v1                                     true         Pod
podtemplates                                   v1                                     true         PodTemplate
replicationcontrollers            rc           v1                                     true         ReplicationController
resourcequotas                    quota        v1                                     true         ResourceQuota
secrets                                        v1                                     true         Secret

Examples of commonly used resources + shortcuts :
Container associated resources :
– events
– namespaces
– nodes
– deployments
– pods
– services
– podtemplates
– replicasets
– configmaps
– endpoints
– persistentvolumes

Roles/User resources :
– secrets
– serviceaccounts
– rolebindings
– roles

Print supported API versions:
kubectl api-versions

Output

admissionregistration.k8s.io/v1
apiextensions.k8s.io/v1
apiregistration.k8s.io/v1
apps/v1
authentication.k8s.io/v1
authorization.k8s.io/v1
autoscaling/v1
autoscaling/v2
batch/v1
certificates.k8s.io/v1
coordination.k8s.io/v1
crd.projectcalico.org/v1
discovery.k8s.io/v1
events.k8s.io/v1
flowcontrol.apiserver.k8s.io/v1beta2
flowcontrol.apiserver.k8s.io/v1beta3
networking.k8s.io/v1
node.k8s.io/v1
policy/v1
rbac.authorization.k8s.io/v1
scheduling.k8s.io/v1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

kubectl explain command : get documentation about a resource type
kubectl explain < RESOURCE_TYPE[.field.field...] >
Examples :
kubectl explain deployment
kubectl explain deployment.metadata
kubectl explain service

kubectl get command : Get information about resources

Syntax and basic examples :
Syntax : kubectl get < RESOURCE_TYPE >
Examples :
kubectl get nodes : list nodes
kubectl -n myNameSpace get pods : list pods of the myNameSpace ns
kubectl get pods : list pods of the default ns
kubectl -n myOtherNameSpace get services : list services of the myOtherNameSpace ns

kubectl get events : list events of the default ns
kubectl get all : list all types of resource of the default ns

Search in all namespaces :
As seen, we could specify a namespace or use the default.
Another option for the get command is searching in all namespaces by adding the flag --all-namespaces or -A.
For example :
List pods of all namespaces :
kubectl get --all-namespaces pods
or
kubectl get -A pods

Filter results with the --field-selector or -l flag :
For example to get only running pods :
kubectl -n myNs get pods --field-selector status.phase=Running

We could also filter on any label defined in the deployment part of the pod :
For example if we defined a app label in the template/metadata/label part, we could filter such as :
kubectl -n myNs get pod -l app=myApp

To get possible fields as selector, we could rely on kubectl explain RESOURCE.[field1.field2].
For example : kubectl explain pod show a status field and kubectl explain pod.status shows a phase field.

Specify the output :
See the common point about that.

Kubectl describe command : get detailed information about resources

kubectl describe < RESOURCE_TYPE > [< RESOURCE_ID...>]
If we doesn’t specify any resource ids, it gives outputs information for all resources of the specified type.
Examples :
kubectl describe nodes
kubectl describe pods
kubectl describe services
kubectl describe events

kubectl delete command : delete resource(s)

The delete command has multiple flavors.
It may delete by filenames, stdin, resources and names or by resources and label selector.

Example by resources and names :
Delete the pod named foo-123 :
kubectl delete pod foo-123

Delete the deployment called foo :
kubectl delete deployment foo

Helpful flags :
--all : delete all resources for the selected type
Ex: delete --all events

Specify the output format

Some kubectl commands allow to specify the expected output.
kubectl get typeResource
kubectl config view

By default, get outputs the result in a tabular form, config view outputs a yaml and so for…
When desirable, we could specify the output format for them.
Options are :
– json
– jsonpath
– yaml : helpful to get a deployment file for the resource
– wide : displays more column
– name : output only name of the resources. Helpful for scripting
– custom-columns : specify column to output

Examples with get and yaml output :
Get a deployment :
kubectl -n kube-system get deployment -o yaml coredns
Get a configMap:
kubectl -n kube-system get configMap -o yaml coredns

Examples with get json output :
Get a secret named gitlab-registry :
kubectl -n foo-ns get -o json secret gitlab-registry
It will output something like :

{
    "apiVersion": "v1",
    "data": {
        ".dockerconfigjson": "eyJhdXRocyI6eyJyZWdpc3RyeS5kYXZpZC5jb206NTA1MCI6eyJ1c2VybmFtZSI6ImRhdmlkYXgiLCJwYXNzd29yZCI6Ik1aakJXeHE0MXh6b3dfUTJ5MnJVIiwiZW1haWwiOiJlYnVuZHlAZ21haWwuY29tIiwiYXV0aCI6IlpHRjJhV1JoZURwTldtcENWM2h4TkRGNGVtOTNYMUV5ZVRKeVZRPT0ifX19"
    },
    "kind": "Secret",
    ...
}

Examples with get jsonpath output :
Sometimes we would like to output only the value of a specific field returned by the json.
jsonpath output helps here.
Get the value of data field of a secret named gitlab-registry :
kubectl -n foo-ns get -o jsonpath='{.data}' secret gitlab-registry
Get all values of name fields (recursively search) of a secret named gitlab-registry :
kubectl -n foo-ns get -o jsonpath='{..name}' secret gitlab-registry

kubectl cp command : Copy files/folders form pod to the host or reversely

Syntax and basic examples :
Syntax : kubectl cp <source> <destination>

Warning
– as a rule of thumb, we specify the leaf file/folder in the destination (while it is not mandatory) because in some cases (such as folder copy), the command may strip the leaf folder name.
– requires that the ‘tar’ binary is present in the container.

Ex: copy a foo.txt file form a foo-pod pod to the host :
kubectl cp foo-ns/foo-pod:/var/foo.txt /tmp/foo.txt

Ex: copy a foo.txt file form the host to a foo-pod :
kubectl cp /tmp/foo.txt foo-ns/foo-pod:/var/foo.txt

Port commands

Find all ports currently used by the cluster

Find all ports published as node ports:
kubectl get svc --all-namespaces -o go-template='{{range .items}}{{range.spec.ports}}{{if .nodePort}}{{.nodePort}}{{.}}{{"\n"}}{{end}}{{end}}{{end}}'

Port forwarding

That opens an access from a pod port since localhost.
Useful for debugging on the fly a pod, overall when the pod port is not reachable outside the cluster (ClusterIP port).
Example :
Expose the pod port 8090 on localhost:8095 :
kubectl port-forward pod/foo-app-45454 8095:8090 &
Output : 

Forwarding from 127.0.0.1:8095 -> 8090 
Forwarding from [::1]:8095 -> 8090

As alternative we can forward the deployment or the service. It has the advantage to be more generic about the object reference compared to the pod name that is suffixed by some random chars :
kubectl port-forward deployment/foo-app 8094:8090 &

kubectl nodes and labels

List the nodes in your cluster, along with their labels:
kubectl get nodes --show-labels

Add a label to a node:
kubectl label nodes FOO_NODE disktype=ssd

Remove a label to a node:
kubectl label nodes FOO_NODE disktype-

Kubectl : service api

We start a http proxy to the service api such as : kubectl proxy --port=8080 &
And we could query the service so :

curl "localhost:8001/api/v1/nodes/MY_NODE/proxy/fooService"

such as :
localhost:8001/api/v1/nodes/MY_NODE/proxy/configz for the current config
or
localhost:8001/api/v1/nodes/MY_NODE/proxy/stats/summary for the current node stats.

Kubectl : elaborated commands

List and sort events by creation date
kubectl get events --sort-by=.metadata.creationTimestamp

Describe all running pods for all namespaces :
kubectl get -A pods --field-selector status.phase=Running | tail -n +2 | awk '{print "kubectl -n " $1 " describe pod " $2}' | xargs -I '{}' bash -c {}
To do that :
1) we get a table output listing all pods of all namespaces (in that table, first column is the namespace and second column is the pod id).
2) we generate the command describing each pod.
3) we execute the command.

Logs all events in a file in a yaml format as a background no hup command:
nohup kubectl get -A event -o yaml --watch > /tmp/kube-events.log 2>&1 &

Delete failed pods for a specific namespace (useful for evicted pods) :
kubectl -n my-ns get pods --no-headers --field-selector=status.phase=Failed | awk '{system("kubectl -n my-ns delete pods " $1)}'

Delete failed pods for all namespaces (useful for evicted pods) :
kubectl get -A pods --no-headers --field-selector status.phase=Failed | awk '{system("kubectl -n " $1 " delete pod " $2 )}'

Wait for the the last created pod be in the ready state for a specific app

Two ways

No Intrusive way (no intrusive but beware about close naming of deployment/pod): 

#!/bin/bash
app=filebeat
ns=kube-system
# here we delete explicitly the deployment. But  as alternative we may also generate a distinct deploy at each time and # only executing apply -f
kubectl -n $ns  delete daemonsets.apps filebeat
kubectl apply -f k8s/fb/fb.yml
 
echo "---wait for the current version to be ready---"
pod_name=$(kubectl -n $ns  get pod -o name  --sort-by=.metadata.creationTimestamp | grep $app | tac | head -1)
 
if [[ -z $pod_name ]]; then
  echo "ERR : pod app=$app is not deployed"
  exit 1
fi;
 
 
echo "pod name=$pod_name"
isWaitResult=0
timeout 30s kubectl -n $ns wait --for=condition=ready $pod_name || isWaitResult=1
echo "isWaitResult=$isWaitResult"
if [[ $isWaitResult != "0" ]]; then
    echo "ERR : timeout encounted: the pod $podname is not ready after 30s"
    echo "current pods :"
    kubectl -n $ns get pod
    exit 1

Custom/Intrusive way (intrusive but 100% reliable about filtering):
The idea is to define in the deployment/spec/template/metadata a custom label identifying the application.
Example for an application labelled spring-boot-docker-kubernetes-example 

spec:
  replicas: 1
  selector: #it defines how the Deployment finds which Pods to manage.
    matchLabels: 
      app: spring-boot-docker-kubernetes-example
  template: # pod template
    metadata:
      labels:
        app: spring-boot-docker-kubernetes-example

Then we can run these command to delete the deployment, deploy again and find the last pod name (in the format pod/foopod123):

# here we generate a distinct deployment at each time (thanks epoch sec)
# but  as alternative we may also delete explicitly the deployment and redeploy it
sed s/__DATE_TIME__/${EPOCH_SEC}/g > "fooapp-dynamic.yml"
echo "---deploy the application to K8s---"
kubectl apply -f fooapp-dynamic.yml
 
pod_name=$(kubectl -n $K8S_NAMESPACE get pod -l app=${es_suffix} -o name  --sort-by=.metadata.creationTimestamp | tac | head -1)
if [[ -z $pod_name ]]; then
  echo "ERR : pod app=${es_suffix} is not deployed"
  exit 1
fi;
 
echo "pod name=$pod_name"
isWaitResult=0
timeout 30s kubectl -n $K8S_NAMESPACE wait --for=condition=ready $pod_name || isWaitResult=1
echo "isWaitResult=$isWaitResult"
if [[ $isWaitResult != "0" ]]; then
    echo "ERR : timeout encounted: the pod $podname is not ready after 30s"
    echo "current pods :"
    kubectl -n $K8S_NAMESPACE get pod  
    exit 1
fi

Kubectl completion

kubectl completion can be generated with the command kubectl completion bash.
Sourcing the completion script in your shell enables kubectl autocompletion.
Steps :
1) Requirement : installing first bash-completion.
To check that bash-completion is correctly installed :
type _init_completion
2) Source the kubectl completion script in all shells :
kubectl completion bash >/etc/bash_completion.d/kubectl
Or do that in the user scope:
If we don’t use an alias for kubectl:
echo 'source <(kubectl completion bash)' >>~/.bashrc
If we use an alias for kubectl:
echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc

Kubectl generate yaml

For pod:
kubectl run nginx --image=nginx --dry-run=client -o yaml
Output: 

apiVersion: v1
kind: Pod
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  containers:
  - image: nginx
    name: nginx
    resources: {}
  dnsPolicy: ClusterFirst
  restartPolicy: Always
status: {}

For deployment:
kubectl create deployment --image=nginx nginx --dry-run=client -o yaml
Output: 

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
status: {}
Ce contenu a été publié dans Non classé. Vous pouvez le mettre en favoris avec ce permalien.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *