ShortCut
po ⇒ Pods
rs ⇒ ReplicaSets
deploy ⇒ Deployments
svc ⇒ Services
ns ⇒ Namespaces
netpol ⇒ Network policies
pv ⇒ Persistent Volumes
pvc ⇒ PersistentVolumeClaims
sa ⇒ Service Accounts
jsonpath
kubectl config view
--kubeconfig=my-kube-config
-o jsonpath="{.contexts[?(@.context.user=='aws-user')].name}"
> /opt/outputs/aws-context-name
backup
kubectl get all -A -o yaml > backup.yaml
ETCDCTL_API=3 etcdctl snapshot save snapshot.db
service kube-apiserver stop
ETCDCTL_API=3 etcdctl snapshot restore snapshot.db --data-dir /var/lib/etcd-from-backup
explain
kubectl explain persistmentvolume --recursive | less
Pod
Pot List
kubectl get pods
kubectl get pods -o wide
kubectl get pods -n kube-system // namespace指定
kubectl get pods --selector app=app1,env=prod // labelフィルタリング
kubectl get pods --l app=app1,env=prod // labelフィルタリング
kubectl get pods --all-namespaces
kubectl get pods --show-labels
Pot Status
kubectl describe pod pod-name
Create Pod
kubectl run pod-name --image nginx
Edit Pod
kubectl edit pod pod-name
kubectl get pod <pod-name> -o yaml > pod-definition.yaml
Create Pot By YML
kubectl create -f pod-difinition.yml
kubectl apply -f pod-difinition.yml
Delete Pod
kubectl delete pod pod-name
ReplicaSet
Create Replicaset
kubectl create replicaset <replicaset-name> --image=nginx --replicas=5
Get Replicaset
kubectl get replicasets
Delete Replicaset
kubectl delete replicaset replicaset-name
Deployment
Scale
kubectl replace -f replicaset-definition.yml
kubectl scale --replicas=6 -f replicaset-definition.yml
kubectl scale --replicas=6 replicaset myapp-replicaset
Generate Deployment YAML file (-o yaml)
kubectl create deployment --image=nginx nginx --replicas=4 --dry-run -o yaml > nginx-deployment.yaml
kubectl create deployment httpd-name; Replicats 4; Image: httpd
kubectl create deployment httpd-name --image=httpd
kubectl scale deployment httpd-name --replicas=6
kubectl set image deployment/<deployment-name> <container-name>=nginx:1.9.1 --record
Rollout
kubectl rollout status deployment/myapp-deployment
kubectl rollout history deployment/myapp-deployment --revision=1
kubectl rollout undo deployment/myapp-deployment
Configration
Pod Env
plain key-value
spec:
containers:
- name: container-name
env:
- name: DB_NAME
value: PROD
- name: DB_URL
valueFrom:
configMapKeyRef:
name: myconfig
key: db_url
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: db_password
configmap
create configmap
kubectl create configmap <configmap-name> --from-literal=<key>=<value> --from-literal=<key2>=<value2>
kubectl create configmap <configmap-name> --from-file=<file_path>
kubectl get configmaps
kubectl describe configmaps
use configmap in pod
spec:
containers:
- name: container-name
envFrom:
- configMapRef:
name: myconfig
secret
create secret
kubectl create secret generic <secret-name> --from-literal=<key>=<value> --from-literal=<key2>=<value2>
kubectl create secret generic <secret-name> --from-file=<file_path>
echo -n 'secret-value' | base64
echo -n 'secret-value' | base64 --decode
kubectl get secrets
kubectl describe secrets
kubectl get secret <secret-name> -o wide
use secret in pod
spec:
containers:
- name: container-name
envFrom:
- secretRef:
name: mysecret
Security Context
spec:
securityContext:
runAsUser: 1000
capabilities:
add: ["MAC_ADMIN"]
containers:
- name: nginx
image: nginx
command: ["sleep"]
args:
- ["300"]
securityContext:
runAsUser: 2000
capabilities:
add: ["MAC_USER"]
Service Account
Create Service Account
kubectl create serviceaccount <name>
kubectl describe secret serviceaccount-token-name
/var/run/secrets/kubernetes.io/serviceaccount
Use Service Account in Pod
sepc:
# automoutServiceAccountToken: false
serviceAccount: name
containers:
Resource Requirements
spec:
containers:
- name: name
resources:
requests:
memory: "1Mi"
cpu: 0.1
limits:
memory: "4Gi"
cpu: 4
Taints | Tolerations -Node
kubectl taint nodes node1 app=blue:NoSchedule // NoSchedule | PreferNoSchedule | NoExecute
// YAML側の設定は以下
spec:
tolerations:
- key: "app"
operator: "Equal"
value: "blue"
effect: "NoSchedule"
Remove Taints
kubectl taint nodes node1 app=blue:NoSchedule-
Node Slector | Label Nodes
kubectl label nodes node-name label-key=label-name
// YAML側の設定は以下
spec:
nodeSelector:
label-key: label-name
Node Affinity
apiVersion: v1
kind: Pod
metadata:
name: with-pod-affinity
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: security
operator: In
values:
- S1
containers:
- name: with-pod-affinity
image: k8s.gcr.io/pause:2.0
Service
kubectl expose deployment <deployment-name>
--name=webapp-service
--type=NodePort
--target-port=8080
--port=80
kubectl expose pod <pod-name> --port=6379 --name=redis-service
kubectl create service clusterip <pod-name> --tcp=6379:6379 --node-port=30080
kubectl expose pod <pod-name>--port=80 --name=nginx-service --type=NodePort
kubectl create service nodeport <pod-name> --tcp=80:80 --node-port=30080
Namespace
Get Pods
kubectl get pods --namespace=stg
kubectl get pods -n stg
kubectl get pods --all-namespaces
kubectl get ns
Change Defualt Namespace
kubelctl config set-context $(kubectl config current-context) --namespace=dev
Readinesss Probe / Liveness Probe
HTTP Test
spec:
containers:
- name: container-name
image: docker-image
readinessProbe/livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 10
periodSeconds: 5
failureThreshold: 8
TCP Test
readinessProbe/livenessProbe:
tcpSocket:
port: 80
Exec Command
readinessProbe/livenessProbe:
exec:
command:
- cat
- index.html
Logs
kubectl logs -f <pod-name> <container-name>
Jobs
kubctl create job <job-name> --image=nginx
Cron Jobs
kubctl create cronjob <job-name> --image=nginx --schedule="1 * * * *"
Ingress Controller
apiVersion: apps/v1
kind: Deployment
metadata:
name: ingress-controller
namespace: ingress-space
spec:
replicas: 1
selector:
matchLabels:
name: nginx-ingress
template:
metadata:
labels:
name: nginx-ingress
spec:
serviceAccountName: ingress-serviceaccount
containers:
- name: nginx-ingress-controller
image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
args:
- /nginx-ingress-controller
- --configmap=$(POD_NAMESPACE)/nginx-configuration
- --default-backend-service=app-space/default-http-backend
env:
- name: POD_NAME
valueFrom:
fieldRef:
fieldPath: metadata.name
- name: POD_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443