Kubernetes Snippets

07 January 2020

I do a bunch of work with Kubernetes (‘K8S’), building tools so researchers can do repeatable, scalable research using containers. To do so I had to figure out a bunch of useful commands for manipulating pods (containers), including deploying them, debugging, and host management. I started with the K8S cheatsheet and went from there.

We’ll use an example application that runs using web servers, database servers, and has a simple logging and monitoring setup.

• VMs (nodes) with names of host1, host2, host3, etc.
• A ReplicaSet of web servers, named ‘web’
• A StatefulSet of database servers, named ‘db’
• A DaemonSet of logging pods, named ‘logging’
• A CronJob pod, ‘run-integrity-checks’ that runs logic checks against the K8S master node and emails them to the IT administrators.

Components

ConfigMaps

Let’s work with configmaps, ‘web-config’

List all configmaps

kutectl get configmap

Find one configmap

kutectl get configmap | grep web

See the details about a configmap

kubectl describe configmap web-config

Create a configmap from a file

kubectl create configmap web-config --from-file=/home/dnambi/deploy/web-configs/config.json

Create a configmap from a folder

kubectl create configmap web-config --from-file=/home/dnambi/deploy/web-configs/

Delete a configmap

kubectl delete configmap web-config

Secrets

Let’s play with a secret, db-secret

Create secrets from a file

kubectl create secret generic db-secret --from-file=./username.txt --from-file=./password.txt

Create secrets from key-value pairs

kubectl create secret generic db-secret --from-literal=username='my-app' --from-literal=password='39528$vdg7Jb'

List all secrets

kubectl get secrets

Find all secrets with db in the name

kubectl get secrets | grep db

See the details about a secret

kubectl get secret db-secret -o yaml

Delete a secret

kubectl delete secret db-secret

Integrations

Docker Images

• Pull Docker images from a private registry

kubectl create secret docker-registry regcred 
   --docker-server=<your-registry-server> 
   --docker-username=<your-name> 
   --docker-password=<your-pword> --docker-email=<your-email>

Pods

Find pod with one configmap DEVNFIXME Find pod that uses a service DEVNFIXME

List all pods

kubectl get pods

Find a pod named ‘logging’

kubectl get pods | grep logging

Find a pod that uses a particular configmap, ‘nginx-config’

kubectl get pods -o json 
| jq '.items[].spec.containers[].env[]?.valueFrom.ConfigMapKeyRef.name' 
| grep nginx | sort | uniq

Find all pods used for a particular service, ‘web-https’

kubectl get pods -l app=web-https

See the details about a pod, web-1

kubectl describe pods web-1

Delete a pod, web-2

kubectl delete pods web-2

Services

See all services

kubectl get svc

Find one service, ‘web-https’

kubectl get svc | grep web

Find out the info about one service

kubectl describe svc web-https

Delete a service, ‘web-https’

kubectl delete svc web-https

Server Maintenance

See the details about a VM (‘node’, in K8S parlance).

List all nodes

kubectl get nodes

Find one node, ‘smallhost’

kubectl get nodes | grep smallhost

Find the details about one node, ‘smallhost’

kubectl describe nodes smallhost

Isolate a node for maintenance, ‘oldnode’

kubectl cordon oldnode
kubectl drain oldnode --ignore-daemonsets

Put a cordoned node back into service

kubectl uncordon oldnode

No piece of code is ever done. I’ll add more snippets over time. Happy coding!