Scribd
Upload
4 views14 pages

Useful Resources

The document provides a comprehensive set of Kubernetes command-line aliases and kubectl commands for managing various Kubernetes resources such as pods, deployments, services, and configurations. It includes links to useful resources, tutorials, and documentation for Kubernetes administration. Additionally, it covers advanced topics like RBAC, TLS, and troubleshooting techniques.

Uploaded by

sushantshukla727
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views14 pages

Useful Resources

The document provides a comprehensive set of Kubernetes command-line aliases and kubectl commands for managing various Kubernetes resources such as pods, deployments, services, and configurations. It includes links to useful resources, tutorials, and documentation for Kubernetes administration. Additionally, it covers advanced topics like RBAC, TLS, and troubleshooting techniques.

Uploaded by

sushantshukla727
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 14

useful resources: https://github.

com/ascode-com/wiki/tree/main/certified-
kubernetes-administrator

alias ll='ls -l'

alias kcr='kubectl create'

alias ka='kubectl apply -f'

alias k=kubectl

alias kg='kubectl get'

alias ke='kubectl edit'

alias kd='kubectl describe'

alias kdd='kubectl delete'

alias kgp='kubectl get pods'

alias kgd='kubectl get deployments'

alias kgpvc='kubectl get pvc'

alias kgpv='kubectl get pv'

export alias fg='--force --grace-period=0'

export alias do='--dry-run=client -o yaml'

export alias oy='-o yaml'

echo 'alias k=kubectl' >>~/.bashrc

echo 'complete -o default -F __start_kubectl k' >>~/.bashrc

https://www.youtube.com/watch?v=qRPNuT080Hk

https://v1-25.docs.kubernetes.io/docs/tasks/administer-cluster/kubeadm/
kubeadm-upgrade/

Cisco Confidential
https://v1-25.docs.kubernetes.io/docs/concepts/services-networking/
service/

https://kubernetes.io/docs/concepts/storage/persistent-volumes/

https://kubernetes.io/docs/concepts/services-networking/service/

https://kubernetes.io/docs/concepts/configuration/configmap/

https://kubernetes.io/docs/concepts/configuration/secret/

https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/

https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/

https://kubernetes.io/docs/concepts/workloads/controllers/daemonset/

https://kubernetes.io/docs/concepts/workloads/controllers/job/

https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-
etcd/

https://kubernetes.io/docs/reference/access-authn-authz/certificate-
signing-requests/#create-certificatesigningrequest

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#role-
example - create role

https://kubernetes.io/docs/reference/access-authn-authz/rbac/#kubectl-
create-rolebinding - create rolebinding

https://kubernetes.io/docs/tasks/configure-pod-container/security-
context/#set-the-security-context-for-a-pod

https://kubernetes.io/docs/concepts/storage/volumes/#hostpath-
configuration-example - Create pod with volume

https://kubernetes.io/docs/tasks/configure-pod-container/configure-
persistent-volume-storage/#create-a-persistentvolume - create PV with
hostPath

https://kubernetes.io/docs/tasks/configure-pod-container/configure-
persistent-volume-storage/#create-a-persistentvolumeclaim

https://kubernetes.io/docs/concepts/storage/persistent-volumes/#claims-
as-volumes - Pod with PVC

https://kubernetes.io/docs/concepts/storage/storage-classes/#local -
StorageClass Local

Cisco Confidential
https://github.com/kodekloudhub/certified-kubernetes-administrator-
course - CKA github

kubectl api-resources

============================================
===PODS======================================
=====================================

kubectl replace --force -f /tmp/kubectl-31523123.yaml - применить ямл


для пода, если значения не меняются напрямую, например command:

kubectl run test --image=nginx

kubectl run redis --image=redis -n finance

kubectl run redis --image=redis:alpine -l='tier=db' - run pod with label

kubectl run custom-nginx --image=nginx --port=8080 - run pod named


nginx with port 8080

kubectl explain replicaset | grep VERSION

kubectl scale rs new-replica-set --replicas=5

kubectl scale --replicas -f replicaset-definition.yml

kubectl run webapp-color --image=kodekloud/webapp-color -


l=name=webapp-color --env="APP_COLOR=green" - запустить поду с
лейблом webapp-color и env APP_COLOR=green

kubectl run pvviewer --image=redis --serviceaccount=pvviewer

kubectl get pods -A --sort-by='metadata.uid' > /root/pods.txt

kubectl get pods -A --sort-by='metadata.creationTimestamp' >


/root/creation.txt

Cisco Confidential
============================================
======generate yaml
files==================================

kubectl run nginx --image=nginx --dry-run=client -o yaml

kubectl create deployment nginx --image=nginx

kubectl create deployment nginx --image=nginx --dry-run=client -o yaml

kubectl create deployment nginx --image=nginx --dry-run=test -o yaml >


test-deploy.yaml - запись ямл в файл

kubectl create deployment nginx --image=nginx --replicas=4 --dry-


run=client -o yaml > nginx-deployment.yaml

kubectl run webapp-green --image=kodekloud/webapp-color --dry-


run=client -o yaml -- command --color=green > asd.yaml - создать файл
yaml с аргументом или же

kubectl run webapp-green --image=kodekloud/webapp-color -- --color


green

============================================d
eployments=====================================
============

kubectl create deployment httpd-frontend --image=httpd:2.4-alpine --


replicas=3

kubectl create deploy redis-deploy --image=redis --replicas=2 -n dev-ns

kubectl set image deployment nginx nginx=nginx:1.15

kubectl scale deployment nginx --replicas=5

kubectl expose deployment nginx --port 80

kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1

kubectl rollout status deployment/myapp-deployment

kubectl rollout history deployment/myapp-deployment

kubectl create –f deployment-definition.yml

kubectl rollout status deployment/myapp-deployment

kubectl rollout history deployment/myapp-deployment

kubectl get deployments

kubectl apply –f deployment-definition.yml

Cisco Confidential
kubectl set image deployment/myapp-deployment nginx=nginx:1.9.1

kubectl rollout undo deployment/myapp-deployment

kubectl -n admin2406 get deployment -o custom-


columns=DEPLOYMENT:.metadata.name,CONTAINER_IMAGE:.spec.templat
e.spec.containers[].image,READY_REPLICAS:.status.readyReplicas,NAMESP
ACE:.metadata.namespace --sort-by=.metadata.name >
/opt/admin2406_data

============================================
======services=================================
=============

kubectl expose deploy minio --type=NodePort --port=9001 --target-


port=9001 --dry-run=client -o yaml > minio-svc.yaml

kubectl expose pod redis --port=6379 --name redis-service

kubectl run httpd --image=httpd:alpine --port=80 --expose

kubectl expose pod redis --port=6379 --name redis-service --dry-


run=client -o yaml - create service named redis-service of type ClusterIP
to expose pod redis on port 6379 OR you can use

kubectl create service clusterip redis --tcp=6379:6378 --dry-run=client -o


yaml

kubectl expose pod nginx --type=NodePort --port=80 --name=nginx-


service --dry-run=client -o yaml - Create a Service named nginx of type
NodePort to expose pod nginx's port 80 on port 30080 on the nodes OR

kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --


dry-run=client -o yaml

============================================
====scheduler===================================
============

Run the command: kubectl get pods --namespace kube-system to see the
status of scheduler pod. We have removed the scheduler from this
Kubernetes cluster. As a result, as it stands, the pod will remain in a
pending state forever.

Cisco Confidential
если нет поды scheduler то в yaml файл нужно добавить в секцию
spec, containers строку nodeName

============================================
=======labels and
selectors=======================================
==========

kubectl get pods --selector env=dev --no-headers | wc -l - показать поды


с лейблом dev

kubectl get pods --selector='bu=finance' | wc -l - показать поды с


лейблом bu=finance

kubectl get all --selector='env=prod' | wc -l

kubectl get all --selector env=prod,bu=finance,tier=frontend - найти под


который запущен с несколькими лейблами.

============================================
==========taint and
tolerations======================================
===================

kubectl taint nodes node01.test.kz spray=mortein:NoSchedule -


применить taint

kubectl taint nodes node01.test.kz spray=mortein:NoSchedule- - убрать


taint

============================================
=========NodeSelector===========================
===================

kubectl label node node01.test.kz size=Super

============================================
=========61 - NodeAffinity
ПОВТОРИТЬ=====================================
====================

============================================
=========DaemonSet============================
==========================================

создать деплоймент, удалить оттуда replicas,strategy,status

Cisco Confidential
============================================
=========Static
Pods==========================================
==========================

ls -l /etc/kubernetes/manifests/

ps -aux | grep /usr/bin/kubelet - найти запущеннный kubelet, затем


найти строку --config=/var/lib/kubelet/config.yaml

grep -i staticpod /var/lib/kubelet/config.yaml

kubectl run static-busybox --image=busybox --dry-run=client -o yaml --


command -- sleep 1000 - generate pod yaml file with command sleep
1000

kubectl run --restart=Never --image=busybox:1.28.4 static-busybox --dry-


run=client -o yaml --command -- sleep 1000 >
/etc/kubernetes/manifests/static-busybox.yaml

============================================
=========78 - Multiple Schedulers ПРОЙТИ ТЕСТ ЕЩЕ РАЗ ДЛЯ
ЗАКРЕПЛЕНИЯ===================================
===========================

kubectl get events -o wide

============================================
=========80 - Logging and Monitoring
============================================
============================================
======

kubectl logs -f event-simulator-pod

kubectl logs -p -c nginx web

kubectl top node

kubectl top pod

kubectl top pods --containers=true

============================================
==============ConfigMap========================
============================================
=======================================

kubectl describe cm db-config

Cisco Confidential
kubectl create configmap webapp-config-map --from-
literal=APP_COLOR=darkblue

============================================
==============initContainers======================
============================================
=

kubectl logs orange -c init-myservice - проверка лога initContainer

============================================
==============Cluster
Maintenance=====================================
=========================

kubectl drain node-1 - убрать поды с ноды

kubectl cordon node-2 - на существующей ноде не будут запускаться


новые поды, запущенные поды на ноде продолжат работу.

kubectl uncordon node-1

kubectl upgrade plan

kubectl upgrade apply

kubectl drain node01 --ignore-daemonsets --force - удалить поды даже


если есть Job, ReplicaSet, ReplicationController

============================================
==============ETCD===========================
============================================
======

kubectl describe pod etcd-controlplane -n kube-system

etcdctl version

########backup etcd

ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 \

--cacert=/etc/kubernetes/pki/etcd/ca.crt \

--cert=/etc/kubernetes/pki/etcd/server.crt \

--key=/etc/kubernetes/pki/etcd/server.key \

snapshot save /opt/snapshot-pre-boot.db

########restore etcd

Cisco Confidential
ETCDCTL_API=3 etcdctl snapshot restore /opt/snapshot-pre-boot.db --data-
dir /var/lib/etcd-from-backup

============================================
==============TLS and
certificates======================================
================

cat akshay.csr | base64 -w 0

kubectl certificate approve akshay

kubectl get csr agent-smith -o yaml

kubectl delete csr agent-smith

============================================
===============kubeconfig and
context========================================
===========

kubectl config get-contexts

kubectl config current-context

kubectl config view

kubectl config --kubeconfig=/root/my-kube-config use-context research -


переключиться на контекст research

============================================
===============RBAC==========================
===========================================

kubectl get roles

kubectl get rolebindings

kubect describe role developer

kubectl describe rolebinding devuser-developer-binding

kubectl auth can-i create deployments - for example 'yes'

kubectl auth can-i delete node - for example 'no'

kubectl auth can-i create deployments --as dev-user

kubectl auth can-i create pods --as dev-user

============================================
==============Role and

Cisco Confidential
Rolebinding=====================================
========================

kubectl create role developer --namespace=default --


verb=list,create,delete --resource=pods

kubectl create rolebinding dev-user-binding --namespace=default --


role=developer --user=dev-user

kubectl create role developer --verb=create --verb=get --verb=delete --


verb=list --resource=pods --verb=create --verb=list --verb=delete --
verb=get --resource=deployments --namespace=blue

============================================
==============ClusterRole========================
=======================================

kubectl get clusterrolebindings --no-headers | wc -l

kubectl create clusterrole nodes --verb=create --verb=list --verb=delete --


verb=watch --resource=nodes

kubectl create clusterrolebinding nodes-admin --clusterrole=nodes --


user=michelle

kubectl create clusterrole storage-admin --verb=list,create,watch,list --


resource=persistentvolumes,storageclasses

kubectl create clusterrolebinding michelle-storage-admin --


clusterrole=storage-admin --user=michelle

============================================
==============ServiceAccount=====================
========================================

kubectl create sa dashboard-sa

kubectl create token dashboard-sa

============================================
==============helmsman
serviceaccount===================================
================================

Cisco Confidential
kubectl create clusterrole deployment-change --verb=get --verb=delete --
verb=create --verb=list --verb=patch --verb=watch --
resource=rs,deployment,secrets,services -n altyn-le-dev

kubectl create clusterrolebinding cr-deployment-change --


clusterrole=deployment-change --serviceaccount=altyn-le-dev:deployer -n
altyn-le-dev

============================================
==============SecurityContext=====================
==================================

kubectl exec ubuntu-sleeper -- whoami

============================================
==============PV/
PVC==========================================
======================

kubectl describe pvc local-pvc

============================================
==============DNS============================
=======================================

kubectl exec -it hr -- nslookup mysql.payroll > /root/CKA/nslookup.out

============================================
==============Ingress + 1.20
============================================
===========

kubectl create ingress minio-dev --dry-run=client -o yaml --rule="minio-


dev.halykmarket.com/=minio:9000,tls=wildcard.halykmarket.com" -n
minio-dev

kubectl create ingress ingress-test


--rule="wear.my-online-store.com/wear*=wear-service:80"

kubectl create ingress pay-ingress --rule="/pay=pay-service:8282" --dry-


run=client -o yaml -n critical-space > pay-ing.yaml

kubectl create ingress shop --rule='/wear=wear-service:8080'


--rule='/watch=video-service:8080' -n app-space

============================================
=================Troubleshooting==================
==================================

kubectl get nodes

Cisco Confidential
service kube-apiserver status

service kube-controller-manager status

service kube-scheduler status

service kubelet status

service kube-proxy status

kubectl logs kube-apiserver-master -n kube-system

sudo journalctl -u kube-apiserver

kubectl describe node worker-1

sudo journalctl –u kubelet

openssl x509 -in /var/lib/kubelet/worker-1.crt -text

openssl x509 -noout -text -in /etc/kubernetes/pki/apiserver.crt

openssl x509 -enddate -noout -text -in /etc/kubernetes/pki/apiserver.crt

/var/lib/kubelet/config.yaml - kubelet config file

vi /etc/kubernetes/kubelet.conf - проверить этот файл на воркеках если


ошибка node not found

============================================
=============Pods exec
============================================
===================

k run dns-resolver1 --image=busybox:1.28 --restart=Never --rm -it --


command -- nslookup nginx-resolver-service > /root/CKA/nginx.svc

k run dns-resolver2 --image=busybox:1.28 --restart=Never --rm -it --


command -- nslookup 10.244.192.4 > /root/CKA/nginx.pod

k run --rm -ti tshoot --image=nicolaka/netshoot --command -- nc -z -v -w -2


10.244.192.1 80

============================================
============JSONPath===========================
=======================================

kubectl get nodes -o json | jq -c 'paths'

Cisco Confidential
kubectl get nodes -o json | jq -c 'paths' | grep type | grep -v "metadata" |
grep address

============================================
=======crictl==================================
========================================

crictl logs 2354z34edhyd43 >& /opt/log/container.log - записать логи в


файл

============================================
========kubeadm
join==========================================
=========================

kubeadm token list - на мастер ноде, заттем удалить token и генерим


новый токен kubeadm token create --print-join-command

kubeadm certs check-expiration - проверить сертификаты

ps -aux | grep kubelet | grep --color container-runtime-endpoint - найти


socket

/opt/cni/bin - The CNI binaries are located under

ls /etc/cni/net.d/ - show CNI plugin by default

Cisco Confidential
cat /etc/cni/net.d/10-flannel.conflist - check type

ip route

default via 172.25.1.1 dev eth1

10.57.230.0/24 dev eth0 proto kernel scope link src 10.57.230.6

10.244.0.0/16 dev weave proto kernel scope link src 10.244.192.0


<<<======= pods default gateway example

172.25.1.0/24 dev eth1 proto kernel scope link src 172.25.1.11

============================================
====kubectl
PATCH=========================================
===========

kubectl patch daemonsets -n monitoring node-exporter --patch '{"spec":


{"template": {"spec": {"hostNetwork": false}}}}' - disable node exporter
from external

Cisco Confidential

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy