Kubernetes Commands

Basic commands

  • $ kubectl cluster-info to get cluster information and $ kubectl get nodes to get the nodes available in the cluster.

Pod

  • $ kubectl run myapp --image=thomaspk/web create a pod from the docker hub image thomaspk/web. It actually creates a deployment internally.

  • $ kubectl run myapp --image=nginx --dry-run=client -o yaml > nginx.yaml to create a basic pod definition yaml file. Note that the previous $ kubectl run --generator=run-pod/v1 has been deprecated and removed from Kubernetes version 1.18 onwards.

  • $ kubectl run debian01 --rm -it --image=debian -- /bin/sh to create a Debian pod with hostname debian01 and runs the shell interactively, which is especially useful for testing and debugging networking issues. Then issue a command like $ wget --spider http://192.168.1.70 Useful to check if a remote web service or web site is accessible from the pod.

  • $ kubectl run --generator=run-pod/v1 messaging --image=redis:alpine -l tier=msg to create a pod named messaging from the redis:alpine image, having the label tier: msg. Useful

  • $ kubectl run --generator=run-pod/v1 my-busybox --image=buxybox --command sleep 3600 --dry-run -o yaml > busybox.yaml to create busybox image which runs the command sleep 3600.

  • $ kubectl apply -f poc-pod.yaml create a pod according to the yaml file configuration

Cronjob

  • $ kubectl create cronjob test-job --image=busybox --schedule="*/1 * * * *" to create a Kubernetes cronjob with a schedule.

  • $ kubectl create cronjob --help to view other options for this imperative command.

Deployments

  • $ kubectl create deployment myapp --image=nginx to create an nginx deployment called myapp without creating a yaml file. This is the quickest way, especially for exams. Useful

  • $ kubectl create deployment myapp --image=nginx --dry-run -o yaml > myapp-deployment.yaml to create a deployment file without creating a deployment.

Services

  • $ kubectl expose pod myapp --type=LoadBalancer --name myapp-http to expose the pod externally. Important there is no = after --name. Note that only cloud based Kubernetes Clusters have a LoadBalancer integrated. Custom Kubernetes Clusters do not support LoadBalancer and instead only NodePort and Ingress Controllers. For details, see https://stackoverflow.com/questions/44110876/kubernetes-service-external-ip-pending

  • $ kubectl create service loadbalancer nc-svc --tcp=80 --dry-run=client -o yaml > nc-svc.yaml to create a service file without creating the service. The service name nc-svc and port specifiers are mandatory. The service types supported are clusterip, loadbalancer, nodeport or externalname are mandatory.

get

  • $ kubectl get nodes to show a list of nodes running in the cluster.

  • $ kubectl get pods shows the list of running pods.

  • $ kubectl get po --show-labels will display pod information as well its labels.

  • $ kubectl get po -L env,purpose displays only the env and purpose labels for the listed pods.

  • $ kubectl get deploy list the deployments

  • $ kubectl get pods --all-namespaces to get all pods in all namespaces, i.e., all pods running on the cluster.

  • $ watch kubectl get po,svc,deploy -o wide to watch the output every 2 seconds.

  • $ watch kubectl get all -o wide watches pods, services, deployments and replicasets.

  • $ kubectl get jobs to list the jobs to see if they have completed.

  • $ kubectl get networkpolicy to list network policies. Seldom Used Easy to Forget

config

  • $ kubectl config current-context get the configuration for the current context.

  • $ kubectl config set-context --current --namespace=DVL1987 to move the current context namespace to DVL1987

  • $ kubectl config set-context $(kubectl config current-context) --namespace=dev to permanently move kubectl to work in the dev namespace. Note This was the old way of changing context.

  • $ kubectl --kubeconfig ~/.kube/sg-pats-adam-config get po,svc uses a different configuration file from the default in ~/.kube/config.

Common

  • $ kubectl describe pods web shows the details of the web pod

  • $ kubectl delete pods/web deletes the web pod. $ kubectl delete -f my-web-pod.yaml deletes the pod described in my-web-pod.yaml

  • $ kubectl delete all --all select all resource objects in the current namespace and delete all. Seldom Used Easy to Forget

  • $ kubectl logs web displays the logs for the web pod. $ kubectl logs -f web keeps reading the logs continuously. Note that logs are rotated daily and when it reaches 10MB in size. The -c <container name> can be used to specify the container in multi-container pods.

  • $ kubectl port-forward <pod name> 1234:8080 forwards port 8080 for the pod to the localhost at port 1234

  • $ kubectl edit svc myapp edits the myapp service. Change the spec.type field value from ClusterIP to NodeIP to expose the Node’s IP address.

  • $ kubectl explain pod will list out the different field definitions that can be defined in the object ( in this case pod) yaml file. $ kubectl explain pod.spec will list out the field definitions for the pod object. $ kubectl explain PersistentVolumeClaim.spec.resources list out all fields for the resource definition.

  • $ kubectl explain pod.metadata --recursive will list all the options available under the Pod.metadata object.

  • $ kubectl attach my-pod -i to attach to the main process running in the container and even send stdin from your terminal to the process, such as Ctrl-C.

  • Alternatively, you can also use $ kubectl exec my-pod -- /bin/sh to create and run /bin/sh in the pod interactively. The -- tells the kubectl command line that all options have already specified and what is after -- are the commands to be run in the pod.

  • $ kubectl scale rs <replica_set_name> --replicas=6 OR $ kubectl scale deploy <deployment_name> --replicas=5. Seldom Used Easy to Forget

  • $ kubectl top node to get the resource statistics of node. You can also do $ kubectl top po to get the resource statistics of pods.

Labels

Labelling Pods

  • $ kubectl label po my-pod env=staging to label my-pod with the environment label.

  • $ kubectl label po my-pod env=production --overwrite to change the env label’s value to production.

  • $ kubectl get po -l env=staging to see all pods in the staging environment. This is an example of the use of a label selector.

  • $ kubectl delete po -l env=staging to kill all pods with the label env==staging.

Labelling Nodes

  • $ kubectl label node tom-notes-deploy-f889b85c7-cjjvk gpu=true to label the node. This is also the way to mark a node for affinity.

  • $ kubectl get nodes -l gpu=true to list pods with the label gpu=true.

  • $ kubectl get nodes --show-labels to list nodes and their labels.

Namespaces

  • $ kubectl create ns dev to create the dev namespace.

  • $ kubectl get ns to get all name spaces in the cluster.

  • $ kubectl get po --namespace=kube-system to list all pods in the kube-system namespace.

Deployments

  • $ kubectl set image deploy <deployment_name> nginx=nginx:1.17 to update the container image for the deployment imperatively.

  • $ kubectl rollout restart deploy <deployment_name> to forcefully rollout a new deployment.

  • $ kubectl rollout history deploy <deployment_name> to view the previous history of deployments.

  • $ kubectl rollout undo deploy <deployment_name> to roll back to the previous version of the deployment. Or to go back to a specific revision of the deployment (e.g. revision 3), use $ kubectl rollout undo deployment <deployment_name> --to-revision=3.

  • $ kubectl rollout status deploy <deployment_name> to check the status of a rollout process. Useful to find out if a canary release failed deployment, i.e. failed to be ready before minReadySeconds.

  • $ kubectl rollout undo deploy <deployment_name> to undo an existing rollout.

Kubernetes Object mnemonic list

ConfigMaps

  • $ kubectl create configmap fortune-config --from-literal=sleep-interval=25. Using the command line, this will create the fortune-config ConfigMap which contains the key sleep-interval with a value of 25.

  • $ kubectl create configmap my-config --from-file=/path/to/dir creates a ConfigMap named my-config with keys and values from the files in the directory.

  • $ kubectl create configmap my-config --from-file=config-file.conf stores the content of the file config-file.conf under the key config-file.conf.

  • $ kubectl delete config-map fortune-config to delete the fortune-config config map. You can use $ kubectl get cm to display all config maps in the system and describe them to list the key value pairs in the config map.

Secrets Easy to Forget

  • $ kubectl create secret generic fortune-https --from-file=./fortune-secrets/ to create secrets from the files in the fortune-secrets folder.

  • $ kubectl create secret generic <secret-name> --from-literal=<key>=<value> to create secret key value pairs from the command line.

  • $ echo -n 'password' | base64 will convert the text password to base64 format that can be put into a secrets declaration yaml file. Use $ echo -n cGFzc3dvcmQ= | base64 --decode to decode the value.

Service Accounts

  • $ kubectl create serviceaccount dashboard-sa will create a new service account in the cluster called dashboard-sa. This account can be used to access Kubernetes functions.

  • $ kubectl get serviceaccount will display the list of service accounts in the cluster.

  • $ kubectl describe serviceaccount dashboard-sa will display details of the newly created dahsboard-sa service account. It displays the following output.

    Name:                 dashboard-sa
    Namespace:            default
    Labels:               <none>
    Annotations:          <none>
    Image pull secrets:   <none>
    Mountable secrets:    dashboard-sa-token-kbbdm
    Tokens:               dashboard-sa-token-kbbdm
    Events:               <none>
    
  • $ kubectl describe secret dashboard-sa-token-kbbdm will display the details of this token used to authenticate and access the api-server.

Taints & Tollerations

  • $ kubectl taint nodes <node-name> key=value:NoSchedule to mark a node as tainted with the NoSchedule effect. The other effects available are PreferNoSchedule and NoExecute.

  • $ kubectl taint nodes <node-name> key=value:NoSchedule- to remove the taint from the node.

  • To display the taint on a node, use $ kubectl describe node <node_name> | less and look for the Taints: section.