Kubectl #
Kubectl Installation #
# Install Kubectl
curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl &&
chmod +x kubectl &&
sudo mv kubectl /usr/local/bin/
Help #
# List kubectl commands
kubectl -h
# List help for specific command: "get" command
kubectl get -h
Kubectl Autocomplete #
Insall Bash-Completion & Verify Installation #
# Search installed packages on Deb based system
dpkg -l | grep bash-completion
# Shell output:
ii bash-completion 1:2.11-8 all programmable completion for the bash shell
Install the bash-completion package if it’s not yet installed:
# Install bash-completion package
sudo apt update &&
sudo apt install bash-completion -y
Enable Kubectl Autocomplete #
Current Shell:
# Enable kubectl autocomplete: Current shell
source <(kubectl completion bash)
Permanent:
# Append the command to the .bashrc file
echo "source <(kubectl completion bash)" >> ~/.bashrc
# Apply changes
source ~/.bashrc
Cluster Nodes #
List Nodes & Check Cluster Status #
# List nodes
kubectl get nodes
# List nodes: More details
kubectl get nodes -o wide
# Shell output: Example
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
node1 Ready control-plane 27h v1.29.5 192.168.30.71 <none> Debian GNU/Linux 12 (bookworm) 6.1.0-21-amd64 containerd://1.7.16
node2 Ready control-plane 27h v1.29.5 192.168.30.72 <none> Debian GNU/Linux 12 (bookworm) 6.1.0-21-amd64 containerd://1.7.16
node3 Ready worker 27h v1.29.5 192.168.30.73 <none> Debian GNU/Linux 12 (bookworm) 6.1.0-21-amd64 containerd://1.7.16
node4 Ready worker 27h v1.29.5 192.168.30.74 <none> Debian GNU/Linux 12 (bookworm) 6.1.0-21-amd64 containerd://1.7.16
Label Worker Nodes #
# Label a worker node
kubectl label nodes <node-name> kubernetes.io/role=worker
Kubelet Logs #
# List Kubelet logs of a Kubernetes Node: Run on desired node
sudo journalctl -u kubelet
Kubernetes Version #
# List Kubernetes version: Client (Kubectl) & Server (Kubernetes Cluster)
kubectl version
Shutdown Node / Maintenance Mode #
# drain each node, which safely evicts all pods from the node in preparation for maintenance
kubectl drain node3 --ignore-daemonsets --delete-emptydir-data
# Verify the status
kubectl get nodes
# Shell output
NAME STATUS ROLES AGE VERSION
node1 Ready control-plane 6d1h v1.29.5
node2 Ready control-plane 6d1h v1.29.5
node3 Ready,SchedulingDisabled <none> 6d1h v1.29.5
node4 Ready,SchedulingDisabled <none> 6d1h v1.29.5
# Uncord node / mark it as schedulable
kubectl uncordon node3
# Verify the status
kubectl get nodes
# Shell output
NAME STATUS ROLES AGE VERSION
node1 Ready control-plane 6d1h v1.29.5
node2 Ready control-plane 6d1h v1.29.5
node3 Ready <none> 6d1h v1.29.5
node4 Ready <none> 6d1h v1.29.5
Namespaces #
Default Namespaces #
-
defaultAll Kubernetes objects created without a specified namespace will be put into the “default” namespace. -
kube-systemKubernetes system objects
List Namespaces #
# List all namespaces
kubectl get namespaces
# List all namespaces: Short version
kubectl get ns
Create Namespace #
Create Namespace with CLI #
# Create a new namespace
kubectl create namespace namespace-name
Create Namespace with YAML Configuration #
# Create a namespace configuration
vi new-namespace.yaml
apiVersion: v1
kind: Namespace
metadata:
name: new-namespace
# Deploy the namespace
kubectl create -f new-namespace.yaml
List Namespace Details #
# List namespace details
kubectl describe namespace new-namespace
Delete Namespace #
# Delete the namespace "new-namespace"
kubectl delete namespace new-namespace
Create Resources in specific Namespace #
# Create pod: In specific namespace
kubectl run pod-name --image=image-name --namespace namespace-name
# Deploy a resource in a specific namespace
kubectl create -f filename.yaml --namespace namespace-name
Note: Use either --namespace or just -n to define a namespace.
List Resources in specific Namespace #
Specific Resource Type #
# List pods: In specific namespace
kubectl get pods --namespace namespace-name
# List deployments: In specific namespace
kubectl get deployments --namespace namespace-name
# List services: In specific namespace
kubectl get services --namespace namespace-name
All Resources #
# List all resources: In specific namespace
kubectl get all -n namespace-name
List Resources in All Namespaces #
# For example list pods in all namespaces
kubectl get pods -A
Delete Resource in specific Namespace #
# Delete pod: In specific namespace
kubectl delete pod pod-name --namespace new-namespace
# Delete deployment: In specific namespace
kubectl delete deployment deployment-name --namespace namespace-name
# Delete serice: In specific namespace
kubectl delete service service-name --namespace namespace-name
Switch the Default Namespace #
List Current Cluster #
# List the current kubectl context: Cluster & user
kubectl config view | grep current-context
# Shell output:
current-context: kubernetes-admin@k8s.jkw.local
Set new Default Namespace #
# Set the namespace "new-namespace" as the default namespace
kubectl config set-context kubernetes-admin@k8s.jkw.local --namespace new-namespace
# Set the namespace "default" as the default namespace
kubectl config set-context kubernetes-admin@k8s.jkw.local --namespace default
Verify the default Namespace #
# Verify the configuration
kubectl config view
# Shell output:
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://127.0.0.1:6443
name: k8s.jkw.local
contexts:
- context:
cluster: k8s.jkw.local
namespace: new-namespace # Default namespace
user: kubernetes-admin
name: kubernetes-admin@k8s.jkw.local
current-context: kubernetes-admin@k8s.jkw.local
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
LimitRange Resource Limits #
Create LimitRange Resource #
# Create a LimitRange configuration
vi namespace-limits.yaml
apiVersion: v1
kind: LimitRange
metadata:
name: example-namespace-limits
namespace: example-namespace
spec:
limits:
- type: Pod
max:
cpu: "2"
memory: "1Gi"
min:
cpu: "200m"
memory: "100Mi"
- type: Container
default:
memory: "300Mi"
cpu: "200m"
defaultRequest:
memory: "200Mi"
cpu: "100m"
max:
memory: "600Mi"
cpu: "400m"
min:
memory: "100Mi"
cpu: "100m"
# Deploy the LimitRange resource
kubectl create -f namespace-limits.yaml
List LimitRange Resources #
# List the LimitRange resource for the namespace
kubectl get LimitRange --namespace example-namespace
# Shell output:
NAME CREATED AT
example-namespace-limits 2024-06-01T11:33:15Z
List Namespace Resource Limits #
# List the namespace details
kubectl describe namespace example-namespace
# Shell output:
Name: example-namespace
Labels: kubernetes.io/metadata.name=example-namespace
Annotations: <none>
Status: Active
No resource quota.
Resource Limits
Type Resource Min Max Default Request Default Limit Max Limit/Request Ratio
---- -------- --- --- --------------- ------------- -----------------------
Pod cpu 200m 2 - - -
Pod memory 100Mi 1Gi - - -
Container memory 100Mi 600Mi 200Mi 300Mi -
Container cpu 100m 400m 100m 200m -
Delete LimitRange Resource #
# Delete the LimitRange resource
kubectl delete LimitRange example-namespace-limits --namespace example-namespace
YAML Manifest / Configuration #
Deploy Resources from YAML Config #
# Deploy resources from YAML configuration: Current namespace
kubectl create -f filename.yaml
# Deploy resources from YAML configuration: Specific namespace
kubectl create -f filename.yaml -n namespace-name
Update Resources from YAML Config #
# Deploy resources updates from YAML configuration: Current namespace
kubectl apply -f filename.yaml
# Deploy resources updates from YAML configuration: Specific namespace
kubectl apply -f filename.yaml -n namespace-name
Delete Resources from YAML Config #
# Delete resources from YAML configuration: Current namespace
kubectl delete -f filename.yaml
# Delete resources from YAML configuration: Specific namespace
kubectl delete -f filename.yaml
Create YAML Manifest from Deployment #
# Save YAML Manifest from existing deployment: Current namespace
kubectl get deployment-type deployment-name -o yaml > filename.yaml
# Save YAML Manifest from existing deployment: Specific namespace
kubectl get deployment-type deployment-name -n namespace-name -o yaml > filename.yaml
Example: Backup & Restore Deployment #
This is an example for CoreDNS deployment backup and restore:
# Create a backup of a Deployment
kubectl get deployment coredns -n kube-system -o yaml > coredns-deployment.yaml
# Delete the Deployment
kubectl delete deployment coredns -n kube-system
# Restore the Deployment
kubectl apply -f coredns-deployment.yaml
Pods #
List Pods #
List Pods:
# List pods
kubectl get pod
# List pods: More details like node name
kubectl get pods -o wide
Watch Pods:
# # List pods: Watch the status change
kubectl get pods --watch
List Pods per Label:
# List pods: With specific label "nginx"
kubectl get pod -l app=nginx
List Pods, define Namespace:
# List pods: In specific namespace
kubectl get pods --namespace=namespace-name
# List pods: In all namespaces
kubectl get pods --all-namespaces
List Pod Details #
# List pod details
kubectl describe pod <pod-name>
Delete Pod #
# Delete pod
kubectl delete pod <pod-name>
Pods / Containers #
Container Shell #
# Access an container shell: Single container pod
kubectl exec -it pod-name -- /bin/bash
# Access an container shell: Multi container pod
kubectl exec -it pod-name -c container-name -- /bin/bash
Container Environment Variables #
# List environment variables: Single container pod
kubectl exec pod-name -- printenv
# List environment variables: Multi container pod
kubectl exec pod-name -c container-name -- printenv
Container Logs #
# Container logs: Single container pod
kubectl logs my-pod
# Container logs: Multi container pod
kubectl logs pod-name -c container-name
Container Port Forwarding #
Kubernetes will forward to the correct container based on the destination port:
# Forward container port: Local access
kubectl port-forward pod-name 8080:80
# Forward container port: Local access, specific namespace
kubectl port-forward pod-name -n namespace-name 8080:80
# Forward container port: Access from other hosts
kubectl port-forward --address 0.0.0.0 pod-name 8080:80
# Forward container port: Access from other hosts, specific namespace
kubectl port-forward --address 0.0.0.0 pod-name -n namespace-name 8080:80
# Curl the local port
curl localhost:8080
# Stop port forwarding
Strg + C
Deployments #
List Deployments #
# List deployments
kubectl get deployments
List Deployment Details #
# List deployment details
kubectl describe deployment <deployment-name>
Scale Deployment #
# Set the number of replicas for a deployment
kubectl scale deployment <deployment-name> --replicas=2
Delete Deployment #
# Delete deployment
kubectl delete deployment <deployment-name>
Replication Controllers #
List RC #
# List Replication Controllers
kubectl get rc
kubectl describe rc controller-name
List RC Details #
# List Replication Controller details
kubectl describe rc controller-name
Edit RC #
# Edit Replcation Controller
kubectl edit rc/controller-name
Delete RC #
# Delete the replication controller and it's pods
kubectl delete rc controller-name
Services #
Service Types #
-
ClusterIPDefault service type when no service type is defined -
--type=NodePortCreates a NodePort service -
--type=LoadBalancerCreates a LoadBalancer service
Access NodePort #
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
testservice NodePort 10.233.13.17 192.168.30.100 8000:32007/TCP 2s
A NodePort service exposes a static port (NodePort) randomly assigned, in this example port “32007” on all nodes external IPs in the cluster, and internal on the cluster IP, in this example on port “8000”. Optional an external IP can be defined.
Create Service #
Service for Deployment #
ClusterIP Service:
# Create service type "ClusterIP" for a deployment
kubectl expose deployment <deployment-name> --port=8000 --target-port=80 --name=<service-name>
# Create service type "ClusterIP" for a deployment: Add external IP to access the service
kubectl expose deployment <deployment-name> --port=8000 --target-port=80 --name=<service-name> --external-ip="192.168.30.100"
NodePort Service:
# Create service type "NodePort" for a deployment
kubectl expose deployment <deployment-name> --type=NodePort --port=8000 --target-port=80 --name=<service-name>
# Create service type "NodePort" for a deployment: Add external IP to access the service
kubectl expose deployment <deployment-name> --type=NodePort --port=8000 --target-port=80 --name=<service-name> --external-ip="192.168.30.100"
LoadBalancer Service:
# Create service type "LoadBalancer" for a deployment: Random LoadBalancer IP
kubectl expose deployment <deployment-name> --type=LoadBalancer --port=8000 --target-port=80 --name=<service-name>
# Create service type "LoadBalancer" for a deployment: Define a specific LoadBalancer IP
kubectl expose deployment <deployment-name> --type=LoadBalancer --port=8000 --target-port=80 --name=<service-name> --external-ip="192.168.30.111"
Service for Pod #
# Create service type "ClusterIP" for a pod
kubectl expose pod <pod-name> --port=8000 --target-port=80 --name=<service-name>
# Create service type "ClusterIP" for a pod: Add external IP to access the service
kubectl expose pod <pod-name> --port=8000 --target-port=80 --name=<service-name> --external-ip="192.168.30.100"
Service for Replication Controller #
# Create service type "ClusterIP" for a Replication Controller
kubectl expose rc <rc-name> --port=8000 --target-port=80 --name=<service-name>
# Create service type "ClusterIP" for a Replication Controller: Add external IP to access the service
kubectl expose rc <rc-name> --port=8000 --target-port=80 --name=<service-name> --external-ip="192.168.30.100"
List Services #
# List all services / service details
kubectl get svc
List Service Details #
# List service details
kubectl get svc <service-name>
# List more service details
kubectl describe svc <service-name>
Delete Service #
# Delete service
kubectl delete service <service-name>
StorageClass, PV, PVC #
StorageClasses #
# List storage clases
kubectl get storageclasses
# Delete storage class
kubectl delete storageclass storageclass-name
Persistent Volume Claims #
# List PVC
kubectl get pvc
# Delete PVC
kubectl delete pvc pvc-name
Persistent Volumes #
# List PV
kubectl get pv
# Delete PV
kubectl delete pv pv-name
Horizontal Pod Autoscaler (HPA) #
Deploy HPA #
# Deploy a pod autoscaler: Maintains between 1 and 10 pod replicas
kubectl autoscale deployment deployment-name --cpu-percent=50 --min=1 --max=10 --name=hpa-name
List & Watch HPA / Check Status #
# List the HPA status: Wait till the HPA gets a target output from the metrics server
kubectl get hpa
# Wacht the load of the HPA
kubectl get hpa hpa-name --watch
List HPA Details #
# List HPA details
kubectl describe hpa hpa-name
Delete HPA #
# Wacht the HPA
kubectl delete hpa hpa-name
ConfigMaps #
List ConfigMaps #
# List ConfigMaps: In current namespace
kubectl get cm
# List ConfigMaps: In all namespace
kubectl get cm --all-namespaces
# List ConfigMaps: In specific namespace
kubectl get cm -n namespacename
Edit ConfigMap #
# Edit ConfigMap: Corrent namespace
kubectl edit cm configmap-name
# Edit ConfigMap: Specific namespace
kubectl edit cm configmap-name -n namespace-name
List ConfigMap Details #
# List ConfigMap details: Corrent namespace
kubectl describe cm configmap-name
# List ConfigMap details: Specific namespace
kubectl describe cm configmap-name -n namespace-name
Delete ConfigMap #
# Delete ConfigMap: Corrent namespace
kubectl delete cm configmap-name
# Delete ConfigMap: Specific namespace
kubectl delete cm configmap-name -n namespace-name
Secrets #
List Secrets #
# List secrets
kubectl get secrets
Secret Details #
# List secret details
kubectl describe secret secret-name
Delete Secret #
# Delete secret
kubectl delete secret secret-name
Network Policies #
List Network Policy #
# List network policy: Describe all NetworkPolicies in "default" namespace
kubectl describe networkpolicy
# List network policy: Describe specific "network-policy-ex-pods" np in "default" namespace
kubectl describe networkpolicy networkpolicy-name -n default
Delete Network Policy #
# Delete network policy
kubectl delete networkpolicy networkpolicy-name
Cronjobs #
YAML Configuration Example #
# Create cronjob configuration
vi example-conjob.yaml
apiVersion: batch/v1
kind: CronJob
metadata:
name: example-cronjob
spec:
schedule: "*/1 * * * *"
jobTemplate: # Defines the job to be created on each schedule occurrence
spec:
template: # The Pod template
spec:
containers:
- name: cronjob-container
image: busybox
args:
- /bin/sh
- -c
- date; echo Hello from the Kubernetes cluster
restartPolicy: OnFailure
# Deploy cronjob
kubectl apply -f example-conjob.yaml
List Cronjobs #
Example Details:
# List cronjobs
kubectl get cronjobs
# Shell output:
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
example-cronjob */1 * * * * False 0 16s 40s
-
SUSPEND = FalseCronJob is active and will trigger executions according to its defined schedule -
SUSPEND = TrueCronJob is currently suspended, and no new jobs will be started until it is unsuspended
Command Overview:
# List cronjobs: In current namespace
kubectl get cronjobs
# List cronjobs: In a specific namespace
kubectl get cronjobs -n namespace-name
# List cronjobs: In all namespaces
kubectl get cronjobs --all-namespaces
Suspend & Resume Conjob #
Example Details:
# Suspend cronjob: Example
kubectl patch cronjob example-cronjob -p '{"spec":{"suspend": true}}'
# Verify the cronjob status
kubectl get cronjobs
# Shell output:
NAME SCHEDULE SUSPEND ACTIVE LAST SCHEDULE AGE
example-cronjob */1 * * * * True 0 43s 67s
# Resume cronjob: Example
kubectl patch cronjob example-cronjob -p '{"spec":{"suspend": false}}'
Command Overview:
# Suspend cronjob: Syntax
kubectl patch cronjob cronjob-name -p '{"spec":{"suspend": true}}'
# Resume cronjob: Syntax
kubectl patch cronjob cronjob-name -p '{"spec":{"suspend": false}}'
Check Job Execution #
# List jobs
kubectl get jobs
# Shell output:
NAME COMPLETIONS DURATION AGE
example-cronjob-28621260 1/1 5s 4m56s
example-cronjob-28621264 1/1 5s 49s
List Cronjob Details #
# List cronjobs: In current namespace
kubectl describe cronjob cronjob-name
# List cronjobs: In a specific namespace
kubectl describe cronjob cronjob-name -n namespace-name
Delete Cronjob #
# Delete cronjob: In current namespace
kubectl delete cronjob cronjob-name
# Delete cronjob: In a specific namespace
kubectl delete cronjob cronjob-name -n namespace-name
Helm #
Install Helm #
# Install Helm with script
curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 &&
chmod +x get_helm.sh &&
./get_helm.sh
# Verify the installation / check version
helm version
Repositories #
Add Repository #
# Add repository
helm repo add repo-alias https://repo-url
Update Repository Index #
# Update package index
helm repo update
List Repositories #
# List repositories
helm repo list
Remove Repository #
# Remove repository
helm repo remove repo-alias
Charts / Packages #
List Available Charts in Repository #
# List available charts in the Helm repository
helm search repo repo-alias
Install Package #
# Install package: Syntax
helm install release-name repo-alias/chart-name
# For example
helm install metrics-server metrics-server/metrics-server
-
release-nameChosen name for the Helm installation within the Kubernetes cluster -
repo-aliasAlias that was defined for the repository -
chart-name# Package you want to install from the repository
Uninstall Package #
# Uninstall package: Current namespace
helm uninstall release-name
# Uninstall package: Specific namespace
helm delete velero -n namespace-name
List Installed Packages #
# List Helm releases in the `namespace-name` namespace
helm ls -n namespace-name
# List Helm releases across all namespaces
helm ls --all-namespaces
Download Helm Chart #
# Download & untar a Helm chart
helm pull repo-alias/chart-name --untar
Logs #
Pod Logs #
Single Container #
# List the logs of a pod: Single container pod, current namespace
kubectl logs pod-name
# List the logs of a pod: Single container pod, specific namespace
kubectl logs pod-name -n namespace-name
Multi Container #
# List the logs of a pod: Multi container pod, current namespace
kubectl logs pod-name -c container-name
# List the logs of a pod: Multi container pod, specific namespace
kubectl logs pod-name -c container-name -n namespace-name
Specific Time #
# Logs from the last 5 minutes: Current namespace
kubectl logs pod-name --since=5m
# Logs from the last 5 minutes: Specific namespace
kubectl logs pod-name --since=5m -n namespace-name
# Logs from the last 24 hours: Current namespace
kubectl logs pod-name --since=24h
# Logs from the last 24 hours: Specific namespace
kubectl logs pod-name --since=24h -n namespace-name
Watch Real-time Logs #
# Real-time logs from all containers in a pod: Current namespace
kubectl logs -f --all-containers=true pod-name
# Real-time logs from all containers in a pod: Specific namespace
kubectl logs -f --all-containers=true pod-name -n namespace-name
Troubleshooting #
Pod for Network Troubleshooting #
# Run pod for network troubleshooting
kubectl run busybox --image=busybox --restart=Never --stdin --tty
# Run commands
nslookup example.com
ping example.com
# Delete pod
kubectl delete pod busybox
Utilities #
K9s #
Install K9s #
Find latest release:
https://github.com/derailed/k9s/tags
# Download package (Debian based)
wget https://github.com/derailed/k9s/releases/download/v0.32.5/k9s_linux_amd64.deb
# Install package
sudo dpkg -i k9s_linux_amd64.deb
# Install missing dependencies
sudo apt install -f
Verify K9s Installation #
# Verify installation / check version
k9s version
Start K9s #
# Start k9s
k9s
# Exit k9s
Strg + C
K9s Commands #
# List nodes
:node
# List namespaces
:ns
# List deployments
:deploy
# List pods
:pod
# List services
:svc
# Go back
ESC
# List logs
l