Scribd
Upload
528 views3 pages

Kubernetes kubectl Commands Cheat Sheet

This document provides a cheat sheet of useful Kubernetes commands for querying resources, creating and deleting resources, cluster administration, testing commands, defining resource limits and quotas, online tutorials, accessing the Kubernetes API from pods, migration stories, use cases, and authentication/authorization. It lists common commands like kubectl get and kubectl delete and describes commands for tasks like removing/re-adding nodes, setting resource limits, and debugging pods. It also provides links to additional material on topics like OAuth proxies, Operators, and debugging network connections.

Uploaded by

Pankaj Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
528 views3 pages

Kubernetes kubectl Commands Cheat Sheet

This document provides a cheat sheet of useful Kubernetes commands for querying resources, creating and deleting resources, cluster administration, testing commands, defining resource limits and quotas, online tutorials, accessing the Kubernetes API from pods, migration stories, use cases, and authentication/authorization. It lists common commands like kubectl get and kubectl delete and describes commands for tasks like removing/re-adding nodes, setting resource limits, and debugging pods. It also provides links to additional material on topics like OAuth proxies, Operators, and debugging network connections.

Uploaded by

Pankaj Sharma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

kubernetes Cheat SheetEdit Cheat Sheet

Commands
kubectl cluster-info

In general query resource types with

kubectl get <type>


kubectl describe <type plural> <name>

Useful "get" commands

kubectl get nodes


kubectl get pods
kubectl get rc # replication controllers
kubectl get namespaces
kubectl get services
kubectl get deployments <application>
kubectl get replicasets
kubectl get sa # secret attachements

kubectl create -f some.json

kubectl get rc <node> -o yaml >some.yaml


kubectl uptate -f some.yaml

kubectl delete pod -l name=<name>


kubectl delete services &lt;service>
kubectl delete deployment &lt;application>

kubectl run-container <name> --image=<image> --port=<port>

kubectl resize --replicas=4 rc <name>

kubectl expose rc <name> --port=<port> --public-ip=<ip>

Cluster Administration
Removing/Readding nodes

kubectl drain <node> # Evacuates all pods with replication controllers


kubectl uncordon <node> # Readd node for pod scheduling

Testing kubectl Commands


Several commands allow passing "--dry-run" to test impact

kubectl run --dry-run [...]

Defining Limits and Quotas


Conceptionally "quotas" limit the resource usage per namespace while "limits" are maximum
allocation amounts per resource type (e.g. cpu, memory, storage, network policies…)

apiVersion: v1
kind: Template
objects:
- apiVersion: v1
kind: BuildConfig # or any other...
spec:
resources:
requests:
cpu: 1
memory: 2Gi
limits:
cpu: 2
memory: 4Gi

JVM and CFS problems/solutions:


https://engineering.squarespace.com/blog/2017/understanding-linux-container-scheduling

Online Tutorials
 Katacoda

Accessing Kubernetes API from pods


curl -v --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H
"Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)"
https://<mycluster>

Migration Stories
 Saltside: https://engineering.saltside.se/migrating-to-kubernetes-day-20-problems-
fbbda4905c23

Use Cases
 Web Caching with Kubernetes
 MongoDB Replicas as Stateful Sets in GKE
 nginx SSL sidecar
 Operators
o Kafka
o Couchbase

Authn/Authz
List of auth proxy implementations

 Openshift OAuth proxy (forked from bitly, work with plain k8s too)
 pusher OAuth2 proxy (continued work of bitly)
 Buzzfeed OAuth2 SSO
 linkerd
 Envoy (Istio)
 Ambassador (Envoy based)
 Conjur + Auth Proxy
 keyclock-proxy (deprecated)

Misc
 Debugging pods without netstat

cat /proc/net/tcp # gives you raw data with hex numbers :-(

# Local endpoints grep -v "rem_address" /proc/net/tcp | awk


'{x=strtonum("0x"substr($2,index($2,":")-2,2)); for (i=5; i>0; i-=2) x =
x"."strtonum("0x"substr($2,i,2))}{print x":"strtonum("0x"substr($2,index($2,":")+1,4))}'

# Remote clients grep -v "rem_address" /proc/net/tcp | awk


'{x=strtonum("0x"substr($3,index($3,":")-2,2)); for (i=5; i>0; i-=2) x =
x"."strtonum("0x"substr($3,i,2))}{print x":"strtonum("0x"substr($3,index($3,":")+1,4))}'

You might also like