Kubernetes
#Current shell
source <(kubeadm completion bash)
source <(kubectl completion bash)
#Allows scheduling on the master
kubectl taint nodes --all node-role.kubernetes.io/master-
#Kubeadm
sudo dnf update kubeadm
sudo kubeadm upgrade plan
sudo kubeadm upgrade apply v1.14.1
sudo dnf update kubelet
sudo systemctl restart kubelet
https://kubernetes.io/docs/tasks/administer-cluster/kubeadm/kubeadm-upgrade-1-14/
#Base
kubectl get nodes -o wide
kubectl get pods --all-namespaces -o wide
kubectl get deployments --all-namespaces -o wide
kubectl get services --all-namespaces -o wide
kubectl get service sleep -o json
kubectl get endpoints sleep
kubectl describe pod [-n kube-system]
kubectl describe service [-n kube-system]
kubectl apply -f /etc/kubernetes/manifests/sleep.yml
kubectl describe pod sleep-7674d45776-9rn2p -n default
kubectl exec -it sleep-7674d45776-9rn2p /bin/bash
kubectl delete service sleep
kubectl delete deployment sleep
kubectl run [--namespace=policy-demo] nginx --replicas=3 --image=nginx
kubectl expose [--namespace=policy-demo] deployment nginx --port=80 [--type=NodePort]
kubectl proxy??
kubectl port-forward $POD_NAME <local_port>:<pod_port>??
kubectl describe deployment nginx
kubectl edit deployment nginx
kubectl scale [--current-replicas=3] --replicas=2 deployment nginx
kubectl run hostnames --image=k8s.gcr.io/serve_hostname --labels=app=hostnames --port=9376 --replicas=3
#ServiceAccount
kubectl get sa --all-namespaces
#Pod
kubectl run -i --tty --rm debug --restart=Never --image=alpine -- wget -qO - 10.0.2.17:80
kubectl run -ti --rm debug --restart=Never --image busybox /bin/sh
kubectl run -it --rm debug --restart=Never [--namespace=policy-demo] --image=centos -- /bin/bash
kubectl run -it --rm debug --restart=Never --overrides='{"spec":{"tolerations":[{"key":"test-scope","value":"cypress-e2e","operator":"Equal", "effect":"NoSchedule"}]}}' --image=alpine -- sh -c "clear; (bash || ash || sh)"
#Node
kubectl taint nodes <node_name> key=value:NoSchedule[-]
kubectl taint nodes <node_name> key=value:NoExecute
sudo docker ps | sudo crictl ps
sudo docker inspect --format '{{ .State.Pid }}' container-id-or-name | sudo crictl inspect -o json container-id-or-name | jq .info.pid
nsenter -t your-container-pid -n ip addr
nsenter -t your-container-pid -n ngrep -W byline -td any . port 53
sudo conntrack -L -d 10.96.0.10
sudo iptables -vL | grep DROP | watch -d sudo iptables -L -v -n
#Net
kubectl get po --all-namespaces -o json | jq .items[].status.podIP -r | egrep '^10' | fping
kubectl -n kube-system get configmap calico-config -oyaml
#DNS
kubectl describe services -n kube-system kube-dns
kubectl get endpoints -l k8s-app=kube-dns --all-namespaces -o json
kubectl describe pod --namespace=kube-system [coredns-86c58d9df4-6csb4]
for p in $(kubectl get pods --namespace=kube-system -l k8s-app=kube-dns -o name); do kubectl logs --namespace=kube-system $p; done
kubectl -n kube-system get configmap coredns -oyaml
kubectl -n kube-system edit configmap coredns
kubeadm upgrade apply v1.11.0 --feature-gates=CoreDNS=true
nslookup kubernetes.default.svc.cluster.local
nslookup kubernetes-dashboard.kube-system.svc.cluster.local
#Dashboard
https://github.com/kubernetes/dashboard/wiki/Creating-sample-user
https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
https://github.com/kubernetes/dashboard/wiki/Accessing-Dashboard---1.7.X-and-above
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep kubernetes-dashboard-token | awk '{print $1}')
kubectl get secret $(kubectl get serviceaccount dashboard -o jsonpath="{.secrets[0].name}") -o jsonpath="{.data.token}" | base64 --decode
#MariaDB
kubectl get secret mariadb -ojsonpath="{.data.mariadb-root-password}" | base64 --decode
#Kube Proxy
http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:https/proxy/
http://localhost:8001/api/v1/namespaces/default/services/http:phpmyadmin:http/proxy/
watch -d 'kubectl get deployments --all-namespaces -o wide; echo ' ';kubectl get services --all-namespaces -o wide;echo ' ';kubectl get pods --all-namespaces -o wide;echo ' ';sudo iptables -L'Â
#Reference
https://kubernetes.io/docs/reference/kubectl/cheatsheet/