Kubectl: Difference between revisions
| Line 122: | Line 122: | ||
kubectl ... -o jsonpath="{.users[?(@.name=="blue")].user.password}" | kubectl ... -o jsonpath="{.users[?(@.name=="blue")].user.password}" | ||
kubectl get pod ... -o jsonpath='{.items[0].spec.volumes[?(@.name=="vault")].hostPath.path}' 2>/dev/null | kubectl get pod ... -o jsonpath='{.items[0].spec.volumes[?(@.name=="vault")].hostPath.path}' 2>/dev/null | ||
====Select and Combine Two or More Elements==== | |||
<syntaxhighlight lang='bash'> | |||
kubectl get pod \ | |||
-o jsonpath='{.items[0].spec.volumes[?(@.name=="A")].hostPath.path} {.items[0].spec.volumes[?(@.name=="B")].hostPath.path}' | |||
</syntaxhighlight> | |||
====TODO==== | ====TODO==== | ||
Revision as of 04:11, 27 June 2020
Internal
Overview
kubectl is the main Kubernetes command line tool, used to send REST API requests with JSON-formatted payloads into the API server.
Installation
Download the latest version:
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
Make the binary executable:
chmod +x ./kubectl
Move the binary into the PATH
sudo mv ./kubectl /usr/local/bin/kubectl
Configuration
Rescue Access
On a master, as root:
/usr/local/bin/kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods
Commands
Options
-v
kubectl -v=<log-level> ...
where the log level is an integer between 0 and 10.
Obtaining Information about the API Server
API Server URL
kubectl config view -o json | jq -r '.clusters[] | select(.name | contains("docker")) | .cluster.server'
API Server Bearer Token
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode
Obtaining Information about API Objects
get
kubectl get
kubectl get and kubectl describe mask sensitive information such as a secret's content to protect it from being exposed accidentally to an onlooker or from being stored in a terminal log.
Output in YAML Format
The "-o yaml" option instructs get to return the full copy of the object's manifest from the cluster store. The output is divided into a .spec section, which represents the desired state and the .status section, which represents the current observed state.
kubectl get -o yaml ...
Get the Manifest for an Existing Object
The manifest can be used to recreate the object:
kubectl get pod pod-name --export -o yaml
Note that --export is deprecated and will be removed in the future so find an equivalent.
JSONPath Support
Removing Leading and Trailing Single Quotes
... | sed -e 's/^'\//' > ...
Get an Individual Attribute Only
TODO: https://gist.github.com/so0k/42313dbb3b547a0f51a547bb968696ba
kubectl ... -o jsonpath="{.status.phase}"
kubectl ... -o jsonpath="{.items[?(@.spec.unschedulable)].metadata.name}"
Alternative, to explore and document:
kubectl get pods --no-headers -o custom-columns=\":metadata.name\" ...
Filter Elements of an Array based on a Key Value
We assume that the elements of the array are maps, which contain the specified key:
kubectl ... -o jsonpath="{.users[?(@.name=="blue")].user.password}"
kubectl get pod ... -o jsonpath='{.items[0].spec.volumes[?(@.name=="vault")].hostPath.path}' 2>/dev/null
Select and Combine Two or More Elements
kubectl get pod \
-o jsonpath='{.items[0].spec.volumes[?(@.name=="A")].hostPath.path} {.items[0].spec.volumes[?(@.name=="B")].hostPath.path}'
TODO
kubectl get pods -o=jsonpath='{.items[?(@.metadata.labels.name=="web")].metadata.name}'
describe
The 'describe' command provides a multi-line overview of an object. It includes important object lifecycle events.
kubectl describe
POSTing a Manifest
kubectl apply -f filename.yaml
Port Fowarding
while ! kubectl -n my-namespace port-forward service/my-service 8787:8787; do sleep 1; done