Kubectl: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 50: Line 50:


=Commands=
=Commands=
 
====<tt>port-forward</tt>====
* [[kubectl port-foward|port-forward]]
{{Internal|kubectl port-foward|port-forward}}
* [[kubectl expose|expose]]
====<tt>expose</tt>====
* [[kubectl version|version]]
{{Internal|kubectl expose|expose}}
* [[kubectl config|config]]
====<tt>version</tt>====
{{Internal|kubectl version|version}}
====<tt>config</tt>====
{{Internal|kubectl config|config}}
====<tt></tt>====
* [[kubectl apply|apply]], [[kubectl create|create]], [[kubectl edit|edit]], [[kubectl patch|patch]], [[kubectl kustomize|kustomize]], [[kubectl delete|delete]]
* [[kubectl apply|apply]], [[kubectl create|create]], [[kubectl edit|edit]], [[kubectl patch|patch]], [[kubectl kustomize|kustomize]], [[kubectl delete|delete]]
* [[kubectl wait|wait]]
====<tt>wait</tt>====
* [[kubectl cp|cp]]
{{Internal|kubectl wait|wait}}
* [[kubectl exec|exec]]
====<tt>cp</tt>====
* [[kubectl auth|auth]]
{{Internal|kubectl cp|cp}}
* [[kubectl run|run]]
====<tt>exec</tt>====
* [[kubectl scale|scale]]
{{Internal|kubectl exec|exec}}
====<tt>auth</tt>====
{{Internal|kubectl auth|auth}}
====<tt>run</tt>====
{{Internal|kubectl run|run}}
====<tt>scale</tt>====
{{Internal|kubectl scale|scale}}


=Options=
=Options=

Revision as of 18:43, 17 March 2021

External

Internal

Overview

kubectl is the main Kubernetes command line tool, used to send REST API requests with JSON-formatted payloads into the API server.

Installation

https://kubernetes.io/docs/tasks/tools/install-kubectl/

Linux

Download the latest version:

curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl

Make the binary executable:

chmod +x ./kubectl

Move the binary into the PATH

sudo mv ./kubectl /usr/local/bin/kubectl

Mac

Download the latest version:

curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl"

Then place into /usr/local/bin and make it executable.

Configuration

.kube config

Rescue Access

On a master, as root:

/usr/local/bin/kubectl  --kubeconfig=/etc/kubernetes/admin.conf get pods

Commands

port-forward

port-forward

expose

expose

version

version

config

config

wait

wait

cp

cp

exec

exec

auth

auth

run

run

scale

scale

Options

-v

kubectl -v=<log-level> ...

where the log level is an integer between 0 and 10.

--as

--as allows to pass a username to impersonate for the operation. In this context, a "username" can also be the name of a service account in the format "system:serviceaccount:<namespace-name>:<service-account-name>":

kubectl --as system:serviceaccount:blue:blue-sa apply -f ./pod.yaml

This is particularly useful when experimenting with permission and authorization, by using kubectl auth can-i.

--token

Bearer Tokens in Kubernetes

--user

Specifies which user credentials from .kube/config to use with the current command.

--raw

Access APIs.

kubectl get --raw /apis/metrics.k8s.io | jq

Obtaining Information about the API Server

API Server URL

kubectl config view -o json | jq -r '.clusters[] | select(.name | contains("docker")) | .cluster.server'

API Server Bearer Token

kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode

Obtaining Information about API Objects

get

kubectl get

kubectl get and kubectl describe mask sensitive information such as a secret's content to protect it from being exposed accidentally to an onlooker or from being stored in a terminal log.

Output in YAML Format

The "-o yaml" option instructs get to return the full copy of the object's manifest from the cluster store. The output is divided into a .spec section, which represents the desired state and the .status section, which represents the current observed state.

kubectl get -o yaml ...

Get the Manifest for an Existing Object

The manifest can be used to recreate the object:

kubectl get pod pod-name --export -o yaml

Note that --export is deprecated and will be removed in the future so find an equivalent.

Get with Selector (-l,--selector)

Use -l|--selector to specify a selector (label query) to filter on. The expression supports '=', '==', and '!='.

kubectl get pod -l color=green,shape=square

--field-selector

kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=<node>

Custom Columns

Custom columns are specified by <HEADER>:<JSONPATH-EXPRESSION>,...

kubectl get ... -o custom-columns='KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,SERVICE_ACCOUNTS:subjects[?(@.kind=="ServiceAccount")].name'

JSONPath Support

kubectl get JSONPath Support

describe

The 'describe' command provides a multi-line overview of an object. It includes important object lifecycle events.

kubectl describe

POSTing a Manifest

kubectl apply -f filename.yaml

Port Fowarding

 while ! kubectl -n my-namespace port-forward service/my-service 8787:8787; do sleep 1; done