Kubectl
External
- kubectl commands: https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands
Internal
Overview
kubectl is the main Kubernetes command line tool, used to send REST API requests with JSON-formatted payloads into the API server.
Installation
Linux
Download the latest version:
curl -LO https://storage.googleapis.com/kubernetes-release/release/`curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt`/bin/linux/amd64/kubectl
Make the binary executable:
chmod +x ./kubectl
Move the binary into the PATH
sudo mv ./kubectl /usr/local/bin/kubectl
Mac
Download the latest version:
curl -LO "https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/darwin/amd64/kubectl"
Then place into /usr/local/bin and make it executable.
Configuration
Rescue Access
On a master, as root:
/usr/local/bin/kubectl --kubeconfig=/etc/kubernetes/admin.conf get pods
Commands
port-forward
expose
version
config
apply, create, edit, patch, kustomize, delete
wait
cp
exec
auth
run
scale
Options
-v
kubectl -v=<log-level> ...
where the log level is an integer between 0 and 10.
--as
--as
allows to pass a username to impersonate for the operation. In this context, a "username" can also be the name of a service account in the format "system:serviceaccount:<namespace-name>:<service-account-name>":
kubectl --as system:serviceaccount:blue:blue-sa apply -f ./pod.yaml
This is particularly useful when experimenting with permission and authorization, by using kubectl auth can-i.
--token
--user
Specifies which user credentials from .kube/config to use with the current command.
--raw
Access APIs.
kubectl get --raw /apis/metrics.k8s.io | jq
Obtaining Information about the API Server
API Server URL
kubectl config view -o json | jq -r '.clusters[] | select(.name | contains("docker")) | .cluster.server'
API Server Bearer Token
kubectl get secrets -o jsonpath="{.items[?(@.metadata.annotations['kubernetes\.io/service-account\.name']=='default')].data.token}"|base64 --decode
Obtaining Information about API Objects
get
kubectl get
kubectl get and kubectl describe mask sensitive information such as a secret's content to protect it from being exposed accidentally to an onlooker or from being stored in a terminal log.
Output in YAML Format
The "-o yaml" option instructs get to return the full copy of the object's manifest from the cluster store. The output is divided into a .spec section, which represents the desired state and the .status section, which represents the current observed state.
kubectl get -o yaml ...
Get the Manifest for an Existing Object
The manifest can be used to recreate the object:
kubectl get pod pod-name --export -o yaml
Note that --export is deprecated and will be removed in the future so find an equivalent.
Get with Selector (-l,--selector)
Use -l|--selector to specify a selector (label query) to filter on. The expression supports '=', '==', and '!='.
kubectl get pod -l color=green,shape=square
--field-selector
kubectl get pods --all-namespaces -o wide --field-selector spec.nodeName=<node>
Custom Columns
Custom columns are specified by <HEADER>:<JSONPATH-EXPRESSION>,...
kubectl get ... -o custom-columns='KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,SERVICE_ACCOUNTS:subjects[?(@.kind=="ServiceAccount")].name'
JSONPath Support
describe
The 'describe' command provides a multi-line overview of an object. It includes important object lifecycle events.
kubectl describe
POSTing a Manifest
kubectl apply -f filename.yaml
Port Fowarding
while ! kubectl -n my-namespace port-forward service/my-service 8787:8787; do sleep 1; done