Contents

• Kubernetes cheat sheet
  • yaml specifications
    • Services
    • Secrets
  • kubeadm commands
    • General
      • Join a worker node to a master
  • kubectl commands
    • General
      • View formatted and redacted .kube config
      • Apply a manifest
    • Pods
      • Get a list of pods by label
      • Get a pod's UID
      • Apply a label to a pod
      • Get cluster IPs of pods
      • Jump in to a running pod
      • Forward host's localhost to an exposed pod's port
      • Get a pod's logs
      • Copy a file to a pod's filesystem
    • Deployments
      • Create deployment, [deployment_name] of application [app_name]:[version] from [repo]
      • Get a deployment's yaml
      • Scale a deployment, [deployment_name], up [to n_replicas]
      • Get deployment rollout history
      • Undo deployment rollout
    • Nodes
      • Get a node's taints
      • Taint all nodes with node role
      • Show which pods are running on which nodes
    • Secrets
      • Create a secret
      • Get/decode a secret
  • Troubleshooting
    • Connection refused on pod's service

Kubernetes cheat sheet

yaml specifications

Services

This creates a new service of type NodePort, i.e. accessible outside of cluster via some randomly assigned high port number, targeting any pod with the run: my-service label:

apiVersion: v1
kind: Service
metadata:
  name: <name>
  labels:
    run: my-service
spec:
  ports:
  - port: <port>
    protocol: <TCP || UDP>
    nodePort: <node_port>
  type: NodePort
  selector:
    run: my-service

Secrets

secret:

apiVersion: v1
kind: Secret
metadata:
  name: <name>
data:
  password: <password>

kubeadm commands

General

Join a worker node to a master

$ sudo kubeadm token create --print-join-command

kubectl commands

General

View formatted and redacted .kube config

$ kubectl config view

Apply a manifest

$ kubectl apply -f <manifest.yml>

Pods

Get a list of pods by label

$ kubectl get -l <key>=<value> <resource_type>

Get a pod's UID

kubectl get pods <pod_name> -o jsonpath='{.metadata.uid}'

Apply a label to a pod

$ kubectl label pod <pod_name> <key>=<value>

Get cluster IPs of pods

$ kubectl get pods -o wide

Jump in to a running pod

$ kubectl exec -it <pod_name> -- /bin/bash

Forward host's localhost to an exposed pod's port

$ kubectl port-forward -n <namespace> <pod_name> <port>

Get a pod's logs

$ kubectl logs <pod_name> -n <namespace>

Copy a file to a pod's filesystem

$ kubectl cp /path/to/local/file <pod_name>:/path/to/remote/file

Deployments

Create deployment, [deployment_name] of application [app_name]:[version] from [repo]

$ kubectl create deployment <deployment_name> --image=<repo>/<app_name>:<version>

Get a deployment's yaml

$ kubectl get deployment <deployment_name> -o yaml > <output_name>.yaml

Scale a deployment, [deployment_name], up [to n_replicas]

$ kubectl scale deployment <deployment> replicas=<n_replicas>

Get deployment rollout history

kubectl rollout history deployment <deployment_name>

and specific version information:

$ kubectl rollout history deployment <deployment_name> --revision=<revision>

Undo deployment rollout

$ kubectl rollout undo eployment/<deployment_name>

Nodes

Get a node's taints

$  kubectl describe nodes | grep -i Taint

Taint all nodes with node role

$ kubectl taint nodes --all node-role.kubernetes.io/master-

Show which pods are running on which nodes

$ kubectl get pod -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase,NODE:.spec.nodeName -n <namespace>

Secrets

Create a secret

Encodes the value in base64.

$ kubectl create secret generic <secret_name> --from-literal=<key>=<value>

Get/decode a secret

$ kubectl get secret <secret_name> -o jsonpath='{.<key>}' | base64 --decode

Troubleshooting

Connection refused on pod's service

Jump in to pod and test service is available locally:

kubectl exec -it <pod_name> -- curl localhost:<port>

Should also check this from another pod within the same network.