kubernetes
Deployment → ReplicaSet → Pods → Containers
1 IP address per pod
Pods
Read
kubectl \
get pods \
-n my-namespace
Execute
kubectl \
run my-pod \
--image my-image \
--restart Never \
-n my-namespace
Write
kubectl edit \
pod my-pod \
-n my-namespace
kubectl delete \
pod my-pod \
-n my-namespace \
--grace-period 0
Deployments
Read
kubectl get \
deploy my-deployment \
-n my-namespace \
-o wide
kubectl get \
deployments \
-n my-namespace
Execute
kubectl create \
deploy my-deployment \
--image my-image \
-n my-namespace
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-deployment
spec:
replicas: 2
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: my-container
image: my-image
Write
kubectl \
set image \
deployment/my-deployment \
my-app=my-app:1.0.1 \
-n my-namespace
kubectl \
delete deploy my-deployment \
-n my-namespace
Scale
kubectl \
scale deploy my-deployment \
--replicas 3 \
-n my-namespace
Services
ClusterIP (internal)
ExternalName (internal alias for external DNS)
LoadBalancer (external dedicated IP) [if available]
NodePort (exposed via node)
Read
kubectl \
get services \
-n my-namespace
kubectl \
get service my-service \
-n my-namespace
Write
kubectl \
expose deployment my-deployment \
--type LoadBalancer \
--name my-load-balancer \
--target-port 8080 \
-n my-namespace
kubectl \
delete service my-service \
-n my-namespace
kubectl \
edit service my-service \
-n my-namespace
Warning
ClusterIP is immutable!
NameSpaces
Special:
default
kube-node-lease
kube-public
kube-system
Outside:
Nodes
Pod Security Policies
Persistent Volumes
kubectl api-resources \
--namespaced false
Read
kubectl \
get namespaces
Write
kubectl \
create ns my-namespace
kubectl \
delete ns my-namespace
Jobs
one-time
sequential
parallel
CronJob → Job → Pods
Read
kubectl \
get jobs \
-n my-namespace
Write
kubectl \
create job my-job \
--image my-image \
-n my-namespace
kubectl \
create job my-job \
--from cronjob/my-cronjob \
-n my-namespace
kubectl \
apply -f file.yaml \
-n my-namespace
apiVersion: batch/v1
kind: Job
metadata:
name: my-job
spec:
activeDeadlineSeconds: 60
backoffLimit: 4
completions: 1
parallelism: 1
template:
spec:
containers:
- name: my-container
image: my-image
restartPolicy: OnFailure
kubectl \
delete job my-job \
-n my-namespace
kubectl \
delete job my-job \
cascade=false \
-n my-namespace
CronJobs
Read
kubectl \
get cronjobs \
-n my-namespace
Write
kubectl \
create cronjob my-cronjob \
--image my-image \
--schedule '*/4 * * * *' \
-n my-namespace
apiVersion: batch/v1
kind: CronJob
metadata:
name: my-cronjob
spec:
schedule: '*/4 * * * *'
jobTemplate:
spec:
template:
spec:
containers:
- name: my-container
image: my-image
imagePullPolicy: IfNotPresent
command:
- /usr/bin/bash
- -c
- command
failedHistoryLimit: 2
successfulJobsHistoryLimit: 1
restartPolicy: OnFailure
kubectl \
patch cronjob my-cronjob \
-p '{"spec":{"schedule": "*/4 * * * *"}}' \
-n my-namespace
kubectl \
delete cronjob my-cronjob \
-n my-namespace
ConfigMaps
From:
environment variables file
file
key and value
Read
kubectl \
get configmap \
-n my-namespace
kubectl \
get configmap my-configmap \
-o yaml \
-n my-namespace
Write
kubectl \
create configmap my-configmap \
--from-literal 'uid=1000' \
-n my-namespace
kubectl \
create configmap my-configmap \
--from-file 'my-configmap.txt' \
-n my-namespace
kubectl \
create configmap my-configmap \
--from-env-file 'my-configmap.env' \
-n my-namespace
kubectl \
delete configmap my-configmap \
-n my-namespace
Pod YAML configurations
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
volumeMounts:
- name: my-volume
mountPath: /var/lib/my-volume
volumes:
- name: my-volume
configMap:
name: my-configmap
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
env:
- name: my-env
valueFrom:
configMapKeyRef:
name: my-configmap
key: my-key
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
envFrom:
- configMapRef:
name: my-configmap
Secrets
generic
docker-registry
tls
From:
environment variables file
file
key and value
Read
kubectl \
get secrets \
-n my-namespace
Write
kubectl \
create secret generic my-secret \
--from-literal 'username=user' \
--from-literal 'password=1234' \
-n my-namespace
kubectl \
create secret generic my-secret \
--from-file 'my-secret.txt' \
-n my-namespace
kubectl \
create secret generic my-secret \
--from-env-file 'my-secret.env' \
-n my-namespace
kubectl \
delete secret my-secret \
-n my-namespace
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
volumeMounts:
- name: my-secret-volume
mountPath: /var/lib/my-secret-volume
volumes:
- name: my-secret-volume
secret:
secretName: my-secret
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: my-container
image: my-image
env:
- name: username
valueFrom:
secretKeyRef:
name: username
key: username
Labels & Selectors
Labels
Key/Value pairs
attached to objects
Reserved key prefixes:
kubernetes.io
k8s.io
Selectors
use labels
filter/select objects
Types:
matchLabels: =, ==, !=
matchExpressions: exists, in, notin
Commands
kubectl \
get pod \
--show-labels \
-n my-namespace
kubectl \
get pod \
-l app=my-app,version=1.0 \
-n my-namespace
kubectl \
get pod \
-l app=my-app,version in (1.0,1.1,1.2) \
-n my-namespace
apiVersion: v1
kind: Pod
metadata:
name: my-pod
labels:
app: my-app
version: 1.0
spec:
containers:
- name: my-container
image: my-image
apiVersion: v1
kind: Deployment
metadata:
name: my-deployment
labels:
app: my-app
spec:
containers:
- name: my-container
image: my-image
selector:
matchLabels:
app: my-app
matchExpressions:
- {key: version, operator: In, values: ["1.0","1.1","1.2"]}
kubectl
kubectl version = api-server version ± 0.1
kubectl \
get namespace \
-o 'custom-columns="NAME":".metadata.name"' \
--no-headers
kubectl \
-n my-namespace \
get pod \
--sort-by '.status.phase'
kubectl \
-n my-namespace \
get pod \
--watch
kubectl \
-n my-namespace \
exec my-pod \
-it -- \
ls
kubectl config use-context my-cluster
kubectx my-cluster
kubectl config set-context --current --namespace my-namespace
kubens my-namespace
Liveness & Readiness
Kubelets use:
livenessProbes
readinessProbes
Types:
exec
http
tcp