kubernetes

  • Deployment → ReplicaSet → Pods → Containers

  • 1 IP address per pod

Pods

Read

kubectl \
get pods \
-n my-namespace

Execute

kubectl \
run my-pod \
--image my-image \
--restart Never \
-n my-namespace

Write

kubectl edit \
pod my-pod \
-n my-namespace
kubectl delete \
pod my-pod \
-n my-namespace \
--grace-period 0

Deployments

Read

kubectl get \
deploy my-deployment \
-n my-namespace \
-o wide
kubectl get \
deployments \
-n my-namespace

Execute

kubectl create \
deploy my-deployment \
--image my-image \
-n my-namespace
apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-deployment
spec:
  replicas: 2
  template:
    metadata:
      labels:
        app: my-app
    spec:
      containers:
      - name: my-container
        image: my-image

Write

kubectl \
set image \
deployment/my-deployment \
my-app=my-app:1.0.1 \
-n my-namespace
kubectl \
delete deploy my-deployment \
-n my-namespace

Scale

kubectl \
scale deploy my-deployment \
--replicas 3 \
-n my-namespace

Services

  • ClusterIP (internal)

  • ExternalName (internal alias for external DNS)

  • LoadBalancer (external dedicated IP) [if available]

  • NodePort (exposed via node)

Read

kubectl \
get services \
-n my-namespace
kubectl \
get service my-service \
-n my-namespace

Write

kubectl \
expose deployment my-deployment \
--type LoadBalancer \
--name my-load-balancer \
--target-port 8080 \
-n my-namespace
kubectl \
delete service my-service \
-n my-namespace
kubectl \
edit service my-service \
-n my-namespace

Warning

ClusterIP is immutable!

NameSpaces

Special:

  • default

  • kube-node-lease

  • kube-public

  • kube-system

Outside:

  • Nodes

  • Pod Security Policies

  • Persistent Volumes

kubectl api-resources \
--namespaced false

Read

kubectl \
get namespaces

Write

kubectl \
create ns my-namespace
kubectl \
delete ns my-namespace

Jobs

  • one-time

  • sequential

  • parallel

CronJob → Job → Pods

Read

kubectl \
get jobs \
-n my-namespace

Write

kubectl \
create job my-job \
--image my-image \
-n my-namespace
kubectl \
create job my-job \
--from cronjob/my-cronjob \
-n my-namespace
kubectl \
apply -f file.yaml \
-n my-namespace
apiVersion: batch/v1
kind: Job
metadata:
  name: my-job
spec:
  activeDeadlineSeconds: 60
  backoffLimit: 4
  completions: 1
  parallelism: 1
  template:
    spec:
      containers:
      - name: my-container
        image: my-image
      restartPolicy: OnFailure
kubectl \
delete job my-job \
-n my-namespace
kubectl \
delete job my-job \
cascade=false \
-n my-namespace

CronJobs

Read

kubectl \
get cronjobs \
-n my-namespace

Write

kubectl \
create cronjob my-cronjob \
--image my-image \
--schedule '*/4 * * * *' \
-n my-namespace
apiVersion: batch/v1
kind: CronJob
metadata:
  name: my-cronjob
spec:
  schedule: '*/4 * * * *'
  jobTemplate:
    spec:
      template:
        spec:
          containers:
          - name: my-container
            image: my-image
            imagePullPolicy: IfNotPresent
            command:
            - /usr/bin/bash
            - -c
            - command
          failedHistoryLimit: 2
          successfulJobsHistoryLimit: 1
          restartPolicy: OnFailure
kubectl \
patch cronjob my-cronjob \
-p '{"spec":{"schedule": "*/4 * * * *"}}' \
-n my-namespace
kubectl \
delete cronjob my-cronjob \
-n my-namespace

ConfigMaps

From:

  • environment variables file

  • file

  • key and value

Read

kubectl \
get configmap \
-n my-namespace
kubectl \
get configmap my-configmap \
-o yaml \
-n my-namespace

Write

kubectl \
create configmap my-configmap \
--from-literal 'uid=1000' \
-n my-namespace
kubectl \
create configmap my-configmap \
--from-file 'my-configmap.txt' \
-n my-namespace
kubectl \
create configmap my-configmap \
--from-env-file 'my-configmap.env' \
-n my-namespace
kubectl \
delete configmap my-configmap \
-n my-namespace

Pod YAML configurations

apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    volumeMounts:
    - name: my-volume
      mountPath: /var/lib/my-volume
  volumes:
  - name: my-volume
    configMap:
      name: my-configmap
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    env:
    - name: my-env
      valueFrom:
        configMapKeyRef:
          name: my-configmap
          key: my-key
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    envFrom:
    - configMapRef:
      name: my-configmap

Secrets

  • generic

  • docker-registry

  • tls

From:

  • environment variables file

  • file

  • key and value

Read

kubectl \
get secrets \
-n my-namespace

Write

kubectl \
create secret generic my-secret \
--from-literal 'username=user' \
--from-literal 'password=1234' \
-n my-namespace
kubectl \
create secret generic my-secret \
--from-file 'my-secret.txt' \
-n my-namespace
kubectl \
create secret generic my-secret \
--from-env-file 'my-secret.env' \
-n my-namespace
kubectl \
delete secret my-secret \
-n my-namespace
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    volumeMounts:
    - name: my-secret-volume
      mountPath: /var/lib/my-secret-volume
  volumes:
  - name: my-secret-volume
    secret:
      secretName: my-secret
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
spec:
  containers:
  - name: my-container
    image: my-image
    env:
    - name: username
      valueFrom:
        secretKeyRef:
          name: username
          key: username

Labels & Selectors

Labels

  • Key/Value pairs

  • attached to objects

Reserved key prefixes:

  • kubernetes.io

  • k8s.io

Selectors

  • use labels

  • filter/select objects

Types:

  • matchLabels: =, ==, !=

  • matchExpressions: exists, in, notin

Commands

kubectl \
get pod \
--show-labels \
-n my-namespace
kubectl \
get pod \
-l app=my-app,version=1.0 \
-n my-namespace
kubectl \
get pod \
-l app=my-app,version in (1.0,1.1,1.2) \
-n my-namespace
apiVersion: v1
kind: Pod
metadata:
  name: my-pod
  labels:
    app: my-app
    version: 1.0
spec:
  containers:
  - name: my-container
    image: my-image
apiVersion: v1
kind: Deployment
metadata:
  name: my-deployment
  labels:
    app: my-app
spec:
  containers:
  - name: my-container
    image: my-image
  selector:
    matchLabels:
      app: my-app
    matchExpressions:
    - {key: version, operator: In, values: ["1.0","1.1","1.2"]}

kubectl

  • kubectl version = api-server version ± 0.1

kubectl \
get namespace \
-o 'custom-columns="NAME":".metadata.name"' \
--no-headers
kubectl \
-n my-namespace \
get pod \
--sort-by '.status.phase'
kubectl \
-n my-namespace \
get pod \
--watch
kubectl \
-n my-namespace \
exec my-pod \
-it -- \
ls
kubectl config use-context my-cluster
kubectx my-cluster
kubectl config set-context --current --namespace my-namespace
kubens my-namespace

Liveness & Readiness

Kubelets use:

  • livenessProbes

  • readinessProbes

Types:

  • exec

  • http

  • tcp