Useful kubectl commands

7. 
   

8. kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --dry-run -o yaml

9. Create a Service named redis-service of type ClusterIP to expose pod redis on port 6379

$ kubectl expose pod redis --port=6379 --type=ClusterIP --name=redis-service --dry-run -o yaml > service.yaml

(This will automatically use the pod’s labels as selectors, but you cannot specify the node port. You have to generate a definition file and then add the node port in manually before creating the service with the pod.)

Expose the hr-web-app as service hr-web-app-serviceapplication on port 30082 on the nodes on the cluster

$ kubectl expose deployment hr-web-app --type=NodePort --port=8080 --name=hr-web-app-service --dry-run -o yaml > hr-web-app-service.yaml

to generate a service definition file. Then edit the nodeport in it and create a service.

Create a static pod named

static-busybox that uses the busybox image and the command sleep 1000

Create a pod definition file in the manifests folder. Use command:

kubectl run --restart=Never --image=busybox static-busybox --dry-run -o yaml --command – sleep 1000 > /etc/kubernetes/manifests/static-busybox.yaml

ETCD Backup:

Take a backup of the etcd cluster and save it to /tmp/etcd-backup.db Run the command

$ ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key /etc/kubernetes/pki/etcd/healthcheck-client.key snapshot save ./snapshot.db

###########

Rolling Updates Deployment and record in arguments

Create deployment:

$ kubectl run nginx-deploy --image=nginx:1.16 --replicas=1 --record

See history rolling update deplyment:

$ kubectl rollout history deployment nginx-deploy

Update image:

$ kubectl set image deployment/nginx-deploy nginx-deploy=nginx:1.17 --record

To see the change into the image:

$ kubectl describe deployment nginx-deploy | grep -i image

Certificate Signing Request CSR:

Create a new user called john. Grant him access to the cluster. John should have permission to create, list, get, update and delete pods in the development namespace .

The private key exists in the location: /root/john.key and csr at /root/john.csr

Generate a certificateSigningRequest for John and get it approved. Create the correct RBAC configuration for the user.

Check API Version:

$ vim john.yaml

apiVersion: certificates.k8s.io/v1beta1

kind: CertificateSigningRequest

metadata:

name: john-developer

spec:

request: # see “To request” and paste the result here"

usages:

- digital signature

- key encipherment

- server auth

"To request":

$ cat john.csr | base64 | tr -d "\n"

copy just until ==

Create the csr:

$ kubectl create -f john.yaml

$ kubectl get csr

# You will see the condition in “PENDING”

To approved:

$ kubectl certificate approve john-developer

$ kubectl get csr

# Create role:

$ kubectl create role developer --resource=pods --verb=create,list,get,update,delete --namespace=development

# Create rolebinding:

$ kubectl create rolebinding developer-role-binding --role=developer --user=john --namespace=development

# Test Jhon permissions:

$ kubectl auth can-i update pods

$ kubectl auth can-i update pods --as=john #Here John does not has permissions because this is the default namespace

$ kubectl auth can-i update pods --namespace=development --as=john #Here yes, he has permissions

$ kubectl auth can-i list pods --namespace=development --as=john

$ kubectl auth can-i delete pods --namespace=development --as=john

$ kubectl auth can-i watch pods --namespace=development --as=john #This permission was not stablish

###########

# List the Resources:

Query to retrieve the osImages of all the nodes and store it in a file X

$ kubectl get nodes -o jsonpath=’{.items[*].status.nodeInfo.osImage}’ > file.txt

$ kubectl get services --sort-by=.metadata.name # List Services Sorted by Name

List pods Sorted by Restart Count

$ kubectl get pods --sort-by=’.status.containerStatuses[0].restartCount’

List pods in test namespace sorted by capacity

$ kubectl get pods -n test --sort-by=.spec.capacity.storage

Describe rolebinding

$ kubectl -n development describe rolebinding developer-role-binding

# Test nslookup and export results:

kubectl run --generator=run-pod/v1 nginx-resolver --image=nginx --dry-run -o yaml > pod.yaml

kubectl run --generator=run-pod/v1 test-nslookup --image=busybox:1.28 --rm -it – nslookup

kubectl run --generator=run=pod/v1 test-nslookup --image=busybox:1.28 --rm -it – nslookup > /root/nginx.svc

kubectl get pod nginx-resolver -o wide #In orther to see the IP Address

kubectl run --generator=run-pod/1 test-nslookup --image=busybox:1.28 --rm -it – nslookup 10-32-0-5.default.pod > /root/nginx.pod

###############