kubectl create service nodeport nginx --tcp=80:80 --node-port=30080 --dry-run -o yaml
Create a Service named redis-service of type ClusterIP to expose pod redis on port 6379
$ kubectl expose pod redis --port=6379 --type=ClusterIP --name=redis-service --dry-run -o yaml > service.yaml
(This will automatically use the pod’s labels as selectors, but you cannot specify the node port. You have to generate a definition file and then add the node port in manually before creating the service with the pod.)
Expose the hr-web-app as service hr-web-app-serviceapplication on port 30082 on the nodes on the cluster
$ kubectl expose deployment hr-web-app --type=NodePort --port=8080 --name=hr-web-app-service --dry-run -o yaml > hr-web-app-service.yaml
to generate a service definition file. Then edit the nodeport in it and create a service.
Create a static pod named
static-busybox that uses the busybox image and the command sleep 1000
Create a pod definition file in the manifests folder. Use command:
kubectl run --restart=Never --image=busybox static-busybox --dry-run -o yaml --command – sleep 1000 > /etc/kubernetes/manifests/static-busybox.yaml
ETCD Backup:
Take a backup of the etcd cluster and save it to /tmp/etcd-backup.db Run the command
$ ETCDCTL_API=3 etcdctl --endpoints https://127.0.0.1:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/healthcheck-client.crt --key /etc/kubernetes/pki/etcd/healthcheck-client.key snapshot save ./snapshot.db
###########
Rolling Updates Deployment and record in arguments
Create deployment:
$ kubectl run nginx-deploy --image=nginx:1.16 --replicas=1 --record
See history rolling update deplyment:
$ kubectl rollout history deployment nginx-deploy
Update image:
$ kubectl set image deployment/nginx-deploy nginx-deploy=nginx:1.17 --record
To see the change into the image:
$ kubectl describe deployment nginx-deploy | grep -i image
Certificate Signing Request CSR:
Create a new user called john. Grant him access to the cluster. John should have permission to create, list, get, update and delete pods in the development namespace .
The private key exists in the location: /root/john.key and csr at /root/john.csr
Generate a certificateSigningRequest for John and get it approved. Create the correct RBAC configuration for the user.
Check API Version:
$ vim john.yaml
apiVersion: certificates.k8s.io/v1beta1
kind: CertificateSigningRequest
metadata:
name: john-developer
spec:
request: # see “To request” and paste the result here"
usages:
- digital signature
- key encipherment
- server auth
"To request":
$ cat john.csr | base64 | tr -d "\n"
copy just until ==
Create the csr:
$ kubectl create -f john.yaml
$ kubectl get csr
# You will see the condition in “PENDING”
To approved:
$ kubectl certificate approve john-developer
$ kubectl get csr
# Create role:
$ kubectl create role developer --resource=pods --verb=create,list,get,update,delete --namespace=development
# Create rolebinding:
$ kubectl create rolebinding developer-role-binding --role=developer --user=john --namespace=development
# Test Jhon permissions:
$ kubectl auth can-i update pods
$ kubectl auth can-i update pods --as=john #Here John does not has permissions because this is the default namespace
$ kubectl auth can-i update pods --namespace=development --as=john #Here yes, he has permissions
$ kubectl auth can-i list pods --namespace=development --as=john
$ kubectl auth can-i delete pods --namespace=development --as=john
$ kubectl auth can-i watch pods --namespace=development --as=john #This permission was not stablish
###########
# List the Resources:
Query to retrieve the osImages of all the nodes and store it in a file X
$ kubectl get nodes -o jsonpath=’{.items[*].status.nodeInfo.osImage}’ > file.txt
$ kubectl get services --sort-by=.metadata.name # List Services Sorted by Name
List pods Sorted by Restart Count
$ kubectl get pods --sort-by=’.status.containerStatuses[0].restartCount’
List pods in test namespace sorted by capacity
$ kubectl get pods -n test --sort-by=.spec.capacity.storage
Describe rolebinding
$ kubectl -n development describe rolebinding developer-role-binding
# Test nslookup and export results:
kubectl run --generator=run-pod/v1 nginx-resolver --image=nginx --dry-run -o yaml > pod.yaml
kubectl run --generator=run-pod/v1 test-nslookup --image=busybox:1.28 --rm -it – nslookup
kubectl run --generator=run=pod/v1 test-nslookup --image=busybox:1.28 --rm -it – nslookup > /root/nginx.svc
kubectl get pod nginx-resolver -o wide #In orther to see the IP Address
kubectl run --generator=run-pod/1 test-nslookup --image=busybox:1.28 --rm -it – nslookup 10-32-0-5.default.pod > /root/nginx.pod
###############