********** kubernetes ********** * Deployment → ReplicaSet → Pods → Containers * 1 IP address per pod Pods ==== Read ---- .. code:: shell kubectl \ get pods \ -n my-namespace Execute ------- .. code:: shell kubectl \ run my-pod \ --image my-image \ --restart Never \ -n my-namespace Write ----- .. code:: shell kubectl edit \ pod my-pod \ -n my-namespace .. code:: shell kubectl delete \ pod my-pod \ -n my-namespace \ --grace-period 0 Deployments =========== Read ---- .. code:: shell kubectl get \ deploy my-deployment \ -n my-namespace \ -o wide .. code:: shell kubectl get \ deployments \ -n my-namespace Execute ------- .. code:: shell kubectl create \ deploy my-deployment \ --image my-image \ -n my-namespace .. code:: yaml apiVersion: apps/v1 kind: Deployment metadata: name: my-deployment spec: replicas: 2 template: metadata: labels: app: my-app spec: containers: - name: my-container image: my-image Write ----- .. code:: shell kubectl \ set image \ deployment/my-deployment \ my-app=my-app:1.0.1 \ -n my-namespace .. code:: shell kubectl \ delete deploy my-deployment \ -n my-namespace Scale ----- .. code:: shell kubectl \ scale deploy my-deployment \ --replicas 3 \ -n my-namespace Services ======== * ClusterIP (internal) * ExternalName (internal alias for external DNS) * LoadBalancer (external dedicated IP) [if available] * NodePort (exposed via node) Read ---- .. code:: shell kubectl \ get services \ -n my-namespace .. code:: shell kubectl \ get service my-service \ -n my-namespace Write ----- .. code:: shell kubectl \ expose deployment my-deployment \ --type LoadBalancer \ --name my-load-balancer \ --target-port 8080 \ -n my-namespace .. code:: shell kubectl \ delete service my-service \ -n my-namespace .. code:: shell kubectl \ edit service my-service \ -n my-namespace .. warning:: ClusterIP is immutable! NameSpaces ========== Special: * default * kube-node-lease * kube-public * kube-system Outside: * Nodes * Pod Security Policies * Persistent Volumes .. code:: shell kubectl api-resources \ --namespaced false Read ---- .. code:: shell kubectl \ get namespaces Write ----- .. code:: shell kubectl \ create ns my-namespace .. code:: shell kubectl \ delete ns my-namespace Jobs ==== * one-time * sequential * parallel CronJob → Job → Pods Read ---- .. code:: shell kubectl \ get jobs \ -n my-namespace Write ----- .. code:: shell kubectl \ create job my-job \ --image my-image \ -n my-namespace .. code:: shell kubectl \ create job my-job \ --from cronjob/my-cronjob \ -n my-namespace .. code:: shell kubectl \ apply -f file.yaml \ -n my-namespace .. code:: yaml apiVersion: batch/v1 kind: Job metadata: name: my-job spec: activeDeadlineSeconds: 60 backoffLimit: 4 completions: 1 parallelism: 1 template: spec: containers: - name: my-container image: my-image restartPolicy: OnFailure .. code:: shell kubectl \ delete job my-job \ -n my-namespace .. code:: shell kubectl \ delete job my-job \ cascade=false \ -n my-namespace CronJobs ======== Read ---- .. code:: shell kubectl \ get cronjobs \ -n my-namespace Write ----- .. code:: shell kubectl \ create cronjob my-cronjob \ --image my-image \ --schedule '*/4 * * * *' \ -n my-namespace .. code:: yaml apiVersion: batch/v1 kind: CronJob metadata: name: my-cronjob spec: schedule: '*/4 * * * *' jobTemplate: spec: template: spec: containers: - name: my-container image: my-image imagePullPolicy: IfNotPresent command: - /usr/bin/bash - -c - command failedHistoryLimit: 2 successfulJobsHistoryLimit: 1 restartPolicy: OnFailure .. code:: shell kubectl \ patch cronjob my-cronjob \ -p '{"spec":{"schedule": "*/4 * * * *"}}' \ -n my-namespace .. code:: shell kubectl \ delete cronjob my-cronjob \ -n my-namespace ConfigMaps ========== From: * environment variables file * file * key and value Read ---- .. code:: shell kubectl \ get configmap \ -n my-namespace .. code:: shell kubectl \ get configmap my-configmap \ -o yaml \ -n my-namespace Write ----- .. code:: shell kubectl \ create configmap my-configmap \ --from-literal 'uid=1000' \ -n my-namespace .. code:: shell kubectl \ create configmap my-configmap \ --from-file 'my-configmap.txt' \ -n my-namespace .. code:: shell kubectl \ create configmap my-configmap \ --from-env-file 'my-configmap.env' \ -n my-namespace .. code:: shell kubectl \ delete configmap my-configmap \ -n my-namespace Pod YAML configurations ^^^^^^^^^^^^^^^^^^^^^^^ .. code:: yaml apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: my-container image: my-image volumeMounts: - name: my-volume mountPath: /var/lib/my-volume volumes: - name: my-volume configMap: name: my-configmap .. code:: yaml apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: my-container image: my-image env: - name: my-env valueFrom: configMapKeyRef: name: my-configmap key: my-key .. code:: yaml apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: my-container image: my-image envFrom: - configMapRef: name: my-configmap Secrets ======= * generic * docker-registry * tls From: * environment variables file * file * key and value Read ---- .. code:: shell kubectl \ get secrets \ -n my-namespace Write ----- .. code:: shell kubectl \ create secret generic my-secret \ --from-literal 'username=user' \ --from-literal 'password=1234' \ -n my-namespace .. code:: shell kubectl \ create secret generic my-secret \ --from-file 'my-secret.txt' \ -n my-namespace .. code:: shell kubectl \ create secret generic my-secret \ --from-env-file 'my-secret.env' \ -n my-namespace .. code:: shell kubectl \ delete secret my-secret \ -n my-namespace .. code:: yaml apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: my-container image: my-image volumeMounts: - name: my-secret-volume mountPath: /var/lib/my-secret-volume volumes: - name: my-secret-volume secret: secretName: my-secret .. code:: yaml apiVersion: v1 kind: Pod metadata: name: my-pod spec: containers: - name: my-container image: my-image env: - name: username valueFrom: secretKeyRef: name: username key: username Labels & Selectors ================== Labels ------ * Key/Value pairs * attached to objects Reserved key prefixes: * kubernetes.io * k8s.io Selectors --------- * use labels * filter/select objects Types: * matchLabels: =, ==, != * matchExpressions: exists, in, notin Commands -------- .. code:: shell kubectl \ get pod \ --show-labels \ -n my-namespace .. code:: shell kubectl \ get pod \ -l app=my-app,version=1.0 \ -n my-namespace .. code:: shell kubectl \ get pod \ -l app=my-app,version in (1.0,1.1,1.2) \ -n my-namespace .. code:: yaml apiVersion: v1 kind: Pod metadata: name: my-pod labels: app: my-app version: 1.0 spec: containers: - name: my-container image: my-image .. code:: yaml apiVersion: v1 kind: Deployment metadata: name: my-deployment labels: app: my-app spec: containers: - name: my-container image: my-image selector: matchLabels: app: my-app matchExpressions: - {key: version, operator: In, values: ["1.0","1.1","1.2"]} kubectl ======= * kubectl version = api-server version ± 0.1 .. code:: shell kubectl \ get namespace \ -o 'custom-columns="NAME":".metadata.name"' \ --no-headers .. code:: shell kubectl \ -n my-namespace \ get pod \ --sort-by '.status.phase' .. code:: shell kubectl \ -n my-namespace \ get pod \ --watch .. code:: shell kubectl \ -n my-namespace \ exec my-pod \ -it -- \ ls .. code:: shell kubectl config use-context my-cluster kubectx my-cluster .. code:: shell kubectl config set-context --current --namespace my-namespace kubens my-namespace