Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Kubernetes Cheat Sheet

Kubernetes Commands - Cheat Sheet

Official K8s Cheat Sheet: https://kubernetes.io/docs/reference/kubectl/cheatsheet/

Current Cluster

  • Check to which cluster you are connected to: kubectl config current-context

View Pods and Auto Scaling

  • Get current pods: kubectl get pod -n [namespace]
  • Get autoscale config (hpa): kubectl get hpa -n [namespace]
  • Describe a pod: kubectl describe pod [pod name] -n [namespace]
  • Connect to a pod: kubectl exec -it [pod name] -- /bin/bash
  • Get pod logs: kubectl logs [pod name]
  • Get SSL certificates for namespace (used in ingress to allow HTTPS): kubectl describe managedcertificate -n [namespace]
  • Get deployment image tag: gcloud container images list-tags gcr.io/[project id]/[image name] --limit 1
  • Get deployment yaml: kubectl get deploy [deployment] -o yaml --export
  • Port foward: kubectl port-foward -n [namespace] [pod] [local port]:[remote / pod port]

Running in watch mode (for Windows Power Shell):

  • To run a command continuously: while ($true) { [command] | Out-Host; Sleep 10; Clear }

Change Pods:

  • Apply changes inside a file: kubectl apply -f [path to yaml file]
  • Delete evicted pods: kubectl -n [namespace] delete pods --field-selector=status.phase=Failed
  • Delete a deployment: kubectl delete -f [path to yaml file]
  • Delete all pods: kubectl delete --all pods -n [namespace]
  • Reload configs: kubectl rollout restart deployment/name
  • Scale deployment: kubectl -n [namespace] scale deploy [deployment name] --replicas=[num replicas] (if num replicas is set to 0, stops the current deployment)
  • Patch pod yaml: `kubectl patch [cronjobs / deployment] [cronscale / deployment name] -p '{"spec" : {"attribute" : value }}' -n [namespace]

Deployment

  • Deploy: ./k8s/deploy.sh [deployment id] [environment] [path to yaml file]
  • Rollback Deployment: kubectl rollout undo deployment/[deployment name] -n [namespace]
  • Get deployments: kubectl get deploy -n [namespace]
  • Restart Deployment: kubectl rollout restart deployment [deployment name] -n [namespace]

Ingress IP

  • Reserve global static IP address: gcloud compute addresses create [ip name] --global

CSQL Proxy

  • Create secret key from username and password: kubectl create secret generic cloudsql-db-credentials -n [namespace] --from-literal=username=[username] --from-literal=password=[password]
  • Create secret key from file: kubectl create secret generic cloudsql-instance-credentials -n [namespace] --from-file= [local-key-file.json]=[screts-key-file.json]

Kubernetes Ingress with HTTPS:

To create an Ingress (in GKE) that uses HTTPS:

1 - Create a managed certificate:

Create a yaml file for the managed certificates (each file can contain more than one certificate).

apiVersion: networking.gke.io/v1beta1
kind: ManagedCertificate
metadata:
  namespace: [namespace]
  name: [certificate name]
spec:
  domains:
    - [full domain name, `subdomain.domain.com`]

2 - Add a reference to this certificate inside the ingress:

---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: [ingress name]
  namespace: [namespace]
  annotations:
    kubernetes.io/ingress.global-static-ip-name: "[global static ip name]"
    networking.gke.io/managed-certificates: "[certificate names, separated by `,`, for example: `certificate1,certificate2]"
spec:
  rules:
  - host: [full domain name: `subdomain.domain.com`]
    http:
      paths:
      - path: /*
        backend:
          serviceName: [node port service name]
          servicePort: http

3 - Apply files:

  1. Apply both the certificate and the ingress file.
  2. Create a DNS record that points to the ingress static IP (when using Cloudflare, the DNS must not be proxied while the certificate is being provisioned).
  3. Check if the certificate was issued: kubectl describe managedcertificate -n [namespace].
  4. IMPORTANT: the GKE default ingress uses its own healtch at the / path. Therefore all pods must answer 200 at the root /, otherwise the ingress will think that the pod is unhealth and will not direct any traffic to it. If there is no pod that answer 200 at /, then the ingress will return a 503 service unavailable error.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment