res0nat0r/00-k8s-notes.md

## 00-k8s-notes.md

      
    Raw
  

              00-k8s-notes.md
            
          
    List all containers in pod:

kubectl get pod <name> -o jsonpath="{.spec['containers','initContainers'][*].name}"

Get events related to pod:

kubectl get events --field-selector involvedObject.name=pod-name

Show pods only matching status:


kubernetes/kubernetes#49387

kubectl get po --field-selector=status.phase=\!Running

LoadBalancer Annotations:

metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-ssl-cert: arn:aws:acm:us-east-1:XXX:certificate/6cc985fc-a052-4cf2-bbe4-9a0242198d07
    service.beta.kubernetes.io/aws-load-balancer-backend-protocol: http
    service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags: hostname=host.example.copm
    service.beta.kubernetes.io/aws-load-balancer-internal: "True"
    service.beta.kubernetes.io/load-balancer-source-ranges: "10.0.0.0/8"
    external-dns.alpha.kubernetes.io/hostname: host.example.com
    external-dns.alpha.kubernetes.io/ttl: "60"

Restrict LoadBalancer service to IP range:

apiVersion: v1
kind: Service
metadata:
  name: myapp
spec:
  ports:
  - port: 8765
    targetPort: 9376
  selector:
    app: example
  type: LoadBalancer
  loadBalancerSourceRanges:
  - 10.0.0.0/8
https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service

Create cluster via cli:

$ gcloud beta container clusters create res0nat0r-gke \
  --addons=HorizontalPodAutoscaling,HttpLoadBalancing,Istio,CloudRun \
  --machine-type=n1-standard-4 --preemptible --cluster-ipv4-cidr=192.168.128.0/17 \
  --services-ipv4-cidr=192.168.0.0/17  --zone=us-central1-f --enable-stackdriver-kubernetes \
  --enable-ip-alias --scopes=cloud-platform --num-nodes=4 --no-issue-client-certificate \
  --no-enable-basic-auth --network kubernetes --subnetwork kubernetes-us-central1

Fix RBAC clusterrolebinding errors on GKE:

kubectl create clusterrolebinding your-user-cluster-admin-binding \
  --clusterrole=cluster-admin --user=your.google.cloud.email@example.org

  
## daemonset-prepull.yml
# http://blog.itaysk.com/2017/12/26/the-single-use-daemonset-pattern-and-prepulling-images-in-kubernetes

apiVersion: apps/v1beta2
kind: DaemonSet
metadata:
  generateName: prepuller-

spec:
  selector:
    matchLabels:
      name: prepuller
  template:
    metadata:
      labels:
        name: prepuller
    spec:
      initContainers:
      - name: prepull
        image: docker
        command: [ "docker", "pull", "tensorflow/tensorflow" ]
        volumeMounts:
        - name: docker
          mountPath: /var/run

      volumes:
      - name: docker
        hostPath:
          path: /var/run

      containers:
      - name: pause
        image: gcr.io/google_containers/pause

# Generate new YML with additional images:
# $ yq w daemonset-prepull.yml "spec.template.spec.initContainers[0].command[2]" other/image

## istio.md

      
    Raw
  

              istio.md
            
          
    Istio

Enable sidecar injection:

kubectl label namespace your-namespace istio-injection=enabled

Uninstall Isto on GKE:

gcloud beta container clusters update my-cluster --project=$PROJECT_ID \
  --update-addons=Istio=DISABLED
https://cloud.google.com/istio/docs/istio-on-gke/uninstalling
	# http://blog.itaysk.com/2017/12/26/the-single-use-daemonset-pattern-and-prepulling-images-in-kubernetes

	apiVersion: apps/v1beta2
	kind: DaemonSet
	metadata:
	generateName: prepuller-

	spec:
	selector:
	matchLabels:
	name: prepuller
	template:
	metadata:
	labels:
	name: prepuller
	spec:
	initContainers:
	- name: prepull
	image: docker
	command: [ "docker", "pull", "tensorflow/tensorflow" ]
	volumeMounts:
	- name: docker
	mountPath: /var/run

	volumes:
	- name: docker
	hostPath:
	path: /var/run

	containers:
	- name: pause
	image: gcr.io/google_containers/pause

	# Generate new YML with additional images:
	# $ yq w daemonset-prepull.yml "spec.template.spec.initContainers[0].command[2]" other/image
No results found