#!/bin/bash
CONTEXT=xxx
pods=$(kubectl --context $CONTEXT get pods --all-namespaces --field-selector=status.phase=Running -o jsonpath='{.items[*].metadata.name}')
namespaces=$(kubectl --context $CONTEXT get pods --all-namespaces --field-selector=status.phase=Running -o jsonpath='{.items[*].metadata.namespace}')
IFS=' ' read -ra pods_array <<< "$pods"
IFS=' ' read -ra namespaces_array <<< "$namespaces"
for i in "${!pods_array[@]}"; do
pod="${pods_array[$i]}"
namespace="${namespaces_array[$i]}"
containers=$(kubectl --context $CONTEXT get pods "$pod" -n "$namespace" -o jsonpath='{.spec.containers[*].name}')
IFS=' ' read -ra containers_array <<< "$containers"
for container in "${containers_array[@]}"; do
user_id=$(kubectl --context $CONTEXT exec "$pod" -n "$namespace" -- id -u);
echo "$namespace/$container: $user_id";
done
done
#!/bin/sh
CONTEXT=dev2
CONTAINERS=$(kubectl --context $CONTEXT get pods --all-namespaces -o json | jq '.items[] | {namespace:.metadata.namespace,name:.metadata.name,image:.spec.containers[].image}')
INITCONTAINERS=$(kubectl --context $CONTEXT get pods --all-namespaces -o json | jq '.items[] | select(.spec.initContainers | length > 0) | {namespace:.metadata.namespace,name:("initcontainer-" + .metadata.name),image:.spec.initContainers[].image}')
JOBS=$(kubectl --context $CONTEXT get jobs --all-namespaces -o json | jq '.items[] |
{namespace:.metadata.namespace,name:("job-" + .metadata.name),image:.spec.template.spec.containers[].image}')
CRONJOBS=$(kubectl --context $CONTEXT get cronjobs --all-namespaces -o json | jq '.items[] |
{namespace:.metadata.namespace,name:("cronjob-" + .metadata.name),image:.spec.jobTemplate.spec.template.spec.containers[].image}')
echo $CRONJOBS $JOBS $CONTAINERS $INITCONTAINERS | jq -s .
echo $CRONJOBS $JOBS $CONTAINERS $INITCONTAINERS | jq -s . > image.json
# check all images availability
for row in $(jq '[.[] .image ] | unique | sort' ./images.json); do
docker pull "$row"
done
#!/bin/bash
set +e
# check all images availability
for row in $(jq -r '[.[] .image] | [.[] | select(. | ((startswith("harbor.xxx") or startswith("ghcr.io/xxx") )) )] | unique | sort | .[]' -); do
(timeout --preserve-status 5 docker pull "$row" &>/dev/null && echo "✅ $row") || ( [ $? -eq 255 ] && echo "✅ $row" || echo "❌ $row" )
done
⚠ Beware, this naïve script fully pull all docker images.
We made another script that use skopeo to prevent downloading the full image, see here
kubectl --context dev get pods -A -o json | jq -r '.items[] | [.metadata.namespace, .metadata.name, .status.phase, .spec.containers[].resources.requests.cpu, .spec.containers[].resources.limits.cpu, .spec.containers[].resources.requests.memory, .spec.containers[].resources.limits.memory] | @tsv'
kubectl pods -A -o=json | jq -r '.items[] | select(.spec.containers[].securityContext == null) | "\(.metadata.namespace)/\(.metadata.name)"'
kubectl --context prod2 get secret some-secret --namespace=some-namespace --export -o yaml | \
kubectl --context prod apply --namespace=some-namespace -f -
kubectl --context dev --namespace xxx-secret get secret some-secret -ojson | \
kubeseal --scope cluster-wide --controller-namespace sealed-secrets-system --context dev | \
yq eval -P \
> sealed-secret-dev.yml
# use any docker image
kubectl --context xxx run my-shell --rm -i --tty --image postgres:10 -- bash
apiVersion: v1
kind: Pod
metadata:
name: debug
namespace: xxx
spec:
containers:
- name: postgres
image: postgres:11
command: ["sleep", "60000"]
envFrom:
- secretRef:
name: some-secret
kubectl --context xxx --namespace some-ns get job/some-job-id -o json > job.json
kubectl --context xxx replace --force -f job.json
# From pod
kubectl cp k8s-xm-cm-pod:/path/to/files ./backup
# To pod
kubectl cp ./backup k8s-xm-cm-pod:/path/to/files
kubectl --context prod get --all-namespaces ing -o json | jq -r '.items[] .spec.rules[] .host'