scmrus/kubectl.md

## kubectl.md

      
    Raw
  

              kubectl.md
            
          
    https://kubernetes.io/docs/reference/kubectl/cheatsheet/
Setting Up kubectl

export KUBECONFIG={cert-file} 
kubectl config use-context {context}

Discover

kubectl get pod --all-namespaces --show-all -o wide | less -S
kubectl get svc --all-namespaces --show-all -o wide | less -S

Proxy

kubectl proxy --port=8001

http://127.0.0.1:8001/api/v1/namespaces/<namespace>/services/<service_name>:<service_port>/proxy/

Port forward

kubectl -n vault get pods
kubectl -n vault port-forward vault-vault-5857c579c4-vdqht 8201:8200

Accessing the API from a POD

https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod
Kubernetes Auth Method for Vault (https://www.vaultproject.io/docs/auth/kubernetes.html)
cd /run/secrets/kubernetes.io/serviceaccount

vault write auth/kubernetes/config \
  token_reviewer_jwt=@token \
  kubernetes_host=https://kubernetes.default.svc:443 \
  kubernetes_ca_cert=@ca.crt

vault write auth/kubernetes/role/demo \
    bound_service_account_names=default \
    bound_service_account_namespaces=default \
    policies=default \
    ttl=1h