A list of helpful parsing commands that include: kubernetes, aws, jq, yq and other fine tools. Comment to add your favorite useful commands. Please be kind and source any commands found elsewhere when possible.

README.md

Data Crunching

The following is a guide for many useful commands that can be used when parsing, replacing, patching various platforms, etc.

Cloud Providers

AWS

Management

Region, ID, Type, Date, Name, Public IP

Command:

AWS_REGION=us-west-2
aws ec2 describe-instances --region ${AWS_REGION} --query 'Reservations[*].Instances[*].{ID:InstanceId, type:InstanceType, launched:LaunchTime, name:Tags[?Key==`Name`].Value[], PublicIP:PublicIpAddress, PrivateIP:PrivateIpAddress}' --output json | jq --arg R ${AWS_REGION} -r '.[] | .[] | [$R, .ID, .type, .launched, .name[0], .PrivateIP, .PublicIP]'

Output:

[
  "us-west-2",
  "i-018acefb13acb28a2",
  "m5.large",
  "2019-07-03T00:34:54.000Z",
  "my-amazon-node01",
  "172.10.1.20",
  "34.201.85.111"
]
[
  "us-west-2",
  "i-032a33fb52f11a6e5",
  "t2.large",
  "2019-05-20T03:37:03.000Z",
  "customer-amazon-node20",
  "172.10.1.87",
  null
]

Platform

Docker

Kubernetes

CNI

List Pod CIDR Ranges (as assigned to each node)

Command:

kubectl get nodes -o json | jq '.items[] | .spec'

Results:

kubectl get nodes -o json | jq '.items[] | .spec'
{
  "podCIDR": "10.25.0.0/24"
}
{
  "podCIDR": "10.25.1.0/24"
}
{
  "podCIDR": "10.25.2.0/24"
}
{
  "podCIDR": "10.25.3.0/24"
}
{}

Variant:

kubectl get node kubenode03 -o json | jq '.spec'

Results:

{
  "podCIDR": "10.25.2.0/24"
}

Calico - List Pod CIDR Range (native kubectl)

Command:

kubectl describe ippools default-ipv4-ippool | grep Cidr | cut -c 19

Output:

10.25.0.0/22

Or you can use jq to just return the results for things like IPIP Tunnel IP Address, and more:

kubectl get node kubenode03 -o json | jq '.metadata .annotations ."projectcalico.org/IPv4IPIPTunnelAddr"'
"10.25.1.128"

To get the node of the host through the Kubernetes API, without having to look at your IaaS or in the host:

kubectl get node kubenode03 -o json | jq '.metadata .annotations ."projectcalico.org/IPv4Address"'
"192.168.3.23/24"

Or:

kubectl get node kubenode03 -o json | jq '.status .addresses'
[
  {
    "address": "192.168.3.23",
    "type": "InternalIP"
  },
  {
    "address": "kubenode03",
    "type": "Hostname"
  }
]

Management

Working with a list of Masters/Nodes

To list masters/workers as an array (that can be leveraged by something else), do the following.

Masters:

kubectl get nodes --selector='node-role.kubernetes.io/master' -o template --template='{{range.items}}{{range.status.addresses}}{{if eq .type "InternalIP"}}{{.address}}{{end}}{{end}} {{end}}'

Workers:

kubectl get nodes --selector='!node-role.kubernetes.io/master' -o template --template='{{range.items}}{{range.status.addresses}}{{if eq .type "InternalIP"}}{{.address}}{{end}}{{end}} {{end}}'

Then, if you want to store these as a BASH variable, you can do the follwing:

ubuntu@kubenode01:~/demos$ KUBE_WORKERS=($(kubectl get nodes --selector='!node-role.kubernetes.io/master' -o template --template='{{range.items}}{{range.status.addresses}}{{if eq .type "InternalIP"}}{{.address}}{{end}}{{end}} {{end}}'))
ubuntu@kubenode01:~/demos$ echo ${KUBE_WORKERS[2]}
192.168.3.24
ubuntu@kubenode01:~/demos$

Security

File-System: Determine if read-only (true/false)

Command:

kubectl get pods -n kube-system -o go-template --template='{{range .items}}{{.metadata.name}}{{"\n"}}{{range .spec.containers}}    read-only: {{if .securityContext.readOnlyRootFilesystem}}{{printf "\033[32m%t\033[0m" .securityContext.readOnlyRootFilesystem}} {{else}}{{printf "\033[91m%s\033[0m" "false"}}{{end}} ({{.name}}){{"\n"}}{{end}}{{"\n"}}{{end}}'

Result (example):

coredns-fb8b8dccf-925dh
    read-only: true  (coredns)

coredns-fb8b8dccf-wsqjw
    read-only: true  (coredns)

etcd-kubenode01
    read-only: false (etcd)

kube-apiserver-kubenode01
    read-only: false (kube-apiserver)