Pod to print something at regular intervals
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: looper-cka16-arch
name: looper-cka16-arch
spec:
containers:
- image: busybox
name: looper-cka16-arch
command:
- "sh"
- "-c"
- "while true; do echo hello; sleep 10; done"
PVC cannot be edited, it must be deleted and recreated
Create ClusterRoleBinding for a ServiceAccount
kubectl create clusterrolebinding <clusterrolebinding-name> --clusterrole=<clusterrole-name> --serviceaccount=<namespace>:<serviceaccount-name>
SC, PV and PVC with full options
apiVersion: storage.k8s.io/v1
kind: StorageClass
metadata:
name: orange-stc-cka07-str
provisioner: kubernetes.io/no-provisioner
volumeBindingMode: WaitForFirstConsumer
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: orange-pv-cka07-str
spec:
capacity:
storage: 150Mi
volumeMode: Filesystem
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: orange-stc-cka07-str
local:
path: /opt/orange-data-cka07-str
nodeAffinity:
required:
nodeSelectorTerms:
- matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- cluster1-controlplane
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: orange-pvc-cka07-str
spec:
accessModes:
- ReadWriteOnce
volumeMode: Filesystem
resources:
requests:
storage: 128Mi
storageClassName: orange-stc-cka07-str
volumeName: orange-pv-cka07-str
Using jsonpath to get the value of a key in YAML
kubectl --context cluster1 get pod <podname> -o jsonpath='{.metadata.labels.stack}'
Take ETCD backup using etcdctl
ETCDCTL_API=3 etcdctl --endpoints=https://[127.0.0.1]:2379 --cacert=/etc/kubernetes/pki/etcd/ca.crt --cert=/etc/kubernetes/pki/etcd/server.crt --key=/etc/kubernetes/pki/etcd/server.key snapshot save /opt/cluster1_backup.db
DNS name of a pod - <pod-ip-separated-by-hyphens>.<namespace>.pod
Check if a user has access to perform an operation (User is not namespace bound)
k auth can-i get deployments --as <user-name>
Check if a service account has access to perform an operation
k auth can-i get deployments --as system:serviceaccount:<namespace>:<serviceaccount-name>
If a PVC is not getting bounded to a PV, check if the PV has claimRef referring to a specific version of the PVC.
Display the name and IP address of all the pods in a namespace
kubectl get pods -n <namespace> -o=custom-columns='POD_NAME:metadata.name,IP_ADDR:status.podIP' --sort-by=status.podIP
Ingress resource with SSL redirect turned off
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress-cka04-svcn
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service-cka04-svcn
port:
number: 80
When mounting a config file as a configMap type volume, mount the volume at the directory containing the config file (not the full path of the config file).
Config files for kubelet are present under /var/lib/kubelet on every node.
Endpoint object to send traffic to an external web server
apiVersion: v1
kind: Endpoints
metadata:
# the name here should match the name of the Service
name: external-webserver-cka03-svcn
subsets:
- addresses:
- ip: <node-ip>
ports:
- port: 9999
apiGroups: "" (core) for namespace as resource in a cluster role.
If kube-apiserver is not reachable or not running, grep into the kubelet logs using journalctl -u kubelet | grep command and look closely for error logs.
spec.volumeName: <pv-name> to make a PVC request storage from a specific PV