You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Kubernetes/Kubectl/Cheat Sheet

From Wikitech-static
< Kubernetes‎ | Kubectl
Revision as of 11:51, 23 February 2022 by imported>JMeybohm (→‎Peek into a k8s secret TLS certificate)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

More or less loose collection of kubectl commands that might be helpful (or were helpful at some point)

Commands

List all images (without registry) running in the cluster

kubectl get pods --all-namespaces --field-selector=status.phase=Running -o jsonpath="{..image}" | tr ' ' '\n' | sed 's/.*\///' | sort -u

List images used per namespace

kubectl get pods --all-namespaces --field-selector=status.phase=Running -o=jsonpath='{range .items[*]}{"\n"}{.metadata.namespace}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'

Check which image version a cronjob is using

kubectl get pod <pod in question> -o jsonpath='{range .spec.containers[*]}{.name}: {.image}{"\n"}{end}'

Peek into a helm deployment config

kubectl get cm staging.v1 -o jsonpath='{.data.release}' | base64 -d | gunzip | vim -

Peek into a k8s secret TLS certificate

kubectl get secret <SECRET> -o jsonpath='{.data.tls\.crt}'  | base64 -d | openssl crl2pkcs7 -nocrl -certfile /dev/stdin | openssl pkcs7 -print_certs -text -noout

List all RBAC "Groups" referenced in the cluster

kubectl get clusterrolebindings.rbac.authorization.k8s.io,rolebindings.rbac.authorization.k8s.io -A  -o go-template='{{range $i :=.items}}{{range $i.subjects}}{{if eq .kind "Group"}}{{$i.metadata.namespace}}/{{$i.metadata.name}} emerges group: {{ .name }}{{"\n"}}{{end}}{{end}}{{end}}'

Get all pods and their priorities

kubectl get po -A -o jsonpath='{range .items[*]}{@.metadata.namespace}/{@.metadata.name} {@.spec.priority}{"\n"}{end}'

Last termination reason and time

kubectl get po -l app=flink-session-cluster-taskmanager -o go-template='{{range .items}}{{$pod := .}}{{range .status.containerStatuses}}{{ if eq .name "flink-session-cluster-main-taskmanager"}}{{$pod.metadata.name}} {{.lastState.terminated.reason}} at {{.lastState.terminated.finishedAt}}{{"\n"}}{{end}}{{end}}{{end}}'