You are browsing a read-only backup copy of Wikitech. The live site can be found at wikitech.wikimedia.org

Kubernetes/Kubectl/Cheat Sheet

From Wikitech-static
< Kubernetes‎ | Kubectl
Revision as of 15:42, 1 September 2022 by imported>JMeybohm (→‎Get elected master component leaders)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Introduction

More or less loose collection of kubectl commands that might be helpful (or were helpful at some point)

Commands

The all-namespaces commands need to be run from the admin service which is only accessible to root

kube_env admin codfw

List all images (without registry) running in the cluster

kubectl get pods --all-namespaces --field-selector=status.phase=Running -o jsonpath="{..image}" | tr ' ' '\n' | sed 's/.*\///' | sort -u

List images used per namespace

kubectl get pods --all-namespaces --field-selector=status.phase=Running -o=jsonpath='{range .items[*]}{"\n"}{.metadata.namespace}{":\t"}{range .spec.containers[*]}{.image}{", "}{end}{end}'

Check which image version a cronjob is using

kubectl get pod <pod in question> -o jsonpath='{range .spec.containers[*]}{.name}: {.image}{"\n"}{end}'

Peek into a helm deployment config

kubectl get cm staging.v1 -o jsonpath='{.data.release}' | base64 -d | gunzip | vim -

Peek into a k8s secret TLS certificate

kubectl get secret <SECRET> -o jsonpath='{.data.tls\.crt}'  | base64 -d | openssl crl2pkcs7 -nocrl -certfile /dev/stdin | openssl pkcs7 -print_certs -text -noout

List all RBAC "Groups" referenced in the cluster

kubectl get clusterrolebindings.rbac.authorization.k8s.io,rolebindings.rbac.authorization.k8s.io -A  -o go-template='{{range $i :=.items}}{{range $i.subjects}}{{if eq .kind "Group"}}{{$i.metadata.namespace}}/{{$i.metadata.name}} emerges group: {{ .name }}{{"\n"}}{{end}}{{end}}{{end}}'

Get all pods and their priorities

kubectl get po -A -o jsonpath='{range .items[*]}{@.metadata.namespace}/{@.metadata.name} {@.spec.priority}{"\n"}{end}'

Last termination reason and time

kubectl get po -l app=flink-session-cluster-taskmanager -o go-template='{{range .items}}{{$pod := .}}{{range .status.containerStatuses}}{{ if eq .name "flink-session-cluster-main-taskmanager"}}{{$pod.metadata.name}} {{.lastState.terminated.reason}} at {{.lastState.terminated.finishedAt}}{{"\n"}}{{end}}{{end}}{{end}}'

Get elected master component leaders

kubectl -n kube-system get ep/kube-controller-manager -o jsonpath='{.metadata.annotations.control-plane\.alpha\.kubernetes\.io/leader}'
kubectl -n kube-system get ep/kube-scheduler -o jsonpath='{.metadata.annotations.control-plane\.alpha\.kubernetes\.io/leader}'