Kubernetes Cheat Sheet Github

Posted on by



Github

Build a simple Kubernetes cluster that runs 'Hello World' for Node.js. Kubectl Cheat Sheet. See also: Kubectl Overview and JsonPath Guide. This page is an overview of the kubectl command. Kubectl Autocomplete. //git.io/vPieo # create resource(s). Kubernetes Cheat Sheet. GitHub Gist: instantly share code, notes, and snippets. Github: K8s in 30 mins 🌟 This is not a comprehensive guide to learn Kubernetes from scratch, rather this is just a small guide/cheat sheet to quickly setup and run applications with Kubernetes and deploy a very simple application on single workload VM. This repo can be served as quick learning manual to understand Kubernetes.

This is a list of useful information regarding Kubernetes that the GitLab SupportTeam sometimes uses while troubleshooting. GitLab is making this public, so that anyonecan make use of the Support team's collected knowledge

WARNING:These commands can alter or break your Kubernetes components so use these at your own risk.

Kubernetes is an open source container orchestration engine for automating deployment, scaling, and management of containerized applications. The open source project is hosted by the Cloud Native Computing Foundation. Kubernetes manifests can be defined in json or yaml. The file extension.yaml,.yml, and.json can be used. $ kubectl create -f./my-manifest.yaml # create resource(s) $ kubectl create -f./my1.yaml -f./my2.yaml # create from multiple files $ kubectl create -f./dir # create resource(s) in all manifest files in dir $ kubectl.

If you are on a paid tier and are not sure howto use these commands, it is best to contact Supportand they will assist you with any issues you are having.

Generic Kubernetes commands

  • How to authorize to your GCP project (can be especially useful if you have projectsunder different GCP accounts):

  • How to access Kubernetes dashboard:

  • How to SSH to a Kubernetes node and enter the container as roothttps://github.com/kubernetes/kubernetes/issues/30656:

    • For GCP, you may find the node name and run gcloud compute ssh node-name.
    • List containers using docker ps.
    • Enter container using docker exec --user root -ti container-id bash.

  • How to copy a file from local machine to a pod:

  • What to do with pods in CrashLoopBackoff status:

    • Check logs via Kubernetes dashboard.

    • Check logs via Kubectl:

  • How to tail all Kubernetes cluster events in real time:

  • How to get logs of the previously terminated pod instance:

    No logs are kept in the containers/pods themselves. Everything is written to stdout.This is the principle of Kubernetes, read Twelve-factor appfor details.

  • How to get cron jobs configured on a cluster

    When one configures cron-based backups,you will be able to see the new schedule here. Some details about the schedules can be foundin Running Automated Tasks with a CronJob

GitLab-specific Kubernetes information

  • Minimal configuration that can be used to test a Kubernetes Helm chart.

  • Tailing logs of a separate pod. An example for a webservice pod:

  • Tail and follow all pods that share a label (in this case, webservice):

  • One can stream logs from all containers at once, similar to the Omnibuscommand gitlab-ctl tail:

  • Check all events in the gitlab namespace (the namespace name can be different if youspecified a different one when deploying the Helm chart):

  • Most of the useful GitLab tools (console, Rake tasks, etc) are found in the task-runnerpod. You may enter it and run commands inside or run them from the outside:

    You can also use gitlab-rake, instead of /usr/local/bin/gitlab-rake.

  • Troubleshooting Operations > Kubernetes integration:

    • Check the output of kubectl get events -w --all-namespaces.
    • Check the logs of pods within gitlab-managed-apps namespace.
    • On the side of GitLab check Sidekiq log and Kubernetes log. When GitLab is installedvia Helm Chart, kubernetes.log can be found inside the Sidekiq pod.

  • How to get your initial administrator password https://docs.gitlab.com/charts/installation/deployment.html#initial-login:

  • How to connect to a GitLab PostgreSQL database:

  • How to get information about Helm installation status:

  • How to update GitLab installed using Helm Chart:

    After https://gitlab.com/gitlab-org/charts/gitlab/-/issues/780 is fixed, it shouldbe possible to use Updating GitLab using the Helm Chartfor upgrades.

  • How to apply changes to GitLab configuration:

    • Modify the gitlab.yaml file.

    • Run the following command to apply changes:

  • How to get the manifest for a release. It can be useful because it contains the information aboutall Kubernetes resources and dependent charts:

Installation of minimal GitLab configuration via Minikube on macOS

This section is based on Developing for Kubernetes with Minikubeand Helm. Referto those documents for details.

  • Install Kubectl via Homebrew:

  • Install Minikube via Homebrew:

  • Start Minikube and configure it. If Minikube cannot start, try running minikube delete && minikube startand repeat the steps:

  • Install Helm via Homebrew and initialize it:

  • Copy the Minikube minimum values YAML fileto your workstation:

  • Find the IP address in the output of minikube ip and update the YAML file withthis IP address.

  • Install the GitLab Helm Chart:

    If you want to modify some GitLab settings, you can use the above-mentioned configurationas a base and create your own YAML file.

  • Monitor the installation progress via helm status gitlab and minikube dashboard.The installation could take up to 20-30 minutes depending on the amount of resourceson your workstation.

  • When all the pods show either a Running or Completed status, get the GitLab password asdescribed in Initial login,and log in to GitLab via the UI. It will be accessible via https://gitlab.domainwhere domain is the value provided in the YAML file.

Unofficial AKS Cheat Sheet

Official AKS FAQ is here

  • AKS Cheat Sheet
    • Azure CLI Commands
    • AKS Features

Azure CLI Commands

AKS

Cheat

Reference: az aks

Kubernetes Cheat Sheet Github

  • Get k8s available versions

  • To configure kubectl to connect to your Kubernetes cluster

  • Open k8s Dashboard

    If you're using RBAC enabled kubernetes cluster, you need to configure Service Account and RoleBinding in order to make Dashbaord work.

    If you want to configure more granular privilege to the Dashboard's service account instead of giving full privilege(role: cluster-admin), please follow 'Option 1: Access to Dashboard with your Service Account' in this article.

    In addition, please see Kubernetes dashboard with Azure Container Service (AKS) to know about basic dashboard operations.

  • Get AKS Cluster info

  • Get Node Resource Group

  • Scale AKS Cluster nodes

  • Upgrade AKS Cluster version

  • Enable Add-on

    • Enable Azure Monitor for Containers
    • Enable HTTP Application Routing

  • Check egress IP

ACR

Reference: az acr

  • Create an Azure Container Registry

    SKU: Basic, Standard, Premium, Classic

  • Get ACR list

  • Get ACR Detail

  • Show ACR Repositories

  • Login to ACR

  • ACR Task - Build

    You can queues a quick build, providing streamed logs for an Azure Container Registry by using az acr build

Reference Architecture

AKS Features

Service Principal

  • About Service Principal
  • Update Service Principal in AKS cluster

Authn and Authz

  • 3 options to manage access and identity for AKS clusters
    • Azure RBAC (integration with Azure AD) to control the access to AKSfrom Bast pracitses for authn & authz in AKS
    • Kubernetes RBAC
      • Roles, ClusterRoles, RoleBindings, ClusterRoleBindings
    • Pod Identities
      • Use managed identities for Pods in AKS to access to Azure resources
        • Managed Identities let you automatically request access to services through Azure AD. You don't manually define credentials for pods, instead they request an access token in real time (See azure doc)

Cluster Security

  • cluster security and upgrades
    • Securing access to the API server, limiting container access, and managing upgrades and node reboots.
  • Container image management and security
    • Securing the image and runtimes, using trusted registries, and automated builds on base image updates..
  • Pod security
    • Securing access to resources, limiting credential exposure, and using pod identities and Azure Key Vault

Data Volume

  • Data Volume Options
    • Azure Disk (Dynamic / Static)
    • Azure Files (Dynamic / Static)

Network Plugin

  • kubenet (default policy)
    • az aks create --network-plugin option: kubenet
    • see also @k8s.io
  • Azure CNI
    • az aks create --network-plugin option: azure

Network Policiy

  • Kubernetes version: 1.12+
  • Network policy Options in AKS
      1. Azure Network Policies - the Azure CNI sets up a bridge in the VM host for intra-node networking. The filtering rules are applied when the packets pass through the bridge
      • az aks create --network-plugin azure
      1. Calico Network Policies - the Azure CNI sets up local kernel routes for the intra-node traffic. The policies are applied on the pod’s network interface.
      • see [the difference between the two](the Azure CNI sets up local kernel routes for the intra-node traffic. The policies are applied on the pod’s network interface.)
      • az aks create --network-plugin azure && --network-policy calico

Load Balancer

  • Service: type=LoadBalancer (NOT ClusterIP nor NodePort)
  • Default: External Load balancer
  • Static IP to LB (see azure doc)
  • Internal Load balancer - Only accessible from the same VNET
    • Annotation for Internal LB
    • You can specify IP address for LB: loadBalancerIP:XX.XX.XX.XX
    • You can specify a subnet for LB with special annotation

Ingress

  • Ingress Controllers provided by Azure (Not nginx ingress or others)
  • TLS Termination Configfuration
  • Ingress for Internal VNET by using a service with Internal LB

Egress

  • Static IP for egress traffic
    • See azure doc
    • Default: egress IP from AKS is randomly assigned

      Once a Kubernetes service of type LoadBalancer is created, agent nodes are added to an Azure Load Balancer pool. For outbound flow, Azure translates it to the first public IP address configured on the load balancer. This public IP address is only valid for the lifespan of that resource. If you delete the Kubernetes LoadBalancer service, the associated load balancer and IP address are also deleted.

    • Procedures
        1. Create static IP in AKS node resource Group
        1. Create a service with the static IP ( put the static IP to the loadBalancerIP property)
CheatKubernetes commands pdf

DNS

  • Kubernetes +1.12.x: CoreDNS
  • Kubernetes < 1.12.x: kube-dns

Kubernetes Github Issues

Autoscale

GPU nodes

Quota and Limits for AKS

  • Default limit
    • max clusters per subscription: 100
    • max nodes per cluster: 100
    • max pods per node setting for AKS
      • Basic networking with Kubenet: 110
      • Advanced networking with Azure CNI: 30 ( NOTE: you can change the limit for Azure CLI or Resource Manager template deployments up to 110 )

Troubleshooting

Azure Container Registory (ACR)

Github Kubernetes Dashboard

  • VNET & Firewall Rule
  • ACR Task - Automate OS and framework patching
  • Repo & Tag Locking
  • Helm Chart Repositories

Useful Links