├── .gitignore
├── README.org
├── cheatsheet-kubernetes-A4.pdf
├── get-pod-error-log.sh
├── jenkinjavafile
├── k8s-networking-ip.png
├── list-all-images.sh
└── skip-tls-verify.md
/.gitignore:
--------------------------------------------------------------------------------
1 | *.tex
2 | README.pdf
3 | .DS_Store
4 | *-A4.log
5 |
--------------------------------------------------------------------------------
/README.org:
--------------------------------------------------------------------------------
1 | * Kubectl Kubernetes CheatSheet :Cloud:
2 | :PROPERTIES:
3 | :type: kubernetes
4 | :export_file_name: cheatsheet-kubernetes-A4.pdf
5 | :END:
6 |
7 | #+BEGIN_HTML
8 | 
9 |
14 |
15 |
16 | 
17 | #+END_HTML
18 |
19 | - PDF Link: [[https://github.com/dennyzhang/cheatsheet-kubernetes-A4/blob/master/cheatsheet-kubernetes-A4.pdf][cheatsheet-kubernetes-A4.pdf]], Category: [[https://cheatsheet.dennyzhang.com/category/cloud/][Cloud]]
20 | - Blog URL: https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4
21 | - Related posts: [[https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4][Kubectl CheatSheet]], [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Kubernetes Yaml]], [[https://github.com/topics/denny-cheatsheets][#denny-cheatsheets]]
22 |
23 | File me [[https://github.com/dennyzhang/cheatsheet.dennyzhang.com/issues][Issues]] or star [[https://github.com/dennyzhang/cheatsheet.dennyzhang.com][this repo]].
24 | ** Common Commands
25 | | Name | Command |
26 | |--------------------------------------+-------------------------------------------------------------------------------------------|
27 | | Run curl test temporarily | =kubectl run --generator=run-pod/v1 --rm mytest --image=yauritux/busybox-curl -it= |
28 | | Run wget test temporarily | =kubectl run --generator=run-pod/v1 --rm mytest --image=busybox -it wget= |
29 | | Run nginx deployment with 2 replicas | =kubectl run my-nginx --image=nginx --replicas=2 --port=80= |
30 | | Run nginx pod and expose it | =kubectl run my-nginx --restart=Never --image=nginx --port=80 --expose= |
31 | | Run nginx deployment and expose it | =kubectl run my-nginx --image=nginx --port=80 --expose= |
32 | | List authenticated contexts | =kubectl config get-contexts=, =~/.kube/config= |
33 | | Set namespace preference | =kubectl config set-context --namespace== |
34 | | List pods with nodes info | =kubectl get pod -o wide= |
35 | | List everything | =kubectl get all --all-namespaces= |
36 | | Get all services | =kubectl get service --all-namespaces= |
37 | | Get all deployments | =kubectl get deployments --all-namespaces= |
38 | | Show nodes with labels | =kubectl get nodes --show-labels= |
39 | | Get resources with json output | =kubectl get pods --all-namespaces -o json= |
40 | | Validate yaml file with dry run | =kubectl create --dry-run --validate -f pod-dummy.yaml= |
41 | | Start a temporary pod for testing | =kubectl run --rm -i -t --image=alpine test-$RANDOM -- sh= |
42 | | kubectl run shell command | =kubectl exec -it mytest -- ls -l /etc/hosts= |
43 | | Get system conf via configmap | =kubectl -n kube-system get cm kubeadm-config -o yaml= |
44 | | Get deployment yaml | =kubectl -n denny-websites get deployment mysql -o yaml= |
45 | | Explain resource | =kubectl explain pods=, =kubectl explain svc= |
46 | | Watch pods | =kubectl get pods -n wordpress --watch= |
47 | | Query healthcheck endpoint | =curl -L http://127.0.0.1:10250/healthz= |
48 | | Open a bash terminal in a pod | =kubectl exec -it storage sh= |
49 | | Check pod environment variables | =kubectl exec redis-master-ft9ex env= |
50 | | Enable kubectl shell autocompletion | =echo "source <(kubectl completion bash)" >>~/.bashrc=, and reload |
51 | | Use minikube dockerd in your laptop | =eval $(minikube docker-env)=, No need to push docker hub any more |
52 | | Kubectl apply a folder of yaml files | =kubectl apply -R -f .= |
53 | | Get services sorted by name | kubectl get services --sort-by=.metadata.name |
54 | | Get pods sorted by restart count | kubectl get pods --sort-by='.status.containerStatuses[0].restartCount' |
55 | | List pods and images | kubectl get pods -o='custom-columns=PODS:.metadata.name,Images:.spec.containers[*].image' |
56 | | List all container images | [[https://github.com/dennyzhang/cheatsheet-kubernetes-A4/blob/master/list-all-images.sh#L14-L17][list-all-images.sh]] |
57 | | kubeconfig skip tls verification | [[https://github.com/dennyzhang/cheatsheet-kubernetes-A4/blob/master/skip-tls-verify.md][skip-tls-verify.md]] |
58 | | [[https://kubernetes.io/docs/tasks/tools/install-kubectl/][Ubuntu install kubectl]] | ="deb https://apt.kubernetes.io/ kubernetes-xenial main"= |
59 | | Reference | [[https://github.com/kubernetes/kubernetes/tags][GitHub: kubernetes releases]] |
60 | | Reference | [[https://cheatsheet.dennyzhang.com/cheatsheet-minikube-A4][minikube cheatsheet]], [[https://cheatsheet.dennyzhang.com/cheatsheet-docker-A4][docker cheatsheet]], [[https://cheatsheet.dennyzhang.com/cheatsheet-openshift-A4][OpenShift CheatSheet]] |
61 | ** Check Performance
62 | | Name | Command |
63 | |----------------------------------------------+------------------------------------------------------|
64 | | Get node resource usage | =kubectl top node= |
65 | | Get pod resource usage | =kubectl top pod= |
66 | | Get resource usage for a given pod | =kubectl top --containers= |
67 | | List resource utilization for all containers | =kubectl top pod --all-namespaces --containers=true= |
68 | ** Resources Deletion
69 | | Name | Command |
70 | |-----------------------------------------+----------------------------------------------------------|
71 | | Delete pod | =kubectl delete pod/ -n = |
72 | | Delete pod by force | =kubectl delete pod/ --grace-period=0 --force= |
73 | | Delete pods by labels | =kubectl delete pod -l env=test= |
74 | | Delete deployments by labels | =kubectl delete deployment -l app=wordpress= |
75 | | Delete all resources filtered by labels | =kubectl delete pods,services -l name=myLabel= |
76 | | Delete resources under a namespace | =kubectl -n my-ns delete po,svc --all= |
77 | | Delete persist volumes by labels | =kubectl delete pvc -l app=wordpress= |
78 | | Delete state fulset only (not pods) | =kubectl delete sts/ --cascade=false= |
79 | #+BEGIN_HTML
80 | 
81 | #+END_HTML
82 | ** Log & Conf Files
83 | | Name | Comment |
84 | |---------------------------+---------------------------------------------------------------------------|
85 | | Config folder | =/etc/kubernetes/= |
86 | | Certificate files | =/etc/kubernetes/pki/= |
87 | | Credentials to API server | =/etc/kubernetes/kubelet.conf= |
88 | | Superuser credentials | =/etc/kubernetes/admin.conf= |
89 | | kubectl config file | =~/.kube/config= |
90 | | Kubernetes working dir | =/var/lib/kubelet/= |
91 | | Docker working dir | =/var/lib/docker/=, =/var/log/containers/= |
92 | | Etcd working dir | =/var/lib/etcd/= |
93 | | Network cni | =/etc/cni/net.d/= |
94 | | Log files | =/var/log/pods/= |
95 | | log in worker node | =/var/log/kubelet.log=, =/var/log/kube-proxy.log= |
96 | | log in master node | =kube-apiserver.log=, =kube-scheduler.log=, =kube-controller-manager.log= |
97 | | Env | =/etc/systemd/system/kubelet.service.d/10-kubeadm.conf= |
98 | | Env | export KUBECONFIG=/etc/kubernetes/admin.conf |
99 | ** Pod
100 | | Name | Command |
101 | |------------------------------+-------------------------------------------------------------------------------------------|
102 | | List all pods | =kubectl get pods= |
103 | | List pods for all namespace | =kubectl get pods --all-namespaces= |
104 | | List all critical pods | =kubectl get -n kube-system pods -a= |
105 | | List pods with more info | =kubectl get pod -o wide=, =kubectl get pod/ -o yaml= |
106 | | Get pod info | =kubectl describe pod/srv-mysql-server= |
107 | | List all pods with labels | =kubectl get pods --show-labels= |
108 | | [[https://github.com/kubernetes/kubernetes/issues/49387][List all unhealthy pods]] | kubectl get pods --field-selector=status.phase!=Running --all-namespaces |
109 | | List running pods | kubectl get pods --field-selector=status.phase=Running |
110 | | Get Pod initContainer status | =kubectl get pod --template '{{.status.initContainerStatuses}}' = |
111 | | kubectl run command | kubectl exec -it -n "$ns" "$podname" -- sh -c "echo $msg >>/dev/err.log" |
112 | | Watch pods | =kubectl get pods -n wordpress --watch= |
113 | | Get pod by selector | kubectl get pods --selector="app=syslog" -o jsonpath='{.items[*].metadata.name}' |
114 | | List pods and images | kubectl get pods -o='custom-columns=PODS:.metadata.name,Images:.spec.containers[*].image' |
115 | | List pods and containers | -o='custom-columns=PODS:.metadata.name,CONTAINERS:.spec.containers[*].name' |
116 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]] |
117 | ** Label & Annotation
118 | | Name | Command |
119 | |----------------------------------+-------------------------------------------------------------------|
120 | | Filter pods by label | =kubectl get pods -l owner=denny= |
121 | | Manually add label to a pod | =kubectl label pods dummy-input owner=denny= |
122 | | Remove label | =kubectl label pods dummy-input owner-= |
123 | | Manually add annotation to a pod | =kubectl annotate pods dummy-input my-url=https://dennyzhang.com= |
124 | ** Deployment & Scale
125 | | Name | Command |
126 | |------------------------------+--------------------------------------------------------------------------|
127 | | Scale out | =kubectl scale --replicas=3 deployment/nginx-app= |
128 | | online rolling upgrade | =kubectl rollout app-v1 app-v2 --image=img:v2= |
129 | | Roll backup | =kubectl rollout app-v1 app-v2 --rollback= |
130 | | List rollout | =kubectl get rs= |
131 | | Check update status | =kubectl rollout status deployment/nginx-app= |
132 | | Check update history | =kubectl rollout history deployment/nginx-app= |
133 | | Pause/Resume | =kubectl rollout pause deployment/nginx-deployment=, =resume= |
134 | | Rollback to previous version | =kubectl rollout undo deployment/nginx-deployment= |
135 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]], [[https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#pausing-and-resuming-a-deployment][Link: Pausing and Resuming a Deployment]] |
136 | #+BEGIN_HTML
137 |
138 | #+END_HTML
139 | ** Quota & Limits & Resource
140 | | Name | Command |
141 | |-------------------------------+-------------------------------------------------------------------------|
142 | | List Resource Quota | =kubectl get resourcequota= |
143 | | List Limit Range | =kubectl get limitrange= |
144 | | Customize resource definition | =kubectl set resources deployment nginx -c=nginx --limits=cpu=200m= |
145 | | Customize resource definition | =kubectl set resources deployment nginx -c=nginx --limits=memory=512Mi= |
146 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]] |
147 | ** Service
148 | | Name | Command |
149 | |---------------------------------+-----------------------------------------------------------------------------------|
150 | | List all services | =kubectl get services= |
151 | | List service endpoints | =kubectl get endpoints= |
152 | | Get service detail | =kubectl get service nginx-service -o yaml= |
153 | | Get service cluster ip | kubectl get service nginx-service -o go-template='{{.spec.clusterIP}}' |
154 | | Get service cluster port | kubectl get service nginx-service -o go-template='{{(index .spec.ports 0).port}}' |
155 | | Expose deployment as lb service | =kubectl expose deployment/my-app --type=LoadBalancer --name=my-service= |
156 | | Expose service as lb service | =kubectl expose service/wordpress-1-svc --type=LoadBalancer --name=ns1= |
157 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]] |
158 | ** Secrets
159 | | Name | Command |
160 | |----------------------------------+-------------------------------------------------------------------------|
161 | | List secrets | =kubectl get secrets --all-namespaces= |
162 | | Generate secret | =echo -n 'mypasswd', then redirect to base64 --decode= |
163 | | Get secret | =kubectl get secret denny-cluster-kubeconfig= |
164 | | Get a specific field of a secret | kubectl get secret denny-cluster-kubeconfig -o jsonpath="{.data.value}" |
165 | | Create secret from cfg file | kubectl create secret generic db-user-pass --from-file=./username.txt |
166 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]], [[https://kubernetes.io/docs/concepts/configuration/secret/][Link: Secrets]] |
167 | ** StatefulSet
168 | | Name | Command |
169 | |------------------------------------+----------------------------------------------------------|
170 | | List statefulset | =kubectl get sts= |
171 | | Delete statefulset only (not pods) | =kubectl delete sts/ --cascade=false= |
172 | | Scale statefulset | =kubectl scale sts/ --replicas=5= |
173 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]] |
174 | ** Volumes & Volume Claims
175 | | Name | Command |
176 | |---------------------------+--------------------------------------------------------------|
177 | | List storage class | =kubectl get storageclass= |
178 | | Check the mounted volumes | =kubectl exec storage ls /data= |
179 | | Check persist volume | =kubectl describe pv/pv0001= |
180 | | Copy local file to pod | =kubectl cp /tmp/my /:/tmp/server= |
181 | | Copy pod file to local | =kubectl cp /:/tmp/server /tmp/my= |
182 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]] |
183 | ** Events & Metrics
184 | | Name | Command |
185 | |---------------------------------+------------------------------------------------------------|
186 | | View all events | =kubectl get events --all-namespaces= |
187 | | List Events sorted by timestamp | kubectl get events --sort-by=.metadata.creationTimestamp |
188 | ** Node Maintenance
189 | | Name | Command |
190 | |-------------------------------------------+-------------------------------|
191 | | Mark node as unschedulable | =kubectl cordon $NODE_NAME= |
192 | | Mark node as schedulable | =kubectl uncordon $NODE_NAME= |
193 | | Drain node in preparation for maintenance | =kubectl drain $NODE_NAME= |
194 | ** Namespace & Security
195 | | Name | Command |
196 | |-------------------------------+-----------------------------------------------------------------------------------------------------|
197 | | List authenticated contexts | =kubectl config get-contexts=, =~/.kube/config= |
198 | | Set namespace preference | =kubectl config set-context --namespace== |
199 | | Switch context | =kubectl config use-context = |
200 | | Load context from config file | =kubectl get cs --kubeconfig kube_config.yml= |
201 | | Delete the specified context | =kubectl config delete-context = |
202 | | List all namespaces defined | =kubectl get namespaces= |
203 | | List certificates | =kubectl get csr= |
204 | | [[https://kubernetes.io/docs/concepts/policy/pod-security-policy/][Check user privilege]] | kubectl --as=system:serviceaccount:ns-denny:test-privileged-sa -n ns-denny auth can-i use pods/list |
205 | | [[https://kubernetes.io/docs/concepts/policy/pod-security-policy/][Check user privilege]] | =kubectl auth can-i use pods/list= |
206 | | Reference | [[https://cheatsheet.dennyzhang.com/kubernetes-yaml-templates][Link: kubernetes yaml templates]] |
207 | ** Network
208 | | Name | Command |
209 | |-----------------------------------+----------------------------------------------------------|
210 | | Temporarily add a port-forwarding | =kubectl port-forward redis-134 6379:6379= |
211 | | Add port-forwarding for deployment | =kubectl port-forward deployment/redis-master 6379:6379= |
212 | | Add port-forwarding for replicaset | =kubectl port-forward rs/redis-master 6379:6379= |
213 | | Add port-forwarding for service | =kubectl port-forward svc/redis-master 6379:6379= |
214 | | Get network policy | =kubectl get NetworkPolicy= |
215 | | Get ingress controller | =kubectl get ingress= |
216 | | Get ingress classes | =kubectl get ingressclasses= |
217 | ** Patch
218 | | Name | Summary |
219 | |-------------------------------+---------------------------------------------------------------------|
220 | | Patch service to loadbalancer | kubectl patch svc $svc_name -p '{"spec": {"type": "LoadBalancer"}}' |
221 | ** Extenstions
222 | | Name | Summary |
223 | |-----------------------------------------+----------------------------|
224 | | Enumerates the resource types available | =kubectl api-resources= |
225 | | List api group | =kubectl api-versions= |
226 | | List all CRD | =kubectl get crd= |
227 | | List storageclass | =kubectl get storageclass= |
228 | #+BEGIN_HTML
229 |
230 | #+END_HTML
231 | ** Components & Services
232 | *** Services on Master Nodes
233 | | Name | Summary |
234 | |--------------------------+--------------------------------------------------------------------------------------------|
235 | | [[https://github.com/kubernetes/kubernetes/tree/master/cmd/kube-apiserver][kube-apiserver]] | API gateway. Exposes the Kubernetes API from master nodes |
236 | | [[https://coreos.com/etcd/][etcd]] | reliable data store for all k8s cluster data |
237 | | [[https://github.com/kubernetes/kubernetes/tree/master/cmd/kube-scheduler][kube-scheduler]] | schedule pods to run on selected nodes |
238 | | [[https://github.com/kubernetes/kubernetes/tree/master/cmd/kube-controller-manager][kube-controller-manager]] | Reconcile the states. node/replication/endpoints/token controller and service account, etc |
239 | | cloud-controller-manager | |
240 | *** Services on Worker Nodes
241 | | Name | Summary |
242 | |-------------------+----------------------------------------------------------------------------------------------|
243 | | [[https://github.com/kubernetes/kubernetes/tree/master/cmd/kubelet][kubelet]] | A node agent makes sure that containers are running in a pod |
244 | | [[https://github.com/kubernetes/kubernetes/tree/master/cmd/kube-proxy][kube-proxy]] | Manage network connectivity to the containers. e.g, iptable, ipvs |
245 | | [[https://github.com/docker/engine][Container Runtime]] | Kubernetes supported runtimes: dockerd, cri-o, runc and any [[https://github.com/opencontainers/runtime-spec][OCI runtime-spec]] implementation. |
246 |
247 | *** Addons: pods and services that implement cluster features
248 | | Name | Summary |
249 | |-------------------------------+---------------------------------------------------------------------------|
250 | | DNS | serves DNS records for Kubernetes services |
251 | | Web UI | a general purpose, web-based UI for Kubernetes clusters |
252 | | Container Resource Monitoring | collect, store and serve container metrics |
253 | | Cluster-level Logging | save container logs to a central log store with search/browsing interface |
254 |
255 | *** Tools
256 | | Name | Summary |
257 | |-----------------------+-------------------------------------------------------------|
258 | | [[https://github.com/kubernetes/kubernetes/tree/master/cmd/kubectl][kubectl]] | the command line util to talk to k8s cluster |
259 | | [[https://github.com/kubernetes/kubernetes/tree/master/cmd/kubeadm][kubeadm]] | the command to bootstrap the cluster |
260 | | [[https://kubernetes.io/docs/reference/setup-tools/kubefed/kubefed/][kubefed]] | the command line to control a Kubernetes Cluster Federation |
261 | | Kubernetes Components | [[https://kubernetes.io/docs/concepts/overview/components/][Link: Kubernetes Components]] |
262 | ** More Resources
263 | License: Code is licensed under [[https://www.dennyzhang.com/wp-content/mit_license.txt][MIT License]].
264 |
265 | https://kubernetes.io/docs/reference/kubectl/cheatsheet/
266 |
267 | https://codefresh.io/kubernetes-guides/kubernetes-cheat-sheet/
268 |
269 | #+BEGIN_HTML
270 | 
271 |
272 |
273 | 
274 | 
275 | 
276 | #+END_HTML
277 | * org-mode configuration :noexport:
278 | #+STARTUP: overview customtime noalign logdone showall
279 | #+DESCRIPTION:
280 | #+KEYWORDS:
281 | #+LATEX_HEADER: \usepackage[margin=0.6in]{geometry}
282 | #+LaTeX_CLASS_OPTIONS: [8pt]
283 | #+LATEX_HEADER: \usepackage[english]{babel}
284 | #+LATEX_HEADER: \usepackage{lastpage}
285 | #+LATEX_HEADER: \usepackage{fancyhdr}
286 | #+LATEX_HEADER: \pagestyle{fancy}
287 | #+LATEX_HEADER: \fancyhf{}
288 | #+LATEX_HEADER: \rhead{Updated: \today}
289 | #+LATEX_HEADER: \rfoot{\thepage\ of \pageref{LastPage}}
290 | #+LATEX_HEADER: \lfoot{\href{https://github.com/dennyzhang/cheatsheet-kubernetes-A4}{GitHub: https://github.com/dennyzhang/cheatsheet-kubernetes-A4}}
291 | #+LATEX_HEADER: \lhead{\href{https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4}{Blog URL: https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4}}
292 | #+AUTHOR: Denny Zhang
293 | #+EMAIL: denny@dennyzhang.com
294 | #+TAGS: noexport(n)
295 | #+PRIORITIES: A D C
296 | #+OPTIONS: H:3 num:t toc:nil \n:nil @:t ::t |:t ^:t -:t f:t *:t <:t
297 | #+OPTIONS: TeX:t LaTeX:nil skip:nil d:nil todo:t pri:nil tags:not-in-toc
298 | #+EXPORT_EXCLUDE_TAGS: exclude noexport
299 | #+SEQ_TODO: TODO HALF ASSIGN | DONE BYPASS DELEGATE CANCELED DEFERRED
300 | #+LINK_UP:
301 | #+LINK_HOME:
302 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
303 | * DONE Misc scripts :noexport:
304 | CLOSED: [2018-11-17 Sat 12:23]
305 | - Tail pod log by label
306 | #+BEGIN_SRC sh
307 | namespace="mynamespace"
308 | mylabel="app=mylabel"
309 | kubectl get pod -l "$mylabel" -n "$namespace" | tail -n1 \
310 | | awk -F' ' '{print $1}' | xargs -I{} \
311 | kubectl logs -n "$namespace" -f {}
312 | #+END_SRC
313 |
314 | - Get node hardware resource utilization
315 | #+BEGIN_SRC sh
316 | kubectl get nodes --no-headers \
317 | | awk '{print $1}' | xargs -I {} \
318 | sh -c 'echo {}; kubectl describe node {} | grep Allocated -A 5'
319 |
320 | kubectl get nodes --no-headers | awk '{print $1}' | xargs -I {} \
321 | sh -c 'echo {}; kubectl describe node {} | grep Allocated -A 5 \
322 | | grep -ve Event -ve Allocated -ve percent -ve -- ; echo'
323 | #+END_SRC
324 |
325 | - Apply the configuration in manifest.yaml and delete all the other configmaps that are not in the file.
326 |
327 | #+BEGIN_EXAMPLE
328 | kubectl apply --prune -f manifest.yaml --all --prune-whitelist=core/v1/ConfigMap
329 | #+END_EXAMPLE
330 | * [#A] Kubernetes :noexport:IMPORTANT:
331 | https://github.com/dennyzhang/cheatsheet-kubernetes-A4
332 |
333 | k8s provides declarative primitives for the "desired state"
334 | - Self-healing
335 | - Horizontal scaling
336 | - Automatic binpacking
337 | - Service discovery and load balancing
338 | ** Names of certificates files
339 | https://github.com/kubernetes/kubeadm/blob/master/docs/design/design_v1.9.md
340 | Names of certificates files:
341 | ca.crt, ca.key (CA certificate)
342 | apiserver.crt, apiserver.key (API server certificate)
343 | apiserver-kubelet-client.crt, apiserver-kubelet-client.key (client certificate for the apiservers to connect to the kubelets securely)
344 | sa.pub, sa.key (a private key for signing ServiceAccount )
345 | front-proxy-ca.crt, front-proxy-ca.key (CA for the front proxy)
346 | front-proxy-client.crt, front-proxy-client.key (client cert for the front proxy client)
347 | ** TODO update k8s cheatsheet github: https://github.com/alex1x/kubernetes-cheatsheet
348 | ** TODO Setting up MySQL Replication Clusters in Kubernetes: https://blog.kublr.com/setting-up-mysql-replication-clusters-in-kubernetes-ab7cbac113a5
349 | ** TODO MySQL on Docker: Running Galera Cluster on Kubernetes
350 | https://severalnines.com/blog/mysql-docker-running-galera-cluster-kubernetes
351 | ** TODO Try Functions as a Service - a serverless framework for Docker & Kubernetes http://docs.get-faas.com/
352 | https://blog.alexellis.io/first-faas-python-function/
353 | ** TODO [#A] k8s clustering elasticsearch
354 | https://blog.alexellis.io/kubernetes-kubeadm-video/
355 | ** TODO k8s scale with redis
356 | ** TODO k8s scale with mysqld
357 | ** TODO [#A] k8s: https://5pi.de/2016/11/20/15-producation-grade-kubernetes-cluster/
358 | ** TODO Try kops with k8s
359 | ** TODO k8s free course: https://classroom.udacity.com/courses/ud615
360 | ** TODO feedbackup for k8s study project
361 | Aaron Mulholland [1:18 AM]
362 | So it looks pretty good. Got some good concepts in early on. Couple of suggestions for further work;
363 |
364 | Potentially the following scenarios;
365 | * Setting up ingresses and TLS
366 | * Fully configure something like Nginx Ingress Controller or Traefik.
367 | * Create TLS Secrets within Kubernetes, and use them in your ingress controller.
368 | * Managing RBAC (Don't know enough about this one, but sounds like a good concept to include)
369 | * Creating new roles, etc
370 |
371 | I'll have a think and if anymore come to me, I'll let you know.
372 |
373 |
374 | Denny Zhang (Github . Blogger)
375 | [1:19 AM]
376 | :thumbsup:
377 |
378 | Will update per your suggestions tomorrow, Aaron
379 | ** TODO k8s add DNS challenges
380 | Gui [4:01 PM]
381 | Getting familiar with the concepts like pod, service, RC, deployment, etc.
382 |
383 |
384 | [4:02]
385 | Try volume
386 |
387 |
388 | [4:02]
389 | DNS.
390 |
391 |
392 | Denny Zhang (Github . Blogger)
393 | [4:02 PM]
394 | I'm trying to cover the volume via mysql scenarios
395 |
396 |
397 | Gui [4:02 PM]
398 | And other addons
399 | 1 reply Today at 4:03 PM View thread
400 |
401 |
402 | Denny Zhang (Github . Blogger)
403 | [4:02 PM]
404 | For DNS, not sure whether I get your point
405 |
406 |
407 | Gui [4:03 PM]
408 | I haven't tried a lot myself.
409 | 1 reply Today at 4:03 PM View thread
410 |
411 |
412 | [4:03]
413 | Like every pod and service has an DNS name to talk to each other.
414 |
415 |
416 | Denny Zhang (Github . Blogger) [4:04 PM]
417 | Yes, that makes sense
418 |
419 |
420 | [4:04]
421 | For addons, do you have any recommended scenario?
422 | ** TODO k8s add challenge of addon
423 | https://www.cncf.io
424 |
425 | https://kubernetes.io/docs/concepts/cluster-administration/addons/
426 | ** TODO k8s networking models
427 | ** TODO k8s example: https://github.com/kubernetes/examples
428 | ** TODO Blog: Wordpress powered by k8s, docker swarm
429 | ** # --8<-------------------------- separator ------------------------>8-- :noexport:
430 | ** TODO [#A] absord: https://github.com/kubecamp/kubernetes_in_one_day
431 | ** TODO [#A] absord: https://github.com/kubecamp/kubernetes_in_2_days
432 | ** DONE kubectl config view
433 | CLOSED: [2017-12-31 Sun 10:40]
434 | ** DONE [#A] kubernetes persistent volume claim pending
435 | CLOSED: [2017-12-31 Sun 11:32]
436 | https://github.com/openshift/origin/issues/7170
437 |
438 | kubectl get pvc
439 | kubectl get pv
440 |
441 | #+BEGIN_EXAMPLE
442 | ubuntu@k8s1:~$ kubectl describe pvc
443 | Name: ironic-gerbil-jenkins
444 | Namespace: default
445 | StorageClass:
446 | Status: Pending
447 | Volume:
448 | Labels: app=ironic-gerbil-jenkins
449 | chart=jenkins-0.10.2
450 | heritage=Tiller
451 | release=ironic-gerbil
452 | Annotations:
453 | Capacity:
454 | Access Modes:
455 | Events:
456 | Type Reason Age From Message
457 | ---- ------ ---- ---- -------
458 | Normal FailedBinding 37s (x261 over 2h) persistentvolume-controller no persistent volumes available for this claim and no storage class is set
459 |
460 |
461 | Name: my-mysql-mysql
462 | Namespace: default
463 | StorageClass:
464 | Status: Pending
465 | Volume:
466 | Labels: app=my-mysql-mysql
467 | chart=mysql-0.3.2
468 | heritage=Tiller
469 | release=my-mysql
470 | Annotations:
471 | Capacity:
472 | Access Modes:
473 | Events:
474 | Type Reason Age From Message
475 | ---- ------ ---- ---- -------
476 | Normal FailedBinding 7s (x5 over 1m) persistentvolume-controller no persistent volumes available for this claim and no storage class is set
477 | #+END_EXAMPLE
478 | ** DONE kubernetes start a container for testing: kubectl run -i --tty ubuntu --image=ubuntu:16.04 --restart=Never -- bash -il
479 | CLOSED: [2017-12-31 Sun 11:26]
480 | ** DONE [#A] ReplicaSet is the next-generation Replication Controller.
481 | CLOSED: [2017-12-04 Mon 11:26]
482 | The only difference between a ReplicaSet and a Replication Controller right now is the selector support.
483 |
484 | https://kubernetes.io/docs/concepts/workloads/controllers/replicaset/
485 |
486 | https://github.com/arun-gupta/oreilly-kubernetes-book/blob/master/ch01/wildfly-replicaset.yml
487 | Next generation Replication Controller
488 |
489 | Set-based selector requirement
490 | - Expression: key, operator, value
491 | - Operators: In, NotIn, Exists, DoesNotExist
492 |
493 | ▪Generally created with Deployment
494 | ▪Enables Horizontal Pod Autoscaling
495 | ** DONE k8s yaml API version: https://kubernetes.io/docs/reference/federation/extensions/v1beta1/definitions/
496 | CLOSED: [2017-12-03 Sun 12:50]
497 | ** DONE k8s cronjob
498 | CLOSED: [2018-01-03 Wed 12:26]
499 | https://kubernetes.io/docs/concepts/workloads/controllers/cron-jobs/
500 |
501 | kubectl create -f ./cronjob.yaml
502 | kubectl get cronjob hello
503 | kubectl get jobs --watch
504 | kubectl delete cronjob hello
505 |
506 | #+BEGIN_EXAMPLE
507 | apiVersion: batch/v1beta1
508 | kind: CronJob
509 | metadata:
510 | name: hello
511 | spec:
512 | schedule: "*/1 * * * *"
513 | jobTemplate:
514 | spec:
515 | template:
516 | spec:
517 | containers:
518 | - name: hello
519 | image: busybox
520 | args:
521 | - /bin/sh
522 | - -c
523 | - date; echo Hello from the Kubernetes cluster
524 | restartPolicy: OnFailure
525 | #+END_EXAMPLE
526 | ** DONE [#B] check k8s status: kubectl get cs
527 | CLOSED: [2018-01-03 Wed 11:57]
528 | ** BYPASS crictl not found in system path: warning
529 | CLOSED: [2018-01-03 Wed 12:36]
530 | ** DONE kubernetes default service type: ClusterIP
531 | CLOSED: [2018-01-02 Tue 11:07]
532 | ** DONE kubectl get nodes: Unable to connect to the server: x509: certificate signed by unknown authority: incorrect /etc/kubernetes/admin.conf
533 | CLOSED: [2018-01-04 Thu 00:09]
534 |
535 |
536 | root@k8s1:~# kubectl get nodes
537 | Unable to connect to the server: x509: certificate signed by unknown authority (possibly because of "crypto/rsa: verification error" while trying to verify candidate authority certificate "kubernetes")
538 | root@k8s1:~# echo $KUBECONFIG
539 |
540 | root@k8s1:~# export KUBECONFIG=/etc/kubernetes/admin.conf
541 | root@k8s1:~# kubectl get nodes
542 | NAME STATUS ROLES AGE VERSION
543 | k8s1 Ready master 29m v1.9.0
544 | k8s2 NotReady 17m v1.9.0
545 | ** DONE [#A] kubernetes-the-hard-way: https://github.com/kelseyhightower/kubernetes-the-hard-way
546 | CLOSED: [2017-12-04 Mon 15:49]
547 | *** CANCELED k8s hardway: etcdctl: Error: context deadline exceeded
548 | CLOSED: [2017-12-04 Mon 17:54]
549 | https://github.com/kelseyhightower/kubernetes-the-hard-way/blob/e8d728d0162ebcdf951464caa8be3a5b156eb463/docs/07-bootstrapping -etcd.md
550 | #+BEGIN_EXAMPLE
551 | mac@controller-0:~$ ETCDCTL_API=3 etcdctl member list
552 | Error: context deadline exceeded
553 | #+END_EXAMPLE
554 |
555 | #+BEGIN_EXAMPLE
556 | mac@controller-0:~$ kubectl get componentstatuses
557 | NAME STATUS MESSAGE ERROR
558 | etcd-2 Unhealthy Get https://10.240.0.12:2379/health: dial tcp 10.240.0.12:2379: getsockopt: connection refused
559 | controller-manager Healthy ok
560 | etcd-1 Unhealthy Get https://10.240.0.11:2379/health: dial tcp 10.240.0.11:2379: getsockopt: connection refused
561 | scheduler Healthy ok
562 | etcd-0 Unhealthy Get https://10.240.0.10:2379/health: net/http: TLS handshake timeout
563 | #+END_EXAMPLE
564 | ** DONE k8s livenessProbe(when to restart a Container), readinessProbe(when is ready to accept requests)
565 | CLOSED: [2018-01-08 Mon 07:41]
566 | https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
567 | http://kubernetesbyexample.com/healthz/
568 | https://kubernetes-v1-4.github.io/docs/user-guide/liveness/
569 | https://github.com/arun-gupta/kubernetes-java-sample/blob/master/wildfly-pod-hc-http.yaml
570 | http://kubernetesbyexample.com/healthz/
571 |
572 | Probes have a number of fields that you can use to more precisely control the behavior of liveness and readiness checks:
573 |
574 | initialDelaySeconds: Number of seconds after the container has started before liveness or readiness probes are initiated.
575 | periodSeconds: How often (in seconds) to perform the probe. Default to 10 seconds. Minimum value is 1.
576 | timeoutSeconds: Number of seconds after which the probe times out. Defaults to 1 second. Minimum value is 1.
577 | successThreshold: Minimum consecutive successes for the probe to be considered successful after having failed. Defaults to 1. Must be 1 for liveness. Minimum value is 1.
578 | failureThreshold: When a Pod starts and the probe fails, Kubernetes will try failureThreshold times before giving up. Giving up in case of liveness probe means restarting the Pod. In case of readiness probe the Pod will be marked Unready. Defaults to 3. Minimum value is 1.
579 |
580 | #+BEGIN_EXAMPLE
581 | apiVersion: v1
582 | kind: Pod
583 | metadata:
584 | labels:
585 | test: liveness
586 | name: liveness-exec
587 | spec:
588 | containers:
589 | - args:
590 | - /bin/sh
591 | - -c
592 | - echo ok > /tmp/health; sleep 10; rm -rf /tmp/health; sleep 600
593 | image: gcr.io/google_containers/busybox
594 | livenessProbe:
595 | exec:
596 | command:
597 | - cat
598 | - /tmp/health
599 | initialDelaySeconds: 15
600 | timeoutSeconds: 1
601 | name: liveness
602 | #+END_EXAMPLE
603 | ** DONE list all critical pods
604 | CLOSED: [2018-01-04 Thu 10:10]
605 | kubectl --namespace kube-system get pods
606 |
607 | for pod in $(kubectl --namespace kube-system get pods -o jsonpath="{.items[*].metadata.name}"); do
608 | node_info=$(kubectl --namespace kube-system describe pod $pod | grep "Node:")
609 | echo "Pod: $pod, $node_info"
610 | done
611 | ** DONE k8s cheatsheet: kube-shell https://github.com/cloudnativelabs/kube-shell
612 | CLOSED: [2017-12-31 Sun 10:47]
613 | ** DONE k8s configmap
614 | CLOSED: [2018-01-08 Mon 10:32]
615 | https://kubernetes.io/docs/tasks/configure-pod-container/configure-pod-configmap/
616 | | Name | Summary |
617 | |-----------------------------------------------------+---------|
618 | | kubectl get configmaps my-wordpress-mariadb -o yaml | |
619 | ** DONE [#A] k8s initContainers debug: kubectl logs -c
620 | CLOSED: [2018-01-05 Fri 16:29]
621 | https://kubernetes.io/docs/tasks/debug-application-cluster/debug-init-containers/
622 | ** DONE Use GCE to setup k8s cluster deployment
623 | CLOSED: [2018-01-07 Sun 07:26]
624 | https://github.com/kelseyhightower/kubernetes-the-hard-way
625 |
626 | https://cloud.google.com/
627 | source /Users/mac/Downloads/google-cloud-sdk/completion.bash.inc
628 | source /Users/mac/Downloads/google-cloud-sdk/path.bash.inc
629 | *** doc: gcloud setup
630 | #+BEGIN_EXAMPLE
631 | [28] us-central1-f
632 | [29] us-central1-c
633 | [30] us-central1-b
634 | [31] us-east1-d
635 | [32] us-east1-c
636 | [33] us-east1-b
637 | [34] us-east4-c
638 | [35] us-east4-a
639 | [36] us-east4-b
640 | [37] us-west1-a
641 | [38] us-west1-c
642 | [39] us-west1-b
643 | [40] Do not set default zone
644 | Please enter numeric choice or text value (must exactly match list
645 | item): 36
646 |
647 | Your project default Compute Engine zone has been set to [us-east4-b].
648 | You can change it by running [gcloud config set compute/zone NAME].
649 |
650 | Your project default Compute Engine region has been set to [us-east4].
651 | You can change it by running [gcloud config set compute/region NAME].
652 |
653 | Created a default .boto configuration file at [/Users/mac/.boto]. See this file and
654 | [https://cloud.google.com/storage/docs/gsutil/commands/config] for more
655 | information about configuring Google Cloud Storage.
656 | Your Google Cloud SDK is configured and ready to use!
657 |
658 | * Commands that require authentication will use denny.zhang001@gmail.com by default
659 | * Commands will reference project `denny-k8s-test1` by default
660 | * Compute Engine commands will use region `us-east4` by default
661 | * Compute Engine commands will use zone `us-east4-b` by default
662 |
663 | Run `gcloud help config` to learn how to change individual settings
664 |
665 | This gcloud configuration is called [default]. You can create additional configurations if you work with multiple accounts and/or projects.
666 | Run `gcloud topic configurations` to learn more.
667 |
668 | Some things to try next:
669 |
670 | * Run `gcloud --help` to see the Cloud Platform services you can interact with. And run `gcloud help COMMAND` to get help on any gcloud command.
671 | * Run `gcloud topic -h` to learn about advanced features of the SDK like arg files and output formatting
672 | #+END_EXAMPLE
673 | *** TODO [#A] can't find gcloud :IMPORTANT:
674 | source /Users/mac/Downloads/google-cloud-sdk/completion.bash.inc
675 | source /Users/mac/Downloads/google-cloud-sdk/path.bash.inc
676 | ** DONE kubectl get pod
677 | CLOSED: [2018-04-28 Sat 09:28]
678 | /etc/kubernetes/admin.conf /etc/kubernetes/kubelet.conf /etc/kubernetes/bootstrap-kubelet.conf /etc/kubernetes/controller-manager.conf /etc/kubernetes/scheduler.conf]
679 |
680 | #+BEGIN_EXAMPLE
681 | Your Kubernetes master has initialized successfully!
682 |
683 | To start using your cluster, you need to run the following as a regular user:
684 |
685 | mkdir -p $HOME/.kube
686 | sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
687 | sudo chown $(id -u):$(id -g) $HOME/.kube/config
688 |
689 | You should now deploy a pod network to the cluster.
690 | Run "kubectl apply -f [podnetwork].yaml" with one of the options listed at:
691 | https://kubernetes.io/docs/concepts/cluster-administration/addons/
692 | #+END_EXAMPLE
693 | ** DONE pod CrashLoopBackOff: starting, then crashing, then starting again and crashing again.
694 |
695 | CLOSED: [2018-01-05 Fri 15:47]
696 | https://www.krenger.ch/blog/crashloopbackoff-and-how-to-fix-it/
697 |
698 | https://kubernetes.io/docs/tasks/debug-application-cluster/debug-init-containers/
699 |
700 | | Status | Meaning |
701 | |----------------------------+-------------------------------------------------------------|
702 | | Init:N/M | The Pod has M Init Containers, and N have completed so far. |
703 | | Init:Error | An Init Container has failed to execute. |
704 | | Init:CrashLoopBackOff | An Init Container has failed repeatedly. |
705 | | Pending | The Pod has not yet begun executing Init Containers. |
706 | | PodInitializing or Running | The Pod has already finished executing Init Containers. |
707 | ** DONE k8s ImagePullBackOff: describe pod $pod_name; No space
708 | CLOSED: [2018-06-25 Mon 14:28]
709 | ** DONE default pods for single node installation
710 | CLOSED: [2018-04-28 Sat 08:49]
711 | #+BEGIN_EXAMPLE
712 | root@mdm-k8s-node2:~# docker ps
713 | CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
714 | 75d08dd2b171 k8s.gcr.io/kube-proxy-amd64@sha256:c7036a8796fd20c16cb3b1cef803a8e980598bff499084c29f3c759bdb429cd2 "/usr/local/bin/ku..." 16 hours ago Up 16 hours k8s_kube-proxy_kube-proxy-jmcs9_kube-system_02a0eac8-4a75-11e8-afce-7aa5a78d07bd_0
715 | 0a769558ec4f k8s.gcr.io/pause-amd64:3.1 "/pause" 16 hours ago Up 16 hours k8s_POD_kube-proxy-jmcs9_kube-system_02a0eac8-4a75-11e8-afce-7aa5a78d07bd_0
716 | 2af1fbfd581a k8s.gcr.io/kube-apiserver-amd64@sha256:1ba863c8e9b9edc6d1329ebf966e4aa308ca31b42a937b4430caf65aa11bdd12 "kube-apiserver --..." 16 hours ago Up 16 hours k8s_kube-apiserver_kube-apiserver-mdm-k8s-node2_kube-system_fee65b809c1e455cf1672ebe7efc4bc7_0
717 | 63c214ac8d1b k8s.gcr.io/kube-controller-manager-amd64@sha256:922ac89166ea228cdeff43e4c445a5dc4204972cc0e265a8762beec07b6238bf "kube-controller-m..." 16 hours ago Up 16 hours k8s_kube-controller-manager_kube-controller-manager-mdm-k8s-node2_kube-system_5ad7a10c5a8589117db7258c7d499a33_0
718 | 324ff1a8d357 k8s.gcr.io/kube-scheduler-amd64@sha256:5f50a339f66037f44223e2b4607a24888177da6203a7bc6c8554e0f09bd2b644 "kube-scheduler --..." 16 hours ago Up 16 hours k8s_kube-scheduler_kube-scheduler-mdm-k8s-node2_kube-system_aa8d5cab3ea096315de0c2003230d4f9_0
719 | dce77d944669 k8s.gcr.io/etcd-amd64@sha256:68235934469f3bc58917bcf7018bf0d3b72129e6303b0bef28186d96b2259317 "etcd --listen-cli..." 16 hours ago Up 16 hours k8s_etcd_etcd-mdm-k8s-node2_kube-system_59f847fe34319ab1263f0b3ee03df8a3_0
720 | 2af621e52e11 k8s.gcr.io/pause-amd64:3.1 "/pause" 16 hours ago Up 16 hours k8s_POD_kube-apiserver-mdm-k8s-node2_kube-system_fee65b809c1e455cf1672ebe7efc4bc7_0
721 | bdc64588b27d k8s.gcr.io/pause-amd64:3.1 "/pause" 16 hours ago Up 16 hours k8s_POD_kube-controller-manager-mdm-k8s-node2_kube-system_5ad7a10c5a8589117db7258c7d499a33_0
722 | 14dd26427abf k8s.gcr.io/pause-amd64:3.1 "/pause" 16 hours ago Up 16 hours k8s_POD_kube-scheduler-mdm-k8s-node2_kube-system_aa8d5cab3ea096315de0c2003230d4f9_0
723 | 17bfbb8af205 k8s.gcr.io/pause-amd64:3.1 "/pause" 16 hours ago Up 16 hours k8s_POD_etcd-mdm-k8s-node2_kube-system_59f847fe34319ab1263f0b3ee03df8a3_0
724 | #+END_EXAMPLE
725 | ** DONE One pod may have multiple containers
726 | CLOSED: [2018-06-19 Tue 14:31]
727 | If a pod has more than 1 containers then you need to provide the name of the specific container.
728 | ** DONE kubectl edit deployment parameters
729 | CLOSED: [2018-04-15 Sun 21:49]
730 | https://github.com/kubernetes/helm/issues/2464
731 | kubectl -n kube-system patch deployment tiller-deploy -p '{"spec": {"template": {"spec": {"automountServiceAccountToken": true}}}}'
732 |
733 | kubectl --namespace=kube-system edit deployment/tiller-deploy and changed automountServiceAccountToken to true.
734 | ** DONE [#A] k8s sidecar
735 | CLOSED: [2018-07-15 Sun 22:50]
736 | https://k8s.io/examples/admin/logging/two-files-counter-pod-streaming-sidecar.yaml
737 | #+BEGIN_EXAMPLE
738 | apiVersion: v1
739 | kind: Pod
740 | metadata:
741 | name: counter
742 | spec:
743 | containers:
744 | - name: count
745 | image: busybox
746 | args:
747 | - /bin/sh
748 | - -c
749 | - >
750 | i=0;
751 | while true;
752 | do
753 | echo "$i: $(date)" >> /var/log/1.log;
754 | echo "$(date) INFO $i" >> /var/log/2.log;
755 | i=$((i+1));
756 | sleep 1;
757 | done
758 | volumeMounts:
759 | - name: varlog
760 | mountPath: /var/log
761 | - name: count-log-1
762 | image: busybox
763 | args: [/bin/sh, -c, 'tail -n+1 -f /var/log/1.log']
764 | volumeMounts:
765 | - name: varlog
766 | mountPath: /var/log
767 | - name: count-log-2
768 | image: busybox
769 | args: [/bin/sh, -c, 'tail -n+1 -f /var/log/2.log']
770 | volumeMounts:
771 | - name: varlog
772 | mountPath: /var/log
773 | volumes:
774 | - name: varlog
775 | emptyDir: {}
776 | #+END_EXAMPLE
777 | ** TODO [#A] k8s debug why termination takes time
778 | ** TODO Kubernetes availability
779 | *** TODO Building High-Availability Clusters: https://kubernetes.io/docs/admin/high-availability/
780 | ** TODO [#A] Blog: Kubernetes Service Type: NodePort, ClusterIP and Loadbalancer?
781 | #+BEGIN_EXAMPLE
782 | https://kubernetes.io/docs/concepts/services-networking/service/
783 |
784 | Publishing services - service types
785 | For some parts of your application (e.g. frontends) you may want to expose a Service onto an external (outside of your cluster) IP address.
786 |
787 | Kubernetes ServiceTypes allow you to specify what kind of service you want. The default is ClusterIP.
788 |
789 | Type values and their behaviors are:
790 |
791 | ClusterIP: Exposes the service on a cluster-internal IP. Choosing this value makes the service only reachable from within the cluster. This is the default ServiceType.
792 | NodePort: Exposes the service on each Node's IP at a static port (the NodePort). A ClusterIP service, to which the NodePort service will route, is automatically created. You'll be able to contact the NodePort service, from outside the cluster, by requesting :.
793 | LoadBalancer: Exposes the service externally using a cloud provider's load balancer. NodePort and ClusterIP services, to which the external load balancer will route, are automatically created.
794 | ExternalName: Maps the service to the contents of the externalName field (e.g. foo.bar.example.com), by returning a CNAME record with its value. No proxying of any kind is set up. This requires version 1.7 or higher of kube-dns.
795 | #+END_EXAMPLE
796 | *** Type: Loadbalancer
797 | *** Type: ClusterIP
798 | *** Type: NodePort
799 | If you set the type field to "NodePort", the Kubernetes master will allocate a port from a flag-configured range (default: 30000-32767)
800 | *** # --8<-------------------------- separator ------------------------>8-- :noexport:
801 | *** TODO Now if i access IP:NodePort, will it balance the load across multiple pods ?
802 | https://kubernetes.io/docs/tasks/access-application-cluster/load-balance-access-application-cluster/
803 | #+BEGIN_EXAMPLE
804 | Vivek Yadav [8:34 AM]
805 | Hey Denny, quick question -
806 |
807 | ```
808 | ---
809 | apiVersion: v1
810 | kind: Service
811 | metadata:
812 | name: span
813 | labels:
814 | app: span
815 | spec:
816 | type: NodePort
817 | ports:
818 | - port: 80
819 | nodePort: 30080
820 | selector:
821 | app: spa
822 |
823 | ---
824 | apiVersion: apps/v1beta2
825 | kind: Deployment
826 | metadata:
827 | name: spa
828 | spec:
829 | replicas: 2
830 | selector:
831 | matchLabels:
832 | app: spa
833 | template:
834 | metadata:
835 | labels:
836 | app: spa
837 | spec:
838 | containers:
839 | - name: py
840 | image: viveky4d4v/local-simple-python:latest
841 | ports:
842 | - containerPort: 8080
843 | - name: nginx
844 | image: viveky4d4v/local-nginx-lb:latest
845 | ports:
846 | - containerPort: 80
847 | imagePullSecrets:
848 | - name: regsecret
849 |
850 | ```
851 |
852 |
853 | Now if i access IP:NodePort, will it balance the load across multiple pods ?
854 |
855 |
856 | Denny Zhang (Github . Blogger) [8:35 AM]
857 | I don't think so
858 | #+END_EXAMPLE
859 | *** TODO How Does NodePort work behind the scene?
860 | *** # --8<-------------------------- separator ------------------------>8-- :noexport:
861 | *** TODO How Loadbalancer is implemented in code?
862 | *** # --8<-------------------------- separator ------------------------>8-- :noexport:
863 | *** TODO Does Loadbalancer works only for public cloud?
864 | *** TODO How I configure Ingress?
865 | ** TODO [#A] NodePort VS clusterIP :IMPORTANT:
866 | https://stackoverflow.com/questions/41509439/whats-the-difference-between-clusterip-nodeport-and-loadbalancer-service-types
867 | http://weezer.su/kubernetes-1.html
868 | https://docs.openshift.com/container-platform/3.3/dev_guide/getting_traffic_into_cluster.html
869 |
870 | clusterIP: You can only access this service while inside the cluster.
871 | ** TODO [#A] k8s feature watch list
872 | *** I want to check pod initContainer logs, but I don't want to specify initContainer by name
873 | #+BEGIN_EXAMPLE
874 | macs-MacBook-Pro:Scenario-401 mac$ kubectl logs my-jenkins-jenkins-89889ddb7-ct7jw -c 1
875 | Error from server (BadRequest): container 1 is not valid for pod my-jenkins-jenkins-89889ddb7-ct7jw
876 | macs-MacBook-Pro:Scenario-401 mac$ kubectl logs my-jenkins-jenkins-89889ddb7-ct7jw -c copy-default-config
877 | Error from server (BadRequest): container "copy-default-config" in pod "my-jenkins-jenkins-89889ddb7-ct7jw" is waiting to start: PodInitializing
878 | macs-MacBook-Pro:Scenario-401 mac$ kubectl logs my-jenkins-jenkins-89889ddb7-ct7jw -c copy-default-config
879 | Error from server (BadRequest): container "copy-default-config" in pod "my-jenkins-jenkins-89889ddb7-ct7jw" is waiting to start: PodInitializing
880 | #+END_EXAMPLE
881 | *** Support using environment variables inside deployment yaml file
882 | https://github.com/kubernetes/kubernetes/issues/52787
883 | ** TODO pod error: CreateContainerConfigError
884 | https://github.com/kubernetes/minikube/issues/2256
885 | #+BEGIN_EXAMPLE
886 | bash-3.2$ kubectl get pod my-wordpress-wordpress-df987548d-btvf5
887 | NAME READY STATUS RESTARTS AGE
888 | my-wordpress-wordpress-df987548d-btvf5 0/1 CreateContainerConfigError 0 2m
889 | bash-3.2$
890 | #+END_EXAMPLE
891 |
892 | #+BEGIN_EXAMPLE
893 | bash-3.2$ kubectl describe pod/my-wordpress-wordpress-df987548d-btvf5
894 | Name: my-wordpress-wordpress-df987548d-btvf5
895 | Namespace: default
896 | Node: minikube/192.168.99.102
897 | Start Time: Fri, 05 Jan 2018 16:41:27 -0600
898 | Labels: app=my-wordpress-wordpress
899 | pod-template-hash=895431048
900 | Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"my-wordpress-wordpress-df987548d","uid":"910e01e0-f269-11e7-b6d8...
901 | Status: Pending
902 | IP: 172.17.0.6
903 | Created By: ReplicaSet/my-wordpress-wordpress-df987548d
904 | Controlled By: ReplicaSet/my-wordpress-wordpress-df987548d
905 | Containers:
906 | my-wordpress-wordpress:
907 | Container ID:
908 | Image: bitnami/wordpress:4.9.1-r1
909 | Image ID:
910 | Ports: 80/TCP, 443/TCP
911 | State: Waiting
912 | Reason: CreateContainerConfigError
913 | Ready: False
914 | Restart Count: 0
915 | Requests:
916 | cpu: 300m
917 | memory: 512Mi
918 | Liveness: http-get http://:http/wp-login.php delay=120s timeout=5s period=10s #success=1 #failure=6
919 | Readiness: http-get http://:http/wp-login.php delay=30s timeout=3s period=5s #success=1 #failure=3
920 | Environment:
921 | ALLOW_EMPTY_PASSWORD: yes
922 | MARIADB_ROOT_PASSWORD: Optional: false
923 | MARIADB_HOST: my-wordpress-mariadb
924 | MARIADB_PORT_NUMBER: 3306
925 | WORDPRESS_DATABASE_NAME: bitnami_wordpress
926 | WORDPRESS_DATABASE_USER: bn_wordpress
927 | WORDPRESS_DATABASE_PASSWORD: Optional: false
928 | WORDPRESS_USERNAME: admin
929 | WORDPRESS_PASSWORD: Optional: false
930 | WORDPRESS_EMAIL: contact@dennyzhang.com
931 | WORDPRESS_FIRST_NAME: FirstName
932 | WORDPRESS_LAST_NAME: LastName
933 | WORDPRESS_BLOG_NAME: My DevOps Blog!
934 | SMTP_HOST:
935 | SMTP_PORT:
936 | SMTP_USER:
937 | SMTP_PASSWORD: Optional: false
938 | SMTP_USERNAME:
939 | SMTP_PROTOCOL:
940 | Mounts:
941 | /bitnami/apache from wordpress-data (rw)
942 | /bitnami/php from wordpress-data (rw)
943 | /bitnami/wordpress from wordpress-data (rw)
944 | /var/run/secrets/kubernetes.io/serviceaccount from default-token-tc8kd (ro)
945 | Conditions:
946 | Type Status
947 | Initialized True
948 | Ready False
949 | PodScheduled True
950 | Volumes:
951 | wordpress-data:
952 | Type: PersistentVolumeClaim (a reference to a PersistentVolumeClaim in the same namespace)
953 | ClaimName: my-wordpress-wordpress
954 | ReadOnly: false
955 | default-token-tc8kd:
956 | Type: Secret (a volume populated by a Secret)
957 | SecretName: default-token-tc8kd
958 | Optional: false
959 | QoS Class: Burstable
960 | Node-Selectors:
961 | Tolerations:
962 | Events:
963 | Type Reason Age From Message
964 | ---- ------ ---- ---- -------
965 | Normal Scheduled 1m default-scheduler Successfully assigned my-wordpress-wordpress-df987548d-btvf5 to minikube
966 | Normal SuccessfulMountVolume 1m kubelet, minikube MountVolume.SetUp succeeded for volume "pvc-910644d3-f269-11e7-b6d8-08002782d6cd"
967 | Normal SuccessfulMountVolume 1m kubelet, minikube MountVolume.SetUp succeeded for volume "default-token-tc8kd"
968 | Normal Pulled 1s (x7 over 1m) kubelet, minikube Container image "bitnami/wordpress:4.9.1-r1" already present on machine
969 | Warning Failed 1s (x7 over 1m) kubelet, minikube Error: lstat /tmp/hostpath-provisioner/pvc-910644d3-f269-11e7-b6d8-08002782d6cd: no such file or directory
970 | Warning FailedSync 1s (x7 over 1m) kubelet, minikube Error syncing pod
971 | bash-3.2$
972 | #+END_EXAMPLE
973 | ** TODO [#A] Certified Kubernetes Administrator (CKA) :IMPORTANT:
974 | https://www.cncf.io/certification/expert/
975 |
976 | https://github.com/cncf/curriculum/blob/master/certified_kubernetes_administrator_exam_v1.8.0.pdf
977 |
978 | It is an online, proctored, performance-based test that requires solving multiple issues from a command line.
979 |
980 | Candidates have 3 hours to complete the tasks.
981 | ** HALF Difference in between selectors and labels
982 | ** TODO [#A] kubernetes mount a file to pod :IMPORTANT:
983 | https://stackoverflow.com/questions/33415913/whats-the-best-way-to-share-mount-one-file-into-a-pod
984 | https://www.linkedin.com/feed/update/urn:li:activity:6355445509146107904/
985 | ** TODO K8S label & Selector
986 | https://github.com/dennyzhang/dennytest/tree/master/cheatsheet-kubernetes-A4][challenges-leetcode-interesting]]
987 | * [#A] k8s metric server :noexport:IMPORTANT:
988 | Metrics Server is a cluster-wide aggregator of resource usage data.
989 |
990 | Metrics Server registered in the main API server through Kubernetes aggregator.
991 |
992 | https://github.com/kubernetes-incubator/metrics-server
993 | https://github.com/kubernetes-incubator/metrics-server/tree/master/deploy/1.8%2B
994 |
995 | https://kubernetes.io/docs/tasks/debug-application-cluster/core-metrics-pipeline/
996 | | Name | Summary |
997 | |----------------+-------------------------------------------------------------------|
998 | | Core metrics | node/container level metrics; CPU, memory, disk and network, etc. |
999 | | Custom metrics | refers to application metrics, e.g. HTTP request rate. |
1000 |
1001 | Today (Kubernetes 1.7), there are several sources of metrics within a Kubernetes cluster
1002 | | Name | Summary |
1003 | |----------------+---------------------------------------------------------------------|
1004 | | Heapster | k8s add-on |
1005 | | Cadvisor | a standalone container/node metrics collection and monitoring tool. |
1006 | | Kubernetes API | does not track metrics. But can get real time metrics |
1007 | ** metric server
1008 | Resource Metrics API is an effort to provide a first-class Kubernetes API (stable, versioned, discoverable, available through apiserver and with client support) that serves resource usage metrics for pods and nodes.
1009 |
1010 | - metric server is sort of a stripped-down version of Heapster
1011 | - The metrics-server will collect "Core" metrics from cAdvisor APIs (currently embedded in the kubelet) and store them in memory as opposed to in etcd.
1012 | - The metrics-server will provide a supported API for feeding schedulers and horizontal pod auto-scalers
1013 | - All other Kubernetes components will supply their own metrics in a Prometheus format
1014 | ** Cadvisor
1015 | Cadvisor monitors node and container core metrics in addition to container events.
1016 | It natively provides a Prometheus metrics endpoint
1017 | The Kubernetes kublet has an embedded Cadvisor that only exposes the metrics, not the events.
1018 | ** heapster
1019 | Heapster is an add on to Kubernetes that collects and forwards both node, namespace, pod and container level metrics to one or more "sinks" (e.g. InfluxDB).
1020 |
1021 | It also provides REST endpoints to gather those metrics. The metrics are constrained to CPU, filesystem, memory, network and uptime.
1022 |
1023 | Heapster queries the kubelet for its data.
1024 |
1025 | Today, heapster is the source of the time-series data for the Kubernetes Dashboard.
1026 | ** # --8<-------------------------- separator ------------------------>8-- :noexport:
1027 | ** TODO How to query metric server
1028 | ** TODO Key scenarios of metric server
1029 | The metrics-server will provide a much needed official API for the internal components of Kubernetes to make decisions about the utilization and performance of the cluster.
1030 |
1031 | - HPA(Horizontal Pod Autoscaler) need input to do good auto-scaling
1032 | ** TODO There are plans for an "Infrastore", a Kubernetes component that keeps historical data and events
1033 | ** # --8<-------------------------- separator ------------------------>8-- :noexport:
1034 | ** TODO why from heapster to k8s metric server?
1035 | ** TODO kube-aggregator
1036 | ** TODO what is prometheus format?
1037 | #+BEGIN_EXAMPLE
1038 | Denny Zhang [12:34 AM]
1039 | An easy introduction about k8s metric server. (It will replace heapster)
1040 |
1041 | https://blog.freshtracks.io/what-is-the-the-new-kubernetes-metrics-server-849c16aa01f4
1042 |
1043 | > All other Kubernetes components will supply their own metrics in a Prometheus format
1044 |
1045 | In logging domain, we can say `syslog` is the standard format
1046 |
1047 | In metric domain, maybe we can choose `prometheus` as the standard format.
1048 | #+END_EXAMPLE
1049 | ** Metrics Use Cases
1050 | https://github.com/kubernetes/community/blob/master/contributors/design-proposals/instrumentation/resource-metrics-api.md
1051 |
1052 | https://docs.giantswarm.io/guides/kubernetes-heapster/
1053 |
1054 | #+BEGIN_EXAMPLE
1055 | Horizontal Pod Autoscaler: It scales pods automatically based on CPU or custom metrics (not explained here). More information here.
1056 | Kubectl top: The command top of our beloved Kubernetes CLI display metrics directly in the terminal.
1057 | Kubernetes dashboard: See Pod and Nodes metrics integrated into the main Kubernetes UI dashboard. More info here
1058 | Scheduler: In the future Core Metrics will be considered in order to schedule best-effort Pods.
1059 | #+END_EXAMPLE
1060 | ** useful link
1061 | https://blog.freshtracks.io/what-is-the-the-new-kubernetes-metrics-server-849c16aa01f4
1062 | https://blog.outlyer.com/monitoring-kubernetes-with-heapster-and-prometheus
1063 | https://www.outcoldman.com/en/archive/2017/07/09/kubernetes-monitoring-resources/
1064 | * k8s loadbalancer :noexport:
1065 | ** DONE k8s service: loadbalancer
1066 | CLOSED: [2018-06-19 Tue 13:51]
1067 | #+BEGIN_EXAMPLE
1068 | cat > service.yml < user.yaml <8-- :noexport:
1284 | * DONE Why we need Static Pods :noexport:
1285 | CLOSED: [2019-01-04 Fri 15:04]
1286 | https://kubernetes.io/docs/tasks/administer-cluster/static-pod/
1287 | Denny Zhang [2:26 PM]
1288 | Fan, ever heard of `Static Pods` in k8s?
1289 |
1290 | If yes, could you give me two use scenarios why I would use it.
1291 |
1292 | Fan Zhang [3:00 PM]
1293 | 我听说过
1294 | 其实就是kubelet直接管理的pod
1295 |
1296 | Denny Zhang [3:01 PM]
1297 | 是的,文档是这么说的.
1298 |
1299 | Fan Zhang [3:01 PM]
1300 | 我觉得这个是DeamonSet的补充
1301 |
1302 | Denny Zhang [3:01 PM]
1303 | 我在尝试理解这个背后的应用场景
1304 |
1305 | Fan Zhang [3:02 PM]
1306 | 因为有时候在node上需要有一些particular的service,但又不希望被kubernetes的schecular 管理
1307 |
1308 | Denny Zhang [3:02 PM]
1309 | 将OS的进程容器化
1310 | 但这些只是OS级别,而不是k8s系统或app应用级别的进程
1311 | 可以这样理解吗?
1312 |
1313 | Fan Zhang [3:03 PM]
1314 | 否则 drain之后 就没有了
1315 | 可以这样理解
1316 |
1317 | Denny Zhang [3:04 PM]
1318 | 所以drain node不会把static pod删掉?
1319 | * TODO Why need kubernetes/apiserver: https://github.com/kubernetes/apiserver :noexport:
1320 | Library for writing a Kubernetes-style API server.
1321 |
1322 | https://github.com/kubernetes/kube-aggregator
1323 | * TODO [#A] Questions :noexport:
1324 | ** pod type
1325 | https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/#my-service-is-missing-endpoints
1326 | #+BEGIN_EXAMPLE
1327 | ...
1328 | spec:
1329 | - selector:
1330 | name: nginx
1331 | type: frontend
1332 | #+END_EXAMPLE
1333 |
1334 | kubectl get pods --selector=name=nginx,type=frontend
1335 | ** Containers inside a Pod can communicate with one another using localhost.
1336 | https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/
1337 |
1338 | Networking
1339 | Each Pod is assigned a unique IP address. Every container in a Pod shares the network namespace, including the IP address and network ports. Containers inside a Pod can communicate with one another using localhost. When containers in a Pod communicate with entities outside the Pod, they must coordinate how they use the shared network resources (such as ports).
1340 | ** How to restart a container inside a Pod?
1341 | https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/
1342 |
1343 | Restarting a container in a Pod should not be confused with restarting the Pod. The Pod itself does not run, but is an environment the containers run in and persists until it is deleted.
1344 | ** explain k8s components: apiserver, scheduler, controller-manager, kube-proxy
1345 | ** get logs of failed container
1346 | https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/#my-pod-is-crashing-or-otherwise-unhealthy
1347 | #+BEGIN_EXAMPLE
1348 | If your container has previously crashed, you can access the previous container's crash log with:
1349 |
1350 | $ kubectl logs --previous ${POD_NAME} ${CONTAINER_NAME}
1351 | #+END_EXAMPLE
1352 | ** Why k8s dashboard get deprecated?
1353 | https://kubernetes.io/docs/tasks/access-application-cluster/web-ui-dashboard/
1354 | * TODO k8s architecture :noexport:
1355 | https://www.youtube.com/watch?v=_WfJz5VS_cU&list=PLj6h78yzYM2NGwRwkBPxigKio2r0XHPl9
1356 | * TODO k8s scenario problems :noexport:
1357 | ** TODO export k8s dashboard: kube proxy VS ingress
1358 | ** TODO how to back and restore etcd
1359 | https://kubernetes-incubator.github.io/kube-aws/advanced-topics/etcd-backup-and-restore.html
1360 | * TODO Apply yamls file recursively :noexport:
1361 | #+BEGIN_SRC sh
1362 | # create
1363 | time ls -1 */*.yml | grep -v namespace | xargs -I{} kubectl apply -f {}
1364 |
1365 | # delete
1366 | time ls -1r */*.yml | grep -v namespace | xargs -I{} kubectl delete -f {}
1367 | #+END_SRC
1368 | * TODO devstats: https://k8s.devstats.cncf.io/d/12/dashboards?refresh=15m&orgId=1 :noexport:
1369 | * TODO create a ingress service for clusterip service :noexport:
1370 | * TODO kubectl -vvv :noexport:
1371 | * TODO kubectl get application --all-namespaces :noexport:
1372 | * TODO kubectl delete namespace in GKE is extremely slow :noexport:
1373 | * TODO try more with ReplicaSet :noexport:
1374 | * TODO try PodDisruptionBudget: https://hackernoon.com/top-10-kubernetes-tips-and-tricks-27528c2d0222 :noexport:
1375 | * TODO [#A] k8s services :noexport:
1376 | https://medium.com/google-cloud/kubernetes-nodeport-vs-loadbalancer-vs-ingress-when-should-i-use-what-922f010849e0
1377 | * [#A] ClusterIP :noexport:
1378 | ** TODO kubernetes clusterip
1379 | ** TODO Is k8s ClusterIP SPOF?
1380 | https://mp.weixin.qq.com/s?__biz=MzIzNjUxMzk2NQ==&mid=2247486025&idx=1&sn=1f95917918a3217bb92b97113c81b6c8&chksm=e8d7f58bdfa07c9dedbfbe4f39687ea5d467ec371ecb2dea5dd13101a46d3bb754d6738e481f&scene=27#wechat_redirect
1381 | ** TODO Use ExternalName to avoid ClusterIP SPOF
1382 | * TODO k8s cpu 88m? :noexport:
1383 | #+BEGIN_EXAMPLE
1384 | Limits:
1385 | cpu: 48m
1386 | memory: 104Mi
1387 | Requests:
1388 | cpu: 48m
1389 | memory: 104Mi
1390 |
1391 | #+END_EXAMPLE
1392 | * TODO autoscaling pod: try auto scaling :noexport:
1393 | * TODO k8s volume: readwriteonce, readwritemany? :noexport:
1394 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1395 | * TODO grant more privileges to a given serviceaccount :noexport:
1396 | kubectl get serviceaccount --all-namespaces
1397 |
1398 | prometheus-1-prometheusserviceaccount-e1fd
1399 |
1400 | system:kubelet-api-admin
1401 | * TODO Question: PodDisruptionBudget: https://docs.pivotal.io/runtimes/pks/1-2/troubleshoot-issues.html#upgrade-drain-hangs :noexport:
1402 | If Kubernetes is unable to unschedule a pod, then the drain hangs indefinitely.
1403 |
1404 | One reason why Kubernetes may be unable to unschedule the node is if
1405 | the PodDisruptionBudget object has been configured in a way that
1406 | allows 0 disruptions and only a single instance of the pod has been
1407 | scheduled.
1408 | * TODO k8s events :noexport:
1409 | https://solinea.com/blog/tapping-kubernetes-events
1410 | * TODO kubectl from worker vm, I don't seem to need a kubeconfig :noexport:
1411 | * TODO kubectl apply -f - :noexport:
1412 | * TODO How does "kubectl delete - f -" works? :noexport:
1413 | * TODO devstats: https://k8s.devstats.cncf.io/d/12/dashboards?refresh=15m&orgId=1 :noexport:
1414 | * TODO Is it possible to assign a DNS address to Kubernetes service :noexport:
1415 | * TODO k8s template templateinstance :noexport:
1416 | * TODO [#A] k8s yaml create a loadbalancer :noexport:
1417 | * TODO github improvememnt: update k8s cheatsheet: https://blog.billyc.io/notes/kubectl-notes/ :noexport:
1418 | https://kubernetes.io/docs/reference/kubectl/cheatsheet/
1419 | * [#A] Google Kubernetes :noexport:IMPORTANT:
1420 | No.2 Kubernetes
1421 |
1422 | Kubernetes是一个编排(orchestration)工具,类似运行于Apache Mesos之上的Marathon,但是它是专门为Docker容器而创建的.
1423 |
1424 | Kubernetes is an open-source platform for automating deployment, scaling, and operations of application containers across clusters of hosts, providing container-centric infrastructure
1425 |
1426 | Kubernetes来自Google,除了能在他们自己的Google Container Engine上工作之外,还支持VMware vSphere, Mesos, or Mesosphere DCOS,以及很多公有云,包括Amazon Web Services等.
1427 |
1428 | Kubernetes 具备完善的集群管理能力,包括多层次的安全防护和准入机制`多租户应用支撑能力`透明的服务注册和服务发现机制`内建负载均衡器`故障发现和自我修复能力`服务滚动升级和在线扩容`可扩展的资源自动调度机制`多粒度的资源配额管理能力.
1429 |
1430 | Kubernetes 还提供完善的管理工具,涵盖开发`部署测试`运维监控等各个环节.
1431 |
1432 | 每个API对象都有3大类属性:元数据metadata`规范spec和状态status
1433 |
1434 | - Concepts: Pod, Service, Labels和单Pod单IP
1435 | ** Installing and Setting Up kubectl
1436 | https://kubernetes.io/docs/tasks/tools/install-kubectl/
1437 |
1438 | curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl
1439 | ** kubectl --help
1440 | kubectl controls the Kubernetes cluster manager.
1441 |
1442 | Find more information at https://github.com/kubernetes/kubernetes.
1443 |
1444 | Basic Commands (Beginner):
1445 | create Create a resource by filename or stdin
1446 | expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service
1447 | run Run a particular image on the cluster
1448 | set Set specific features on objects
1449 |
1450 | Basic Commands (Intermediate):
1451 | get Display one or many resources
1452 | explain Documentation of resources
1453 | edit Edit a resource on the server
1454 | delete Delete resources by filenames, stdin, resources and names, or by resources and label selector
1455 |
1456 | Deploy Commands:
1457 | rollout Manage a deployment rollout
1458 | rolling-update Perform a rolling update of the given ReplicationController
1459 | scale Set a new size for a Deployment, ReplicaSet, Replication Controller, or Job
1460 | autoscale Auto-scale a Deployment, ReplicaSet, or ReplicationController
1461 |
1462 | Cluster Management Commands:
1463 | certificate Modify certificate resources.
1464 | cluster-info Display cluster info
1465 | top Display Resource (CPU/Memory/Storage) usage.
1466 | cordon Mark node as unschedulable
1467 | uncordon Mark node as schedulable
1468 | drain Drain node in preparation for maintenance
1469 | taint Update the taints on one or more nodes
1470 |
1471 | Troubleshooting and Debugging Commands:
1472 | describe Show details of a specific resource or group of resources
1473 | logs Print the logs for a container in a pod
1474 | attach Attach to a running container
1475 | exec Execute a command in a container
1476 | port-forward Forward one or more local ports to a pod
1477 | proxy Run a proxy to the Kubernetes API server
1478 | cp Copy files and directories to and from containers.
1479 | auth Inspect authorization
1480 | Advanced Commands:
1481 | apply Apply a configuration to a resource by filename or stdin
1482 | patch Update field(s) of a resource using strategic merge patch
1483 | replace Replace a resource by filename or stdin
1484 | convert Convert config files between different API versions
1485 |
1486 | Settings Commands:
1487 | label Update the labels on a resource
1488 | annotate Update the annotations on a resource
1489 | completion Output shell completion code for the specified shell (bash or zsh)
1490 |
1491 | Other Commands:
1492 | api-versions Print the supported API versions on the server, in the form of "group/version"
1493 | config Modify kubeconfig files
1494 | help Help about any command
1495 | version Print the client and server version information
1496 |
1497 | Use "kubectl --help" for more information about a given command.
1498 | Use "kubectl options" for a list of global command-line options (applies to all commands).
1499 | ** kubernetes: The connection to the server localhost:8080 was refused - did you specify the right host or port?
1500 | https://github.com/kubernetes/kubernetes/issues/23092
1501 | ** Layers
1502 | - Nucleus: API And Execution
1503 | - Application layer: deployment and running
1504 | - Governance layer: automation and policy enforcement
1505 | - Interface layer: client libraries and tools
1506 | - Ecosystem
1507 | ** healthcheck: LivenessProbe, ReadinessProbe
1508 | ** 核心组件
1509 | Kubernetes主要由以下几个核心组件组成:
1510 | - etcd保存了整个集群的状态;
1511 | - apiserver提供了资源操作的唯一入口,并提供认证`授权`访问控制`API注册和发现等机制;
1512 | - controller manager负责维护集群的状态,比如故障检测`自动扩展`滚动更新等;
1513 | - scheduler负责资源的调度,按照预定的调度策略将Pod调度到相应的机器上;
1514 | - kubelet负责维护容器的生命周期,同时也负责Volume(CVI)和网络(CNI)的管理;
1515 | - Container runtime负责镜像管理以及Pod和容器的真正运行(CRI);
1516 | - kube-proxy负责为Service提供cluster内部的服务发现和负载均衡
1517 | ** helloworld
1518 | https://kubernetes.io/docs/tutorials/stateless-application/hello-minikube/
1519 | ** useful link
1520 | https://kubernetes.io
1521 | https://www.reddit.com/r/devops/comments/51ra9q/moving_from_docker_to_rkt/
1522 | http://blog.dataman-inc.com/67/
1523 | http://jpadilla.com/post/161144157937/update-kubernetes-deployment-after-pushing-image
1524 | https://spacelift.io/blog/kubernetes-cheat-sheet
1525 |
1526 | http://www.oschina.net/news/70140/infoworlds-2016-technology-of-the-year-award-winners?p=3#comments
1527 | ** DONE Principle: API的操作复杂度不能超过O(N)
1528 | CLOSED: [2017-06-10 Sat 15:24]
1529 | https://kubernetes.feisky.xyz/architecture/concepts.html
1530 | API操作复杂度与对象数量成正比.这一条主要是从系统性能角度考虑,要保证整个系统随着系统规模的扩大,性能不会迅速变慢到无法使用,那么最低的限定就是API的操作复杂度不能超过O(N),N是对象的数量,否则系统就不具备水平伸缩性了.
1531 | ** Principle: API对象状态不能依赖于网络连接状态
1532 | https://kubernetes.feisky.xyz/architecture/concepts.html
1533 | ** # --8<-------------------------- separator ------------------------>8--
1534 | ** TODO [#A] fail to start minikube: "VBoxManage not found. Make sure VirtualBox is installed and VBoxManage is in the path".
1535 | root@totvsjenkins:/tmp# minikube start
1536 | Starting local Kubernetes v1.6.4 cluster...
1537 | Starting VM...
1538 | E0610 20:14:57.518198 27907 start.go:127] Error starting host: Error creating host: Error with pre-create check: "VBoxManage not found. Make sure VirtualBox is installed and VBoxManage is in the path".
1539 |
1540 | Retrying.
1541 | E0610 20:14:57.519201 27907 start.go:133] Error starting host: Error creating host: Error with pre-create check: "VBoxManage not found. Make sure VirtualBox is installed and VBoxManage is in the path"
1542 | ** TODO how kubernetes use etcd
1543 | ** TODO how healthcheck is implemented
1544 | ** TODO What about alerting and reporting
1545 | ** TODO what's fluentd
1546 | ** # --8<-------------------------- separator ------------------------>8--
1547 | ** TODO [#A] k8s support rolling deployment :IMPORTANT:
1548 | https://www.youtube.com/watch?v=7TOWLerX0Ps
1549 | Kubernetes: zero downtime update at 1 million requests per second
1550 | https://www.youtube.com/watch?v=9C6YeyyUUmI
1551 | Kubernetes: zero downtime update at 10 million QPS
1552 | ** TODO [#A] How to scale Pods with volumes configured :IMPORTANT:
1553 | ** What is Kubernetes
1554 | https://www.youtube.com/watch?v=R-3dfURb2hA
1555 | What is Kubernetes
1556 |
1557 | Deployment, Scaling, Monitoring
1558 | ** DONE Kubernetes hellworld
1559 | CLOSED: [2017-07-11 Tue 08:42]
1560 | https://kubernetes.io/docs/tutorials/stateless-application/hello-minikube/#create-a-minikube-cluster
1561 |
1562 | # build image
1563 | docker build -t hello-node:v1 .
1564 |
1565 | # create deployment
1566 | kubectl run hello-node --image=hello-node:v1 --port=8080
1567 |
1568 | # View the Deployment
1569 | kubectl get deployments
1570 |
1571 | # Create service
1572 | kubectl expose deployment hello-node --type=LoadBalancer
1573 | ** TODO [#A] Install minikube in headless Ubuntu server :IMPORTANT:
1574 | | Name | Summary |
1575 | |-----------------+---------|
1576 | | minikube status | |
1577 | ** DONE [#A] Ubuntu install kubernetes for all-in-one POC: minikube
1578 | CLOSED: [2017-07-11 Tue 08:43]
1579 | https://blog.jetstack.io/blog/k8s-getting-started-part2/
1580 | https://github.com/kubernetes/minikube
1581 | https://stackoverflow.com/questions/38528762/kubernetes-on-ubuntu-16-04
1582 | https://hxquangnhat.com/2016/12/21/tutorial-deploy-a-kubernetes-cluster-on-ubuntu-16-04/
1583 | *** TODO minikube fail to start
1584 | #+BEGIN_EXAMPLE
1585 | root@totvsjenkins:/home/denny/minikube# ./minikube start --vm-driver=none --use-vendored-driver
1586 | Starting local Kubernetes v1.6.4 cluster...
1587 | Starting VM...
1588 | Moving files into cluster...
1589 |
1590 | Setting up certs...
1591 | Starting cluster components...
1592 | Connecting to cluster...
1593 | Setting up kubeconfig...
1594 | Kubectl is now configured to use the cluster.
1595 | ===================
1596 | WARNING: IT IS RECOMMENDED NOT TO RUN THE NONE DRIVER ON PERSONAL WORKSTATIONS
1597 | The 'none' driver will run an insecure kubernetes apiserver as root that may leave the host vulnerable to CSRF attacks
1598 | #+END_EXAMPLE
1599 | *** useful link
1600 | https://www.youtube.com/watch?v=PH-2FfFD2PU
1601 | Kubernetes in 5 mins
1602 | https://www.youtube.com/watch?v=DC7NECq3Ghs
1603 | Setting up and using a single node Kubernetes cluster.
1604 | https://www.youtube.com/watch?v=BDrcUjOczsE
1605 | Kubernetes - Local Testing
1606 |
1607 | https://www.youtube.com/watch?v=R-3dfURb2hA
1608 | The Illustrated Children's Guide to Kubernetes
1609 |
1610 | * TODO [#A] Run a task on every node in a cluster :noexport:
1611 | * TODO kubectl get all won't get psp :noexport:
1612 | #+BEGIN_EXAMPLE
1613 | root@009069ee-95d5-49a2-6b82-67aff8eb6737:/tmp/build/4ecf0f02# kubectl get all --all-namespaces
1614 | NAMESPACE NAME READY STATUS RESTARTS AGE
1615 | kube-system pod/heapster-6d5f964dbd-2xxcm 1/1 Running 0 1d
1616 | kube-system pod/kube-dns-6b697fcdbd-c4rmm 3/3 Running 0 1d
1617 | kube-system pod/kubernetes-dashboard-785584f46b-9wmqj 1/1 Running 0 1d
1618 | kube-system pod/metrics-server-6bbb689cf9-swtxc 1/1 Running 0 1d
1619 | kube-system pod/monitoring-influxdb-76fd8dcff6-qws9m 1/1 Running 0 1d
1620 | kube-system pod/wavefront-proxy-8498d5bbf4-gl6sw 4/4 Running 0 4m
1621 | test-afjogacpjsqfetejycxx pod/busybox-io-ftpz8 1/1 Running 0 1d
1622 |
1623 | NAMESPACE NAME DESIRED CURRENT READY AGE
1624 | test-afjogacpjsqfetejycxx replicationcontroller/busybox-io 1 1 1 1d
1625 |
1626 | NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
1627 | default service/kubernetes ClusterIP 10.100.200.1 443/TCP 1d
1628 | kube-system service/heapster ClusterIP 10.100.200.123 8443/TCP 1d
1629 | kube-system service/kube-dns ClusterIP 10.100.200.10 53/UDP,53/TCP 1d
1630 | kube-system service/kubernetes-dashboard NodePort 10.100.200.8 443:32433/TCP 1d
1631 | kube-system service/metrics-server ClusterIP 10.100.200.102 443/TCP 1d
1632 | kube-system service/monitoring-influxdb ClusterIP 10.100.200.89 8086/TCP 1d
1633 |
1634 | NAMESPACE NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
1635 | kube-system deployment.apps/heapster 1 1 1 1 1d
1636 | kube-system deployment.apps/kube-dns 1 1 1 1 1d
1637 | kube-system deployment.apps/kubernetes-dashboard 1 1 1 1 1d
1638 | kube-system deployment.apps/metrics-server 1 1 1 1 1d
1639 | kube-system deployment.apps/monitoring-influxdb 1 1 1 1 1d
1640 | kube-system deployment.apps/wavefront-proxy 1 1 1 1 4m
1641 |
1642 | NAMESPACE NAME DESIRED CURRENT READY AGE
1643 | kube-system replicaset.apps/heapster-6d5f964dbd 1 1 1 1d
1644 | kube-system replicaset.apps/kube-dns-6b697fcdbd 1 1 1 1d
1645 | kube-system replicaset.apps/kubernetes-dashboard-785584f46b 1 1 1 1d
1646 | kube-system replicaset.apps/metrics-server-6bbb689cf9 1 1 1 1d
1647 | kube-system replicaset.apps/monitoring-influxdb-76fd8dcff6 1 1 1 1d
1648 | kube-system replicaset.apps/wavefront-proxy-8498d5bbf4 1 1 1 4m
1649 | root@009069ee-95d5-49a2-6b82-67aff8eb6737:/tmp/build/4ecf0f02# kubectl get psp
1650 | NAME PRIV CAPS SELINUX RUNASUSER FSGROUP SUPGROUP READONLYROOTFS VOLUMES
1651 | kube-system-psp false * RunAsAny RunAsAny RunAsAny RunAsAny false configMap,emptyDir,projected,secret,downwardAPI
1652 | root@009069ee-95d5-49a2-6b82-67aff8eb6737:/tmp/build/4ecf0f02# kubectl get all --all-namespaces | grep kube-system-psp
1653 | #+END_EXAMPLE
1654 | * TODO where is k8s job log? :noexport:
1655 | http://kubernetesbyexample.com/jobs/
1656 | * TODO kubectl logs --previous nginx-app-zibvs :noexport:
1657 | https://jimmysong.io/cheatsheets/kubernetes-kubectl
1658 | * TODO [#A] play with k8s ingress service :noexport:
1659 | * TODO Vanilla CNCF Certified Kubernetes :noexport:
1660 | * TODO [#A] try admission controller :noexport:
1661 | * HALF Accessing Kubernetes API from pods :noexport:
1662 | curl -k -v --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://
1663 | * TODO k8s training course from linux foundation: https://training.linuxfoundation.org/training/introduction-to-kubernetes/ :noexport:
1664 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1665 | * TODO consolidate: https://codefresh.io/kubernetes-tutorial/page/4/ :noexport:
1666 | * TODO consolidate: https://info.shadow-soft.com/hubfs/Kubernetes-Cheatsheet-Mesosphere.pdf :noexport:
1667 | * TODO consolidate: https://kapeli.com/cheat_sheets/Kubernetes.docset/Contents/Resources/Documents/index :noexport:
1668 | * TODO consolidate: https://lzone.de/cheat-sheet/kubernetes :noexport:
1669 | * TODO consolidate: http://www.productiondown.com/devops/2018/08/02/Kubernetes-Commands-Cheatsheet.html :noexport:
1670 | * TODO consolidate cheatsheet: https://github.com/LeCoupa/awesome-cheatsheets/blob/master/tools/kubernetes.sh :noexport:
1671 | * TODO consolidate: http://kubernetesbyexample.com/ :noexport:
1672 | * TODO consolidate https://jimmysong.io/cheatsheets/kubernetes-tricks :noexport:
1673 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1674 | * HALF use kubectl to pull docker images, instead of ssh to vm :noexport:
1675 | * HALF use kubectl to cleanup docker images, instead of ssh to vm :noexport:
1676 | https://github.com/onfido/k8s-cleanup/blob/master/docker-clean.yml
1677 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1678 | * TODO pv termination hangs there forever :noexport:
1679 | #+BEGIN_EXAMPLE
1680 | /Users/zdenny/git_code/codecommit/devops_blog/k8s kubectl get pv master ✘ ✹ ✔ 0
1681 | NAME CAPACITY ACCESS MODES RECLAIM POLICY STATUS CLAIM STORAGECLASS REASON AGE
1682 | db-pv-volume 400Gi RWO Retain Available 12h
1683 | pvc-bbddb940-5f43-11e9-ba3c-42010a800085 1Gi RWO Delete Bound denny-websites/cdn-pv-claim standard 12h
1684 | website-pv-volume 10Gi RWO Retain Terminating denny-websites/mysql-pv-claim standard 12h
1685 | #+END_EXAMPLE
1686 | * TODO k8s configmap can't be changed :noexport:
1687 | #+BEGIN_EXAMPLE
1688 | /Users/zdenny/git_code/codecommit/devops_blog/k8s kubectl logs -n denny-websites pod/nginx-b88c67f77-dkw64 master ✘ ✖ ✹ ✭ ✔ 0
1689 | Update /etc/nginx/conf.d/default.conf
1690 | + echo 'Update /etc/nginx/conf.d/default.conf'
1691 | + sed -i s/http_port_here/80/g /etc/nginx/conf.d/default.conf
1692 | sed: cannot rename /etc/nginx/conf.d/sedz2uuPB: Device or resource busy
1693 | #+END_EXAMPLE
1694 | * TODO [#A] k8s mount configmap file, then edit it when process boostrap :noexport:
1695 | * TODO gce disk: how and when the filesystem formating happens? :noexport:
1696 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1697 | * TODO k8s pod share volume within containers :noexport:
1698 | * TODO gce use one disk in a small chunks :noexport:
1699 | * TODO k8s mount jenkins home volume, then dockerfile copy/jenkins groovy. How to align? :noexport:
1700 | COPY resources/jobs/ /usr/share/jenkins/ref/jobs/
1701 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1702 | * TODO k8s: when jenkins pod gets recreated, jenkins secret parameters need to be reconfigured :noexport:
1703 | * TODO k8s: instruct application to run a clean shutdown or a safe restart :noexport:
1704 | https://support.cloudbees.com/hc/en-us/articles/115003926511-Best-Practices-for-Jenkins-Updates-Patches-and-Maintenance
1705 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1706 | * HALF doc: configmap cannot be mounted as a file :noexport:
1707 | https://stackoverflow.com/questions/44325048/kubernetes-configmap-only-one-file
1708 |
1709 | ConfigMaps must be mounted as directories
1710 |
1711 | https://github.com/kubernetes/kubernetes/issues/45000
1712 | https://stackoverflow.com/questions/44325048/kubernetes-configmap-only-one-file
1713 | * HALF doc: mount configmap as a seperate file :noexport:
1714 | * TODO How to pass credentials to yaml in a secured way? :noexport:
1715 | * TODO kubectl cluster-info only get recent information :noexport:
1716 | * DONE k8s pod dns :noexport:
1717 | CLOSED: [2019-05-25 Sat 08:21]
1718 | https://kubernetes.io/docs/concepts/services-networking/dns-pod-service/
1719 |
1720 | _my-port-name._my-port-protocol.my-svc.my-namespace.svc.cluster.local
1721 |
1722 | curl -I http://jenkins-lb.my-testbed.svc.cluster.local
1723 | * DONE why one pod has two docker images :noexport:
1724 | CLOSED: [2019-08-01 Thu 14:31]
1725 | One pod with two containers
1726 | #+BEGIN_EXAMPLE
1727 | root@422e158feb46fff15217b24e4f8ad20b [ ~ ]# kubectl get pods -o='custom-columns=PODS:.metadata.name,Images:.spec.containers[*].image' --all-namespaces | grep sche
1728 | kube-scheduler-422e158feb46fff15217b24e4f8ad20b my/kube-scheduler:v1.13.1,my/wcp-schedext:0.0.1.26323453
1729 | #+END_EXAMPLE
1730 | * DONE kubectl get port nodeport :noexport:
1731 | CLOSED: [2020-04-16 Thu 10:57]
1732 | kubectl get service/wordpress -n blog -o json | jq '.spec.ports[].nodePort'
1733 |
1734 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1735 | * TODO [#B] Create PVC workflow :noexport:
1736 | * TODO [#B] Create CRD workflow :noexport:
1737 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1738 | * TODO Why we need kube-controller-manager :noexport:
1739 | * TODO Why we need cluster-controller-manager :noexport:
1740 | * # --8<-------------------------- separator ------------------------>8-- :noexport:
1741 | * TODO k8s volume: CSI, vmdk, NFS :noexport:
1742 | * TODO k8s dynamic PV provision vs static PV provision :noexport:
1743 | * TODO [#A] k8s delete namespace hang :noexport:
1744 | Related resources need to be deleted first
1745 | * TODO [#A] k8s debugging loadbalancer service: external ip in state :noexport:
1746 | #+BEGIN_EXAMPLE
1747 | $ kubectl get svc -n blog
1748 | NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
1749 | mysql ClusterIP 100.69.173.237 3306/TCP 12m
1750 | wordpress LoadBalancer 100.66.31.190 80:30407/TCP 12m
1751 |
1752 | $ kubectl describe service/wordpress -n blog
1753 | Name: wordpress
1754 | Namespace: blog
1755 | Labels: app=wordpress
1756 | Annotations: Selector: app=wordpress
1757 | Type: LoadBalancer
1758 | IP: 100.66.31.190
1759 | Port: 80/TCP
1760 | TargetPort: 80/TCP
1761 | NodePort: 30407/TCP
1762 | Endpoints: 100.117.221.13:80
1763 | Session Affinity: None
1764 | External Traffic Policy: Cluster
1765 | Events:
1766 | 10:34
1767 |
1768 | $ cat 21-wordpress-service.yaml
1769 | apiVersion: v1
1770 | kind: Service
1771 | metadata:
1772 | labels:
1773 | app: wordpress
1774 | namespace: blog
1775 | name: wordpress
1776 | spec:
1777 | type: LoadBalancer
1778 | ports:
1779 | - port: 80
1780 | targetPort: 80
1781 | protocol: TCP
1782 | selector:
1783 | app: wordpress
1784 | #+END_EXAMPLE
1785 | * TODO K8s networking :noexport:
1786 | - container-to-container communication
1787 | - pod-to-pod communication
1788 | K8s itself won't do it for you. And CNI can be used to configure the network of a pod and provide a single IP per pod.
1789 | CNI doesn't help you with pod-to-pod communication across nodes.
1790 | - external-to-pod communication
1791 | * Questions forked from CKA preparation :noexport:
1792 | ** TODO how etcd is designed and implemented?
1793 | ** TODO [#A] Only one IP address per Pod. How multiple containers talk with each other inside one pod?
1794 | Two containers share the same network namespace of the thrid container, known as the pause container.
1795 |
1796 | - The pause container is used to get an IP address, then all containers in the pod will uses its network namespace.
1797 | - To communicate with each other, containers can use the loopback interface, write to files on a common filesystem, or via IPC
1798 | ** TODO Why ipv6 doesn't gain popularity
1799 | ipv6 not backward compatible
1800 | NAT
1801 | ipv4 better management
1802 | ** TODO How K8s reconcilation is done?
1803 | ** TODO How the feature of cluster ip is implemented?
1804 |
--------------------------------------------------------------------------------
/cheatsheet-kubernetes-A4.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dennyzhang/cheatsheet-kubernetes-A4/28218317dcacccb2ad443f090d825292823c315d/cheatsheet-kubernetes-A4.pdf
--------------------------------------------------------------------------------
/get-pod-error-log.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | ## @copyright 2019 DennyZhang.com
3 | ## Licensed under MIT
4 | ## https://www.dennyzhang.com/wp-content/mit_license.txt
5 | ##
6 | ## File: delete_all_containers.sh
7 | ## Author : Denny
8 | ## Description : https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4
9 | ## --
10 | ## Created : <2018-07-10>
11 | ## Updated: Time-stamp: <2019-07-31 22:54:01>
12 | ##-------------------------------------------------------------------
13 | # curl -L https://raw.githubusercontent.com/dennyzhang/cheatsheet-kubernetes-A4/master/get-pod-error-log.sh | bash
14 | namespace=${1:-""}
15 | log_pattern="grep -iE 'exception|error' | grep -v 'Reconciler error' | tail -n10"
16 |
17 | if [ -z "$namespace" ]; then
18 | options="--all-namespaces"
19 | else
20 | options="-n $namespace"
21 | fi
22 | command="kubectl get pods -o='custom-columns=PODS:.metadata.name,PODS:.metadata.namespace' $options | grep -v PODS"
23 | echo "$command"
24 | pods=$(eval "$command")
25 |
26 | IFS=$'\n'
27 | for item in $pods; do
28 | pod=$(echo "$item" | awk '{print $1}')
29 | ns=$(echo "$item" | awk '{print $2}')
30 | command="kubectl logs pod/$pod -n $ns | $log_pattern"
31 | echo "$command" && eval "$command"
32 | done
33 |
--------------------------------------------------------------------------------
/jenkinjavafile:
--------------------------------------------------------------------------------
1 | public class SortedIntList extends IntListVer3{
2 |
3 | public SortedIntList(int initialCap){
4 | //call IntList constructor
5 | super(initialCap);
6 | }
7 |
8 | public SortedIntList(){
9 | super();
10 | }
11 |
12 | //override add
13 | public void add(int value){
14 | //search for location to insert value
15 | int pos = 0;
16 | while( pos < size() && value > get(pos) ){
17 | pos++;
18 | }
19 | super.insert(pos, value);
20 | }
21 |
22 | }
23 |
--------------------------------------------------------------------------------
/k8s-networking-ip.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/dennyzhang/cheatsheet-kubernetes-A4/28218317dcacccb2ad443f090d825292823c315d/k8s-networking-ip.png
--------------------------------------------------------------------------------
/list-all-images.sh:
--------------------------------------------------------------------------------
1 | #!/usr/bin/env bash
2 | ## @copyright 2018 DennyZhang.com
3 | ## Licensed under MIT
4 | ## https://www.dennyzhang.com/wp-content/mit_license.txt
5 | ##
6 | ## Author : Denny
7 | ## Description :
8 | ## https://cheatsheet.dennyzhang.com/cheatsheet-kubernetes-A4
9 | ## --
10 | ## Created : <2018-07-17>
11 | ## Updated: Time-stamp: <2018-12-30 19:07:42>
12 | ##-------------------------------------------------------------------
13 | # https://kubernetes.io/docs/tasks/access-application-cluster/list-all-running-container-images/
14 | kubectl get pods --all-namespaces -o jsonpath="{..image}" |\
15 | tr -s '[[:space:]]' '\n' |\
16 | sort |\
17 | uniq -c
18 |
--------------------------------------------------------------------------------
/skip-tls-verify.md:
--------------------------------------------------------------------------------
1 | ```
2 | apiVersion: v1
3 | clusters:
4 | - cluster:
5 | server: https://192.168.0.100:8443
6 | insecure-skip-tls-verify: true
7 | name: minikube
8 | contexts:
9 | - context:
10 | cluster: minikube
11 | user: minikube
12 | name: minikube
13 | current-context: minikube
14 | kind: Config
15 | preferences: {}
16 | users:
17 | - name: minikube
18 | user:
19 | client-certificate: C:\Users\wes.robinson\.minikube\client.crt
20 | client-key: C:\Users\wes.robinson\.minikube\client.key
21 | ```
22 |
23 | https://github.com/terraform-providers/terraform-provider-kubernetes/issues/189
--------------------------------------------------------------------------------