kb/kubernetes
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
kubernetes/README.md
Márcio Fernandes d742133f57 modified: README.md
2025-11-29 12:54:40 +00:00

313 lines
6.7 KiB
Markdown
Raw Permalink Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# kubernetes
Kubernetes is an opensource platform that automates the deployment, scaling, and management of containerized applications. It acts as an orchestrator, ensuring your containers run reliably across clusters of machines, handling networking, storage, and updates without downtime.
- [k3s](#k3s)
- [Install / Setup](#install--setup)
- [Kubernetes DNS](#kubernetes-dns)
- [Services DNS Name](#services-dns-name)
- [kubectl](#kubectl)
- [Get Pod](#get-pod)
- [Pod delete](#pod-delete)
- [OOMKilled](#oomkilled)
- [Rollout](#rollout)
- [Custom Resource Definitions](#custom-resource-definitions)
- [Helper pods](#helper-pods)
- [network testing](#network-testing)
- [Set Replicas](#set-replicas)
- [taint nodes](#taint-nodes)
- [control plane - NoSchedule](#control-plane---noschedule)
- [Resources](#resources)
- [Services Accounts](#services-accounts)
- [Secrets](#secrets)
- [Manifest - Opaque / Base64](#manifest---opaque--base64)
- [Manifest - StringData](#manifest---stringdata)
- [Inline with heredoc and environment variables](#inline-with-heredoc-and-environment-variables)
- [substr](#substr)
- [service accounts](#service-accounts)
## k3s
K3s is a lightweight, certified Kubernetes distribution designed to run in resourceconstrained environments such as edge devices, IoT appliances, and small servers. It simplifies installation and operation by packaging Kubernetes into a single small binary, while still being fully compliant with the Kubernetes API.
🌐 What K3s Is
- Definition: K3s is a simplified Kubernetes distribution created by Rancher Labs (now part of SUSE) and maintained under the CNCF.
- Purpose: Its built for environments where full Kubernetes (K8s) is too heavy — like Raspberry Pis, edge servers, or CI pipelines.
- Size: The entire distribution is packaged into a binary under ~70MB.
### Install / Setup
**Default master installation:**
``` bash
curl -sfL https://get.k3s.io | sh -
```
## Kubernetes DNS
**Automatic DNS Records:** Kubernetes automatically creates DNS entries for Services and Pods. This allows workloads to connect using predictable names instead of IPs, which may change.
### Services DNS Name
```text
<service-name>.<namespace>.svc.<cluster-domain>
```
*Example: [test-services.services.svc.cluster.local](test-services.services.svc.cluster.local).*
## kubectl
kubectl is the commandline tool used to interact with Kubernetes clusters. Think of it as the “remote control” for Kubernetes: it lets you deploy applications, inspect resources, and manage cluster operations directly from your terminal.
**Create namespace:**
``` bash
kubectl create namespace tests
```
### Get Pod
**Get pod name by label ap:**
```bash
POD_NAME=$(kubectl get pod -l app=borg-backup-sidekick -n git-limbosolutions-com -o jsonpath='{.items[0].metadata.name}')
echo $POD_NAME
```
### Pod delete
**Restart local Path Provizionizer:**
``` bash
kubectl delete pod -n kube-system -l app=local-path-provisioner
```
### OOMKilled
**list all OOMKilled pods:**
``` bash
kubectl get events --all-namespaces | grep -i "OOMKilled"
```
### Rollout
**rollout coredns:**
``` bash
kubectl rollout restart deployment coredns -n kube-system
```
### Custom Resource Definitions
- **Definition:** A Custom Resource Definition (CRD) is an extension of the Kubernetes API.
- **Purpose:** They allow you to define new resource kinds (e.g., Database, Backup, FooBar) that behave like native Kubernetes objects.
- **Analogy:** By default, Kubernetes understands objects like Pods and Services. With CRDs, you can add your own object types and manage them with kubectl just like builtin resources
**List traefik CRDS:**
```bash
kubectl get crds | grep traefik
```
### Helper pods
#### network testing
``` bash
kubectl run -i --tty dns-test --namespace tests --image=busybox --restart=Never --
kubectl delete pod dns-test --namespace tests || 0
```
**Example using yaml and hostNetwork:**
- Create Pod
```yaml
apiVersion: v1
kind: Pod
metadata:
name: dns-test
namespace: tests
spec:
hostNetwork: true
containers:
- name: dns-test
image: busybox
command: ["sh"]
stdin: true
tty: true
```
- Attach to Pod
```bash
kubectl attach -it dns-test -n tests
```
- Execute command inside pod.
``` bash
nslookup google.com
```
- Delete pod
```bash
kubectl delete pod dns-test --namespace tests
```
### Set Replicas
**Set deployment replicas to 0:**
```bash
kubectl patch deployment <deployment-name> \
-n <namespace> \
-p '{"spec":{"replicas":0}}'
```
**Set statefulset replicas to 0:**
```bash
kubectl patch statefulset zigbee2mqtt \
-n mqtt \
-p '{"spec":{"replicas":1}}'
```
### taint nodes
#### control plane - NoSchedule
``` bash
MASTER_NODE_NAME="master-node-name"
kubectl taint nodes ${MASTER_NODE_NAME} node-role.kubernetes.io/control-plane=:NoSchedule
```
### Resources
**List all resources:**
```bash
kubectl get all -n kube-system | grep traefik
```
**List service accounts:**
```bash
kubectl get serviceAccount --all-namespaces
```
### Services Accounts
**List all:**
```bash
kubectl get serviceAccount --all-namespaces
```
**Get Service Account Token:**
```bash
kubectl get secret <secret_name> -o jsonpath='{.data.token}' | base64 -d
```
```bash
kubectl get secret <secret_name> -o jsonpath='{.data.token}' | base64 -d > ./service-account-secret-base64
```
**Get Cluster certificate Base64:**
```bash
kubectl config view --raw -o jsonpath='{.clusters[0].cluster.certificate-authority-data}'
```
## Secrets
### Manifest - Opaque / Base64
```yaml
apiVersion: v1
kind: Secret
metadata:
name: secret-name
namespace: namespace-name
type: Opaque
data:
SERVER_ADDRESS: MTI3LjAuMC4x # 127.0.0.1 BASE64
```
### Manifest - StringData
```yaml
apiVersion: v1
kind: Secret
metadata:
name: secret-name
namespace: namespace-name
stringData:
SERVER_ADDRESS: 127.0.0.1
```
### Inline with heredoc and environment variables
``` bash
SERVER_ADDRESS=127.0.0.1
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: secret-name
namespace: namespace-name
stringData:
SERVER_ADDRESS: ${SERVER_ADDRESS}
EOF
```
### substr
**yaml secret template:**
``` yaml
# ./secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: secret-name
namespace: namespace-name
stringData:
SERVER_ADDRESS: ${SERVER_ADDRESS}
```
``` bash
export SERVER_ADDRESS="127.0.1"
envsubst < ./secret.yaml | kubectl apply -f -
```
**env file and envsubst:**
``` bash
#---
# ./.env
# content:
# SERVER_ADDRESS=127.0.0.1
#---
set -a
source ./.env
set +a
envsubst < ./secret.yaml | kubectl apply -f -
```
## service accounts
**Get service account token:**
```bash
kubectl get secret continuous-deploy -o jsonpath='{.data.token}' | base64 -d
```
Reference in New Issue View Git Blame Copy Permalink