Kubernetes

Tips and Tricks

Watch pods with timestamps

kubectl get pods -A -owide -w | while read line ; do echo -e "$(date --rfc-3339=s)\t $line" | tee -a pods.txt ; done

k8s patch and /

Because the characters '' (%x7E) and ’/’ (%x2F) have special meanings in JSON Pointer, '' needs to be encoded as ‘~0’ and ’/’ needs to be encoded as ‘~1’ when these characters appear in a reference token.

• https://stackoverflow.com/questions/55573724/create-a-patch-to-add-a-kubernetes-annotation
• https://www.rfc-editor.org/rfc/rfc6901#section-3

kubectl patch ingress <ingress-name> --type='json' -p='[{"op": "add", "path": "/metadata/annotations/kubernetes.io~1ingress.class", "value":"nginx"}]'

Get secret decoded

kubectl -n <namespace> get secret <secret-name> -ojson | jq -r '.data.password | @base64d'

kubectl -n <namespace> get secret <secret-name> -ojsonpath={.data.password} | base64 --decode

Debug containers

kubectl debug node/aks-userpool-36036827-vmss00000c --image=mcr.microsoft.com/oss/kubernetes/pause:3.9 -it
kubectl run -it --rm debug-pod --image=mcr.microsoft.com/aks/fundamental/base-ubuntu:v0.0.11 --overrides='[{"op":"replace", "path":"/spec/containers/0/resources/limits", "value":{"cpu": "100m", "memory": "128Mi"}}]' --override-type=json

kubectl run -it --rm debug-pod --image=mcr.microsoft.com/aks/fundamental/base-ubuntu:v0.0.11 --overrides='[{\"op\":\"replace\", \"path\":\"/spec/containers/0/resources/limits\", \"value\":{\"cpu\": \"100m\", \"memory\": \"128Mi\"}}]' --override-type=json

Azure

kubeconfig with kubelogin (& kubeswitch)

az aks get-credentials --name aks-name-01 --resource-group op-rg-name-01 --file ~/Clusters/Azure/aks-name-01.yaml
kubelogin convert-kubeconfig --login azurecli --kubeconfig ~/Clusters/Azure/aks-name-01.yaml

# Create kubeconfig for AKS cluster
CLUSTER_NAME=aks-name-01
RESOURCE_GROUP=$(az aks list --output json | jq -r '.[] | select(.name == "'$CLUSTER_NAME'") | .resourceGroup')
az aks get-credentials --name $CLUSTER_NAME --resource-group $RESOURCE_GROUP --file ~/Clusters/Azure/$CLUSTER_NAME.yaml
kubelogin convert-kubeconfig --login azurecli --kubeconfig ~/Clusters/Azure/$CLUSTER_NAME.yaml

EKS

eksctl

# List clusters
eksctl get cluster

# Create cluster
eksctl create cluster --name eks-cluster-name --region us-east-1
eksctl create cluster --name eks-cluster-name --region us-east-1  --spot
eksctl create cluster --name eks-cluster-name --region eu-north-1 --spot --instance-types=t3.medium,t3.small,t4g.medium,t4g.small
eksctl create cluster --name eks-cluster-name --region us-east-1  --fargate

# save kubeconfig file by cluster name, e.g. "~/.kube/eksctl/clusters/<name>"
eksctl utils write-kubeconfig --cluster eks-cluster-name --auto-kubeconfig


export AWS_REGION=eu-west-3
eksctl utils write-kubeconfig --cluster eks-cluster-name --auto-kubeconfig --authenticator-role-arn arn:aws:iam::xxxx:role/cluster

# write to ~/.kube/config
eksctl utils write-kubeconfig --cluster eks-cluster-name --authenticator-role-arn arn:aws:iam::xxxx:role/cluster --region eu-west-3


# Delete cluster
eksctl delete cluster --name eks-cluster-name --region us-east-1

aws eks

aws eks list-clusters
aws eks describe-cluster --name eks-cluster-name

Generating kubeconfig

# Get ARN for role
KUBECONFIG_ROLE_ARN=$(aws iam list-roles --query "Roles[?starts_with(RoleName, 'kubeclusterMastersRole')].Arn" --output text)
# Create kubeconfig file with custom name&alias
aws eks update-kubeconfig --name cluster --region us-east-1 --role-arn "$KUBECONFIG_ROLE_ARN" --alias cluster@foobar --kubeconfig cluster@foobar

EKS Fargate

eks.amazonaws.com/fargate-profile: fp-default
schedulerName: fargate-scheduler

kind

Air-gapped install

Use prebuilt node-image

KUBE_VERSION=v1.30.0
curl -LO https://dl.k8s.io/$KUBE_VERSION/kubernetes-server-linux-amd64.tar.gz
kind build node-image --type file kubernetes-server-linux-amd64-$KUBE_VERSION.tar.gz
kind create cluster --image kindest/node:main