Kubectl (Kubernetes)
Tools
Create a secret
# Create a basic secret
kubectl create secret generic NAME1 -n NAMESPACE --from-litteral=key=value
# Create credential to a docker registry
kubectl create secret docker-registry NAME2 -n NAMESPACE --docker-server=REGISTRY --docker-username=USERNAME --docker-password=PASSWORD
Read a secret
By default, kubernetes store a secret as a base64, if you want read the secret test
, with the key key
in the namespace default
, do as follow:
kubectl get secrets -n default secret-name -o json | jq '.data["key"]' -r | base64 --decode
Read all secrets
kubectl get secrets secret-name --template='{{ range $key, $value := .data }}{{ printf "%s: %s\n" $key ($value | base64decode) }}{{ end }}'
Update a secret
Delete the secret or use the following trick:
kubectl create secret generic NAME1 --from-litteral=key=new_value --dry-run -o yaml | kubectl apply -f -
Get access to the service of a pod (similar to ssh forward)
kubectl port-forward POD LOCAL_PORT:POD_PORT
Connect to a pod (shell)
kubectl exec -ti POD bash
Investigate problem on a pod
kubectl describe POD
Get pods with certain status such as an Error
kubectl get pods --field-selector "status.phase=Failed"
Get pods sorted from age
kubectl get pods --sort-by=.metadata.creationTimestamp
Disable cronjob
kubectl patch cronjobs <job-name> -p '{"spec" : {"suspend" : true }}'
Trigger cronjob
kubectl create job --from=cronjob/<cronjob_name> <job_name>