Kubectl (Kubernetes)

    Tools

    • kubectx: switch between Kubernetes clusters
    • krew: package manager for kubectl plugins

    Create a secret

    # Create a basic secret
    kubectl create secret generic NAME1 -n NAMESPACE --from-litteral=key=value
    
    # Create credential to a docker registry
    kubectl create secret docker-registry NAME2 -n NAMESPACE --docker-server=REGISTRY --docker-username=USERNAME --docker-password=PASSWORD
    

    Read a secret

    By default, kubernetes store a secret as a base64, if you want read the secret test, with the key key in the namespace default, do as follow:

    kubectl get secrets -n default secret-name -o json | jq '.data["key"]' -r | base64 --decode
    

    Read all secrets

    kubectl get secrets secret-name --template='{{ range $key, $value := .data }}{{ printf "%s: %s\n" $key ($value | base64decode) }}{{ end }}'
    

    Update a secret

    Delete the secret or use the following trick:

    kubectl create secret generic NAME1 --from-litteral=key=new_value --dry-run -o yaml | kubectl apply -f -
    

    Get access to the service of a pod (similar to ssh forward)

    kubectl port-forward POD LOCAL_PORT:POD_PORT
    

    Connect to a pod (shell)

    kubectl exec -ti POD bash
    

    Investigate problem on a pod

    kubectl describe POD
    

    Get pods with certain status such as an Error

    kubectl get pods --field-selector "status.phase=Failed"
    

    Get pods sorted from age

    kubectl get pods --sort-by=.metadata.creationTimestamp
    

    source

    Disable cronjob

    kubectl patch cronjobs <job-name> -p '{"spec" : {"suspend" : true }}'
    

    source

    Trigger cronjob

    kubectl create job --from=cronjob/<cronjob_name> <job_name>
    

    source