Links

• https://kubernetes.io/
• kubectl Cheat Sheet
• https://training.play-with-kubernetes.com/
• https://labs.play-with-k8s.com/

Basic Commands

List

PODs on ALL Namespaces

kubectl get pods --all-namespaces

All Namespaces

kubectl get namespaces

Remote execution/console login

kubectl exec -it podname -n namespace -- bash

Authentication

Get service accounts

#kubectl get serviceaccounts

NAME      SECRETS   AGE
default   1         6d
python    1         30m

Create service account

#kubectl create serviceaccount jenkins

Get service account details

#kubectl get serviceaccount jenkins -o yaml

apiVersion: v1
kind: ServiceAccount
metadata:
  creationTimestamp: 2018-05-10T18:21:22Z
  name: jenkins
  namespace: default
  resourceVersion: "1210298"
  selfLink: /api/v1/namespaces/default/serviceaccounts/jenkins
  uid: 1acdecf6-547e-cd34-ab56-000d3a0984c9
secrets:
- name: jenkins-token-3f5ty

Get secret

#kubectl get secret jenkins-token-3f5ty -o yaml
apiVersion: v1
data:
  ca.crt: U1J0dXFmTUc4a0FTdGpmQTBOekdSN1Q2ZzVnc2YzcTFCQk1IRDNlRGZlc3Y3TUw5WlBJc1FKTnp5
aDZpc1phTlQ1Mk1ya2JTX21KbmQ5Z3FYNmxYYmN1bTlKOFlNV3Z5NUdOY05uVnJmeVVtMFJOYXB4
RFNXTkZuUGxfc011QjZiUVU2Ync4M3Z2N1FlSjE0X0EyOFhsRW5qeU5mbDdoVzcxR1ZZS2RVNnpr
TkwwX0RJanB0M1ZPbDlnVXVoMF81X2tmeGVibEYxYnpRSXdGQ2JBMWJfMmpUbGJpY0NnRXY2eDd5
Z05XQ0dXV1MxWEI4SkI4YW5PbVpPeHBSWFpQcDZ4YVdJb3R1cUtUbkpvUnFBQ2tadjNtblE5TEU1
V0lsWlUxWVNScFB2cldkY3ZqVDVBeHJ4M1ZGWVNDNXd3eFp2djBQcXN2RkxtVFhfanhodGFwYUhj
dVFQUGVYUVRpM1lUMklNMVJUeVdESzd5OGJlZEFnT0FSSVRzY1F2N3RqbE9jZTVDOEE5YnhLQVNK
Z0JscVZlcE4xc2loRVVrekhTZHBsVUZpS2pQcFZFSXc4UTc0S0VNMVRpNDFBbXkzV2NKNGNwSXYw
QkVRRDROX2lGUmVaZXVycERuSndOVm1Ya0dBbXZ2RTdiTXBDYzZ0UWZVWk5tazBtTnY1WmJGM1Vp
ZG9YMXhwbEc3QmRoTkpudDBvM3lnMlVVSWxWNTdjSmxMZ2trNXJvTHYxNzJmeWNvb1hJYWxvR3JG
WW5hQXpFUmFJdnNLTWlnanQwTlpCSVpZOGVldjBKeDBnaHZUZnhIQ2twZjJRTG9PZ2VWcEJYbnNs
MHBwR294TDljdENTYUdnRVNWRXAzZ1k3T1QyNkJYQVdnQzhGUVE5VDJrTktCU0hrM0IzS0o1MDZZ
MG45dFZBRWpRVDdDQnpYVDI1Vnk2VTJYU3VhMUY2Y01uYzZtTFl3VmNndXRncmVvNmszWDN6UElU
dWlraDZhN2ZXWEQwY2NIenFTb1FhVUhJQlRfWTlIbEROTlppN2J4QTNCZkZNcEltZG04WEZyUmpE
R0lpOVJyNGFRSVlBRVpXb29VNlp4cklRNHd1Z01udlNNeG5PblZVVkRPSlVLU3F2eFF0UzlYM1Fw
VmlXSktwcFhla3puQWxXeTJNZm5PQW1MSzhoVm80cGxRX0Z0bDNoR0YyN1Njd0NmSlhJMFI5RXhD
NEdiZ0U2RDFDZURrenl3UU1XeHpxc0xMNTY3R0RLQ1ZTMFVWVEJDQzhPUHY2YlRVMGdCZVBIVTFl
ZHZ6ZDAydU1GVzNZTnVKcTU0TFZSV3BVTEVzTTZwMgo=
  token: eXhjUzZsakI5dHlqNHBkbjl3ZDU4bVhvbkVaMzhmcHRrcmdtT1dDY2R6QlZyVTVlOVpZUnZKRHIx
NG1zWDUzdkxzaFBFX0habXpZVTh3VHBoMFJLaUdLR0lUeXdHMXRjOE1GQTBKMUVVd0J0N2NWV0RL
UlpoZDMzWTRTNFU4anlZN0xjMzRaeXhhbjVka1lZMWd6Z2NzeXRCNTNRVEtEc244eWtvT3IxbjYx
VVQ2Yl9iMjRHTF93blR1QTlsSU9sMTZabkxXazBzZ1VicVlOZWFETUpteEUxYUtnb1RlaVBZakda
eF9TZWNFemxzaTBXd3BzWGx5WU42VG5GclQwdF9XeDFoN3pYcnNFMXZTV1lFN29XSWVRMk9qeTV2
ZE5icWpra2NTX2dvbXRBbW91RUt3ckFKTEhDOTJ6dVlvcFVXT1ljQnk5UENDQldWelg0UVdDX2ZG
bW5kams4WF9VbzliaVFVS0JhRFlqeTkyRXZDbXl4aEhsY003SDJFWXBMbUJCOUMybGFqWFFVYUxs
emJiWmJrcVlBa1BtRmFXaG1QX2JTMnVZV0RKNjFfc3Z2MUY4RzdjeG9RR2dIeHJIUkV1bVV0Znpr
WFY1Zk1BOWYwV25sN01OY2h3WGtNNXlhbVFla29qOFBxQm1xWkNUQndFWklUckpRUFdpX3BuVFpI
REtGNFhxTEJIeDFOTDRldEs4TzZVMjhTN21VelJ5dHcyREtHb2RQTG4zRV83MGh5YUVXVUtEbE55
Vnp0djFqNHZ4ZzNYazQ2bkt2WF83N2YwekZBV3JtcHV2YUphMGxTOUtPa3ZVMkdLMHJzVWJyb2ls
YXdiMDRPdzN3RDMyY2h3RHFEaDRiUW1hYldkSUpXQUt4RHVjVnluOVc5OF9LWEwyajhMUHU0YTVl
azdIVW9UekRGYmN2TXFxTHJ1STlmaG5zZWVZbkpWc05LOHhhZnFxb0JZODNrMlpZOWVkY2UyRGtf
Z3pTN1ZiQjVHdzlrZEtuRXB1RWFzamE2VjhDOUpiZTVPS2U3THNYUkFLazVBVGNnVExCV2VmYXZs
eENfdTF5MWRnVDlqd2o1TFMyR1JxczU5eng3Z3UzQ2tRS3ViZHdRajZONmZWYVp2UnBqTjEwNjkz
RlJJTWIwYkpyU3VRX2d3YjA4cGJ5TzFiRlU2TU9kRHNqaUNuYlRfV3V5Q2pTdEdjMmNvclpKNk1M
aFcxZUFkRHlaVzBJc3I3TUo5RUFmM1FxdjFVNXdsZ3B1eEZyUFFSVGRlUnE5NGhDODRkTmVKdFEy
OFJtWEI2TXJJb2lEa2x4b2w1QzRZdHRGNHhNdG1rSAo=
kind: Secret
metadata:
  annotations:
    kubernetes.io/service-account.name: jenkins
    kubernetes.io/service-account.uid: 1acdecf6-547e-cd34-ab56-000d3a0984c9
  creationTimestamp: 2018-05-10T18:21:22Z
  name: jenkins-token-3f5ty
  namespace: default
  resourceVersion: "1210297"
  selfLink: /api/v1/namespaces/default/secrets/jenkins-token-3f5ty
  uid: 1acdecf6-547e-cd34-ab56-000d3a0984c9
type: kubernetes.io/service-account-token

Save token into a file

#echo "eXhjUzZsakI5dHlqNHBkbjl3ZDU4bVhvbkVaMzhmcHRrcmdtT1dDY2R6QlZyVTVlOVpZUnZKRHIx
NG1zWDUzdkxzaFBFX0habXpZVTh3VHBoMFJLaUdLR0lUeXdHMXRjOE1GQTBKMUVVd0J0N2NWV0RL
UlpoZDMzWTRTNFU4anlZN0xjMzRaeXhhbjVka1lZMWd6Z2NzeXRCNTNRVEtEc244eWtvT3IxbjYx
VVQ2Yl9iMjRHTF93blR1QTlsSU9sMTZabkxXazBzZ1VicVlOZWFETUpteEUxYUtnb1RlaVBZakda
eF9TZWNFemxzaTBXd3BzWGx5WU42VG5GclQwdF9XeDFoN3pYcnNFMXZTV1lFN29XSWVRMk9qeTV2
ZE5icWpra2NTX2dvbXRBbW91RUt3ckFKTEhDOTJ6dVlvcFVXT1ljQnk5UENDQldWelg0UVdDX2ZG
bW5kams4WF9VbzliaVFVS0JhRFlqeTkyRXZDbXl4aEhsY003SDJFWXBMbUJCOUMybGFqWFFVYUxs
emJiWmJrcVlBa1BtRmFXaG1QX2JTMnVZV0RKNjFfc3Z2MUY4RzdjeG9RR2dIeHJIUkV1bVV0Znpr
WFY1Zk1BOWYwV25sN01OY2h3WGtNNXlhbVFla29qOFBxQm1xWkNUQndFWklUckpRUFdpX3BuVFpI
REtGNFhxTEJIeDFOTDRldEs4TzZVMjhTN21VelJ5dHcyREtHb2RQTG4zRV83MGh5YUVXVUtEbE55
Vnp0djFqNHZ4ZzNYazQ2bkt2WF83N2YwekZBV3JtcHV2YUphMGxTOUtPa3ZVMkdLMHJzVWJyb2ls
YXdiMDRPdzN3RDMyY2h3RHFEaDRiUW1hYldkSUpXQUt4RHVjVnluOVc5OF9LWEwyajhMUHU0YTVl
azdIVW9UekRGYmN2TXFxTHJ1STlmaG5zZWVZbkpWc05LOHhhZnFxb0JZODNrMlpZOWVkY2UyRGtf
Z3pTN1ZiQjVHdzlrZEtuRXB1RWFzamE2VjhDOUpiZTVPS2U3THNYUkFLazVBVGNnVExCV2VmYXZs
eENfdTF5MWRnVDlqd2o1TFMyR1JxczU5eng3Z3UzQ2tRS3ViZHdRajZONmZWYVp2UnBqTjEwNjkz
RlJJTWIwYkpyU3VRX2d3YjA4cGJ5TzFiRlU2TU9kRHNqaUNuYlRfV3V5Q2pTdEdjMmNvclpKNk1M
aFcxZUFkRHlaVzBJc3I3TUo5RUFmM1FxdjFVNXdsZ3B1eEZyUFFSVGRlUnE5NGhDODRkTmVKdFEy
OFJtWEI2TXJJb2lEa2x4b2w1QzRZdHRGNHhNdG1rSAo=" | base64 -d > token

Query the master to validade the token

#curl https://k8s-master-01/api --header "Authorization: Bearer $(cat token)" --insecure -m 5

{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "192.168.83.55:443"
    }
  ]
}

Add permission to the user jenkins

#kubectl describe clusterrolebindings cluster-admin

Containers

• https://coreos.com/rkt/
• https://www.docker.com/
  • https://hub.docker.com/
  • https://github.com/kubernetes-up-and-running/kuard

Port Forward

kubectl port-forward pod/kuard2 8000:8080

Persistent Storage

kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: task-pv-claim
spec:
  storageClassName: manual
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 3Gi

kind: PersistentVolume
apiVersion: v1
metadata:
  name: task-pv-storage
  labels:
    type: local
spec:
  storageClassName: managed-standard
  capacity:
    storage: 10Gi
  accessModes:
    - ReadWriteOnce
  hostPath:
    path: "/mnt/data"

kubectl get pv task-pv-storage

kind: Pod
apiVersion: v1
metadata:
  name: task-pv-pod
spec:
  volumes:
    - name: task-pv-storage
      persistentVolumeClaim:
       claimName: task-pv-storage
  containers:
    - name: task-pv-container
      image: nginx
      ports:
        - containerPort: 80
          name: "http-server"
      volumeMounts:
        - mountPath: "/usr/share/nginx/html"
          name: task-pv-storage

Tools

• http://fabric8.io/guide/getStarted/helm.html
• NGINX
• K9S
• STERN

API

• Spring Cloud Kubernetes

Certification

• https://www.cncf.io/certification/expert/cka/