Useful cli commands

Question 1

Scaling deployments

Answer 1

k scale deploy
k scale deploy mynginx –replicas=3
k get A –selector app=mynginx

Question 2

Set env variables

Answer 2

k set env deploy maria-deploy MARIADB_ROOT_PASSWORD=1234

Question 3

Create CM from file or from literal

Answer 3

k create cm maria-pwd –from-file=maria-passwords
k create cm maria-pwd –from-literal=MARIADB_ROOT_PASSWORD=12345

Question 4

Set deployment variable from cm

Answer 4

k set env deploy maria-deploy –from=configmap/maria-pwd

Question 5

Expose port

Answer 5

k expose deploy mydep –port=8080 –type=NodePort

Question 6

Label node
Set in Pod spec this label to run on specific node

Answer 6

k label nodes worker2 disktype=ssd
____
kind: Pod
apiVersion: v1
spec:
containers:
- name: nginx-cont
image: nginx
nodeSelector:
disktype: ssd

Question 7

Read current context
Set config

Answer 7

k config view
k config –kubeconfig=~./kube/config –set-cluster mycluster –server=http://192.168.29.120 –certificate-authority=clusterca.crt

Question 8

RBAC

Answer 8

k create ns staff
k config get-context
useradd anna -s /bin/bash -G sudo -m
passwd anna
sudo su - anna
create private key:
openssl genrsa -out anna.key 2048
create cert signing request:
openssl req -new -key=anna.key -out=anna.csr -subj “/CN=anna/O=k8s”
sudo openssl x509 -req -in=anna.csr -CA=/etc/kubernetes/pki/ca.crt -CAkey=/etc/kubernetes/pki/ca.key -CAcreateserial -out=anna.crt -days=1800
mkdir .kube
sudo cp /etc/kubernetes/admin.conf .kube/config
sudo chown -R anna:anna .kube
k config set-credentials anna –client-certificate=/home/anna/anna.crt –client-key=/home/anna/anna.key

k config set-context anna-context –cluster=kubernetes –user=anna –namespace=staff
k config use-context anna-context
exit to be root user
k run mynginx –image=nginx -n staff
k create role annarole –verb=get,list –resource=pods -n staff
k create rolebinding annabnd –role=annarole –user=anna -n staff
sudo su - anna
k get pods=> mynginx

Question 9

services

Answer 9

servicename.namespace.svc.clustername
also look into /etc/resolv.conf for a pod to check FQDN

Question 10

Taints only allow run pods with label disk=ssd

Answer 10

NoSchedule
PreferNoSchedule
NoExecute: migrate pods from this node
k taint nodes worker1 disk=ssd:NoSchedule
k taint nodes worker1 disk=ssd:NoSchedule-

Question 11

Toleration allow to pods on nodes with taints

Answer 11

tolerations:
- key: “key1”
operator: “Equal”
value: “value1”
effect: “NoSchedule”

Question 12

Scaling deployments

Answer 12

k scale delopy mydep –replicas=3

Question 13

Provide env vars to pod (this does not work for deployments)

Answer 13

k run mynginx –image=nginx – env=”MYSQL_ROOT_PASSWORD=123”

Question 14

Provide env vars to deploy

Answer 14

k create deploy mynginx –image=nginx
k set env deploy myngin MYSQL_ROOT_PASSWORD=123

Question 15

Create env vars from config maps

Answer 15

k create cm –from-env-file=dbvars
k set env –from=configmap/mycm deploy/mydep

Question 16

Generate new token and print this

Answer 16

kubeadm token create –print-join-command

Question 17

Metrics server

Answer 17

https://github.com/kubernetes-sigs/metrics-server

Question 18

Restore from backup

Answer 18

stop core services:
mv /etc/kubernetes/manifests/.yaml /etc/kubernetes
sudo crictl ps
sudo ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcdbackup.db –data-dir /var/lib/etcd-backup
will restore in non-default folder
sudo ls -la /var/lib/etcd-backup/member
sudo vi /etc/kubernetes/etcd.yaml
go to volumes section, etcd-data
update path with /var/lib/etcd-backup
sudo mv /etc/kubernetes/.yaml /etc/kubernetes/manifests
and check core services started working
sudo crictl ps

Question 19

apply network pod plugin

Answer 19

k apply -f https://docs.projectcalico.org/manifests/calico.yaml

Question 20

Install cluster

Answer 20

on CP node:
1. kubeadm init (there are options, check kubeadm init -h)
2. follow the output and create dir .kube, copy /etc/kubernetes/admin.conf to .kube/config. At this point kubectl get all should be working
3. install network pod plugin calico
On worker nodes:
kubeadm join

kubeadm reset - try to reset if something goes wrong
if the token is expire:
kubeadm token create –print-join-command

Question 21

backup etcd

Answer 21

1. apt install etcd-client
2. sudo ETCDCTL_API=3 etcdctl
3. sudo ps aux | grep etcd
4. sudo ETCDCTL_API=3 etcdctl –endpoints=localhost: 2379 –cacert=/etc/kubernetes/pki/etcd/ca.crt –cert=/etc/kubernetes/pki/etcd/server.crt –key=/etc/kubernetes/pki/etcd/server.key get / –prefix –keys-only
5. sudo ETCDCTL_API=3 etcdctl –endpoints=localhost: 2379 –cacert=/etc/kubernetes/pki/etcd/ca.crt –cert=/etc/kubernetes/pki/etcd/server.crt –key=/etc/kubernetes/pki/etcd/server.key snapshot save /tmp/etcdbackup.db
6. sudo ETCDCTL_API=3 etcdctl –write-out=table snapshot status /tmp/etcbackup.db