CKA - Kubernetes Certified Administrator Cheatsheet

Download as pdf or txt
Download as pdf or txt
You are on page 1of 8

Core Concepts

View resources in namespace  dev :

kubectl get pods -n dev

View all pods in all namespaces:

kubectl get pods -A

View all resources in all namespaces:

kubectl get all -A

Generate a pod yaml file with  nginx  image and  label env=prod :

kubectl run nginx --image=nginx --labels=env=prod --dry-run=client -o yaml > nginx_pod.yaml

Delete a pod  nginx  fast:

kubectl delete pod nginx --grace-period 0 --force

Generate Deployment yaml file:

kubectl create deploy --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml

Access a service  test-service  in a different namespace  dev :

test-service.dev

Create a service for a pod  valid-pod , which serves on port 444 with the name  frontend :

kubectl expose pod valid-pod --port=444 --name=frontend

Recreate the contents of a yaml file:

kubectl replace --force -f nginx.yaml

Edit details of a deployment  nginx :

kubectl edit deploy nginx

Set image of a deployment  nginx :

kubectl set image deploy nginx nginx=nginx:1.18

Scale deployment  nginx  to 4 replicas and  record  the action:

kubectl scale deploy nginx --repliacs=4 --record

Get events in current namespace:

kubectl get events

Scheduling
Get pods with their labels:

kubectl get pods --show-labels

Get the pods that are labeled  env=dev :

kubectl get pods -l env=dev

Get taints of node  node01 :

kubectl describe node node01 | grep -i Taints:

Label node  node01  with label  size=small :


kubectl label nodes node01 size=small

Default static pods path:

/etc/kubernetes/manifests

Check pod nginx logs:

kubectl logs nginx

Check pod logs with multiple containers:

kubectl logs <pod_name> -c <container_name>

Monitoring
Check node resources usage:

kubectl top node

Check pod and their containers resource usage:

kubectl top pod --containers=true

Application Lifecycle Management

Check rollout status of deployment  app :

kubectl rollout status deployment/app

Check rollout history of deployment  app :

kubectl rollout history deployment/app

Undo rollout:
kubectl rollout undo deployment/app

Create configmap  app-config  with  env=dev :

kubectl create configmap app-config --from-literal=env=dev

Create secret  app-secret  with  pass=123 :

kubectl create secret generic app-secret --from-literal=pass=123

Cluster Maintenance
Drain node  node01  of all workloads:

kubectl drain node01

Make the node schedulable again:

kubectl uncordon node01

Upgrade cluster to 1.18 with kubeadm:

kubeadm upgrade plan

apt-get upgrade -y kubeadm=1.18.0-00

kubeadm upgrade apply v1.18.0

apt-get upgrade -y kubelet=1.18.0-00

systemctl restart kubelet

Backup etcd:

export ETCDCTL_API=3

etcdctl \

--endpoints=https://127.0.0.1:2379 \

--cacert=/etc/kubernetes/pki/etcd/ca.crt \

--cert=/etc/kubernetes/pki/etcd/server.crt \

--key=/etc/kubernetes/pki/etcd/server.key \

snapshot save /tmp/etcd-backup.db

Restore etcd:
ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --data-dir /var/lib/etcd-backup

After edit  /etc/kubernetes/manifests/etcd.yaml  and change  /var/lib/etcd  to  /var/lib/etcd-


backup .

Security
Create service account  sa_1

kubectl create serviceaccount sa_1

Check kube-apiserver certificate details:

openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout

Approve certificate singing request for user john:

kubectl certificate approve john

Check the current kubeconfig file:

kubectl config view

Check current context:

kubectl config current-context

Use context dev-user@dev:

kubectl config use-context prod-user@production

Validate if user  john  can create deployments:

kubectl auth can-i create deployments --as john

Create role  dev  to be able to create secrets:

kubectl create role dev --verb=create --resource=secret

Bind the role  dev  to user  john :

kubectl create rolebinding dev-john --role dev --user john

Check namespaced resources:

kubectl api-resources --namespaced=true

Troubleshooting
View all the kube-system related pods:

kubectl get pods -n kube-system

Check if all nodes are in  ready  state:

kubectl get nodes

Check memory, cpu and disk usage on node:

df -h

top

Check status of  kubelet  service on node:

systemctl status kubelet

Check  kubelet  service logs:

sudo journalctl -u kubelet

View kubelet service details:

ps -aux | grep kubelet

Check cluster info:

kubectl cluster-info

Gather info

Find pod CIDR:

kubectl describe node | less -p PodCIDR

Get pods in all namespaces sorted by creation timestamp:

kubectl get pod -A --sort-by=.metadata.creationTimestamp

Find the service CIDR of  node-master :

ssh node0master

cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep range

Find which CNI plugin is used on  node-master :

ls /etc/cni/net.d/

Find events ordered by creation timestamp:

kubectl get events -A --sort-by=.metadata.creationTimestamp

Find internal IP of all nodes:

kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}'

General notes
To create a daemonset, use  kubectl create deploy  command to create a .yaml file and then
change the  kind  and remove  replicas  &  strategy .
To find the static pod manifest path, check the exec command of  kubelet
service  or  staticPodPath  parameter of kubelet’s config file.
To create a static pod, place a yaml definition file in the  staticPodPath  directory.
To identify static pods look for the suffix  -<node_name>  on pods.
To add a new scheduler copy the existing one and add to the container’s command the flags --
leader-elect=false  and  --scheduler-name=my-scheduler-name . To use the new scheduler
under  spec  of a pod definition file specify the option  schedulerName .
To add a default command to a pod use  command  that overrides the default  ENTRYPOINT  from
Dockerfile. Use  args  to override the Dockerfile  CMD  command for the commmand’s extra
parameters.

You might also like