Config

export KUBECONFIG=/path/to/kubeconfig

ENV from prod manifest

- name: LEGO_NAMESPACE
  valueFrom:
    fieldRef:
      fieldPath: metadata.namespace

possible values: metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP

schedule pod on specific node

spec:
  nodeName: <my node>

kubectl run with node selector

kubectl run --overrides='{"spec":{"nodeSelector":{"type":"app"}}}' \
--restart=Never --image quay.io/tobstarr/toolbox toolbox

deployments without node selector

kubectl -n kube-system get deployments -o json  | jq '.items[] | select(.spec.template.spec.nodeSelector == null) | .metadata.name' -c -r

Network Plugins

adapter manifest
flannel https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml
weave https://git.io/weave-kube

check ca expiration in cluster

# select something other for admin
openssl x509 -in <(kubectl config view -o json  --raw | jq '.users[] | select(.name == "admin") .user["client-certificate-data"]' -c -r   | base64 -d) -text -noout

select things via label

kubectl get rs -l "run=mysql"

update image of deployment/rs/rc

kubectl set image deployments/<deployment_name> --image '*=<image_name>'

http probes

livenessProbe:
  failureThreshold: 1
  httpGet:
    path: /
    port: 80
    scheme: HTTP
  periodSeconds: 60
  successThreshold: 1
  timeoutSeconds: 1
readinessProbe:
  failureThreshold: 3
  httpGet:
    path: /
    port: 80
    scheme: HTTP
  periodSeconds: 1
  successThreshold: 1
  timeoutSeconds: 1

tcp probes

readinessProbe:
  tcpSocket:
      port: 9292

dns with full address

http://mysql.default.svc.cluster.local

pod affinity

affinity:
  podAntiAffinity:
    requiredDuringSchedulingIgnoredDuringExecution:
    - labelSelector:
        matchLabels:
          run: nginx
      topologyKey: kubernetes.io/hostname

init containers for ES

  initContainers:
  - name: init-sysctl
    image: busybox:1.27.2
    command:
    - sysctl
    - -w
    - vm.max_map_count=262144
    securityContext:
      privileged: true