Config
export KUBECONFIG=/path/to/kubeconfig
ENV from prod manifest
- name: LEGO_NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
possible values: metadata.name, metadata.namespace, metadata.labels, metadata.annotations, spec.nodeName, spec.serviceAccountName, status.podIP
schedule pod on specific node
spec:
nodeName: <my node>
kubectl run with node selector
kubectl run --overrides='{"spec":{"nodeSelector":{"type":"app"}}}' \
--restart=Never --image quay.io/tobstarr/toolbox toolbox
deployments without node selector
kubectl -n kube-system get deployments -o json | jq '.items[] | select(.spec.template.spec.nodeSelector == null) | .metadata.name' -c -r
Network Plugins
adapter | manifest |
---|---|
flannel | https://raw.githubusercontent.com/coreos/flannel/master/Documentation/kube-flannel.yml |
weave | https://git.io/weave-kube |
check ca expiration in cluster
# select something other for admin
openssl x509 -in <(kubectl config view -o json --raw | jq '.users[] | select(.name == "admin") .user["client-certificate-data"]' -c -r | base64 -d) -text -noout
select things via label
kubectl get rs -l "run=mysql"
update image of deployment/rs/rc
kubectl set image deployments/<deployment_name> --image '*=<image_name>'
http probes
livenessProbe:
failureThreshold: 1
httpGet:
path: /
port: 80
scheme: HTTP
periodSeconds: 60
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /
port: 80
scheme: HTTP
periodSeconds: 1
successThreshold: 1
timeoutSeconds: 1
tcp probes
readinessProbe:
tcpSocket:
port: 9292
dns with full address
http://mysql.default.svc.cluster.local
pod affinity
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchLabels:
run: nginx
topologyKey: kubernetes.io/hostname
init containers for ES
initContainers:
- name: init-sysctl
image: busybox:1.27.2
command:
- sysctl
- -w
- vm.max_map_count=262144
securityContext:
privileged: true