~/cheatsheets/k8s
Published on

k8s

K8s

CommandDescriptionExample
kubectl auth can-iCheck whether an action is allowedkubectl auth can-i create pods --all-namespaces
kubectl get pods POD_NAME_HERE -o jsonpath='{.spec.containers[*].name}'List all contains in a pod

kubectl

Patching

kubectl patch uses json patch, which means it's possible to use replace, add, and remove operations.

Replace

This will replace the expiry of the zeroth index user in .spec.users to 2022-01-17.

kubectl patch pod pod-tgmgb --type='json' -p '[{"op":"replace","path":"/spec/users/0/expiry","value":"2022-01-17"}]'

Add

This will add a foo field onto the zeroth index user in .spec.users of value bar

kubectl patch pod pod-tgmgb --type='json' -p '[{"op":"add","path":"/spec/users/0/foo","value":"bar"}]'

Remove

This will remove the zeroth index user in .spec.users

kubectl patch pod pod-tgmgb --type='json' -p '[{"op":"remove","path":"/spec/users/0"}]'

Updating CR Status

Curl

For this example, we're going to use a CRD (Custom Resource Definition) called buildJob and a CR called build-job-asc, which has the following Status:

status:
  buildStatus: Scheduled

But we want to update it to the following:

status:
  buildStatus: Pending

The syntax for the curl command is:

curl -k $apiServer/apis/$apiVersion/namespaces/$namespace/$crd/$cr/status --header "Authorization: Bearer $TOKEN" -XPATCH -d"{\"status\":{$thingToChange}}" -H "Content-Type: application/merge-patch+json"

For our example, the curl command would be:

curl -k $apiServer/apis/k8s.test.io/v1alpha1/namespaces/default/buildjob/build-job-asc/status --header "Authorization: Bearer $TOKEN" -XPATCH -d'{"status":{"buildStatus": "Pending"}}' -H "Content-Type: application/merge-patch+json"

Note: You can retrieve the Bearer token from ~/.kube/config

Working with the API Server with Minikube

The easiest way to access the Kubernetes API, when running minikube, is to use kubectl proxy --port=8080, which allows you to access the API with curl http://localhost:8080/api.

It also allows you to browse the API in your browser.

  • Start minikube using minikube start --extra-config=apiserver.Features.EnableSwaggerUI=true
  • Then start kubectl proxy and navigate to http://localhost:8080/swagger-ui/ in your browser.

Note: You can access the Kubernetes API with curl directly using curl --cacert ~/.minikube/ca.crt --cert ~/.minikube/client.crt --key ~/.minikube/client.key https://minikube ip:8443/api/, where minikube ip can be retrieved by running minikube ip, but usually there is no advantage in doing so. Common browsers are not happy with the certificates minikube generates, so if you want to access the API with your browser you need to use kubectl proxy.

Kubectl

For kubectl versions v1.24 and above, you can use the patch command to update the status subresource.

A comparable kubectl command to the curl example above would be:

kubectl patch <crd> <cr> --subresource='status' --type='merge' -p '{"status":{"buildStatus": "Pending"}}'`