- Published on
k8s
K8s
| Command | Description | Example |
|---|---|---|
kubectl auth can-i | Check whether an action is allowed | kubectl auth can-i create pods --all-namespaces |
kubectl get pods POD_NAME_HERE -o jsonpath='{.spec.containers[*].name}' | List all contains in a pod | |
kubectl get pods POD_NAME_HERE -o jsonpath='{.spec.initContainers[*].name}' | List all init contains in a pod |
Patching
kubectl patch uses json patch, which means it's possible to use replace, add, and remove operations.
Merge Patch
kubectl patch pod pod-tgmgb --type='merge' -p '{"spec": {"nested":{"field": "hello world"}}}'
Replace
This will replace the expiry of the zeroth index user in .spec.users to 2022-01-17.
kubectl patch pod pod-tgmgb --type='json' -p '[{"op":"replace","path":"/spec/users/0/expiry","value":"2022-01-17"}]'
Add
This will add a foo field onto the zeroth index user in .spec.users of value bar
kubectl patch pod pod-tgmgb --type='json' -p '[{"op":"add","path":"/spec/users/0/foo","value":"bar"}]'
Remove
This will remove the zeroth index user in .spec.users
kubectl patch pod pod-tgmgb --type='json' -p '[{"op":"remove","path":"/spec/users/0"}]'
Updating CR Status
Curl
For this example, we're going to use a CRD (Custom Resource Definition) called buildJob and a CR called build-job-asc, which has the following Status:
status:
buildStatus: Scheduled
But we want to update it to the following:
status:
buildStatus: Pending
The syntax for the curl command is:
curl -k $apiServer/apis/$apiVersion/namespaces/$namespace/$crd/$cr/status --header "Authorization: Bearer $TOKEN" -XPATCH -d"{\"status\":{$thingToChange}}" -H "Content-Type: application/merge-patch+json"
For our example, the curl command would be:
curl -k $apiServer/apis/k8s.test.io/v1alpha1/namespaces/default/buildjob/build-job-asc/status --header "Authorization: Bearer $TOKEN" -XPATCH -d'{"status":{"buildStatus": "Pending"}}' -H "Content-Type: application/merge-patch+json"
Note: You can retrieve the Bearer token from ~/.kube/config
Working with the API Server with Minikube
The easiest way to access the Kubernetes API, when running minikube, is to use kubectl proxy --port=8080, which allows you to access the API with curl http://localhost:8080/api.
It also allows you to browse the API in your browser.
- Start minikube using
minikube start --extra-config=apiserver.Features.EnableSwaggerUI=true - Then start
kubectl proxyand navigate tohttp://localhost:8080/swagger-ui/in your browser.
Note: You can access the Kubernetes API with curl directly using curl --cacert ~/.minikube/ca.crt --cert ~/.minikube/client.crt --key ~/.minikube/client.key https://minikube ip:8443/api/, where minikube ip can be retrieved by running minikube ip, but usually there is no advantage in doing so. Common browsers are not happy with the certificates minikube generates, so if you want to access the API with your browser you need to use kubectl proxy.
Kubectl
For kubectl versions v1.24 and above, you can use the patch command to update the status subresource.
A comparable kubectl command to the curl example above would be:
kubectl patch <crd> <cr> --subresource='status' --type='merge' -p '{"status":{"buildStatus": "Pending"}}'`