Skip to main content
HashnodeRohit Pagote Blogs

Command Palette

Search for a command to run...

11 - Kubernetes Essential Commands

Published
5 min read
R
Rohit Pagote

I am an aspiring DevOps Engineer proficient with containers and container orchestration tools like Docker, Kubernetes along with experienced in Infrastructure as code tools and Configuration as code tools, Terraform, Ansible. Well-versed in CICD tool - Jenkins. Have hands-on experience with various AWS and Azure services. I really enjoy learning new things and connecting with people across a range of industries, so don't hesitate to reach out if you'd like to get in touch.

Part of seriesKubernetes

Security in Kubernetes

View Certificates

  • The manifests files (kubernetes configuration files) are stored at location

    /etc/kubernetes/manifests/

  • The certificate files (.crt and .key) are stored at location

    /etc/kubernetes/pki/

  • The etcd and ca certificate files (.crt and .key) are stored at location

    /etc/kubernetes/pki/etcd

  • Command to view the certificate information in detailed format

    openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout

Certificates API

  • Command to encode certificate (.csr) into base64 format to use it in the CSR object

    cat akshay.csr | base64 -w 0

  • Command to approve the CSR request

    kubectl certificate approve akshay

  • Command to deny the CSR request

    kubectl certificate deny akshay

  • Command to get more details on a particular CSR (groups, signerName, etc.)

    kubectl get csr akshay -o yaml

  • Command to delete the CSR request

    kubectl delete csr akshay

KubeConfig

  • Default location of kubeconfig file is (note: file name is config)

    /root/.kube/config

  • Structure of kubeconfig file

apiVersion: v1
kind: Config
current-context: user-name@cluster-name
clusters:
- cluster:
- cluster:
contexts:
- context:
- context:
users:
- name:
- name:

  • Command to view the context place at any other location than default

    kubectl config view --kubeconfig=my-kube-config

  • Command to change the current context

    kubectl config --kubeconfig=/root/my-kube-config use-context research

  • Command to know the current context

    kubectl config --kubeconfig=/root/my-kube-config current-context

Roles and RoleBindings

  • Command to count the number of lines from the kubectl output

    kubectl get roles --all-namespaces --no-headers | wc -l

  • Command to describe a particular role

    kubectl describe role kube-proxy -n kube-system

  • Command to check a particular operation as a another user

    kubectl auth can-i get pods --as dev-user

  • Command to describe a particular rolebinding

    kubectl describe rolebinding kube-proxy -n kube-system

ClusterRole and ClusterRoleBindings

  • Command to count the number of lines of clusterroles from the kubectl output

    kubectl get clusterroles --no-headers | wc -l

  • Command to count the number of lines of clusterrolebindings from the kubectl output

    kubectl get clusterrolebindings --no-headers | wc -l

Service Accounts

  • Command to create service account

    kubectl create sa <sa-name>

  • Command to describe service account (to see the tokens mounted)

    kubectl describe sa <-sa-name>

  • Command to inspect a application (pod) to identify service account

    kubectl get pod -o yaml

  • Location where the service account credentials available within the pod

    /var/run/secrets

    • (you can get this by firstly running kubectl describe pod <pod-name> command and then look for Mounts field)

  • Command to create a token for service account

    kubectl create token <sa-name>

  • Command to to inspect a application (pod) to identify service account

    kubectl get pod -o yaml

Install Kubeadm

Installing Kubeadm =>

Installing container runtime =>

Enable IPv4 packet forwarding =>

Getting started with containerd =>

GitHub =>

Docker Engine doc =>

systemctl status containerd =>

Configuring the systemd cgroup driver =>

systemctl restart containerd =>

Installing kubeadm, kubelet and kubectl

Linux commands

  • Command to check the OS distribution name and release

    cat /etc*-release

  • Command to remove all the content of a file after opening it using vi

    :1,$d

  • Command to check the OS distribution name and version

    cat /etc*-release

Linux Networking commands

  • Command to list the network interfaces for the hosts

    ip link

      root@linux:~# ip link
  1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
      link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
  2: enp0s1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP mode DEFAULT group default qlen 1000
      link/ether c2:f6:aa:e3:7d:f5 brd ff:ff:ff:ff:ff:f

  • Command to list the IP addresses assigned to the network interfaces

    ip addr

  • Command to assign/set IP address on the system/host/interface

    ip addr add192.168.1.10/24 dev eth0

  • Command to view the routing table configuration on the system

    route / ip route

  • Command to add entries into the routing table

    ip route add 192.168.2.0/24 via 192.168.1.1

  • Command to check if IP forwarding is enabled on host

    cat /proc/sys/net/ipv4/ip_forward

    • If the output is 0, change it to 1 to enable the IP forwarding

DNS commands

  • File to put the details of host with IP and hostname on the host (local file)

    /etc/hosts

    • You can have as many names as you want for as many servers as you want in the /etc/hosts file.

    • Can have multiple hostnames for the same IP address as well.

    root@linux:~# cat /etc/hosts
    =>    192.168.1.10    web

  • File to put the details of host with IP and hostname on the host (DNS resolution configuration file)

    /etc/resolv.conf

      root@linux:~# cat /etc/resolv.conf
  =>    192.168.1.10    web
        Foward All to 8.8.8.8

  • File to change the sequence used by the system to resolve or map a hostname to IP addresses

    /etc/nsswitch.conf

      root@linux:~# cat /etc/nsswitch.conf
  =>    ...
        hosts:    file dns
        ...

change the default namespace

kubectl config set-context --current --namespace alpha

Networking commands

  • Command to view the bridge type interface

    ip addr show type bridge

  • If you were to ping google from the controlplane node, which route does it take?

    ip route - and look for default route ip

  • View the port the kube-scheduler is listening on

    netstat -nplt | grep scheduler

    netstat -nplt | grep etcd

  • ETCD is listening on two ports. Which of these have more client connections established?

    netstat -anp | grep etcd | grep 2379 | wc -l

  • Command to get the container-runtime endpoints defined in kubelet

    ps aux | grep kubelet | grep container-runtime

  • Path configured with all binaries of CNI supported plugins

    /opt/cni/bin

  • Path to view the configured CNI plugin on cluster

    /etc/cni/net.d

  • Range of IP addresses configured for PODs on this cluster

    kubectl logs <weave-pod-name> weave -n kube-system and look for ipalloc-range

  • IP Range configured for the services within the cluster

    cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep cluster-ip-range

  • Type of proxy is the kube-proxy configured to use

    kubectl logs <kube-proxy-pod-name> -n kube-system

  • Identify the type of DNS

    kubectl get pods -A and look for dns pod

  • Path of configuration file for configuring the CoreDNS service

    /etc/coredns/Corefile

  • Corefile passed to coredns service

    as configmap

  • Root domain/zone configured for this kubernetes cluster

    kubectl describe configmap coredns -n kube-system

#kubernetes-commands#kubernetes#kubernetes-container

Comments

Join the discussion

No comments yet. Be the first to comment.

Kubernetes

Part 11 of 11
Start from the beginning

01 - Kubernetes Fundamentals

What is Kubernetes? Kubernetes, also known as K8s, is an open-source container orchestration tool for automating the deployment, scaling, and management of containerized applications. Kubernetes Architecture In Kubernetes, we have MASTER NODE and W...

More from this blog

Rohit Pagote Blogs

39 posts

A DevOps enthusiast with a passion for implementing modern DevOps terminologies and tools and proficient in AWS cloud, Azure cloud, DevOps practices, IT infrastructure and Support.