General

Default DNS service url

<service-name>.<namespace>.svc.cluster.local:<service-port>

Debugging

Find pods that have a string in the definition

k get pods -n prod | awk '{print $1}' | xargs -I@ bash -c "echo '@'; kubectl describe pod -n prod @ | grep mongo; echo -e '\n\n\n'"

Force kill pod 🔪

k delete pod -n NAMESPACE POD_NAME --grace-period=0 --force

Find POD by IP

10.117.14.6810.117.31.63

Run busybox

kubectl run -i --tty busybox --image=busybox --restart=Never -- sh

Run container just to entry bash

k run my-debug --image=<docker image uri> --command sleep -- 3600
# and then
k get pods
k exec -it my-debug-eacae012 bash

and debug...

Debugging POD template

apiVersion: v1
kind: Pod
metadata:
  name: marcin-test
  labels:
    your: labels
spec:
  securityContext:
    fsGroup: 1
    runAsGroup: 1
    runAsUser: 1000
    supplementalGroups:
      - 1
  containers:
    - name: just-a-container
      securityContext:
        allowPrivilegeEscalation: false
        capabilities:
          drop:
            - ALL
        privileged: false
        runAsNonRoot: true
        runAsUser: 1000
      image: curlimages/curl:8.15.0
      command: ["sleep"]
      args: ["3600"]
      env:
        - name: EXAMPLE_ENV
          value: VALUE
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
        limits:
          cpu: 1.0
          memory: 256Mi
  restartPolicy: Never

Configuration

Merge two kubeconfig files

cp ~/.kube/config ~/.kube/config.bak && KUBECONFIG=~/.kube/config:/path/to/new/config kubectl config view --flatten > /tmp/config && mv /tmp/config ~/.kube/config

Secrets

Mount secret value as an environment variable

1. Create secret env as string:

   apiVersion: v1
   kind: Secret
   metadata:
   name: mysecret
   type: Opaque
   stringData:
       WSO2_CLOUD_ORG_KEY: "mycompany"
       WSO2_CLOUD_EMAIL: "sample-email@wso2.com"
       WSO2_CLOUD_PASSWORD: "password"
   

   kubectl apply -f mysecret.yaml
   

2. Use in Deployment:

   env: 
   - name: WSO2_CLOUD_ORG_KEY
       valueFrom:
       secretKeyRef:
           name: mysecret
           key: WSO2_CLOUD_ORG_KEY
   

3. For usage in kubeflow pipelines:

   some_op.add_env_variable(
       V1EnvVar(
           name="WANDB_API_KEY",
           value_from=V1EnvVarSource(
               secret_key_ref=V1SecretKeySelector(
                   "WANDB_API_KEY", "wandb-api-key", optional=False
               )
           ),
       )
   )
   

Switch contexts

kubectl config current-context
kubectl config use-context <context_name>

Helm

Access values of nested helm charts with dash in name

E.g. you have mysub-chart subchart, then:

mysub-chart:
  servicename: mysubchart-service

# Then in Helm Chart
{{ index .Values "mysub-chart" "servicename" }}

# If used multiple times just do:
{{- $flyteValues := index .Values "flyte-binary" }}
# At the top of the file and use this #flyteValues variable

Extensions

CSI driver that makes ReadWriteMany from S3 bucket

Also works with CloudFlare R2 https://github.com/yandex-cloud/k8s-csi-s3/tree/master

Example values:

storageClass:
  # Specifies whether the storage class should be created
  create: true
  # Name
  name: csi-s3
  # Use a single bucket for all dynamically provisioned persistent volumes
  singleBucket: "k8s-csi-scaleway"
  # mounter to use - either geesefs, s3fs or rclone (default geesefs)
  mounter: geesefs
  # GeeseFS mount options
  mountOptions: "--memory-limit 1000 --dir-mode 0777 --file-mode 0666"
  # Volume reclaim policy
  reclaimPolicy: Delete
  # Annotations for the storage class
  # Example:
  # annotations:
  #   storageclass.kubernetes.io/is-default-class: "true"
  annotations: {}

secret:
  # Specifies whether the secret should be created
  create: true
  # Name of the secret
  name: csi-s3-secret
  # S3 Access Key
  accessKey: ""
  # S3 Secret Key
  secretKey: ""
  # Endpoint
  endpoint: https://<endpoint>.r2.cloudflarestorage.com