This material was gathered during my preparation for the CKA certification exam. I created and curated this cheatsheet with useful commands and information that will be handy to review before taking the exam.
If you want to know how to prepare for the CKA exam, check my How to pass CKA post.
Core Concepts
View resources in namespace dev:
kubectl get pods -n dev
View all pods in all namespaces:
kubectl get pods -A
View all resources in all namespaces:
kubectl get all -A
Generate a pod yaml file with nginx image and label env=prod:
kubectl run nginx --image=nginx --labels=env=prod --dry-run=client -o yaml > nginx_pod.yaml
Delete a pod nginx fast:
kubectl delete pod nginx --grace-period 0 --force
Generate Deployment yaml file:
kubectl create deploy --image=nginx nginx --dry-run=client -o yaml > nginx-deployment.yaml
Access a service test-service in a different namespace dev:
test-service.dev
Create a service for a pod valid-pod, which serves on port 444 with the name frontend:
kubectl expose pod valid-pod --port=444 --name=frontend
Recreate the contents of a yaml file:
kubectl replace --force -f nginx.yaml
Edit details of a deployment nginx:
kubectl edit deploy nginx
Set image of a deployment nginx:
kubectl set image deploy nginx nginx=nginx:1.18
Scale deployment nginx to 4 replicas and record the action:
kubectl scale deploy nginx --repliacs=4 --record
Get events in current namespace:
kubectl get events
Scheduling
Get pods with their labels:
kubectl get pods --show-labels
Get the pods that are labeled env=dev:
kubectl get pods -l env=dev
Get taints of node node01:
kubectl describe node node01 | grep -i Taints:
Label node node01 with label size=small:
kubectl label nodes node01 size=small
Default static pods path:
/etc/kubernetes/manifests
Check pod nginx logs:
kubectl logs nginx
Check pod logs with multiple containers:
kubectl logs <pod_name> -c <container_name>
Monitoring
Check node resources usage:
kubectl top node
Check pod and their containers resource usage:
kubectl top pod --containers=true
Application Lifecycle Management
Check rollout status of deployment app:
kubectl rollout status deployment/app
Check rollout history of deployment app:
kubectl rollout history deployment/app
Undo rollout:
kubectl rollout undo deployment/app
Create configmap app-config with env=dev:
kubectl create configmap app-config --from-literal=env=dev
Create secret app-secret with pass=123:
kubectl create secret generic app-secret --from-literal=pass=123
Cluster Maintenance
Drain node node01 of all workloads:
kubectl drain node01
Make the node schedulable again:
kubectl uncordon node01
Upgrade cluster to 1.18 with kubeadm:
kubeadm upgrade plan
apt-get upgrade -y kubeadm=1.18.0-00
kubeadm upgrade apply v1.18.0
apt-get upgrade -y kubelet=1.18.0-00
systemctl restart kubelet
Backup etcd:
export ETCDCTL_API=3
etcdctl \
--endpoints=https://127.0.0.1:2379 \
--cacert=/etc/kubernetes/pki/etcd/ca.crt \
--cert=/etc/kubernetes/pki/etcd/server.crt \
--key=/etc/kubernetes/pki/etcd/server.key \
snapshot save /tmp/etcd-backup.db
Restore etcd:
ETCDCTL_API=3 etcdctl snapshot restore /tmp/etcd-backup.db --data-dir /var/lib/etcd-backup
After edit /etc/kubernetes/manifests/etcd.yaml and change /var/lib/etcd to /var/lib/etcd-backup.
Security
Create service account sa_1
kubectl create serviceaccount sa_1
Check kube-apiserver certificate details:
openssl x509 -in /etc/kubernetes/pki/apiserver.crt -text -noout
Approve certificate singing request for user john:
kubectl certificate approve john
Check the current kubeconfig file:
kubectl config view
Check current context:
kubectl config current-context
Use context dev-user@dev:
kubectl config use-context prod-user@production
Validate if user john can create deployments:
kubectl auth can-i create deployments --as john
Create role dev to be able to create secrets:
kubectl create role dev --verb=create --resource=secret
Bind the role dev to user john:
kubectl create rolebinding dev-john --role dev --user john
Check namespaced resources:
kubectl api-resources --namespaced=true
Troubleshooting
View all the kube-system related pods:
kubectl get pods -n kube-system
Check if all nodes are in ready state:
kubectl get nodes
Check memory, cpu and disk usage on node:
df -h
top
Check status of kubelet service on node:
systemctl status kubelet
Check kubelet service logs:
sudo journalctl -u kubelet
View kubelet service details:
ps -aux | grep kubelet
Check cluster info:
kubectl cluster-info
Gather info
Find pod CIDR:
kubectl describe node | less -p PodCIDR
Get pods in all namespaces sorted by creation timestamp:
kubectl get pod -A --sort-by=.metadata.creationTimestamp
Find the service CIDR of node-master:
ssh node0master
cat /etc/kubernetes/manifests/kube-apiserver.yaml | grep range
Find which CNI plugin is used on node-master:
ls /etc/cni/net.d/
Find events ordered by creation timestamp:
kubectl get events -A --sort-by=.metadata.creationTimestamp
Find internal IP of all nodes:
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="InternalIP")].address}'
General notes
- To create a daemonset, use
kubectl create deploycommand to create a .yaml file and then change thekindand removereplicas&strategy. - To find the static pod manifest path, check the exec command of
kubelet serviceorstaticPodPathparameter of kubelet’s config file. - To create a static pod, place a yaml definition file in the
staticPodPathdirectory. - To identify static pods look for the suffix
-<node_name>on pods. - To add a new scheduler copy the existing one and add to the container’s command the flags
--leader-elect=falseand--scheduler-name=my-scheduler-name. To use the new scheduler underspecof a pod definition file specify the optionschedulerName. - To add a default command to a pod use
commandthat overrides the defaultENTRYPOINTfrom Dockerfile. Useargsto override the DockerfileCMDcommand for the commmand’s extra parameters.