Skip to main content

Kubernetes Cheatsheet

Note

This is not official documentation for AutomationSuite

Glossary of frequently used commands

Set kubecontext

export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/var/lib/rancher/rke2/bin:/usr/local/bin

On Agent Nodes:

export KUBECONFIG=/var/lib/rancher/rke2/agent/kubelet.kubeconfig PATH=$PATH:/var/lib/rancher/rke2/bin:/usr/local/bin

RKE2 Config File Locations

cat /etc/rancher/rke2/config.yaml
ls /etc/rancher/rke2/rke2.yaml

RKE2 Server

Restart RKE2 Server:

systemctl restart rke2-server
or
systemctl stop rke2-server
systemctl start rke2-server

RKE2 Server Status:

systemctl status rke2-server

Follow RKE2 Server Logs:

journalctl -f -u rke2-server

RKE2 Server Restart count:

systemctl show rke2-server -p NRestarts
journalctl -u rke2-server | grep -i fatal | wc -l

Containerd

List Containers using ctr:

/var/lib/rancher/rke2/bin/ctr --address /run/k3s/containerd/containerd.sock --namespace k8s.io container ls

List Images using ctr:

/var/lib/rancher/rke2/bin/ctr --address /run/k3s/containerd/containerd.sock --namespace k8s.io images ls -q

Containerd logs:

tail -f /var/lib/rancher/rke2/agent/containerd/containerd.log

Containerd images location:

du -sh /var/lib/rancher/rke2/agent/containerd/io.containerd.snapshotter.v1.overlayfs/snapshots

Kubelet

Kubelet logs:

tail -f /var/lib/rancher/rke2/agent/logs/kubelet.log

etcd

export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
etcdcontainer=$(/var/lib/rancher/rke2/bin/crictl ps --label io.kubernetes.container.name=etcd --quiet)

etcd check perf:

export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
etcdcontainer=$(/var/lib/rancher/rke2/bin/crictl ps --label io.kubernetes.container.name=etcd --quiet)
/var/lib/rancher/rke2/bin/crictl exec $etcdcontainer sh -c "ETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/rke2/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/rke2/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl check perf"

etcdctl endpoint status:

export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
etcdcontainer=$(/var/lib/rancher/rke2/bin/crictl ps --label io.kubernetes.container.name=etcd --quiet)
/var/lib/rancher/rke2/bin/crictl exec $etcdcontainer sh -c "ETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/rke2/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/rke2/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl endpoint status --cluster --write-out=table"

etcdctl endpoint health:

export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
etcdcontainer=$(/var/lib/rancher/rke2/bin/crictl ps --label io.kubernetes.container.name=etcd --quiet)
/var/lib/rancher/rke2/bin/crictl exec $etcdcontainer sh -c "ETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/rke2/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/rke2/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl endpoint health --cluster --write-out=table"

etcdctl alarm list:

export CRI_CONFIG_FILE=/var/lib/rancher/rke2/agent/etc/crictl.yaml
etcdcontainer=$(/var/lib/rancher/rke2/bin/crictl ps --label io.kubernetes.container.name=etcd --quiet)
/var/lib/rancher/rke2/bin/crictl exec $etcdcontainer sh -c "ETCDCTL_ENDPOINTS='https://127.0.0.1:2379' ETCDCTL_CACERT='/var/lib/rancher/rke2/server/tls/etcd/server-ca.crt' ETCDCTL_CERT='/var/lib/rancher/rke2/server/tls/etcd/server-client.crt' ETCDCTL_KEY='/var/lib/rancher/rke2/server/tls/etcd/server-client.key' ETCDCTL_API=3 etcdctl alarm list"

curl metrics:

curl -L --cacert /var/lib/rancher/rke2/server/tls/etcd/server-ca.crt --cert /var/lib/rancher/rke2/server/tls/etcd/server-client.crt --key /var/lib/rancher/rke2/server/tls/etcd/server-client.key https://127.0.0.1:2379/metrics

Kubernetes Events

Get All Events:

kubectl get events -A

Get Events in Namespace:

kubectl get events -n mongodb

Mount Points

lsblk -a
lsblk -l
mount -afv

Kubelet Configuration

  1. To get the name of your worker nodes, run the following command:
kubectl get nodes
  1. To open a connection to the API server, run the following command:
kubectl proxy

3.To check the node configz, open a new terminal, and then run the following command:

curl -sSL "http://localhost:8001/api/v1/nodes/node_name/proxy/configz" | python3 -m json.tool

Service

Patch a Service as NodePort

kubectl patch svc your-svc -p '{"spec": {"type": "NodePort"}}'

ArgoCD

Fetch ArgoCD Password

export KUBECONFIG=/etc/rancher/rke2/rke2.yaml PATH=$PATH:/var/lib/rancher/rke2/bin
argocd_password=$(kubectl -n argocd get secret argocd-admin-password -o jsonpath='{.data.password}' | base64 --decode)
echo "ArgoCD Password: $argocd_password"

RabbitMQ

Accessing RabbitMQ Console

kubectl -n rabbitmq port-forward service/rabbitmq 8800:15672 --address 0.0.0.0
# Login via the public IP of the machine where port forwarding command has been run
# Make sure the IP of local machine is whitelisted

rabbit_user=$(kubectl -n rabbitmq get secret rabbitmq-default-user -o jsonpath='{.data.username}' | base64 --decode)
rabbit_password=$(kubectl -n rabbitmq get secret rabbitmq-default-user -o jsonpath='{.data.password}' | base64 --decode)
echo $rabbit_user
echo $rabbit_password

PriorityClass

Check Priority Associated with each deployment

for deploy in $(kubectl get deploy -oname -n uipath | xargs); do echo $deploy;echo $(kubectl get $deploy -n uipath -o json | jq -r '.spec.template.spec.priorityClassName');  done

Images

Fetch Images that correspond to deployments in all namespaces

for namespace in $(kubectl get ns | cut -d " " -f 1 | xargs); do echo $(kubectl get pods -n $namespace -o jsonpath="{.items[*].spec.containers[*].image}") $(kubectl get pods -n $namespace -o jsonpath="{.items[*].spec.initContainers[*].image}") | tr -s '[[:space:]]' '\n' | sort | uniq; done

Pods

Pods that are unable to Schedule

kubectl get events -A | grep FailedScheduling

Delete All Pod’s in Namespace

kubectl delete --all pods --namespace=foo

Delete all terminating pods

namespace="rook-ceph"
for p in $(kubectl -n $namespace get pods | grep Terminating | awk '{print $1}'); do kubectl -n $namespace delete pod $p --grace-period=0 --force;done