Collection of miscellaneous helper tools, must-read articles, documentations, k8s manifests & useful commands.

• Kustomize (now part of kubectl since 1.14)
• kubectx + kubens - switch between clusters and namespaces
• kube-fzf - findpod/tailpod/execpod/describepod with fzf
• kubetail - tail k8s logs
• rakkess - show an access matrix
• rbac-lookup - find k8s roles and cluster roles
• kube-capacity - provide an overview of the resource requests/limits
• ketall - show really all k8s resources
• kubediff - show differences between running state and version controlled configuration.
• kubefwd - bulk port forwarding k8s services for local dev
• kube-ps1 - k8s prompt info for bash and zsh
• pop eye - k8s cluster resource sanitizer
• kubectl cheat sheet
• Fish auto completion for kubectl

• K8s components - good introduction material
  • Understanding kubernetes networking: pods
  • Understanding kubernetes networking: services
  • Understanding kubernetes networking: ingress
  • Kubernetes NodePort vs LoadBalancer vs Ingress? When should I use what?
• About networking:
  • IP, subnets, CIDR
  • Network interfaces and protocols
• Best practices:
  • The 12 Factor App - methodology for building modern software
  • 12 Fractured Apps - Kelsey Hightower’s view on how 12FA and Docker can be killer combo
  • Modernizing Applications for Kubernetes - DigitalOcean guide
  • Configuration Best Practices - official kubernetes guide
• Kubernetes the hard way - Kelsey Hightower’s guide on how to bootstrap k8s the hard way on GCP with no scripts.
• Great article about utilizing k8s liveness and readiness probes to automatically recover from failure
• Great article about configuring RBAC
• Pain(less) NGINX Ingress - Daniel Martins about Nginx Ingress outages and config reloading

Personal documentation on how I set things up:

• Bootstrap AWS infrastructure
• Bootstrap K8s cluster with kubeadm
• Set up GlusterFS
• Set up Ingress + TLS termination with cert-manager
• Set up monitoring with Prometheus and Grafana
• Set up private docker registry

k8s_manifests/ folder contains all the manifests for:

• Simple web server application written in Go - go-ws
• MongoDB
• Ingress Controllers - in order for the Ingress resources to work (read this Bare metal considerations)
  • Nginx
  • Traefik
• Monitoring stack
  • Prometheus
  • Alert Manager
  • Grafana
• CI/CD stack
  • Jenkins
  • Keel
• cert-manager - for automated provisioning TLS certs for both staging/production environments
• Kubernetes Secrets & ConfigMaps for storing secret and non-secret configurations

• List all resources in a namespace: kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace>
• Gets IPs of pods: kubectl get pods --selector=app=go-ws -o jsonpath='{.items[*].status.podIP}'
• List all containers in k8s cluster: kubectl get pods -o jsonpath={.items[*].spec.containers[*].name} --all-namespaces
• Activate these with kube-fzf:
  • findpod + describepod + execpod + tailpod
• Kill pod forcefully:
  • kubectl delete pods <pod> --grace-period=0 --force
  • kubectl patch pod <pod> -p '{"metadata":{"finalizers":null}}'
• Replace resource forcefully: kubectl replace --force -f go-web-server.yml
• Print the supported API versions/resources:
  • kubectl api-versions
  • kubectl api-resources
• Overwriting the existing labels: kubectl label --overwrite pods foo status=unhealthy
• Show the default values for kubelet: kubeadm config print-default --api-objects KubeletConfiguration
• Update existing ConfigMap based on a file:

   kubectl create configmap traefik-conf --from-file=traefik.toml --dry-run -o yaml | kubectl replace configmap traefik-conf -f - -n traefik