Collection of miscellaneous helper tools, must-read articles, documentations, k8s manifests & useful commands.
- Kustomize (now part of kubectl since 1.14)
- kubectx + kubens - switch between clusters and namespaces
- kube-fzf - findpod/tailpod/execpod/describepod with fzf
- kubetail - tail k8s logs
- rakkess - show an access matrix
- rbac-lookup - find k8s roles and cluster roles
- kube-capacity - provide an overview of the resource requests/limits
- ketall - show really all k8s resources
- kubediff - show differences between running state and version controlled configuration.
- kubefwd - bulk port forwarding k8s services for local dev
- kube-ps1 - k8s prompt info for bash and zsh
- pop eye - k8s cluster resource sanitizer
- kubectl cheat sheet
- Fish auto completion for kubectl
- K8s components - good introduction material
- About networking:
- Best practices:
- The 12 Factor App - methodology for building modern software
- 12 Fractured Apps - Kelsey Hightower’s view on how 12FA and Docker can be killer combo
- Modernizing Applications for Kubernetes - DigitalOcean guide
- Configuration Best Practices - official kubernetes guide
- Kubernetes the hard way - Kelsey Hightower’s guide on how to bootstrap k8s the hard way on GCP with no scripts.
- Great article about utilizing k8s liveness and readiness probes to automatically recover from failure
- Great article about configuring RBAC
- Pain(less) NGINX Ingress - Daniel Martins about Nginx Ingress outages and config reloading
Personal documentation on how I set things up:
- Bootstrap AWS infrastructure
- Bootstrap K8s cluster with kubeadm
- Set up GlusterFS
- Set up Ingress + TLS termination with cert-manager
- Set up monitoring with Prometheus and Grafana
- Set up private docker registry
k8s_manifests/
folder contains all the manifests for:
- Simple web server application written in Go - go-ws
- MongoDB
- Ingress Controllers - in order for the Ingress resources to work (read this Bare metal considerations)
- Monitoring stack
- Prometheus
- Alert Manager
- Grafana
- CI/CD stack
- cert-manager - for automated provisioning TLS certs for both staging/production environments
- Kubernetes Secrets & ConfigMaps for storing secret and non-secret configurations
- List all resources in a namespace:
kubectl api-resources --verbs=list --namespaced -o name | xargs -n 1 kubectl get --show-kind --ignore-not-found -n <namespace>
- Gets IPs of pods:
kubectl get pods --selector=app=go-ws -o jsonpath='{.items[*].status.podIP}'
- List all containers in k8s cluster:
kubectl get pods -o jsonpath={.items[*].spec.containers[*].name} --all-namespaces
- Activate these with kube-fzf:
findpod
+describepod
+execpod
+tailpod
- Kill pod forcefully:
kubectl delete pods <pod> --grace-period=0 --force
kubectl patch pod <pod> -p '{"metadata":{"finalizers":null}}'
- Replace resource forcefully:
kubectl replace --force -f go-web-server.yml
- Print the supported API versions/resources:
kubectl api-versions
kubectl api-resources
- Overwriting the existing labels:
kubectl label --overwrite pods foo status=unhealthy
- Show the default values for kubelet:
kubeadm config print-default --api-objects KubeletConfiguration
- Update existing ConfigMap based on a file:
kubectl create configmap traefik-conf --from-file=traefik.toml --dry-run -o yaml | kubectl replace configmap traefik-conf -f - -n traefik