Kubernetes (k8s) cheatsheet

I recently started studying for the CKAD certification, here's my cheat sheet.

Using minikube

Minikube allows you to run a local instance of k8s. This is great for experimenting without the costs involved with cloud. Alternatively, you can use cloud providers like AWS, GCP or Azure. In the past, I have also used Digital Ocean's Managed Kubernetes.

# Start minikube
minikube start

# SSH into cluster
minikube ssh

# Connect to LoadBalancer services
minikube tunnel

Use kubectl faster

I suggest you also install bash completion and the k alias.

Spot the patterns

k get

What you should do when you enter the exam?

Put these in your bashrc

# Find the number of questions (n) then
mkdir {1..n}
# Format question_number%weight status
echo -e {1..n}"%\\n"

alias k=kubectl # will already be pre-configured with autocompletion
alias bashconfig="vim ~/.bashrc" # most important since you can edit your .bashrc quick
alias ..="cd .."
set -o vi # Vim keybindings in bash (or use fc command)

# Short for "dry output"
# k create deploy nginx --image=nginx $do
export do="--dry-run=client -o yaml"   
# Note: I faced this issue in zsh: https://unix.stackexchange.com/questions/19530/expanding-variables-in-zsh

export now="--force --grace-period 0"   # k delete pod x $now

# Switch namespaces fast
alias kn='kubectl config set-context --current --namespace '

kn default # set to default namespace
kn jupiter # set to jupiter namespace

alias what_ns="k config view -o jsonpath='{.contexts[0].context.namespace}'"

The following settings will already be configured in your real exam environment in ~/.vimrc. But it can never hurt to be able to type these down:

set tabstop=2
set expandtab
set shiftwidth=2

Press . to repeat < or > indent action.

Use tmux

You can use tmux to split your terminal.

Containerisation

Docker. Podman. Containderd. CRI-O.

Staple commands

# See resources
k api-resources
k api-resourced --namespaced

# Show pods
k get po
k get pod

# Show services
k get svc
k get service

# Show together
k get pod,svc

# Generate job
k create job sleepy --image=busybox --dry-run=client -o yaml

# Create CronJob
# https://crontab.guru/every-5-minutes
# "*/5 * * * *"

# Update image
kubectl set image deployments/kubernetes-bootcamp kubernetes-bootcamp=jocatalin/kubernetes-bootcamp:v2

# kubectl set image POD/POD_NAME CONTAINER_NAME=IMAGE_NAME:TAG
kubectl set image pod/nginx nginx=nginx:1.7.1

# History
k rollout history deployments deployment-name

# Events
k get events

# create pod
k run my-pod --image=nginx

# Help
k exec --help
k exec -h

# Create a secret
k create secret generic test --from-literal=entree=meatloaf --dry-run=client -o yaml

# aliases
alias k=kubectl
alias kd='kubectl describe'

# Usage
k create secret generic lfsecret --from-literal=password=LFTr@1n $do

# Use yq to get node
k create secret generic lfsecret --from-literal=password=LFTr@1n $do | yq .data.password

# Explain
k explain cronjob.spec --recursive
k explain cronjib.spec --recursive | grep -i failed -C20

# Find other ways to do the same command
kubectl set resources deployment/nginx-deployment -c=nginx --limits=cpu=200m,memory=512Mi

# Print out all the environment variables in a pod - useful when using secrets
k exec -i pod-name -- env

# Run a temporary pod to curl a pod
k run tmp --image=nginx:alpine -i --rm --restart=Never -- curl 172.17.0.10
k run tmp --restart=Never --rm -i --image=nginx:alpine -- curl 10.44.0.78 # From killer.sh

## Run interactive
kubectl run -i --tty busybox --image=busybox --restart=Never -- sh

## Get Node IP
k get nodes -o wide

k get endpoints

# Write to stdout - useful for busybox containers
wget -O - localhost:8080

k -n neptune get rs -o wide

k config view | grep namespace -C 10 # context 10 lines

k config view -o jsonpath='{.contexts[0].context.namespace}'

man 5 crontab # get cron job expression examples

# See liveness probe syntax and keep color from grep
# If there's one thing you take from this blog post - it should be this
k explain pod.spec --recursive | grep liveness -C 10 --color=always | less -r
k explain pod.meta
k explain pod.spec.containers.volumeMounts
k explain pod.spec.volumes.secret
k explain pod.spec.containers.envFrom.secretRef

docker build -t my-image-name:latest . # build the container
docker images # see image
docker run my-image-name:latest # run the image
docker push # push to the repo

kubectl create deployment <Deploy-Name> --image=<repo>/<app-name>:<version>
kubectl create deployment time-date --image=10.110.186.162:5000/simpleapp:v2.2

# Running commands in a container
kubectl exec -i​t <Pod-Name> -- /bin/bash

export repo=10.97.40.62:5000 # use variables to be faster
curl $repo/v2/_catalog

# Edit to allow HTTP repo in podman, set insecure to true or --tls-verify=false
# https://projectatomic.io/blog/2018/05/podman-tls/ 
sudo vim /etc/containers/registries.conf
sudo systemctl restart crio # optional
sudo systemctl status crio # optional


# Get pod names - useful if u want to loop through and do something
k get pods -o name

# bash for loop
for item in 1 2 3
do
  echo $item
done

# scale a deployment
k scale deployment <deployment-name> --replicas=5

# Other useful bash commands
tail # good for looking at logs
head
less

# list annotations
kubectl annotate pod nginx1 --list

Working with labels

Working with labels is just like work with sets in Mathematics.

# working with labels - it's like working with sets

# All pods with a label run - value not checked
k get pods -l 'run'

# All pods without a label run - value not checked
k get pods -l '!run'

# All pods with label environment=test or environment=qa
k get pods -l 'environment in (test, qa)'

# All pods with label environment=test or environment=qa and run=app
k get pods -l 'environment in (test, qa), run in (app)'

# All pods not in environment=test
k get pods -l 'environment notin (test)'

# Get pods with label columns
k get pods -L environment

# tip
seq 2 5 # 2 3 4 5
seq 3 # 1 2 3

# Delete all pods
kubectl delete po --all

# Find data faster
k get pod nginx -o json | vim # now you can navigate around the JSON quick 
# and figure out the JSON path

# Get the YAML for a new ResourceQuota called 'myrq' with hard limits of 1 CPU, 1G memory and 2 pods without creating it
kubectl create quota myrq --hard=cpu=1,memory=1G,pods=2 --dry-run=client -o yaml

Remember to copy files over as requested in the question Remember to delete pods that are no longer needed Make sure you name the containers properly when asked in a question

You should be familar with https://helm.sh/docs/intro/quickstart/

TIP: Use <C-R> to invoke reverse search in bash

Tip: You need to learn how to use vim buffers Tip: Tmux is good for having mutliple terminals - one for docs and one for vim

tmux

then :set-window-option mode-keys vi

fullscreen: ctrl-b then z

FAQ

What score is needed to pass the exam?

For the CKAD Exam, a score of 66% or above must be earned to pass.

What you have?

For your convenience, all environments, in other words, the base system and the cluster nodes, have the following additional command-line tools pre-installed and pre-configured:

• kubectl with k alias and Bash autocompletion
• yq and jq for YAML/JSON processing
• tmux for terminal multiplexing
• curl and wget for testing web services
• man and man pages for further documentation

References

• https://kubernetes.io/
• https://kubernetes.io/docs/reference/kubectl/cheatsheet/
• Kubectl reference docs

Practice!

• Practice enough with these 150 questions for the CKAD exam
• https://github.com/dgkanatsios/CKAD-exercises

CKAD Official Links

• https://github.com/cncf/curriculum
• CKAD Curriculum for exam
• https://docs.linuxfoundation.org/tc-docs/certification/tips-cka-and-ckad

CKAD Allowed domains and their subdomains

• https://helm.sh/docs/
• https://kubernetes.io/docs/
• https://kubernetes.io/blog/

Helpful tips from previous students

• Tips and tricks
• CKAD Bookmarks

Other useful links

• https://github.com/json-path/JsonPath
• https://tmuxcheatsheet.com/