Triks and more commands for Kubernetes

Publié par pporcheret le

This article can be seen as the continuation of the article Basic Kubernetes usage

Get all info about a Namespace

Here namespace is webserver as previous examples.

kubectl -n webserver get all

You will have all pods, services, deployments… for a namespace

Get logs for you Namespace

Sometimes, thing go wrong and you need logs to troubleshoot. You can use this command :

kubectl get events --namespace webserver

It will show all logs related to your Namespace

Access or curl an exposed page/port

Here we want to access to the default nginx page deployed on the previous example.

First, get the info using :

user@kmaster:~# kubectl get services -n webserver
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx NodePort 10.98.143.23 80:31001/TCP 3m38s

Here we can see that the pod (with IP 10.98.143.23) expose the port 80 in the container and map to the 31001 on host.

We can get the nginx page using the pod’s IP and port

user@kmaster:~# curl 10.98.143.23:80

or

user@kmaster:~# curl localhost:31001

Here, localhost is because we do it from the master.

From outside the cluster, it depends on your infrastructure (reverse proxy, network configuration and/or firewalls)

Debug or analyse a pod issue

Well it’s not easy to know why a pod is not working depending on your case. But this workflow can give you some info to debug :

kubectl get pods -n webserver

Here, you will have the short status of your pod, you can see if it’s on Ready and if the status is Runnning or not. If it’s on Ready and Running, then you will have more info inside your pod, it’s not related to kubernetes. You can go on your pod using :

kubectl exec -it nginx-748c667d99-zzk85 -n webserver sh

Again, here the Namespace is webserver and the pod’s name nginx-748c667d99-zzk85, change according to your values.

If the status is not running and/or in not Ready, you can have more info checking the logs using :

kubectl logs nginx-748c667d99-zzk85 -n webserver

Kubernetes Dashboard

Kubernetes provides a nice dashboard to get a view on your Kubernetes cluster’s component.

To install it you need to follow some steps :

Install the components using this YAML file :

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.7.0/aio/deploy/recommended.yaml

It will create a dedicated Namespace will create a namespace « kubernetes-dashboard » with all the required pods :

user@kmaster:~# kubectl get services -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.105.188.58 8000/TCP 45s
kubernetes-dashboard ClusterIP 10.101.81.115 443/TCP 45s
One is done, you will need to create an admin user to have access to the interface. For this just create a Yaml file with these infos :
apiVersion: v1
kind: ServiceAccount
metadata:
    name: admin-user
    namespace: kubernetes-dashboard

and apply it :

kubectl apply -f user.yml

It will create the user admin-user in the pods inside the Namespace kubernetes-dashboard.

You have now to give this user the authorization to be admin on this kubernetes-dashboard cluster applying this file :

kind: ClusterRoleBinding
metadata:
    name: admin-user
roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
   name: cluster-admin
subjects:
-  kind: ServiceAccount
   name: admin-user
    namespace: kubernetes-dashboard

and apply it :

kubectl apply -f cluster.yml

So now, you have an admin user for the Dashboard and you need a token to access to the interface.

Just run this command to create a token for this user :

kubectl -n kubernetes-dashboard create token admin-user

Keep this token, you will need it to access to the interface.

You can now access to this interface by starting the Kubernetes proxy :

kubectl proxy

By default, the proxy will allow you to access to the interface on localhost using port 8001

If, like me, you don’t have access to your localhost, you can specify to Listen on all address and even specify another port using :

kubectl proxy --address='0.0.0.0' --port=8002 --accept-hosts='.*'

Of course, for security reason, you should adapt this proxy to your case, for example by restricting the accepted hosts.

You can now access to the Dashboard using this URL :

http://host_IP:8002/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/

The first time, you will need the token previously done for authentication.

For info, if you followed the previous installation article, you can meet errors CrashLoopBackOff for the kubernetes-dashboard pods. This is due to memory, you will have to increase the memory of your cluster.

Catégories : ComputerDevOps
Étiquettes :

0 commentaire

Laisser un commentaire

Emplacement de l’avatar

Votre adresse e-mail ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Articles similaires

Computer DevOps Linux Python

Hype², step by step

What’s better using his product every day and notice errors, missing and bugs….Since the previous article, I did a lot of small improvements: Windows Systems I can finally install (some) Windows system ! For Windows Lire la suite…

Computer DevOps Python

Hype²

Redesign After some month using my solution Hype (see here), I decided to improve it and redesign it. What’s new ? All design had been review, a light/dark theme (save in cookie session) and a Lire la suite…

Computer Linux Python

Monitoring in Python

I wanted to create a simple monitoring page to get basic resource’s info about my servers. Most of the monitoring tools, need to install an agent on the server which will communicate the info to Lire la suite…