Notes

ContainerD

InstallCheatsheetnerdctl

#!/usr/bin/env bash
mkdir -p /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg
chmod a+r /etc/apt/keyrings/docker.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/debian $(lsb_release -cs) stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install -y containerd.io
containerd config default > /etc/containerd/config.toml
sed -i 's#SystemdCgroup = false#SystemdCgroup = true#g' /etc/containerd/config.toml
sed -i 's#pause:3.6#pause:3.9#g' /etc/containerd/config.toml
service containerd restart

#images
ctr images list
ctr images pull docker.io/library/alpine:latest
#containers
ctr containers list
ctr run -d docker.io/library/hello-world:latest hello-world
ctr containers info hello-world
ctr tasks list

install

#!/usr/bin/env bash
https://github.com/containerd/nerdctl/releases
wget https://github.com/containerd/nerdctl/releases/download/v1.7.0/nerdctl-1.7.0-linux-amd64.tar.gz
tar zxvf *.gz
chmod +x nerdctl
mv nerdctl /usr/local/bin/
rm containerd-rootless*.sh nerdctl-*.gz

Crictl

Cheatsheet

crictl pods
crictl ps
crictl inspectp [pod-id]
crictl inspect [container-id]
crictl stop [container-id]
crictl rm [container-id]
crictl stopp [pod-id]
crictl rmp [pod-id]
crictl logs [container-id]
crictl exec -i -t [container-id] [command]
crictl pull [image-name]
crictl images
crictl rmi [image-name]

etcd

CheatSheet

etcdctl member list
etcdctl endpoint health
etcdctl endpoint status --write-out=table
etcdctl alarm list
etcdctl check perf

#backups
etcdctl snapshot save backup.db

#delete all db
etcdctl del --prefix /

Kubectl

core

source <(kubectl completion bash)
kubectl run nginx --image=nginx --dry-run=client -o yaml
kubectl scale --replicas=3 deployment/nginx
KUBE_EDITOR="nano" kubectl edit deployment/nginx
kubectl create deployment nginx --image=nginx --replicas=4 --dry-run=client -o yaml
kubectl config set-context $(kubectl config current-context) --namespace=pruebas

DemoAPP

NamespaceDeploymentServiceIngressHTTPIngressTLS

apiVersion: v1
kind: Namespace
metadata:
  name: pruebas
  labels:
    name: pruebas

apiVersion: apps/v1
kind: Deployment
metadata:
  name: deployment-test
  namespace: pruebas
  labels:
    app: front
spec:
  replicas: 1
  selector:
    matchLabels:
      app: front
  template:
    metadata:
      labels:
        app: front
    spec:
      containers:
      - name: nginx
        image: nginx:alpine
        command: ["sh", "-c", "echo TEST from $HOSTNAME > /usr/share/nginx/html/index.html && nginx -g 'daemon off;'"]

apiVersion: v1
kind: Service
metadata:
  name: test-service
  namespace: pruebas
  labels:
    app: front
spec:
  type: ClusterIP
  selector:
    app: front
  ports:
    - protocol: TCP
      port: 7788
      targetPort: 80

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  namespace: pruebas
  annotations:
    kubernetes.io/ingress.class: "nginx"
spec:
  rules:
  - host: demoapp.trastero.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: test-service
            port:
              number: 7788

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: test-ingress
  namespace: pruebas
  annotations:
    kubernetes.io/ingress.class: "nginx"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - demoapp.trastero.org
    secretName: ssl-cert-test
  rules:
  - host: demoapp.trastero.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: test-service
            port:
              number: 7788

CKA NOTES

DrainNodeForceDeleteAzureCreds

kubectl get nodes
kubectl drain <node-name> --ignore-daemonsets --delete-local-data
kubectl delete node <node-name>
kubectl get nodes

kubectl -n intelion delete pod frontend-5569594d66-x6bw7 --force --grace-period=0

az login
az aks get-credentials --subscription "<sub-name>" --resource-group <resource.group.name> --name <cluster.name>

Scheduling

SchedLabelsTaints&Tolerations

apiVersion: v1
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
  nodeName: kube-01

kubectl get pods -A -o wide --show-labels
kubectl get pods -A -l app=lala,tier=front

#Taints:
#show:
kubectl describe node kube-01 | grep -i taint
#Types:
# NoSchedule | PreferNoSchedule | NoExecute
kubectl taint nodes kube-01 key=value:taint-effect
#remove:
kubectl taint nodes controlplane node-role.kubernetes.io/control-plane:NoSchedule-

#Tolerations:
apiVersion:
kind: Pod
metadata:
  name: nginx
spec:
  containers:
  - name: nginx
    image: nginx
  tolerations:
  - key: "key"
    operator: "Equal"
    value: "value"
    effect: "NoSchedule"

LifeCycle

Rolling&Rollback

#status
kubectl rollout status deployment nginx-deployment
#history
kubectl rollout history deployment nginx-deployment
#undo
kubectl rollout undo deployment nginx-deployment