.md
· 1.6 KiB · Markdown
Raw
# K8s Index
## Collection of useful commands and code snippets related to K8s
### Find and delete all pods with regex match
**Note:** Change `^name` with pod name
Without force
```bash
kubectl delete pods $(kubectl get pods --no-headers -o custom-columns=":metadata.name" | grep ^name)
```
With force
```bash
kubectl delete pods $(kubectl get pods --no-headers -o custom-columns=":metadata.name" | grep ^name) --force --grace-period=0
```
---
### Create k8s user super with cluster-admin role and fetch its api key
```bash
kubectl create sa super
```
```bash
kubectl create clusterrolebinding super-admin-binding --clusterrole=cluster-admin --serviceaccount=default:super
```
```bash
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: super-api
namespace: default
annotations:
kubernetes.io/service-account.name: super
type: kubernetes.io/service-account-token
EOF
```
```bash
kubectl get secret super-api -o jsonpath='{.data.token}' | base64 --decode
```
### SSH access of any node
```bash
kubectl debug node/<node-name> -it --image=ubuntu
....
....
chroot /host
...
...
bash # now you have ssh connection of the node
```
### Run a K8s benchmark
```bash
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml
```
to see result
```bash
kubectl get pods
kubectl logs <pod-name> # pods name will be kube-bench-*****
```
### add docker Registry secret
```bash
kubectl create secret docker-registry <secret-name> -n <namespace> \
--docker-server=<your-registry-server> \
--docker-username=<your-username> \
--docker-password=<your-password> # can provide tokens too\
--docker-email=<your-email>
```
K8s Index
Collection of useful commands and code snippets related to K8s
Find and delete all pods with regex match
Note: Change ^name with pod name
Without force
kubectl delete pods $(kubectl get pods --no-headers -o custom-columns=":metadata.name" | grep ^name)
With force
kubectl delete pods $(kubectl get pods --no-headers -o custom-columns=":metadata.name" | grep ^name) --force --grace-period=0
Create k8s user super with cluster-admin role and fetch its api key
kubectl create sa super
kubectl create clusterrolebinding super-admin-binding --clusterrole=cluster-admin --serviceaccount=default:super
kubectl apply -f - <<EOF
apiVersion: v1
kind: Secret
metadata:
name: super-api
namespace: default
annotations:
kubernetes.io/service-account.name: super
type: kubernetes.io/service-account-token
EOF
kubectl get secret super-api -o jsonpath='{.data.token}' | base64 --decode
SSH access of any node
kubectl debug node/<node-name> -it --image=ubuntu
....
....
chroot /host
...
...
bash # now you have ssh connection of the node
Run a K8s benchmark
kubectl apply -f https://raw.githubusercontent.com/aquasecurity/kube-bench/main/job.yaml
to see result
kubectl get pods
kubectl logs <pod-name> # pods name will be kube-bench-*****
add docker Registry secret
kubectl create secret docker-registry <secret-name> -n <namespace> \
--docker-server=<your-registry-server> \
--docker-username=<your-username> \
--docker-password=<your-password> # can provide tokens too\
--docker-email=<your-email>