kubectl introduction for console hackers
TRANSCRIPT
1
kubectl Introduction For Console Hackers
TUT-1153
3
Since 2000
Berne, Basel, Zürich, Lausanne & Netherlands
Over 65 employees
100% Open Source
Broad customer base
About Adfinis
4
EngineeringManaged Services
DevOps Development
Our Services
5
kubectl
6
● Kubernetes is the de-facto API to interact with
cloudy container based infrastructure like the
SUSE CaaS Platform
● We need a tool to drive the API
● Kubernetes has kubectl as default client
● We will be showing you how kubectl works and
what it can do
7
Kube-Control? Kube-CeeTeeEl? Koob-Cattle?
Personally we like Kube-Cuddle because it sounds
fluffy like the clouds we are deploying to
kubectl
8
kubectl cf
Low-level Kubernetes client High-level CloudFoundry client
Can manage a plethora of aspects
of a k8s cluster
Mostly deploys code, very
opinionated, not many options
Needs some time to master it Quite easy to learn
While Kubernetes users mostly use kubectl the users
of Cloud Foundry based solutions rely on cf
kubectl vs. cf
9
How do you pronounce kubectl?
● kube-CeeTeeEll
● kube-cuddle
● Kube-Control
● magical yaml generator tool
Quiz Time!
10
How do you pronounce kubectl?
● kube-CeeTeeEll
● kube-cuddle
● Kube-Control
● magical yaml generator tool
Quiz Time!
11
How does the Client interact with the API Server?
● SOAP
● REST (JSON or protobuf)
● XML-RPC
● SMTP
Quiz Time!
12
How does the Client interact with the API Server?
● SOAP
● REST (JSON or protobuf)
● XML-RPC
● SMTP
Quiz Time!
13
auth
14
Users are assumed to be managed by an outside,
independent service
● an admin distributing private keys
● a user store like Keystone or Google Accounts
● or a file with a list of usernames and passwords
15
Run any command to login to your cluster
Depending on the authentication mechanism it will do the right thing™
We like using kubectl cluster-info to log on to a cluster
kubectl Auth
16
Cluster-info
17
Kubernetes master is running at https://caasp-master.susecon.syclou...
KubeDNS is running at https://caasp-master.susecon.sycloud.ch:6443...
To further debug and diagnose cluster problems, use
kubectl cluster-info dump
The dump shows where the API server is running as well as what
components extend the API server (ie. KubeDNS, kubernetes-dashboard)
kubectl Cluster-info
18
● kubectl api-versions
● kubectl api-resources
● kubectl explain pod --recursive=true
A Pod is a group of containers that are deployed together on the same host
Inspecting The API
19
Which of the following are default APIs available in K8s?
● apps/v1
● monitoring.coreos.com/v1
● batch/v1
● rbac.authorization.k8s.io/v1
● service.openstack.io/v1beta9
Quiz Time!
20
Which of the following are default APIs available in K8s?
● apps/v1
● monitoring.coreos.com/v1
● batch/v1
● rbac.authorization.k8s.io/v1
● service.openstack.io/v1beta9
Quiz Time!
21
How do you figure out what the parts of the API do/support?
● stare at it for a long time
● run kubectl explain <resource> --recursive=true
● search for it in the search engine of your choice
● run man kubernetes
Quiz Time!
22
How do you figure out what the parts of the API do/support?
● stare at it for a long time
● run kubectl explain <resource> --recursive=true
● search for it in the search engine of your choice
● run man kubernetes
Quiz Time!
23
resources
24
● kubectl get nodes/pods/services…
● kubectl describe nodes/pods/services… <resource-name>
You can use get and describe to access all in-cluster resources.
Add -oyaml to look at a YAML representation of a resource.
Getting And Describing Resources
25
Add -oyaml to look at a YAML representation of a resource
Kubectl supports a bunch of other output formats
● json
● yaml
● wide
● name
● custom-columns=...
● custom-columns-file=...
● go-template=...
● go-template-file=...
● jsonpath=...
● jsonpath-file=...
Getting And Describing Resources
26
How can you you look up pods?
● kubectl show $POD_NAME
● kubectl render $POD_NAME
● kubectl get $POD_NAME
● kubectl get pod $POD_NAME
Quiz Time!
27
How can you you look up pods?
● kubectl show $POD_NAME
● kubectl render $POD_NAME
● kubectl get $POD_NAME
● kubectl get pod $POD_NAME
Quiz Time!
28
What kind of output does describe display?
● YAML representation of resources
● State of resources with additional infos
● output similar to top
Quiz Time!
29
What kind of output does describe display?
● YAML representation of resources
● State of resources with additional infos
● output similar to top
Quiz Time!
30
Apply
31
● You can create in-cluster resources from a local YAML file
● Let’s assume the following Pod definition
apiVersion: v1
kind: Pod
metadata:
name: potz-pod
spec:
containers:
- name: app-container
image: invalid/image/path
● Run kubectl apply -f pod.yaml
Apply Some YAML
32
Debugging what went wrong:
● kubectl get
● kubectl describe
Debug Issues
33
kubectl edit pod potz-pod
● kubectl is a quick way to edit resources directly in a cluster
● Only use it for debugging
● Kubernetes should not be the source of truth for your cluster config
Edit Resource
34
How can you add resources to your cluster?
● kubectl get
● kubectl apply
● kubectl import
● kubectl load
Quiz Time!
35
How can you add resources to your cluster?
● kubectl get
● kubectl apply
● kubectl import
● kubectl load
Quiz Time!
36
Should you use kubectl edit on production?
● na
● no
● njet
● non
● nein
● geen
● yes
Quiz Time!
37
Should you use kubectl edit on production?
● na
● no
● njet
● non
● nein
● geen
● yes
Quiz Time!
38
Scale
39
● Kubernetes dashboard
● Stratos
kubectl scale --replicas=5
Let’s Have A Look At The Pod
40
What does the replica argument to the scale command specify?
● The number of target replicas
● How many replicas to add
Quiz Time!
41
What does the replica argument to the scale command specify?
● The number of target replicas
● How many replicas to add
Quiz Time!
42
Debug
43
You can look at the stderr/stdout logs of a pod
kubectl logs $POD_NAME
Inspect Logs Of An Application
44
You can run commands (like an interactive shell) inside of a running pod
kubectl exec -ti $POD_NAME sh
Execute Commands
45
If a pod is in a failed state, just delete it and the cluster will recreate it
kubectl delete pod $POD_NAME
Delete Pods
46
What commands can you use to debug the state of your application?
● kubectl logs
● kubectl describe
● kubectl exec
● kubectl y-tho
Quiz Time!
47
What commands can you use to debug the state of your application?
● kubectl logs
● kubectl describe
● kubectl exec
● kubectl y-tho
Quiz Time!
48
Storage
49
We can interact with storage resources using a couple of commands
● kubectl get pv
● kubectl get pvc
● kubectl apply -f pvc.yaml
Let’s look at the disks in SUSE Enterprise Storage (SES)
PersistentVolume And PersistentVolumeClaims
50
You can modify existing resources using kubectl patch
kubectl patch \
pvc $PVC \
-p '{"spec":{"resources":{"requests":{"storage":"10Gi"}}}}'
In this example we are expanding a persistent volume claim to 10Gi of space
by specifying the change as JSON.
Growing Volumes
51
Which commands interact with Kubernetes storage?
● regular commands like kubectl get/patch/describe/edit
● lvchange, mkfs and dd
● special kubectl storage get/patch/edit commands
Quiz Time!
52
Which commands interact with Kubernetes storage?
● regular commands like kubectl get/patch/describe/edit
● lvchange, mkfs and dd
● special kubectl storage get/patch/edit commands
Quiz Time!
53
Helm
54
Helm is the de-facto standard package manager for Kubernetes resources
It directly interacts with the Kubernetes API
What Is Helm
55
We’ll redeploy the Pod from before using Helm
All the parts of the deployment may be found by searching for a label
kubectl get all -l helm.sh/release=$RELEASE_NAME
Note that get all does not actually return all the resources
Deploy With Helm, Inspect With kubectl
56
How do Helm and kubectl differ?
● Helm and kubectl do the same thing but their commands have
different semantics
● kubectl is the native Kubernetes command line client, Helm uses the
Kubernetes API without using kubectl
● Helm drives kubectl to deploy YAML-manifests
● kubectl is a wrapper to run Helm, Helm does the heavy lifting
● Both tools are written in golang
Quiz Time!
57
How do Helm and kubectl differ?
● Helm and kubectl do the same thing but their commands have
different semantics
● kubectl is the native Kubernetes command line client, Helm uses the
Kubernetes API without using kubectl
● Helm drives kubectl to deploy YAML-manifests
● kubectl is a wrapper to run Helm, Helm does the heavy lifting
● Both tools are written in golang
Quiz Time!
58
Tally Time
59
How many questions did you get right?
Tweet us your results to @adfinis using the #SUSEconDigital2020 hashtag.
61
General Disclaimer
This document is not to be construed as a promise by any participating company to develop, deliver, or market a
product. It is not a commitment to deliver any material, code, or functionality, and should not be relied upon in making
purchasing decisions. SUSE makes no representations or warranties with respect to the contents of this document,
and specifically disclaims any express or implied warranties of merchantability or fitness for any particular
purpose. The development, release, and timing of features or functionality described for SUSE products remains at
the sole discretion of SUSE. Further, SUSE reserves the right to revise this document and to make changes to its
content, at any time, without obligation to notify any person or entity of such revisions or changes. All SUSE marks
referenced in this presentation are trademarks or registered trademarks of SUSE, LLC, Inc. in the United States and
other countries. All third-party trademarks are the property of their respective owners.