Kubectl (Kubernetes)


    • kubectx: switch between Kubernetes clusters
    • krew: package manager for kubectl plugins

    Create a secret

    # Create a basic secret
    kubectl create secret generic NAME1 -n NAMESPACE --from-litteral=key=value
    # Create credential to a docker registry
    kubectl create secret docker-registry NAME2 -n NAMESPACE --docker-server=REGISTRY --docker-username=USERNAME --docker-password=PASSWORD

    Read a secret

    By default, kubernetes store a secret as a base64, if you want read the secret test, with the key key in the namespace default, do as follow:

    kubectl get secrets -n default secret-name -o json | jq '.data["key"]' -r | base64 --decode

    Read all secrets

    kubectl get secrets secret-name --template='{{ range $key, $value := .data }}{{ printf "%s: %s\n" $key ($value | base64decode) }}{{ end }}'

    Update a secret

    Delete the secret or use the following trick:

    kubectl create secret generic NAME1 --from-litteral=key=new_value --dry-run -o yaml | kubectl apply -f -

    Get access to the service of a pod (similar to ssh forward)

    kubectl port-forward POD LOCAL_PORT:POD_PORT

    Connect to a pod (shell)

    kubectl exec -ti POD bash

    Investigate problem on a pod

    kubectl describe POD

    Get pods with certain status such as an Error

    kubectl get pods --field-selector "status.phase=Failed"

    Get pods sorted from age

    kubectl get pods --sort-by=.metadata.creationTimestamp


    Disable cronjob

    kubectl patch cronjobs <job-name> -p '{"spec" : {"suspend" : true }}'


    Trigger cronjob

    kubectl create job --from=cronjob/<cronjob_name> <job_name>