{"id":1372,"date":"2021-03-12T23:25:06","date_gmt":"2021-03-12T23:25:06","guid":{"rendered":"https:\/\/dft.wiki\/?p=1372"},"modified":"2026-06-09T09:26:50","modified_gmt":"2026-06-09T13:26:50","slug":"kubernetes-cheat-sheet","status":"publish","type":"post","link":"https:\/\/dft.wiki\/?p=1372","title":{"rendered":"Kubernetes Cheat Sheet"},"content":{"rendered":"

\"\"<\/p>\n

If you have ever worked with containers such as Docker, you know how efficient and fast they are.<\/p>\n

Kubernetes is a container orchestrator that automates deployments and shutdowns to make applications highly available and elastic in response to demand fluctuations.<\/p>\n

Everything starts with a Cluster, the “pool” that contains N resources called Nodes.<\/p>\n

The first node is the “master” and manages the workload on the other nodes, called “workers”.<\/p>\n

Pods (which contain the containers running the application) are distributed among the nodes for better performance.<\/p>\n

Kubernetes can scale the number of nodes up or down based on parameters such as CPU or RAM usage, indicating whether physical resources are insufficient or idle.<\/p>\n

\n

INSTALLING KUBERNETES<\/strong><\/p>\n

curl -LO https:\/\/storage.googleapis.com\/kubernetes-release\/release\/$(curl -s https:\/\/storage.googleapis.com\/kubernetes-release\/release\/stable.txt)\/bin\/linux\/amd64\/kubectl\r\nchmod +x .\/kubectl\r\nsudo mv .\/kubectl \/usr\/local\/bin\/kubectl<\/pre>\n
Download the configuration file from your Kubernetes server and assign it to a variable (store it in a safe location with appropriate permissions):<\/p>\n
export KUBECONFIG=kube1-kubeconfig.yaml<\/pre>\n
\n
MANAGING KUBERNETES<\/strong><\/p>\n
Useful commands for managing the cluster:<\/p>\n
kubectl --help\r\nkubectl get nodes\r\nkubectl cluster-info<\/pre>\n
Example of a simple manual container deployment:<\/p>\n
kubectl run nginx-api --image=nginx --port=80\r\nkubectl get pods\r\nkubectl describe pods\r\nkubectl delete pods nginx-api<\/pre>\n
Getting a Shell into the Container<\/strong><\/p>\n
kubectl exec --stdin --tty<\/strong> nginx-api-***********-**** -- bash<\/pre>\n
kubectl exec -it<\/strong> nginx-api-***********-**** -- bash<\/pre>\n
Automating Deployments<\/strong><\/p>\n
Create deployments.yaml<\/strong> using the template below (indentation must be respected):<\/p>\n
apiVersion: apps\/v1\r\nkind: Deployment<\/strong>\r\nmetadata:\r\n  name: nginx-deployment<\/strong>\r\n  labels:\r\n    app: nginx-instance<\/strong><\/span>\r\nspec:\r\n  replicas: 6\r\n  selector:\r\n    matchLabels:\r\n      app: nginx-instance<\/strong><\/span>\r\n  template:\r\n    metadata:\r\n      labels:\r\n        app: nginx-instance<\/strong><\/span>\r\n    spec:\r\n      containers:\r\n      - name: nginx-instance<\/strong><\/span>\r\n        image: nginx<\/strong>\r\n        imagePullPolicy: Always\r\n        ports:\r\n        - containerPort: 80<\/strong><\/pre>\n
kubectl apply -f nginx-deployment.yaml<\/strong><\/pre>\n
Editing the deployment configuration:<\/p>\n
export KUBE_EDITOR=nano\r\nkubectl edit deployment nginx-deployment\r\n<\/strong>kubectl get pods -o wide\r\n<\/pre>\n
Load Balancer<\/strong><\/p>\n
Create a file called loadbalancer.yaml<\/strong> as shown below:<\/p>\n
apiVersion: v1\r\nkind: Service<\/strong>\r\nmetadata:\r\n  name: nginx-loadbalancer<\/strong><\/span>\r\n  annotations:\r\n    service.beta.kubernetes.io\/linode-loadbalancer-throttle: \"5\"<\/strong>\r\n  labels:\r\n    app: nginx-loadbalancer<\/strong><\/span>\r\nspec:\r\n  type: LoadBalancer<\/strong>\r\n  selector:\r\n    app: nginx-instance<\/strong><\/span>\r\n  ports:\r\n    - name: http\r\n      protocol: TCP\r\n      port: 80\r\n      targetPort: 80\r\n  sessionAffinity: None<\/pre>\n
kubectl apply -f loadbalancer.yaml\r\n<\/strong>kubectl get services\r\nkubectl describe service nginx-loadbalancer<\/strong><\/pre>\n
Port Forwarding<\/strong><\/p>\n
kubectl port-forward app-********-***** 8080:80\r\nkubectl port-forward pods\/app-********-***** 8080:80\r\nkubectl port-forward deployment\/app 8080:80\r\nkubectl port-forward replicaset\/app-******** 8080:80\r\nkubectl port-forward service\/app 8080:80<\/pre>\n
NGINX is now accessible externally through the load balancer service!<\/strong><\/p>\n
Other useful commands:<\/p>\n
kubectl get pods -w\r\nkubectl get all\r\nkubectl scale deploy\/nginx --replicas=3\r\nkubectl rollout status deploy\/nginx\r\nkubectl rollout undo deploy\/nginx\r\nkubectl deploy nginx --image=nginx:1.17-alpine -o yaml --dry-run=client\r\nkubectl explain services<\/pre>\n
\n
BONUS<\/strong><\/p>\n
Recover an accidentally deleted manifest file from a K8s runtime:<\/p>\n
kubectl get <resource-type> <resource-name> -n <namespace> -o yaml > manifest.yaml<\/pre>\n
Install the Helm package manager:<\/p>\n
curl https:\/\/raw.githubusercontent.com\/helm\/helm\/main\/scripts\/get-helm-3 | bash<\/pre>\n
Free SSL\/TLS<\/strong> certificate from Let’s Encrypt<\/strong>.<\/p>\n
Install the prerequisites:<\/p>\n
helm repo add jetstack https:\/\/charts.jetstack.io\r\nhelm repo add ingress-nginx https:\/\/kubernetes.github.io\/ingress-nginx\r\nhelm repo update<\/pre>\n
helm install cert-manager jetstack\/cert-manager --namespace cert-manager --create-namespace --version v1.17.2 --set crds.enabled=true\r\nhelm upgrade --install ingress-nginx ingress-nginx\/ingress-nginx --namespace ingress-nginx --create-namespace --set controller.kind=DaemonSet --set controller.hostNetwork=true --set controller.daemonset.useHostPort=true --set controller.service.type=\"\" --set controller.ingressClassResource.name=nginx<\/pre>\n
Optionally, Traefik<\/strong> can be set as the default ingress controller:<\/p>\n
helm repo add traefik https:\/\/traefik.github.io\/charts \r\nhelm install traefik traefik\/traefik<\/pre>\n
Cluster Issuer<\/strong><\/p>\n
cat < cluster-issuer.yml\r\napiVersion: cert-manager.io\/v1\r\nkind: ClusterIssuer\r\nmetadata:\r\n  name: letsencrypt\r\nspec:\r\n  acme:\r\n    email: admin@example.com<\/strong><\/span>\r\n    server: https:\/\/acme-staging-v02.api.letsencrypt.org\/directory<\/strong>\r\n#    server: https:\/\/acme-v02.api.letsencrypt.org\/directory<\/strong>\r\n    privateKeySecretRef:\r\n      name: letsencrypt\r\n    solvers:\r\n    - http01:\r\n        ingress:\r\n          class: nginx\r\nEOF\r\nkubectl apply -f cluster-issuer.yml\r\nsleep 10\r\nkubectl get clusterissuer\r\nkubectl describe clusterissuer<\/pre>\n
Certificate<\/strong><\/p>\n
cat < certificate.yml\r\napiVersion: cert-manager.io\/v1\r\nkind: Certificate\r\nmetadata:\r\n  name: certificate-name<\/strong>\r\n  namespace: default\r\nspec:\r\n  secretName: tls-secret-name<\/strong>\r\n  issuerRef:\r\n    name: letsencrypt\r\n    kind: ClusterIssuer\r\n  dnsNames:\r\n  - app.dev.example.com<\/strong><\/span>\r\n#  - app.example.com\r\n# Up to 100 additional domains per single cert.<\/strong>\r\nEOF\r\nkubectl apply -f certificate.yml\r\nsleep 10\r\nkubectl describe certificate\r\nkubectl describe certificaterequest\r\nkubectl describe order\r\nkubectl describe challenges<\/pre>\n
Inline creation of an ingress with an SSL certificate:<\/p>\n
kubectl create ingress <ingress-name> --rule=example.com\/*=web:80,tls=<certificate-name><\/pre>\n
Rollout (or rollback) and restart of all pods in a deployment:<\/p>\n
kubectl rollout restart deployment <deployment-name><\/pre>\n
Meet etcd<\/code>, the distributed key-value store that guarantees the integrity of critical data in a distributed system like K8s [Link<\/a>].<\/p>\n