Name | Comments |
---|---|
kubernetes.io | Official Kubernetes site by Google |
Kubernetes 101 | Great beginner article on Kubernetes fundamental concepts |
Kubernetes Tutorial for Beginners | Full video of 4 hours on Kubernetes (2020) |
Learning Path: Kubernetes | From basic to advanced Kubernetes learning series |
Kubernetes 101 - Concepts and Why It Matters | |
kubernetes-workshop | |
Kubernetes Deployment Tutorial | |
Katacoda | Learn Kubernetes using Interactive Browser-Based Scenarios |
Name | Comments |
---|---|
Kubernetes Networking | Kubernetes Networking Resources |
Liveness and Readiness Probes |
Name | Comments |
---|---|
troubleshoot.sh | "A kubectl plugin providing diagnostic tools for Kubernetes applications" |
Kubernetes Troubleshooting Visual Guide |
Name | Comments |
---|---|
Kubescape | "Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA" |
Falco | "Falco...is the de facto Kubernetes threat detection engine" |
Name | Comments |
---|---|
confTest | "Conftest is a utility to help you write tests against structured configuration data" (Used in the development phase) |
datree | "Prevent Kubernetes Misconfigurations From Reaching Production" (Used in development phase) |
gatekeeper | Used in the production |
telepresence | "FAST, LOCAL DEVELOPMENT FOR KUBERNETES AND OPENSHIFT MICROSERVICES" |
Kubernetes CheatSheet | |
OperatiorHub.io | Kubernetes native applications |
YAML templates | |
Kubesort | "kubesort helps you sort the results from kubectl get in an easy way" |
IngressMonitorController | "A Kubernetes controller to watch ingresses and create liveness alerts for your apps/microservices" |
Name | Comments |
---|---|
KubeInvaders | "Chaos Engineering Tool for Kubernetes and Openshift" |
Name | Comments |
---|---|
CKAD-Practice-Questions | "a consolidated list for CKAD practice questions" |
CKAD Prep Exam Video | A video of doing a CKAD prep exam (2020) |
- Secure inter-service communication (one way is to use Istio to provide mutual TLS)
- Isolate different resources into separate namespaces based on some logical groups
- Use supported container runtime (if you use Docker then drop it because it's deprecated. You might want to CRI-O as an engine and podman for CLI)
- Test properly changes to the cluster (e.g. consider using Datree to prevent kubernetes misconfigurations)
- Limit who can do what (by using for example OPA gatekeeper) in the cluster
- Use NetworkPolicy to apply network security
- Consider using tools (e.g. Falco) for monitoring threats
- Minikube version:
minikube version
- Start cluster:
minikube start
- Delete cluster:
minikube delete
- Create objects defined in a YAML: kubectl apply -f rs.yaml
- List service accounts:
kubectl get serviceaccounts
- Cluster version:
kubectl version
- Cluster information:
kubectl cluster-info
- List nodes:
kubectl get nodes
-
List of Pods in current namespace:
kubectl get po
-
List of Pods in all amespaces:
kubectl get po --all-namespaces
-
Get containers names:
kubectl get po <POD_NAME> -o jsonpath="{.spec.containers[*].name}"
-
Create a Pod from file:
kubectl create -f pod_definition.yaml
-
Delete a Pod using a YAML definition:
kubectl delete -f pod_definition.yaml
-
Delete a Pod using the Pod name:
kubectl delete <POD_NAME>
-
Delete a Pod instantly:
kubectl delete <POD_NAME> --grace-period=0 --force
-
Execute commands inside a container:
kubectl exec -it -c <CONTAINER_NAME> <POD_NAME> ls
-
Display logs of a Pod:
kubectl logs <POD_NAME>
-
Display logs of a specific container in a Pod:
kubectl logs <POD_NAME> -c <CONTAINER_NAME>
-
Get Pod name based on specific labels
POD_NAME=$(kubectl get pod \
--no-headers \
-o=custom-columns=NAME:.metadata.name \
-l type=api,service=some-service \
| tail -1)
- Creating a new user
openssl genrsa -out user.key 2048 # create key
openssl req key user.key user.csr -subj "/CN=user /O=sgroup" # create csr
openssl x509 -req -in user.csr -CA ca.crt -CAkey ca.key -CAcreateseral -out user.crt -days 365
kubectl config set-credentials myuser --client-certificates=$PWD/user.crt --client-key=$PWD/user.key
kubectl config set-context myuser-context --cluster=k8s-cluster --user=user
- Expose a ReplicaSet:
kubectl expose rs REPLICASET_NAME --name=SERVICE_NAME --target-port=PORT --type=NodePort/SOME_OTHER_SERVICE_TYPE