CKAD 1 | Core Conceptsο
Basic Creation commandsο
create pod
kubectl run podName --image=imageName --env=KEY=VALUE --labels=key=value --port=PortNum
delete pod
kubectl delete po podName
create deployment
kubectl create deployment depName --image=imageName -r replicaCount --port=PortNum
configMap
kubectl create cm cmName --from-literal=key=value
service
kubectl create svc clusterip svcName --tcp=sourceIP:targetIP
secret
kubectl create secret generic secretName --from-literal=key=value
apply file
kubectl apply -f fileName
bind secret and configmap
kubectl set env --from=secret/secretName --from=configmap/cmName objectType/objectName
update resource limits
kubectl set resources objectType objectName --limits=cpu=cpuQuotaUpperBound,memory=memQuotaUpperBound --requests=cpu=cpuQuotaLowerBound,memory=memQuotaLowerBound
label pod
kubectl label pods podName key=value --overwrite
update replicas
kubectl scale --replicas=repValue deployment/deploymentName
execute on pod
kubectl exec podName -c containerName -- command
unschedule node
kubectl cordon nodeName
node for maintaince
kubectl drain nodeName
bring node back
kubectl uncordon nodeName
taint node
kubectl taint node nodeName key=value:NoSchedule-
edit with YAML
kubectl edit objectType/objectName -o yaml
force replace YAML to update (donβt need to specify the object)
kubectl replace -f fileName --force
get pod logs
kubectl logs podName -n namespace
Commands and Argumentsο
Update pod container commands
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
command:
- commands
- to
- be
- executed
args:
- command
- arguments
Can also be written as,
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
command: ["commands", "to", "be", "executed"]
args: ["command", "arguments"]
ENTRYPOINTcommands in the Dockerfile will be override by pod definationWe can only specify the argument to use the commands in Dockerfile by default
Environment Variablesο
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
env:
- name: ENVVARNAME
value: envVarValue
Configmapο
Create configmap by,
$ kubectl create cm configMapName --from-literal=key=val
Bind pod with one key in configMap
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
env:
- name: KEY
valueFrom:
configMapKeyRef:
name: cmName
key: KEY
Bind pod with all Keys in configMap
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
envFrom:
- configMapRef:
name: cmName
Secretsο
Create a serect: must use
generic
$ kubectl create secret generic secretName --from-literal=KEY=value
Bind pod with secret
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
envFrom:
- secretRef:
name: secretName
Pod Executionο
One command
$ kubectl exec -it podName -- command
Get shell
$ kubectl exec -it podName -- sh
Security Contextο
Specify user for all containers in a pod
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
securityContext:
runAsUser: userID
containers:
- name: containerName
image: containerImage
Specify user for one container
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
securityContext:
runAsUser: userID
Grant container privileges of
CAP_SYS_TIME
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
securityContext:
capabilities:
add: ["SYS_TIME"]
Resourcesο
Set memory limitations
apiVersion: v1
kind: Pod
metadata:
name: podName
spec:
containers:
- name: containerName
image: containerImage
resources:
limits:
memory: 10Mi
requests:
memory: 5Mi
Node Affinityο
Show labels
$ kubectl get node --show-labels
Set a label
$ kubectl set node nodeName key=value