Kubernetes

→ K3s

→ Install

sudo apt -y install open-iscsi
curl -sfL https://get.k3s.io | sh -
sudo cp /etc/rancher/k3s/k3s.yaml .kube/config
sudo kubectl apply -f https://raw.githubusercontent.com/longhorn/longhorn/v1.1.2/deploy/longhorn.yaml

→ Stop/Start

/usr/local/bin/k3s-killall.sh
systemctl start k3s

→ Run together with other remote

export KUBECONFIG=~/.kube/config-k3s

# use tools
kubectl ...
helm ...
k9s ...

→ Helm

→ Pass variables

helm install  airflow apache-airflow/airflow --namespace airflow  --values custom-values.yml

→ Kubectl

→ Volumes

#List the pvc
kubectl get pvc -n airflow
NAME                        STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE
logs-airflow-worker-0       Bound    pvc-4e9fdfef-7a16-4299-b68a-89ee92a12589   100Gi      RWO            local-path     8m15s
data-airflow-postgresql-0   Bound    pvc-94c585fd-451f-4728-a790-f6b61a2f2b6e   8Gi        RWO            local-path     8m15s
redis-db-airflow-redis-0    Bound    pvc-95d2ca98-0fe3-424b-a939-6ffd23edacc7   1Gi        RWO            local-path     8m15s

#Delete one pvc
kubectl delete pvc logs-airflow-worker-0 -n airflow

#Delete ALL the pvc
kubectl delete pvc -n airflow  --all

#sort by creation date asc
kgp --sort-by={metadata.creationTimestamp} --no-headers | tac

#get the last field, and print separated by tabs
kgp|awk 'OFS="\t"{print $NF, $1}'

→ service account

pod using a service account get access to services
secrets are mounted in the pod
it can also be environment variables
a given service account is bounded to a namespace

→ call kubernetes api within a pod

curl -v --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" https://kubernetes.default/api/v1/namespaces/dev-data-streams/pods?labelSelector=app%3Ddev-flink-cluster-session%2Ccomponent%3Dtaskmanager%2Ctype%3Dflink-native-kubernetes&resourceVersion=0&allowWatchBookmarks=true&watch=true

→ buzybox

kubectl run -i --tty --rm debug --image=ubuntu --restart=Never -n the-namespace -- bash


## Pod Security Policy

- [history of psp](https://kubernetes.io/blog/2022/08/23/podsecuritypolicy-the-historical-context/)
- [migration to psa](https://kubernetes.io/docs/tasks/configure-pod-container/migrate-from-psp/)

→ Kubectl plugin

Installation can be manual, just make available the binary kubectl-xyz in the PATH. Then kubectl xyz will be available.

React ?

This page was last modified: 2025-01-08 22:37