Quick Reference
#verify health of the cluster
kubectl get nodes
# List all deployments in all namespaces
kubectl get deployments --all-namespaces=true
# List all deployments in a specific namespace
# Format :kubectl get deployments --namespace <namespace-name>
kubectl get deployments --namespace kube-system
# List details about a specific deployment
# Format :kubectl describe deployment <deployment-name> --namespace <namespace-name>
kubectl describe deployment my-dep --namespace kube-system
# List pods using a specific label
# Format :kubectl get pods -l <label-key>=<label-value> --all-namespaces=true
kubectl get pods -l app=nginx --all-namespaces=true
# Get logs for all pods with a specific label
# Format :kubecl logs -l <label-key>=<label-value>
kubectl logs -l app=nginx --namespace kube-system
# set default Namespace context
kubectl config set-context --current --namespace=app-d
# List the pods
kubectl get pods -l app.kubernetes.io/name=vault
# Connect to the instance
kubectl exec -ti vault-0 -- vault operator init
# Create a namespace for your ingress resources
kubectl create namespace app-d
#Get status:
kubectl --namespace ingress-basic get services -o wide -w nginx-ingress-controller
kubectl get service -l app=nginx-ingress --namespace ingress-basic
kubectl get events -n app-d
kubectl.exe logs kyron-api-948458ffc-27b65
#Create two new deployments
kubectl apply -f ..\..\helm\app1.yaml --namespace app-d
kubectl apply -f ..\..\helm\app2.yaml --namespace app-d
kubectl apply -f ..\..\helm\api.yaml --namespace app-d
# Set Default Context
kubectl config set-context --current --namespace=app-d
# Delete deployments, service, and ingress
kubectl delete ingress kyron-api
kubectl.exe delete deployments kyron-api
kubectl.exe delete service kyron-api
#uninstall:
helm delete consul
kubectl delete namespace consul
Resources
To install the K8s Dasbhoard:
kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kube-system:kubernetes-dashboard
az aks enable-addons --addons kube-dashboard -g $rg -n $aks
Additional way to export the k8s config - this didn't work for me tho :(
# push output config from terraform to a file
echo "$(terraform output kube_config)" > ./azurek8s
# setup env variable for k8s
$env:KUBECONFIG = "./azurek8s"
$sub = "SOME_SUB"
$tenant = "SOME_AAD_TENANT"
az ad sp create-for-rbac --subscription $sub --sdk-auth | base64 -w0
Creating Ingres using NGinx
# Create a namespace for your ingress resources
kubectl create namespace app-d
# Add the official stable repository
helm repo add stable https://kubernetes-charts.storage.googleapis.com/
# Use Helm to deploy an NGINX ingress controller
helm install nginx-ingress stable/nginx-ingress `
--namespace app-d `
-f ..\..\helm\internal-ingress.yaml `
--set controller.replicaCount=2 `
--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux `
--set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux
# HELM
kubectl create namespace consul
helm install consul hashicorp/consul `
--namespace consul `
-f ..\..\helm\hc-consul.yaml `
--set connectInject.enabled=true `
--set connectInject.nodeSelector="beta.kubernetes.io/os: linux" `
--set client.enabled=true `
--set client.grpc=true `
--set client.nodeSelector="beta.kubernetes.io/os: linux" `
--set server.nodeSelector="beta.kubernetes.io/os: linux" `
--set syncCatalog.enabled=true `
--set syncCatalog.nodeSelector="beta.kubernetes.io/os: linux"
kubectl port-forward -n consul svc/consul-consul-ui 8080:80
kubectl create secret tls first-secret-name \
--cert first-cert-file --key first-key-file
#Get status:
kubectl --namespace ingress-basic get services -o wide -w nginx-ingress-controller
kubectl get service -l app=nginx-ingress --namespace ingress-basic
kubectl get events -n ingress-basic
kubectl get events -n app-d
#Create two new deployments
kubectl apply -f ..\..\helm\app1.yaml --namespace app-d
kubectl apply -f ..\..\helm\app2.yaml --namespace app-d
# K8s for
kubectl config set-context --current --namespace=app-d
kubectl apply -f ..\..\helm\api.yaml --namespace app-d
kubectl apply -f ..\..\helm\api2.yaml --namespace app-d
kubectl apply -f ..\..\helm\justin.yaml --namespace app-d
# helm install api ..\..\helm\api.yaml --namespace app-d
kubectl exec -it api-948458ffc-m5dml -- curl http://localhost:5000/status
kubectl exec -it api-948458ffc-m5dml -- curl http://172.16.192.32:80/status
$pod = "justin-7fdc8596bb-pmk29"
kubectl exec -it $pod -- curl http://172.16.192.32:80/status
kubectl exec -it $pod -- curl http://localhost:5000/status
kubectl logs --tail=20 api-948458ffc-tfvkl
kubectl logs -f $(kubectl get pods | awk '/api/ {print $1;exit}')
kubectl delete ingress api
kubectl.exe delete deployments api
kubectl.exe delete service api
$name = "justin"
kubectl delete ingress $name
kubectl.exe delete deployments $name
kubectl.exe delete service $name
#uninstall:
helm delete consul
kubectl delete namespace consul
$ACR_SHORTNAME = "SOMEREPO"
$ACR_NAME="SOMEREPO.azurecr.io"
$ACR_UNAME="appd-creds-topull"
$ACR_PASSWD = "SOMEPASSWORD"
# assumes ACR Admin Account is enabled
ACR_UNAME=$(az acr credential show -n $ACR_NAME --query="username" -o tsv)
ACR_PASSWD=$(az acr credential show -n $ACR_NAME --query="passwords[0].value" -o tsv)
kubectl create secret docker-registry $ACR_SHORTNAME `
--docker-server=$ACR_NAME `
--docker-username=$ACR_UNAME `
--docker-password=$ACR_PASSWD `
--docker-email=cploegj@jci.com
docker login -u appd-creds-topull -p SOMEPASS SOMEREPO.azurecr.io
#Create the ingres route in the hello-world-ingress.yaml, then load
kubectl apply -f ..\..\helm\hello-world-ingress.yaml
# Test: To test the routes for the ingress controller, browse to the two applications with a web client. If needed, you can quickly test this internal-only functionality from a pod on the AKS cluster. Create a test pod and attach a terminal session to it:
#either or
kubectl run -it --rm aks-ingress-test --image=debian --namespace ingress-basic
kubectl attach aks-ingress-test-cc78684bb-t482j -c aks-ingress-test -i -t
# Install curl in the pod using apt-get:
apt-get update && apt-get install -y curl
# Now access the address of your Kubernetes ingress controller using curl, such as http://172.16.192.245. Provide your own internal IP address specified when you deployed the ingress controller in the first step of this article.
curl -L http://172.16.192.245
Create a namespace for your ingress resources
kubectl create namespace app-d
Add the official stable repository
helm repo add stable https://kubernetes-charts.storage.googleapis.com/
Use Helm to deploy an NGINX ingress controller
helm install nginx-ingress stable/nginx-ingress `
--namespace app-d `
-f ..\..\helm\internal-ingress.yaml `
--set controller.replicaCount=2 `
--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux `
--set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux
HELM
kubectl create namespace consul
helm install consul hashicorp/consul `
--namespace consul `
-f ..\..\helm\hc-consul.yaml `
--set connectInject.enabled=true `
--set connectInject.nodeSelector="beta.kubernetes.io/os: linux" `
--set client.enabled=true `
--set client.grpc=true `
--set client.nodeSelector="beta.kubernetes.io/os: linux" `
--set server.nodeSelector="beta.kubernetes.io/os: linux" `
--set syncCatalog.enabled=true `
--set syncCatalog.nodeSelector="beta.kubernetes.io/os: linux"
kubectl port-forward -n consul svc/consul-consul-ui 8080:80
kubectl create secret tls first-secret-name \
--cert first-cert-file --key first-key-file
Get status:
kubectl --namespace ingress-basic get services -o wide -w nginx-ingress-controller
kubectl get service -l app=nginx-ingress --namespace ingress-basic
kubectl get events -n ingress-basic
kubectl get events -n app-d
Create two new deployments
kubectl apply -f ..\..\helm\app1.yaml --namespace app-d
kubectl apply -f ..\..\helm\app2.yaml --namespace app-d
K8s for
kubectl apply -f ..\..\helm\api.yaml --namespace app-d
kubectl apply -f ..\..\helm\api2.yaml --namespace app-d
kubectl apply -f ..\..\helm\justin.yaml --namespace app-d
# helm install api ..\..\helm\api.yaml --namespace app-d
kubectl exec -it api-948458ffc-m5dml -- curl http://localhost:5000/status
kubectl exec -it api-948458ffc-m5dml -- curl http://172.16.192.32:80/status
$pod = "justin-7fdc8596bb-pmk29"
kubectl exec -it $pod -- curl http://172.16.192.32:80/status
kubectl exec -it $pod -- curl http://localhost:5000/status
kubectl logs --tail=20 api-948458ffc-tfvkl
kubectl logs -f $(kubectl get pods | awk '/api/ {print $1;exit}')
uninstall:
kubectl delete ingress api
kubectl.exe delete deployments api
kubectl.exe delete service api
$name = "justin"
kubectl delete ingress $name
kubectl.exe delete deployments $name
kubectl.exe delete service $name
#uninstall:
helm delete consul
kubectl delete namespace consul
Create the ingres route in the hello-world-ingress.yaml, then load
kubectl apply -f ....\helm\hello-world-ingress.yaml
Install curl in the pod using apt-get:
apt-get update && apt-get install -y curl
Access the Containers:
# assumes ACR Admin Account is enabled
ACR_UNAME=$(az acr credential show -n $ACR_NAME --query="username" -o tsv)
ACR_PASSWD=$(az acr credential show -n $ACR_NAME --query="passwords[0].value" -o tsv)
kubectl create secret docker-registry $ACR_SHORTNAME `
--docker-server=$ACR_NAME `
--docker-username=$ACR_UNAME `
--docker-password=$ACR_PASSWD `
--docker-email=cploegj@jci.com
docker login -u appd-creds-topull -p SOMEPASS SOMEREPO.azurecr.io
#Create the ingres route in the hello-world-ingress.yaml, then load
kubectl apply -f ..\..\helm\hello-world-ingress.yaml
# Test: To test the routes for the ingress controller, browse to the two applications with a web client. If needed, you can quickly test this internal-only functionality from a pod on the AKS cluster. Create a test pod and attach a terminal session to it:
#either or
kubectl run -it --rm aks-ingress-test --image=debian --namespace ingress-basic
kubectl attach aks-ingress-test-cc78684bb-t482j -c aks-ingress-test -i -t
# Install curl in the pod using apt-get:
apt-get update && apt-get install -y curl
# Now access the address of your Kubernetes ingress controller using curl, such as http://172.16.192.245. Provide your own internal IP address specified when you deployed the ingress controller in the first step of this article.
curl -L http://172.16.192.245
AKS
Alternative - use App Gateway Ingress Controller (AGIC)
Lets Encrypt
Last updated
Was this helpful?