| Name | Comments |
|---|---|
| kubernetes.io | Official Kubernetes site by Google |
| Kubernetes 101 | Great beginner article on Kubernetes fundamental concepts |
| Kubernetes Tutorial for Beginners | Full video of 4 hours on Kubernetes (2020) |
| Learning Path: Kubernetes | From basic to advanced Kubernetes learning series |
| Kubernetes 101 - Concepts and Why It Matters | |
| kubernetes-workshop | |
| Kubernetes Deployment Tutorial | |
| Katacoda | Learn Kubernetes using Interactive Browser-Based Scenarios |
| Name | Comments |
|---|---|
| Kubernetes Networking | Kubernetes Networking Resources |
| Liveness and Readiness Probes |
| Name | Comments |
|---|---|
| troubleshoot.sh | "A kubectl plugin providing diagnostic tools for Kubernetes applications" |
| Kubernetes Troubleshooting Visual Guide |
| Name | Comments |
|---|---|
| Kubescape | "Kubescape is the first tool for testing if Kubernetes is deployed securely as defined in Kubernetes Hardening Guidance by NSA and CISA" |
| Falco | "Falco...is the de facto Kubernetes threat detection engine" |
| Name | Comments |
|---|---|
| confTest | "Conftest is a utility to help you write tests against structured configuration data" (Used in the development phase) |
| datree | "Prevent Kubernetes Misconfigurations From Reaching Production" (Used in development phase) |
| gatekeeper | Used in the production |
| telepresence | "FAST, LOCAL DEVELOPMENT FOR KUBERNETES AND OPENSHIFT MICROSERVICES" |
| Kubernetes CheatSheet | |
| OperatiorHub.io | Kubernetes native applications |
| YAML templates | |
| Kubesort | "kubesort helps you sort the results from kubectl get in an easy way" |
| IngressMonitorController | "A Kubernetes controller to watch ingresses and create liveness alerts for your apps/microservices" |
| Name | Comments |
|---|---|
| KubeInvaders | "Chaos Engineering Tool for Kubernetes and Openshift" |
| Name | Comments |
|---|---|
| CKAD-Practice-Questions | "a consolidated list for CKAD practice questions" |
| CKAD Prep Exam Video | A video of doing a CKAD prep exam (2020) |
- Secure inter-service communication (one way is to use Istio to provide mutual TLS)
- Isolate different resources into separate namespaces based on some logical groups
- Use supported container runtime (if you use Docker then drop it because it's deprecated. You might want to CRI-O as an engine and podman for CLI)
- Test properly changes to the cluster (e.g. consider using Datree to prevent kubernetes misconfigurations)
- Limit who can do what (by using for example OPA gatekeeper) in the cluster
- Use NetworkPolicy to apply network security
- Consider using tools (e.g. Falco) for monitoring threats
- Minikube version:
minikube version - Start cluster:
minikube start - Delete cluster:
minikube delete
- Create objects defined in a YAML: kubectl apply -f rs.yaml
- List service accounts:
kubectl get serviceaccounts
- Cluster version:
kubectl version - Cluster information:
kubectl cluster-info - List nodes:
kubectl get nodes
-
List of Pods in current namespace:
kubectl get po -
List of Pods in all amespaces:
kubectl get po --all-namespaces -
Get containers names:
kubectl get po <POD_NAME> -o jsonpath="{.spec.containers[*].name}" -
Create a Pod from file:
kubectl create -f pod_definition.yaml -
Delete a Pod using a YAML definition:
kubectl delete -f pod_definition.yaml -
Delete a Pod using the Pod name:
kubectl delete <POD_NAME> -
Delete a Pod instantly:
kubectl delete <POD_NAME> --grace-period=0 --force -
Execute commands inside a container:
kubectl exec -it -c <CONTAINER_NAME> <POD_NAME> ls -
Display logs of a Pod:
kubectl logs <POD_NAME> -
Display logs of a specific container in a Pod:
kubectl logs <POD_NAME> -c <CONTAINER_NAME> -
Get Pod name based on specific labels
POD_NAME=$(kubectl get pod \
--no-headers \
-o=custom-columns=NAME:.metadata.name \
-l type=api,service=some-service \
| tail -1)
- Creating a new user
openssl genrsa -out user.key 2048 # create key
openssl req key user.key user.csr -subj "/CN=user /O=sgroup" # create csr
openssl x509 -req -in user.csr -CA ca.crt -CAkey ca.key -CAcreateseral -out user.crt -days 365
kubectl config set-credentials myuser --client-certificates=$PWD/user.crt --client-key=$PWD/user.key
kubectl config set-context myuser-context --cluster=k8s-cluster --user=user
- Expose a ReplicaSet:
kubectl expose rs REPLICASET_NAME --name=SERVICE_NAME --target-port=PORT --type=NodePort/SOME_OTHER_SERVICE_TYPE