March 29, 2024

#Quick, dirty and effective commands for hacking your way into Kubernetes

Sometimes, we want to avoid going through the trouble of creating YAML files for resources, checking its syntax, and versioning everything. Sometimes, we only want something up and running for a POC, a quick test, or a debugging session. For those moments, these commands can help.

Spin up debug pods:

# Debug application for testing k8s features
## See docs here: https://github.com/stefanprodan/podinfo
kubectl create deployment podinfo --image=stefanprodan/podinfo

# Debug Ubuntu version with several networking stack tools pre-installed
kubectl create deployment nettools --image=hacklabr/docker-nettools

Create and expose a Postgres database:

kubectl create deployment postgres --replicas=0 --image=postgres:16.0
kubectl set env deployment/postgres POSTGRES_PASSWORD=pass POSTGRES_USER=user
kubectl scale --replicas=1 deployment/postgres
kubectl expose deployment/postgres --port=5432 --target-port=5432

Create Services for applications:

# Basic Service (ClusterIP)
## Service will expose 'port' / target application listens on 'target-port'
kubectl expose deployment podinfo --port=80 --target-port=9898 --name=podinfo-service

Run commands in containers:

# Latest Ubuntu container that spins up and gives you a shell 
# Container is deleted when you close the connection
kubectl run ubuntu --rm -it --image=ubuntu -- bash

# Similar to the previous one, but keeps the debug container active
kubectl create deployment ubuntu --image=ubuntu -- sleep infinity
kubectl exec -it deploy/ubuntu -- bash
kubectl delete deploy/ubuntu

Get a bird’s eye view of your cluster state:

# See all running pods on your cluster (regardless of namespace)
kubectl get pods -A

# Increase verbosity level of kubectl's output (works with all its operations)
kubectl -v=8 get pods -A

# Combine the previous command with "watch" to get an evergreen view
watch kubectl get pods -A

# Read CPU and RAM consumption of your nodes (requires metrics-server)
kubectl top nodes

# Read CPU and RAM consumption of all your pods (requires metrics-server) 
kubectl top pods -A

# Get cluster cluster state including logs from control plane applications
kubectl cluster-info dump

Force all Pods of a Deployment to be recreated:

kubectl rollout restart deployment <deployment_name>

Remove finalizers from an existing object (make sure you really know what you’re doing, though):

kubectl patch <object_name> -p '{"metadata":{"finalizers":[]}}' --type=merge

Some useful Helm commands to manage chart configurations:

# See all configurable options with detailed comments (equivalent to reading the values.yml)
# Example with the Coroot Helm Chart
helm show values coroot/coroot

# See all provided versions of a Helm Chart
helm search repo coroot/coroot --versions

# Get the values used when installing a Helm release
helm get values argocd -n argocd > argocd-values.yaml
helm upgrade argocd argo/argo-cd --version 5.9.1 --namespace argocd -f argocd-values.yaml

# Upgrade an existing Helm release in-place while keeping values provided during installation
helm upgrade argocd argo/argo-cd --reuse-values --force --version 5.9.1 --namespace argocd

Notable domain names available in-cluster:

https://kubernetes.default (Kubernetes API Server)
http://<service_name> (reaches a service in the same namespace as the client)

Section break
July 02, 2022

#Basic survival guide and commands for iptables

iptables is a Linux firewall tool that manages packet routing and can block or allow traffic based on rules like a packet’s origin or destination.

Its settings are organized in tables which contain sets of rules, called chains, that will filter data packets.

# Check current configuration
iptables -L -v

# Accept all requests from an IP
iptables -A INPUT -s <ip> -j ACCEPT

# Drop all requests from an IP
iptables -A INPUT -s <ip> -j DROP

# Accept all incoming TCP traffic to a given port
iptables -I INPUT -m state --state NEW -p tcp --dport <port> -j ACCEPT

# Drop all requests from a range of IPs
iptables -A INPUT -m iprange --src-range <ip_range_start>-<ip_range_end> -j DROP

# Drop all traffic (must be run after acceptance rules)
iptables -A INPUT -j DROP

# Delete all current rules
iptables -F

# Persist changes to disk
# Depending on your setup, you may need to run another command instead
netfilter-persistent save