Skip to content

Kubernetes

RBAC

list all RoleBindings and ClusterRoleBindings for a ServiceAccount

kubectl get rolebindings,clusterrolebindings \
  --all-namespaces  \
  -o custom-columns='KIND:kind,NAMESPACE:metadata.namespace,NAME:metadata.name,SERVICE_ACCOUNTS:subjects[?(@.kind=="ServiceAccount")].name' | grep sa-customer-cicd

List ingresses missing some annotation - powerful jq

k get ingress -A -o json | jq -r '.items[] | del(.metadata.annotations."kubectl.kubernetes.io/last-applied-configuration") | [.metadata.namespace, .metadata.name, .metadata.annotations[] ] | @tsv' | grep -v "websecure"

List ingresses missing some annotation 2 - powerful jq

k get ingress -A -o json | jq -r '.items[] | del(.metadata.annotations."kubectl.kubernetes.io/last-applied-configuration") | [.metadata.namespace, .metadata.name, (.metadata.annotations | to_entries | .[][] ) ] | @tsv'

Get decrypted fields from secrets v1

k get secrets secret_name -o json | jq -r '.data |to_entries[]| [.key, (.value|@base64d)]|@tsv'

Get decrypted fields from secrets v2

k get secrets secret_name -o -o jsonpath="{.data.secretFieldName}" | base64 -d

Get the ArgoCD password

k get applications.argoproj.io -n gdp-gitops infra-apps -o yaml  | grep adminPassword

Backup using Velero

  1. add Velero MSI Contributor access to te subscription

  2. Create backups with Velero

    velero backup create beforemig --exclude-namespaces kube-system,gdp-system,gdp-ingress,gdp-monitoring,gdp-gitops,gdp-security,velero

  3. Create a backup resource group

  4. Move snapshots to the new resource group

Cordon all nodes

 for n in $(kgno  --no-headers | awk '{print $1}'); do k cordon $n;done

Uncordon all nodes

 for n in $(kgno  --no-headers | awk '{print $1}'); do k uncordon $n;done

Get deployment zones as regions

kubectl get nodes -o custom-columns=NAME:'{.metadata.name}',REGION:'{.metadata.labels.topology\.kubernetes\.io/region}',ZONE:'{metadata.labels.topology\.kubernetes\.io/zone}'

Get labels of all pods nicely formatted using jsonpath

kgp -A  -ojsonpath='{range .items[*]}{.metadata.namespace}{"\t"}{.metadata.name}{"\t"}{.metadata.labels}{"\n"}{end}' | grep aadpodidbinding