Kubernetes tooling and shell setup

What is Kubectl ?

Kubectl

curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/darwin/amd64/kubectl"
chmod 755 kubectl
brew install kubectl
curl -LO "https://dl.k8s.io/release/$(curl -L -s
https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod 755 kubectl
kubectl versionClient Version: version.Info{Major:"1", Minor:"22", GitVersion:"v1.22.2"}Server Version: version.Info{Major:"1", Minor:"20+", GitVersion:"v1.20.9-gke.1001"}WARNING: version difference between client (1.22) and server (1.20) exceeds the supported minor version skew of +/-1

Kubecolor

brew install dty1er/tap/kubecolor# add in your .zshrc
alias k=kubecolor
git clone git@github.com:prune998/kubecolor.gitgit checkout prune/ctx-no-colorcd cmd/kubecolor && go build && cp kubecolor /usr/local/bin

ZSH Setup

export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"alias k=kubecolor
source <(kubectl completion zsh)
complete -F __start_kubectl kcompdef kubecolor=kubectlsource <(stern --completion=zsh)ulimit -n 2048 # kubectl opens one cnx (file) per resource# gcloud
source "/usr/local/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/path.zsh.inc"
source "/usr/local/Caskroom/google-cloud-sdk/latest/google-cloud-sdk/completion.zsh.inc"# AWS
complete -C '/usr/local/bin/aws_completer' aws

ZSH customization:

  • Oh-My-ZSH : lots of features in your shell
    Use plugins !!
plugins=(brew kubectl git python tmux vault terraform)
  • Themes
    - Agnoster ZSH theme: better prompt using Powerline Fonts
    - PowerLevel10k: emphasizes speed, flexibility and out-of-the-box experience
  • Fonts
    - Powerline Font: recommend NerdFonts Inconsolata or Firacode

Krew

kubectl krew listPLUGIN  VERSION
ctx v0.9.4
krew v0.4.1
ns v0.9.4
whoami v0.0.36

kubectl krew search
NAME DESCRIPTION INSTALLED
access-matrix Show an RBAC access matrix for server resources no
blame Show who edited resource fields. no
cert-manager Manage cert-manager resources inside your cluster no
ctx Switch between contexts in your kubeconfig yes
...
  • ctx: quick context ( current cluster ) changes
  • ns: quick current namespace changes
  • whoami: who the cluster thinks you are from your authentication
  • who-can: RBAC rules introspection
# list all the existing context, current one in yellow
k ctx
arn:aws:eks:us-east-1:111111111111:cluster/eks-example
gke-dv-st-cluster-1
gke-dev_us-central1_test-gke-cluster
# change context “manually”
kubectl config use-context gke-dev_us-central1_test-gke-cluster
# change the context using ctx
k ctx gke-dev_us-central1_test-gke-cluster
# delete context (why not ?)
k ctx -d gke-dv-st-cluster-1
# List all namespaces, current NS in yellow (not in Medium blogs...)
k ns
datadog-agents
default <----
kube-public
kube-system
# Set default NS by hand
kubectl config set-context --current --namespace=kube-system
# Set default Namespace
k ns kube-system

Cloud provider setup

AWS

curl "https://awscli.amazonaws.com/AWSCLIV2.pkg" -o "AWSCLIV2.pkg"
sudo installer -pkg AWSCLIV2.pkg -target /
export AWS_DEFAULT_REGION=us-east-1
export AWS_PAGER="" # prevent aws cli to auto-page = display inline
export BROWSER=echo # Do not open a browser, let you choose which browser to open
complete -C '/usr/local/bin/aws_completer' aws # add that to .zshrc for completion# remove dandling env variables
unset AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY
# configure (may ask questions here)
aws configure sso
aws sso login --profile profile_xxxxxx
export AWS_PROFILE=profile_xxxxxx
aws eks update-kubeconfig \ 
--region us-east-1 \
--name <cluster_name> \
--alias <friendly_name>

Google

brew install --cask google-cloud-sdk
gcloud components install kubectl # Optional
gcloud init
gcloud auth login
gcloud config set compute/region us-east1
gcloud container clusters get-credentials <cluster> --project <project>

Stern

brew install sternstern -n my-namespace dv-oma

Kustomize

  • Bundled with kubectl, but not all the features are available
  • Better install the full version for your CI/CD pipelines
  • Only output rendered YAML, you have to apply it later
kubectl   kustomize --enable-alpha-plugins /path/to/kustomize/folderkustomize build     --enable-alpha-plugins /path/to/kustomize/folder
kustomize build --enable-alpha-plugins /path/to/kustomize/folder | kubectl apply -f -
# cat /path/to/kustomize/folder/kustomization.yamlapiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- my_resources_file.yaml
- ../base
patches:
- ./manifests/my_patch.yaml
generators:
- my_generator.yaml

Kubernetes Dashboards

K9s

  • Open-Source
  • In your terminal, like top
  • CRUD operations on K8s resources
  • nothing to install server-side
  • lightweight
brew install k9sk9s -n <namespace>      # To run K9s in a given namespacek9s --context <context> # Start K9s in an existing KubeConfig contextk9s --readonly          # Start K9s in readonly mode - with all cluster modification
commands disabled
K9s

Lens

  • Launch on your own desktop, no server-side install
  • Include advanced config to reach remote clusters
  • Manage CustomResourceDefinitions (CRD)
  • Nice UI
  • Multi-cluster

VsCode extensions for Kubernetes

  • Kubernetes: Develop, deploy and debug Kubernetes applications
  • YAML: Language Support, with built-in Kubernetes syntax support
  • Indent-Rainbow: helper to better see Yaml indentations
Indent-Rainbow

Local Kubernetes

Kind

  • Kind is a local K8s cluster
  • Official Kubernetes tool to create lightweight K8s clusters
  • Support ingress / LB (with some tuning)
  • Work with Docker and Podman (and rootless with some more sweat)
brew install kindkind create cluster --help

K3s

sudo k3s server &# Kubeconfig is written to /etc/rancher/k3s/k3s.yaml
sudo k3s kubectl get node

Minikube

curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-darwin-amd64
sudo install minikube-darwin-amd64 /usr/local/bin/minikube
minikube start

Bonus tooling

KubePug

kubectl krew install deprecationsk deprecations --k8s-version=v1.22.0

Dive

brew install divedive cilium/cilium:v1.9.10

Dasel

brew install dasel
# Select the image for a container named authdasel select -f deployment.yaml -s "spec.template.spec.containers.(name=auth).image" tomwright/x:v2.0.0# Change the image for a container named authdasel put string -f deployment.yaml -s "spec.template.spec.containers.(name=auth).image" "tomwright/x:v2.0.0"# Update replicas to 3dasel put int -f deployment.yaml -s "spec.replicas" 3
# Add a new env var
dasel put object -f deployment.yaml -s "spec.template.spec.containers.(name=auth).env.[]" -t string -t string name=MY_NEW_ENV_VAR value=MY_NEW_VALUE# Update an existing env vardasel put string -f deployment.yaml -s "spec.template.spec.containers.(name=auth).env.(name=MY_NEW_ENV_VAR).value" NEW_VALUE

More Bonus: Containers without Docker

Colima

  • Intel and M1 Macs support
  • Simple CLI interface
  • Docker and Containerd support
  • Port Forwarding
  • Volume mounts
  • Kubernetes
  • Replace Docker-for-Desktop
brew install colima
brew install docker
colima start # default using Docker runtime
colima start --with-kubernetes # start kubernetes local cluster
colima start --runtime containerd --with-kubernetes # remove docker completely
colima status
INFO[0000] colima is running
INFO[0000] runtime: docker # or containerd
INFO[0000] arch: x86_64
INFO[0000] kubernetes: enabled
cat ~/.colima/colima.yaml
vm:
cpu: 2
disk: 60
memory: 2
arch: x86_64
forward_agent: false
mounts: []
runtime: containerd
kubernetes:
enabled: true
version: v1.22.2
colima nerdctl run -- -ti --rm alpine:latest sh
/ # ...

colima nerdctl ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
47e87f00711d docker.io/library/alpine:latest "sh" 18 seconds ago Up alpine-47e87

kubectl ctx
colima

kubectl get pods -A
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system coredns-85cb69466-bz5mw 1/1 Running 0 8m18s
kube-system local-path-provisioner-64ffb68fd-2g9gz 1/1 Running 0 8m18s
kube-system metrics-server-9cf544f65-t6tzs 1/1 Running 0 8m18s

Podman

  • multiple image formats including the OCI and Docker image formats
  • full management of container lifecycle
  • container image management (managing image layers, overlay filesystems, etc)
  • Podman 3.4+ now support M1 Apple Macs
  • Replaces Docker for Desktop
brew install podman
podman machine init
podman machine start
podman info
podman run registry.fedoraproject.org/fedora:latest echo helloalias docker=podman

Conclusion

--

--

--

Ops in a world of Dev

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Blog Post 305

Shadow CTF | Thirsty crow(write-up)

GitOps with Kubernetes: Managing Application using GitLab and Argo CD

Zombies! — A Game Written in Z80 Assembly

Open Banking at Crunch: a developer’s perspective

Exploring JShell:The Java Platform Shell

Sample CSS for Notification Badges

Traefik and Docker: A Discussion with Docker Captain, Bret Fisher

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Prune

Prune

Ops in a world of Dev

More from Medium

Terraform vs Kubernetes — Everything You Need To Know

Migrating to containerd and CRI-O after Dockershim Deprecation in Kubernetes 1.24

Securing Kubernetes according to the NSA

Kubernetes Secrets from Secrets Manager using External Secrets Operators