CNCF CKAD Useful kubectl commands – Pods
kubectl edit po <pod-name>
A common task in the CKAD exam is to update the configuration of an existing Pod. Use the kubectl edit which opens a yaml manifest file in the default vi editor (learn & practice this if you do not know it).
The kubectl edit command will open the current pod manifest file in the VI editor – you can use VI commands to update following manifest file properties and simply save the updated file using vi ( :wq!).
Pod manifest field changes are straight-forward, simply edit these fields as required and save file (:qw!) to automatically deploy the following changes.
- spec.containers[*].image # changing the container image
- spec.initContainers[*].image # changing the init container image
- spec.activeDeadlineSeconds # update entry as seconds
- spec.tolerations # only additions to existing tolerations
- spec.terminationGracePeriodSeconds # allow it to be set to 1 if it was previously negative
=> kubectl edit po my-pod pod/my-pod edited
Note: Errors from invalid changes will result in the editor being re-presented containing the change file. The first file #header lines will describe the error in detail and possible remediation actions.
USEFUL LINKS: kubernetes.io – kubectl edit
kubectl replace --force -f /tmp/<change-file-name>.yaml
Following on from the kubectl edit section, your valid manifest changes to other fields, for example adding a spec.containers[*].resources.requests.cpu entry, and saving, will result in the editor re-presenting the changes with a representative warning message in #Header (example shown below).
# Please edit the object below. Lines beginning with a '#' will be ignored, # ... pods "my-pod" was not valid: # * spec: Forbidden: pod updates may not change fields other than `spec.containers[*].image`,`spec.initContainers[*].image...
… “/tmp/kubectl-edit-3373407627.yaml” 115L, 3444B
This output is expected and ok. The temporary change file in this example is /tmp/kubectl-edit-2634371665.yaml as shown in vi editor footer message. Exit the editor.
=> kubectl edit po my-pod error: pods "my-pod" is invalid A copy of your changes has been stored to "/tmp/kubectl-edit-3373407627.yaml" error: Edit cancelled, no valid changes were saved.
Once your happy with the edited manifest changes, simply apply the change file using the following kubectl replace command. Ensure you apply the nominated change file. The kubectl replace command will delete the old pod and created a new one. (Careful not to apply a previous change file if you regularly use command history to reduce typing).
=> kubectl replace --force -f <change-file-name> e.g. kubectl replace --force -f /tmp/kubectl-edit-3373407627.yaml pod "redis" deleted pod/redis replaced
The replaced pod configuration now contains your updated manifest change (spec.containers[*].resources.requests.cpu added in this example).
USEFUL LINKS: kubernetes.io – kubectl replace
kubectl get po <pod-name> -o jsonpath = '{.spec.containers[*].image}'
The kubectl get command can be used to filter pod metadata output using the -o jsonpath option. Notice the quotes & json path format.
=> kubectl get po sidecar-pod -o jsonpath='{.spec.containers[*].image}'nginx redis
This output indicates this pod has two containers deploying the latest nginx and redis images respectively.
USEFUL LINKS: kubernetes.io – kubectl get
kubectl taint no my-node <key=value>:[NoSchedule | PreferNoSchedule | NoExecute]
Taints apply to nodes, and Tolerations to pods, (note use by themselves does not guarantee your pod goes to desired node, see also Node Affinity).
While we can use kubectl taint to nodes to prevent pod scheduling, we can Not apply the corresponding pod toleration using kubectl imperative commands (we need to apply pod tolerations declaratively, but can use kubectl edit & kubectl replace, (described above). Refer Well Known Labels, Annotations & Taints for further examples of taints and tolerations.
Both Taints and corresponding negating Tolerations are based on use of same properties with matching values (‘kove’ = key, operator, value, effect [NoSchedule,PreferNoSchedule,NoExecute]).
Example:
key = bug-spray
operator = equals
value = mortein
effect = NoSchedule
Taint the node my-node
=> kubectl taint no my-node bug-spray=mortein:NoSchedule
node/my-node tainted
Taints can be removed with the same command suffixed with a dash.
=> kubectl taint no my-node bug-spray=mortein:NoSchedule-
node/my-node untainted
USEFUL LINKS: kubernetes.io – kubectl taint
kubectl delete po <pod-name> --force --grace-period=0
In the exam context the delay associated with a plain kubectl delete can take a very long time to return the cursor. Instead, try
=> kubectl delete po mynginx --force --grace-period=0 Warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely. pod "webapp" force deleted
Or equivalent if you setup the exports described in the Hints and Tips page.
=> kubectl delete po mynginx $now
USEFUL LINKS: kubernetes.io – kubectl delete
kubectl get po -o wide --show-labels
Using get pods with -o wide option is quick way of listing pod location (node / IP), and to show labels.
=> kubectl get po -o wide --show-labels
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS nginx 1/1 Running 0 17m 10.42.0.9 controlplane <none> <none> run=nginx newpods-v6p6h 1/1 Running 1 (60s ago) 17m 10.42.0.11 controlplane <none> <none> tier=busybox
USEFUL LINKS: kubernetes.io – kubectl get
kubectl get po -l <label-name>=<label-value> -A
Can filter pods by label using -l name=value, name2=value2,… (or –selector). Here we use -A for all namespaces.
=> kubectl get po -l run=nginx -A
NAMESPACE NAME READY STATUS RESTARTS AGE default nginx 1/1 Running 0 21m USEFUL LINKS: kubernetes.io – kubectl get
kubectl get po -l run=nginx -o json
Sometimes useful to retrieve pod meta in json format JSON (to work out json paths).
=> kubectl get po -l run=nginx -o json
k get po -l run=nginx -o json
{
"apiVersion": "v1",
"items": [
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": "2023-07-23T07:18:06Z",
"labels": {
"run": "nginx"
},
"name": "nginx",
...USEFUL LINKS: kubernetes.io – kubectl get