Cheat Sheet - AKS

Cheat Sheet - AKS

Adding a secret from plain text

kubectl create -n <namespace> secret generic <object> --from-literal=<key>=<value plain text>

Forwarding ports

kubectl port-forward --namespace=<namespace> <pod> <localport>:<podport>

# JVM remote debug 
kubectl port-forward --namespace=<namespace> <pod> 5005:5005

Forcefully remove a PVC & PV

kubectl patch pvc <pvc> -p '{\"metadata\":{\"finalizers\":null}}' -n <namespace>
kubectl delete pvc <pvc> --grace-period=0 --force -n <namespace>

Find existing authorized IP ranges (api-server-authorized-ip-range feature)

az aks show \
    --resource-group myResourceGroup \
    --name myAKSCluster \
    --query apiServerAccessProfile.authorizedIpRanges

Get environment variables of a running pod

kubectl get pod -n <namespace>
kubectl exec -it <podname> -n <namespace> -- printenv 

Display content of configmap

kubectl describe cm my-configmap -n <namespace>

Use labels to perform actions on pods

kubectl delete pod -l app=my-killer-app 
kubectl get pods -l app=my-killer-app

Quickly switch between context

alias devkube "kubectl config use-context kube-dev-context"
alias stgkube "kubectl config use-context kube-stg-context"
alias prdkube "kubectl config use-context kube-prd-context"

View resource utilization

kubectl top [node|pod]

Restarting pods (rollout)

kubectl get deployments -n <namespace>
kubectl rollout restart deployment <deployment> -n <namespace>

Restarting pods (scaling)

kubectl get deployments -n <namespace>
kubectl scale deployment --replicas=0 <deployment> -n <namespace>
kubectl scale deployment --replicas=x <deployment> -n <namespace>

Watch restart of pods

kubectl get pod -w -n <namespace>

Available AKS addons

  • http_application_routing: configure ingress with automatic public DNS name creation.
  • monitoring: turn on Log Analytics monitoring
  • virtual-node: enable AKS Virtual Node
  • azure-policy:
  • ingress-appgw: enable Application Gateway Ingress Controller addon.

Get pod logs

kubectl get pod 
kubectl logs <podname>
kubectl logs --follow <podname>

# Or use labels
kubectl logs -l app=my-killer-app --follow 

Access pod terminal

kubectl get pod 
kubectl exec --stdin --tty mysql-694d95668d-w7lv5 -- /bin/bash

Create a spot node pool

  • Can not be the primary pool on the AKS cluster
  • AKS version can not be upgrade
  • Needs to be VMSS based
az aks nodepool add --resource-group ResourceGroup --cluster-name AKSCluster --name spotnodepool --priority Spot --eviction-policy Delete --spot-max-price 1 --enable-cluster-autoscaler --min-count 1 --max-count 3 --no-wait

Scale cluster nodes

# Get name of node pool
az aks show --resource-group myResourceGroup --name myAKSCluster --query agentPoolProfiles

# Scale node pool 
az aks scale --resource-group myResourceGroup --name myAKSCluster --node-count 1 --nodepool-name <your node pool name>

Enable HTTP Application Routing

In case you forgot to enable it while deploying the AKS cluster

az aks enable-addons --addons http_application_routing -n <aks-cluster> -g <resource-group>

Connect to an AKS cluster

az aks get-credentials -g <resource-group> -n <aks-cluster>
kubectl get nodes 
[...]

Attach an ACR to an AKS cluster

az aks update -n <aks-cluster> -g <resource-group> --attach-acr <acr-name>

Set default namespace

kubectl config set-context --current --namespace=foobar

Get and switch current context

kubectl config get-contexts
kubectl config use-context ...