Kubernetes is a container orchestrator consisting of master and worker nodes. It allows communication only through an API server, which serves as the core component of the control plane. The API server exposes an HTTP REST API that allows communication between internal components—like users and the cluster—and between external components.

You can think of the API server as the main user interface or front end of Kubernetes. It enables you to query, update or manage the state of Kubernetes objects or resources. To establish these interactions, the Kubernetes API can directly make REST requests, use client libraries or receive direct commands via the kubectl command line .

kubectl can help you perform various actions, including: 

Before you start using kubectl, it’s important to have a basic understanding of the command structure. Here is the general syntax of commands:

kubectl [command] [TYPE] [NAME] [flags]

Let’s review each of these attributes:

Use the kubectl get operation to list one or multiple resources. For example, use kubectl get pods to list all Kubernetes pods. Adding an output flag like get pods -o wide will list the pods and additional data, such as their associated node names. 

The get operation can list additional resources such as services and replication controllers. Use the kubectl command get rc or get services to list all services and replication controllers. 

The different variations of the get operation allow you to perform actions such as specifying specific nodes and reducing the length of resources using short aliases.

While the get command provides a compact resource list, the kubectl describe command offers detailed reports of the state of one or multiple resources. Kubernetes resources. The kubectl describe pods command describes all your Kubernetes pods. If a replication controller is managing the pods, you can use the describe pods <controller-name> command to display the pods’ details for the specified controller. 

The kubectl describe operation can focus on specific pods or nodes. For instance, you can use the kubectl command describe nodes <node-name> to display the details of the specified nodes. Alternatively, describe pods <pod-name> will display the specified pod’s details. 

You can use the apply command in kubectl to create resources from specific files or standard inputs (stdin). The kubectl apply -F servicename.yaml command creates a new service using a specific YAML file. The -f flag indicates the use of a file.

For example, if you want to create a new RC using the contents of your YAML file, you can use the apply -f controllername.yaml command. Another option is to use broader commands like apply -f <directory-path> to create a resource of service defined in a JSON or YAML file in your specified directory. 

The kubectl delete operation terminates services and resources you no longer require. It is essential for managing Kubernetes, allowing you to free up computing capacity for different Kubernetes tasks. 

For instance, you can use the kubectl delete pods –all command to eliminate all pods. When deleting pods, it is safer to use resource names and types specified in separate YAML files. If you use the examplepod.yaml file to create a pod, you can delete the pod using the command delete -f examplepod.yaml . 

Kubectl may also delete services and pods sharing specific labels, which you can assign using the label operation. For example, the delete pods,services -l name=<example-name> command deletes all pods and services labeled “example-name”.

A Kubernetes PersistentVolume is a mechanism for provisioning storage in a Kubernetes cluster. It can be configured manually by an administrator or automatically using StorageClasses. PVs are separate resources within the cluster, independent from the individual pods that use them. If a pod goes down, the PV stays in place and can be mounted on other pods. 

Behind the scenes, PV objects interact with physical storage devices using NFS, iSCSI, or with public cloud storage services. 

Here are three useful commands you can use to work with PersistentVolumes.

Run the following command to create a PV on a node (provide the URL to your PV manifest):

kubectl apply -f https://k8s.io/examples/pods/storage/pv-volume.yaml

Create a PersistentVolumeClaim (PVC) that requests a PV with the specific criteria. This enables dynamic provisioning of PVs. Run this command to create the PVC in the cluster:

kubectl apply -f https://k8s.io/examples/pods/storage/pv-claim.yaml

As soon as you create the PVC, the Kubernetes control plane starts looking for an appropriate PV. When it finds one, it binds the PVC to the PV. Run this command to see the status of a PV:

Running workloads securely in Kubernetes can be challenging. Various settings affect security controls used by the Kubernetes API. One of the powerful tools Kubernetes provides is setting a securityContext that all pod manifests can use.

Using security contexts in Kubernetes is easy. All you need to do is include the security context block in a Deployment manifest when deploying pods. For example, the following block instructs Kubernetes to run a pod with user ID of 1000 and a group ID of 2000:

Unlike RBAC, a security context does not require you to define different types of files (such as Roles and RoleBindings) to apply security rules. Just add the required security context code when declaring your Deployment, and Kubernetes will apply the rules for you automatically.

There are several useful commands for managing Kubernetes Deployments. Deployment management also covers StatefulSet and DaemonSet management. 

When updating a deployment, stateful set, or daemon set, you can use the rollout status command to view the update’s status. You can also cancel rollouts using the command rollout undo <statefulset-name / app-name> .  On the other hand, the rollout history <deployment name / app name> command will provide you with a history of changes to the deployment.

These commands are uncommon in practice because most admins use tools like Helm to manage deployments. 

You can use the command scale –replicas=N <deployment name / app name> to adjust the number of pods running for your deployment. In this context, N represents the updated number of replicas. It produces the same result as adjusting the number of replicas using the kubectl edit <deployment name / app name> command. 

Because you are probably using Helm or the pod autoscaler to make static changes, you are unlikely to use this approach in practice or make any manual changes. It is also possible to set up basic Kubernetes autoscaling capabilities with the kubectl autoscale operation. However, this command only works with the CPU utilization metric.

You can execute commands through kubectl using the exec operation, which runs commands against containers or pods. For instance, you can use the kubectl exec <pod-name> date command to run the date command in a shell on a specified pod and display the output. By default, this command executes on the first container in a pod. 

For another example, you can use the exec <pod-name> -c container-name date command in a specified container within your pod.

That’s it! While this list of commands won’t let you do everything in Kubernetes, it is enough to accomplish many day-to-day tasks. I hope this will be useful as you improve your mastery of containerized environments on your way to becoming a Kubernetes hero.

Gilad David Maayan is a technology writer who has worked with over 150 technology companies including SAP, Samsung NEXT, NetApp and Imperva, producing technical and thought leadership content that elucidates technical solutions for developers and IT leadership.

Gilad David Mayaan has 8 posts and counting. See all posts by Gilad David Mayaan

This webinar will teach you how to make Argo more effective by applying intelligent automation to deployment verifications. This can further enhance software delivery practices when combined with advanced deployment strategies such as blue-green, canary and progressive deployments with Argo Rollouts. This session will highlight how you can leverage intelligent automation to perform reliable risk […] The post Automating Deployment Verifications for Kubernetes Applications appeared first on DevOps.com. [...]

In this webinar, Santhosh Pasula, head of site reliability engineering at MassMutual, and Nathan Taber, principal product manager at AWS, will discuss best practices for enterprises adopting managed Kubernetes services such as Amazon EKS in public clouds to rapidly deploy and more easily operate modern applications. Haseeb Budhani, CEO and co-founder at Rafay Systems, will […] The post How Fortune 500 Companies Leverage Kubernetes and AWS to Accelerate App Modernization appeared first on DevOps.com. [...]

Understand how to transform your IT environment and workflows with AWS infrastructure and JFrog DevOps. The post WORKSHOP: Migrate to Modernize – How to Upgrade DevOps as You Move to the Cloud appeared first on DevOps.com. [...]

Kubernetes is a portable, extensible, open source platform for managing containerized workloads and services. Applications running in these workloads typically have users. And where you have users, you have authentication, authorization and user management. In this webinar, Dan Moore, head of developer relations at FusionAuth, will discuss the various aspects of auth from the standpoint […] The post Auth Considerations for Kubernetes appeared first on DevOps.com. [...]

DevOps has been around for more than a decade. However, security teams still struggle to react to the drastic changes it brought to the SDLC. The influx of tooling needed to facilitate DevOps also brought with it added attack surface, complexity and a lack of visibility; all of which have left security teams on their […] The post Top 5 Reasons Why Effective SDLC Security Controls Are So Difficult appeared first on DevOps.com. [...]

Cybersecurity resilience is a priority for enterprises that have ramped up digital transformation and distributed workforces in the past few years. However, differences of opinion about the urgency of application security solutions can be detrimental to enterprises. According to the latest World Economic Forum research, “While 92% of business executives agree that cybersecurity resilience is.. The post Closing the Gap: Reducing Enterprise AppSec Risks Without Disrupting Deadlines appeared first on Security Boulevard. [...]

Join the CISO Talk Master Class live conversation. Part 6 brings all the elements into a cohesive, integrated strategy: continuous security strategy, leveraging frameworks, effective response strategies, growing next-gen security experts and communications that win and combat confusion. Join hosts Mitch Ashley and Mat Newfield and an elite panel of cybersecurity experts as they bring.. The post CISO Talk Master Class Episode: Catch Lightning in a Bottle – The Essentials: Bringing It All Together appeared first on Security Boulevard. [...]

When artificial intelligence (AI) first arrived on the cybersecurity scene, there was understandably a lot of skepticism. Grandiose claims about the ability of AI platforms to eliminate the need for security analysts have given way to more rational assertions that focus on the role machine learning algorithms will play in augmenting the skills—and easing the.. The post AI and ML in Security appeared first on Security Boulevard. [...]

Even if you have a secure, compliant, correctly configured and continuously monitored cloud infrastructure, there are still major risks associated with your cloud-deployed apps. Secure cloud infrastructure does not mean secure applications, and solutions like cloud security posture management (CSPM) do not go deep enough into the application layer to ensure you are secure. There.. The post Why Cloud-Native Applications and APIs Are at Risk appeared first on Security Boulevard. [...]

DevOps has been around for more than a decade. However, security teams still struggle to react to the drastic changes it brought to the SDLC. The influx of tooling needed to facilitate DevOps also brought with it added attack surface, complexity and a lack of visibility; all of which have left security teams on their.. The post Top 5 Reasons Why Effective SDLC Security Controls Are So Difficult appeared first on Security Boulevard. [...]