We have a k8s cluster with 10 workers. we run hundreds of pods in the cluster. we want to avoid running pods with default service account.
Need to find out the pods that are running with default service account. am able to find the number of pods using default service account with grep command but also need the pod name and the image it is using. Let us know your thoughts
In Case if you want to use just kubectl without jq :
needed to print both namespace and the pod name
kubectl get pods --all-namespaces -o jsonpath='{range .items[?(#.spec.serviceAccountName == "default")]}{.metadata.namespace} {.metadata.name}{"\n"}{end}' 2>/dev/null
i have added 2>/dev/null to avoid printing whole json template in case if no field was found
I used the below command to identify the pods from each namespace that is using default service account
kubectl get pods --all-namespaces -o json | jq '.items[] | select(.spec.serviceAccountName?=="default") | "\(.metadata.namespace) \(.metadata.name)"' | cut -d'"' -f2 | sort
if you are using k9s you can also :pod then e the pod to see which service account it is associated with
Related
I want to know the Object(Deployment/Statefulset/..) which is using a secret. Is there a way to find this out from a secret? Is there a tool in Kubernetes community to do this?
Seems like there is nothing built in, but you can use kubectl in conjuction with jq to figure it out. Here is the example for deployments
kubectl get deployment -o json | jq '.items[] | select(.spec.template.spec.volumes[]? | .secret.secretName=="<secret name>") | .metadata.name'
You can use this command to show the labels of the Object(Deployment/Statefulset) that matches the labels of the Secret
The Pods for example
kubectl get pods [pod_name] --show-labels
or
To get the label of the Secrets
kubectl describe secrets [secret_name]
kubectl get secrets
I am trying to write get Kubernetes pods with IP using ansible script/playbook.
I followed the instruction from Ansible documentation where they have shown following example
name: Get a list of all pods from any namespace
k8s_facts:
kind: Pod
register: pod_list
But this is returning list without ip and node name.
Using kubectl it is possible to get ip and name detail by running following command :
kubectl get pods --output=wide --namespace=mynamespace
If I have to implement this what should I modify? Meanwhile, I tried passing "output" parameter but the result didn't change (no ip and name listed in the result)
I just did:
sudo kubectl get nodes -o wide | grep md | grep Ready | awk '{print $6}'
With the shell module, and save that output in a file.
I also try to find a module for that, but either way, this works.
I want to know how I can check how many containers are currently running in my cluster? is there any command which shows me all the running containers in the cluster, not in a specific namespace. and how I can get the info about how many container per day get's run in my whole cluster?
You need to sum up all running containers in all pods. Try the following command.
kubectl get pod --all-namespaces | awk '{print $3}' | awk -F/ '{s+=$1} END {print s}'
Get all pods from all namespace :
kubectl get po --all-namespaces
Then you can have the number of containers in the READY column.
You can find some more info in the official doc
You can get pods by nodes and phase:
kubectl get po --all-namespaces=true --no-headers -o=custom-columns=NODE:.spec.nodeName,NAME:.metadata.name,STATUS:.status.phase --sort-by='.metadata.name'
hope this helps
I am seeking to how to be able to use multiple parameter on kubernetes. For example:
kubectl get pods -n default || kube-system
(but the results of this query come out only the result of default namespace).
How can I use multiple params?
You can't query for multiple namespaces resources in one command.
As there is explanation why it is not worth to do that on this github issue
But you can query for multiple resources across one or --all-namespaces. For example got get services and pods for namespace kube-dns and default(this will include workaround as #PEkambaram suggested)
kubectl get svc,pods --all-namespaces |egrep -e 'kube-dns|default'
try this
kubectl get po --all-namespaces | grep kube-system
or even better
kubectl get po --all-namespaces | grep -iE 'dns|api'
I am running an application with GKE. It works fine but I can not figure out how to get the external IP of the service in a machine readable format.
So i am searching a gcloud or kubectl command that gives me only the external IP or a url of the format http://192.168.0.2:80 so that I can cut out the IP.
You can use the jsonpath output type to get the data directly without needing the additional jq to process the json:
kubectl get services \
--namespace ingress-nginx \
nginx-ingress-controller \
--output jsonpath='{.status.loadBalancer.ingress[0].ip}'
NOTE
Be sure to replace the namespace and service name, respectively, with yours.
Maybe not GKE as my clusters are on AWS, but I assume logic will be similar. When you kubectl get svc you can select output format and it will show more then just the "normal" get. For me, with ELB based services to het LB hostname it's enough to run ie. kubectl -n kube-system get svc cluster-nginx-ingress-controller -o json | jq .status.loadBalancer.ingress.hostname
In my case 'kubectl get services' returns array of items, but not just one service.
So then such jsonpath works fine to me:
kubectl get services -l component=controller,app=nginx-ingress -o jsonpath="{.items[0].status.loadBalancer.ingress[0].ip}"
...and yet another way... This will list all the "load-balancer" services
kubectl get services --all-namespaces -o json | jq -r '.items[] | { name: .metadata.name, ns: .metadata.namespace, ip: .status.loadBalancer?|.ingress[]?|.ip }'
Depending on the networkPlugin used by your cluster services/pods may be exposed directly on external-ip. But this will also find an Ingress controllers run in the cluster.
To get the external-ip on GCP i can use:
kubectl get services --namespace=<your-namespace> -o jsonpath="{.items[0].status.loadBalancer.ingress[0].ip}"
The answers above do not provide the output the user asked. The correct command would be:
kubectl -n $namespace get svc $ingressServiceName -o json | jq -r .status.loadBalancer.ingress[].hostname
All previous solutions don't work any more for me (on GCP).
To get the IP:
kubectl get ingress <YOUR_INGRESS_NAME> -o jsonpath="{.status.loadBalancer.ingress[0].ip}"
To get the host-name:
kubectl get ingress <YOUR_INGRESS_NAME> -o jsonpath="{.spec.rules[0].host}"
Type
minikube tunnel
or
kubectl cluster-info
You can get the public exposed IP of your relevant service.