How to update secret with "kubectl patch --type='json'" - kubernetes

I created a secret like this:
kubectl create secret generic test --from-literal=username=testuser --from-literal=password=12345
I want to update the username to testuser2 but I want to do it only with kubectl patch --type='json'.
This is how I tried to do it:
kubectl patch secret test --type='json' -p='[{"data":{"username": "testuser 2"}}]' -v=1
But I received:
The "" is invalid
Remember, I want to do it with the option of --type='json', no other workarounds.


I found how to do it after I read here that referred me to this great article.
This is the JSON secret:
{
"apiVersion": "v1",
"data": {
"password": "aWx1dnRlc3Rz",
"username": "dGVzdHVzZXI="
},
"kind": "Secret",
"metadata": {
"creationTimestamp": "2019-04-18T11:37:09Z",
"name": "test",
"namespace": "default",
"resourceVersion": "3017",
"selfLink": "/api/v1/namespaces/default/secrets/test",
"uid": "4d0a763e-61ce-11e9-92b6-0242ac110015"
},
"type": "Opaque"
}
Therefore, to update the user's field I needed to create the JSON Patch format:
[
{
"op" : "replace" ,
"path" : "/data/username" ,
"value" : "dGVzdHVzZXIy" # testuser2 in base64
}
]
Notice that the value should be in base64.
The result is:
kubectl patch secret test --type='json' -p='[{"op" : "replace" ,"path" : "/data/username" ,"value" : "dGVzdHVzZXIy"}]'


This is what I do in order to replace the secret:
kubectl patch secret my-secret --patch="{\"data\": { \"NEW_PASSWORD\": \"$(echo -n mypassword |base64 -w0)\" }}" -oyaml


This command solved my issue on version 1.24.x:
kubectl patch secret app-sec --patch="{\"data\": { \"license-id\": \"TEST\" }}" -oyaml

Related

How to retrieve the api server URL with kubeadm?

Is there a kubectl command which returns the API server URL?
What I want is the code I need to put instead of below ... :
API_SERVER_URL=$(kubectl ...)
echo $API_SERVER_URL
http://<API_SERVER_IP>:<API_SERVER_PORT>
API_SERVER_IP should be the very same that the one in my .kube/config.

Try this:
kubectl proxy --port=8090 &
curl http://localhost:8090/api/
This returns something like this:
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "10.165.39.165:16443"
}
]
}
Without proxying you can use:
https://10.165.39.165:16443/api
but you need to pass authorization in the request.
In the response you see the array with the versions.
From here you can call and inspect the versions or get what is available on that version.
curl http://localhost:8090/api/v1
{
"kind": "APIResourceList",
"groupVersion": "v1",
"resources": [
....
"shortNames": [
"cs"
]
},
{
"name": "configmaps",
"singularName": "",
"namespaced": true,
"kind": "ConfigMap",
"verbs": [
"create",
"delete",
"deletecollection",
"get",
"list",
"patch",
"update",
"watch"
],
"shortNames": [
"cm"
],
.....

This one works fine:
PROTOCOL=$(kubectl get endpoints -n default kubernetes -o yaml -o=jsonpath="{.subsets[0].ports[0].name}")
IP=$(kubectl get endpoints -n default kubernetes -o yaml -o=jsonpath="{.subsets[0].addresses[0].ip}")
PORT=$(kubectl get endpoints -n default kubernetes -o yaml -o=jsonpath="{.subsets[0].ports[0].port}")
API_SERVER_URL="${PROTOCOL}://${IP}:${PORT}"
and its result is something like that:
echo $API_SERVER_URL
https://172.18.0.3:6443

Istio -- Delete istio-control-plane Process Is Frozen

I was trying to uninstall and reinstall Istio from k8s cluster following the steps:
But I made a mistake that I deleted the namespace before deleting the istio-control-plane: kubectl delete istiooperator istio-control-plane -n istio-system. Then when I try to delete the istio-control-plane again, it froze.
I tried to remove the finalizer using the following steps but it said Error from server (NotFound): istiooperators.install.istio.io "istio-control-plane" not found
kubectl get istiooperator -n istio-system -o json > output.json
nano output.json # and remove finalizer
kubectl replace --raw "/apis/install.istio.io/v1alpha1/namespaces/istio-system/istiooperators/istio-control-plane/finalize" -f output.json
Here is the content of kubectl get istiooperator -n istio-system -o json:
{
"apiVersion": "v1",
"items": [
{
"apiVersion": "install.istio.io/v1alpha1",
"kind": "IstioOperator",
"metadata": {
"annotations": {
"kubectl.kubernetes.io/last-applied-configuration": "{\"apiVersion\":\"install.istio.io/v1alpha1\",\"kind\":\"IstioOperator\",\"metadata\":{\"annotations\":{},\"name\":\"istio-control-plane\",\"namespace\":\"istio-system\"},\"spec\":{\"addonComponents\":{\"prometheus\":{\"enabled\":false},\"tracing\":{\"enabled\":false}},\"hub\":\"hub.docker.prod.walmart.com/istio\",\"profile\":\"default\",\"values\":{\"global\":{\"defaultNodeSelector\":{\"beta.kubernetes.io/os\":\"linux\"}}}}}\n"
},
"creationTimestamp": "2020-12-05T23:39:34Z",
"deletionGracePeriodSeconds": 0,
"deletionTimestamp": "2020-12-07T16:41:41Z",
"finalizers": [
],
"generation": 2,
"name": "istio-control-plane",
"namespace": "istio-system",
"resourceVersion": "11750055",
"selfLink": "/apis/install.istio.io/v1alpha1/namespaces/istio-system/istiooperators/istio-control-plane",
"uid": "fda8ee4f-54e7-45e8-91ec-c328fad1a86f"
},
"spec": {
"addonComponents": {
"prometheus": {
"enabled": false
},
"tracing": {
"enabled": false
}
},
"hub": "hub.docker.prod.walmart.com/istio",
"profile": "default",
"values": {
"global": {
"defaultNodeSelector": {
"beta.kubernetes.io/os": "linux"
}
}
}
},
"status": {
"componentStatus": {
"Base": {
"status": "HEALTHY"
},
"IngressGateways": {
"status": "HEALTHY"
},
"Pilot": {
"status": "HEALTHY"
}
},
"status": "HEALTHY"
}
}
],
"kind": "List",
"metadata": {
"resourceVersion": "",
"selfLink": ""
}
}
Any ideas on how can I uninstall istio-control-plane manually?

You can use below command to change istio operator finalizer and delete it, it's a jq/kubectl oneliner made by #Rico here. I have tried also with kubectl patch but it didn't work.
kubectl get istiooperator -n istio-system istio-control-plane -o=json | \
jq '.metadata.finalizers = null' | kubectl apply -f -
Additionally I have used istioctl operator remove
istioctl operator remove
Removing Istio operator...
Removed Deployment:istio-operator:istio-operator.
Removed Service:istio-operator:istio-operator.
Removed ServiceAccount:istio-operator:istio-operator.
Removed ClusterRole::istio-operator.
Removed ClusterRoleBinding::istio-operator.
✔ Removal complete
Results from kubectl get
kubectl get istiooperator istio-control-plane -n istio-system
Error from server (NotFound): namespaces "istio-system" not found

kubectl - get names of pods with specific label

I am trying to get the podname from the pod json using the command which is returning the error
kgp -o jsonpath="{.items[*].metadata[?(#.labels.module=='ddvv-script')].name}"
Error
is not array or slice and cannot be filtered. Printing more information for debugging the template:
template was:
{.items[*].metadata[?(#.labels.module=='ddvv-script')].name}
object given to jsonpath engine was:
Sample file
{
"apiVersion": "v1",
"items": [
{
"apiVersion": "v1",
"kind": "Pod",
"metadata": {
"creationTimestamp": "2020-09-18T17:42:50Z",
"generateName": "ddvv-script-6b784db6bd-",
"labels": {
"app": "my-configs",
"lf.module": "ddvv-script",
"module": "ddvv-script",
"pod-template-hash": "6b784db6bd",
"release": "config"
},
"name": "ddvv-script-6b784db6bd-rjtgh",
What is wrong with this command

You can use below command. It gets podname of pods which has label module=ddvv-script
kubectl get pods --selector=module=ddvv-script --output=jsonpath={.items..metadata.name}

kgp -o jsonpath="{.items[*].metadata[?(#.labels.module=='ddvv-script')].name}"
should be
kgp -o jsonpath="{.items[?(#.metadata.labels.module=='ddvv-script')].metadata.name}"

How to check external metrics data in Kubernetes?

I am using DirectXMan12/k8s-prometheus-adapte to push the external metric from Prometheus to Kubernetes.
After pushing the external metric how can I verify the data is k8s?
When I hit kubectl get --raw /apis/external.metrics.k8s.io/v1beta1 | jq I got the following result but after that, I do not have an idea how to fetch actual metrics value
{
"kind": "APIResourceList",
"apiVersion": "v1",
"groupVersion": "external.metrics.k8s.io/v1beta1",
"resources": [
{
"name": "subscription_back_log",
"singularName": "",
"namespaced": true,
"kind": "ExternalMetricValueList",
"verbs": [
"get"
]
}]
}

actual metric value is fetched per instance, for example, the metric you attached is namespaced: true, assuming the metric is for pods, you can access the actual data at
kubectl get --raw "/apis/external.metrics.k8s.io/v1beta1/namespaces/wanted_namepsace/pods/*/subscription_back_log" | jq '.'
(or specify the pod name instead of *)
If you want HPA to read you metric, the configurations are (for example)
apiVersion: autoscaling/v2beta1
kind: HorizontalPodAutoscaler
metadata:
name: your-hpa
spec:
scaleTargetRef:
apiVersion: apps/v1
kind: Deployment
name: your-pod
minReplicas: 1
maxReplicas: 10
metrics:
- pods:
metricName: subscription_back_log
targetAverageValue: 10000
type: Pods

The metric is namespaced, so you will need to add the namespace into the URL. Contrary to what the other answer suggests, I believe you don't need to include pods into the URL. This is an external metric. External metrics are not associated to any kubernetes object, so only the namespace should suffice:
/apis/external.metrics.k8s.io/v1beta1/namespaces/<namespace>/<metric_name>
Here's an example that works for me, using an external metric in my setup:
$ kubectl get --raw /apis/external.metrics.k8s.io/v1beta1 | jq
{
"kind": "APIResourceList",
"apiVersion": "v1",
"groupVersion": "external.metrics.k8s.io/v1beta1",
"resources": [
{
"name": "redis_key_size",
"singularName": "",
"namespaced": true,
"kind": "ExternalMetricValueList",
"verbs": [
"get"
]
}
]
}
$ kubectl get --raw /apis/external.metrics.k8s.io/v1beta1/namespaces/default/redis_key_size
{
"kind": "ExternalMetricValueList",
"apiVersion": "external.metrics.k8s.io/v1beta1",
"metadata": {},
"items": [
{
"metricName": "redis_key_size",
"metricLabels": {
"key": "..."
},
"timestamp": "2021-10-07T09:00:01Z",
"value": "0"
},
...
]
}

how to get objects's metadata name in kubernetes

I can get all the things of a list of objects, such as Secrets and ConfigMaps.
{
"kind": "SecretList",
"apiVersion": "v1",
"metadata": {
"selfLink": "/api/v1/namespaces/kube-system/secrets",
"resourceVersion": "499638"
},
"items": [{
"metadata": {
"name": "aaa",
"namespace": "kube-system",
"selfLink": "/api/v1/namespaces/kube-system/secrets/aaa",
"uid": "96b0fbee-f14c-423d-9734-53fed20ae9f9",
"resourceVersion": "1354",
"creationTimestamp": "2020-02-24T11:20:23Z"
},
"data": "aaa"
}]
}
but I only want the name list, for this example :"aaa". Is there any way?

Yes, you can achieve it by using jsonpath output. Note that the specification you posted will look quite differently once applied. It will create one Secret object in your kube-system namespace and when you run:
$ kubectl get secret -n kube-system aaa -o json
the output will look similar to the following:
{
"apiVersion": "v1",
"kind": "Secret",
"metadata": {
"creationTimestamp": "2020-02-25T11:08:21Z",
"name": "aaa",
"namespace": "kube-system",
"resourceVersion": "34488887",
"selfLink": "/api/v1/namespaces/kube-system/secrets/aaa",
"uid": "229edeb3-57bf-11ea-b366-42010a9c0093"
},
"type": "Opaque"
}
To get only the name of your Secret you need to run:
kubectl get secret aaa -n kube-system -o jsonpath='{.metadata.name}'

i think this should work.
kubectl get secretlist -o=jsonpath="{.items[*].metadata.name]}" | grep -v HEAD | head -n1
check link in the below for more info.
https://kubernetes.io/docs/reference/kubectl/jsonpath/