How to format the output of kubectl describe to JSON - kubernetes

kubectl get command has this flag -o to format the output.
Is there a similar way to format the output of the kubectl describe command?
For example:
kubectl describe -o="jsonpath={...}" pods my-rc
would print a JSON format for the list of pods in my-rc replication controller. But -o is not accepted for the describe command.

kubectl describe doesn't support -o or equivalent. It's meant to be human-readable rather than script-friendly. You can achieve what you described with kubectl get pods -l <selector_of_your_rc> -o <output_format>, for example:
$ kubectl get pods -l app=guestbook,tier=frontend -o name
pod/frontend-a4kjz
pod/frontend-am1ua
pod/frontend-yz2dq

In my case, I needed to get the load balancer address from the service. I did it using kubectl get service:
$ kubectl -n <namespace> -ojson get service <service>
{
"apiVersion": "v1",
"kind": "Service",
[...]
"status": {
"loadBalancer": {
"ingress": [
{
"hostname": "internal-xxxxxxxxxxxxxxxxxxxxxxxxxxx-yyyyyyyyyy.us-east-1.elb.amazonaws.com"
}
[...]
}

Based on the output of kubectl help describe, it looks like it does not support structured output:
$ kubectl help describe
Show details of a specific resource or group of resources.
This command joins many API calls together to form a detailed description of a
given resource or group of resources.
$ kubectl describe TYPE NAME_PREFIX
will first check for an exact match on TYPE and NAME_PREFIX. If no such resource
exists, it will output details for every resource that has a name prefixed with NAME_PREFIX
Possible resource types include (case insensitive): pods (po), services (svc), deployments,
replicasets (rs), replicationcontrollers (rc), nodes (no), events (ev), limitranges (limits),
persistentvolumes (pv), persistentvolumeclaims (pvc), resourcequotas (quota), namespaces (ns),
serviceaccounts, ingresses (ing), horizontalpodautoscalers (hpa), daemonsets (ds), configmaps,
componentstatuses (cs), endpoints (ep), and secrets.
Usage:
kubectl describe (-f FILENAME | TYPE [NAME_PREFIX | -l label] | TYPE/NAME) [flags]
Examples:
# Describe a node
kubectl describe nodes kubernetes-minion-emt8.c.myproject.internal
# Describe a pod
kubectl describe pods/nginx
# Describe a pod identified by type and name in "pod.json"
kubectl describe -f pod.json
# Describe all pods
kubectl describe pods
# Describe pods by label name=myLabel
kubectl describe po -l name=myLabel
# Describe all pods managed by the 'frontend' replication controller (rc-created pods
# get the name of the rc as a prefix in the pod the name).
kubectl describe pods frontend
Flags:
-f, --filename=[]: Filename, directory, or URL to a file containing the resource to describe
-l, --selector="": Selector (label query) to filter on
Global Flags:
--alsologtostderr[=false]: log to standard error as well as files
--certificate-authority="": Path to a cert. file for the certificate authority.
--client-certificate="": Path to a client certificate file for TLS.
--client-key="": Path to a client key file for TLS.
--cluster="": The name of the kubeconfig cluster to use
--context="": The name of the kubeconfig context to use
--insecure-skip-tls-verify[=false]: If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure.
--kubeconfig="": Path to the kubeconfig file to use for CLI requests.
--log-backtrace-at=:0: when logging hits line file:N, emit a stack trace
--log-dir="": If non-empty, write log files in this directory
--log-flush-frequency=5s: Maximum number of seconds between log flushes
--logtostderr[=true]: log to standard error instead of files
--match-server-version[=false]: Require server version to match client version
--namespace="": If present, the namespace scope for this CLI request.
--password="": Password for basic authentication to the API server.
-s, --server="": The address and port of the Kubernetes API server
--stderrthreshold=2: logs at or above this threshold go to stderr
--token="": Bearer token for authentication to the API server.
--user="": The name of the kubeconfig user to use
--username="": Username for basic authentication to the API server.
--v=0: log level for V logs
--vmodule=: comma-separated list of pattern=N settings for file-filtered logging

There is a straightforward way, which might help.
You can run below command to get the yaml file of the service. Then copy paste to a new file.
kubectl edit svc {xx-servcice} -n {namespace} -o yaml

kubectl doesn't not support -o yaml/json for describe, but you can still use some other commands to get the info in describe, such as :
kubectl get events

As #janekuto suggested
describe cannot be used to display data in json format
Please see my answer here. jq is really a powerful utility to play around with json display of kubectl. You can do so much with jq without putting too much efforts.
kubectl - format the resource quota values in json format

Related

How to describe entire cluster (Nodes running and individual node basic information, we get with kubectl describe nodes)in Kubernetes maintenance?

Kubectl describe nodes ?
like wise do we have any commands like mentioned below to describe cluster information ?
kubectl describe cluster
"Kubectl describe <api-resource_type> <api_resource_name> "command is used to describe a specific resources running in your kubernetes cluster, Actually you need to verify different components separately as a developer to check your pods, nodes services and other tools that you have applied/created.
If you are the cluster administrator and you are asking about useful command to check the actual kube-system configuration it depends on your k8s cluster type for example if you are using "kubeadm" package to initialize k8s cluster on premises you can check and change the default cluster configuration using this command :
kubeadm config print init-defaults
after initializing your cluster all main server configurations files a.k.a manifests are located here /etc/kubernetes/manifests (and they are Realtime updated, change anything and the cluster will redeploy it automatically)
Useful kubectl commands :
For cluster infos (api-server domain and dns) run:
kubectl cluster-info
Either ways you can list all api-resources and check it one by one using these commands
kuectl api-resources (list all api-resources names and types)
kubectl get <api_resource_name> (specific to your cluster)
kubectl explain <api_resource_name> (explain the resource object with docs link)
For extra infos you can add specific flags, examples:
kubectl get nodes -o wide
kubectl get pods -n <specific-name-space> -o wide
kubectl describe pods <pod_name>
...
For more informations about the kubectl command line check the kubectl_cheatsheet

Is there a way to list all resources created by a specific operator and their status?

I use config connector https://cloud.google.com/config-connector/docs/overview
I create gcp resources with CRDs that config connector provides:
kind: IAMServiceAccount
kind: StorageBucket
etc
Now what I'd really like is to be able to get a simple list of each resource and its status (if it was created successfully or not). Where each resource is a single line that's something like: kind, name, status, etc
Is there a way with kubectl to get a list of all resources that were created by an operator like this? I suppose I could manually label all these resources and try to select with a label but I really don't want to do that
Edit
Per the comment I could do this, but curious if there is a less unwieldy command
kubectl get crds --selector cnrm.cloud.google.com/managed-by-kcc=true \
-o=jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | xargs -n 1 \
kubectl get -Ao jsonpath='{range .items[*]}{" Kind: "}{#.kind}{"Name: "}{#.metadata.name}{" Status: "}{#.status.conditions[].status}{" Reason: "}{#.status.conditions[].reason}{"\n"}{end}' --ignore-not-found
I've made a bit of research on this topic and I found 2 possible solutions to retrieve all the resources that were created by config-connector:
$ kubectl api-resources way
$ kubectl get-all/ketall way with labels (please see the explanation as it's not installed by default)
The discussion that is referencing similar issue can be found here:
Github.com: Kubernetes: kubectl: Issue 151
$ kubectl api-resources
As pointed in the comment I made you can use the following expression:
kubectl get crds --selector cnrm.cloud.google.com/managed-by-kcc=true -o=jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}' | xargs -n 1 kubectl get --ignore-not-found
Dissecting this solution:
kubectl get crds --selector cnrm.cloud.google.com/managed-by-kcc=true
retrieve the Customer Resource Definitions that have a matching selector
-o=jsonpath='{range .items[*]}{.metadata.name}{"\n"}{end}'
use the jsonpath to retrieve only the value stored in .metadata.name key (get the name of the crd)
| xargs -n 1 kubectl get
pipe the output to the xargs and use each CRD retrieved from previous command to run $ kubectl get <RESOURCE>
--ignore-not-found
do not display a message about missing resource
This command could also be altered to suit the specific needs as it's shown in the question.
A side note!
Similar command is referenced in the github link I pasted above:
Github.com: Kubernetes: kubectl: Issues 151: Comment 402003022
$ kubectl get-all/ketall
Above commands can be used to retrieve all of the resources in the cluster. They are not available in default kubectl and they need additional configuration.
More reference about the installation can be found in this github page:
Github.com: Corneliusweig: Ketall
Using the approach described in the official Kubernetes documentation:
Labels are intended to be used to specify identifying attributes of objects
Kubernetes.io: Docs: Concepts: Overview: Working with objects: Labels
You can label those resources created by config connector (I know that you would like to avoid it) and look for this resources like:
$ kubectl get-all -l look=here
NAME NAMESPACE AGE
storagebucket.storage.cnrm.cloud.google.com/config-connector-bucket config-connector 135m
storagebucket.storage.cnrm.cloud.google.com/config-connector-bucket-test config-connector 13s
This resources have the .metadata.labels.look=here added to it's definitions.
Additional resources:
Cloud.google.com: Config Connector: Docs: How to: Getting Started
Thenewstack.io: Tutorial use google config connector to manage a gcp cloud sql database
There is also a way suggested in GCP config-connector docs:
kubectl get gcp
from https://cloud.google.com/config-connector/docs/how-to/monitoring-your-resources#listing_all_resources

kubernetes get values from already deployed pod/daemonset

someone before me deployed daemonset, and configmap is it possible for me to somehow get the values he used ? smth like kubectl edit <name> but the edit option has some temporary data in it too - the name of pod with random chars etc. - and to get pure values used in that deployments/daemonset what command would I need to use?
kubectl get --export had bugs like this and this and --export will be deprecated in k8s v1.18 per this link.
$ kubectl get --export
Flag --export has been deprecated, This flag is deprecated and will be removed in future.
...
kubectl get -o yaml can be used to get values of a k8s resource's manifest along with metadata and status of the resource. kubectl get -o yaml has the following three sections:
metadata
spec with the values of the k8s resource's manifest
status with the resource's status
How about kubectl get --export?

How do I get the External IP of a Kubernetes service as a raw value?

I am running an application with GKE. It works fine but I can not figure out how to get the external IP of the service in a machine readable format.
So i am searching a gcloud or kubectl command that gives me only the external IP or a url of the format http://192.168.0.2:80 so that I can cut out the IP.
You can use the jsonpath output type to get the data directly without needing the additional jq to process the json:
kubectl get services \
--namespace ingress-nginx \
nginx-ingress-controller \
--output jsonpath='{.status.loadBalancer.ingress[0].ip}'
NOTE
Be sure to replace the namespace and service name, respectively, with yours.
Maybe not GKE as my clusters are on AWS, but I assume logic will be similar. When you kubectl get svc you can select output format and it will show more then just the "normal" get. For me, with ELB based services to het LB hostname it's enough to run ie. kubectl -n kube-system get svc cluster-nginx-ingress-controller -o json | jq .status.loadBalancer.ingress.hostname
In my case 'kubectl get services' returns array of items, but not just one service.
So then such jsonpath works fine to me:
kubectl get services -l component=controller,app=nginx-ingress -o jsonpath="{.items[0].status.loadBalancer.ingress[0].ip}"
...and yet another way... This will list all the "load-balancer" services
kubectl get services --all-namespaces -o json | jq -r '.items[] | { name: .metadata.name, ns: .metadata.namespace, ip: .status.loadBalancer?|.ingress[]?|.ip }'
Depending on the networkPlugin used by your cluster services/pods may be exposed directly on external-ip. But this will also find an Ingress controllers run in the cluster.
To get the external-ip on GCP i can use:
kubectl get services --namespace=<your-namespace> -o jsonpath="{.items[0].status.loadBalancer.ingress[0].ip}"
The answers above do not provide the output the user asked. The correct command would be:
kubectl -n $namespace get svc $ingressServiceName -o json | jq -r .status.loadBalancer.ingress[].hostname
All previous solutions don't work any more for me (on GCP).
To get the IP:
kubectl get ingress <YOUR_INGRESS_NAME> -o jsonpath="{.status.loadBalancer.ingress[0].ip}"
To get the host-name:
kubectl get ingress <YOUR_INGRESS_NAME> -o jsonpath="{.spec.rules[0].host}"
Type
minikube tunnel
or
kubectl cluster-info
You can get the public exposed IP of your relevant service.

How to deploy an application in GKE from a public CI server

I'm trying to deploy an application in a GKE 1.6.2 cluster running ContainerOS but the instructions on the website / k8s are not accurate anymore.
The error that I'm getting is:
Error from server (Forbidden): User "circleci#gophers-slack-bot.iam.gserviceaccount.com"
cannot get deployments.extensions in the namespace "gopher-slack-bot".:
"No policy matched.\nRequired \"container.deployments.get\" permission."
(get deployments.extensions gopher-slack-bot)
The repository for the application is available here available here.
Thank you.
I had a few breaking changes in the past with using the gcloud tool to authenticate kubectl to a cluster, so I ended up figuring out how to auth kubectl to a specific namespace independent of GKE. Here's what works for me:
On CircleCI:
setup_kubectl() {
echo "$KUBE_CA_PEM" | base64 --decode > kube_ca.pem
kubectl config set-cluster default-cluster --server=$KUBE_URL --certificate-authority="$(pwd)/kube_ca.pem"
kubectl config set-credentials default-admin --token=$KUBE_TOKEN
kubectl config set-context default-system --cluster=default-cluster --user=default-admin --namespace default
kubectl config use-context default-system
}
And here's how I get each of those env vars from kubectl.
kubectl get serviceaccounts $namespace -o json
The service account will contain the name of it's secret. In my case, with the default namespace, it's
"secrets": [
{
"name": "default-token-655ls"
}
]
Using the name, I get the contents of the secret
kubectl get secrets $secret_name -o json
The secret will contain ca.crt and token fields, which match the $KUBE_CA_PEM and $KUBE_TOKEN in the shell script above.
Finally, use kubectl cluster-info to get the $KUBE_URL value.
Once you run setup_kubectl on CI, your kubectl utility will be authenticated to the namespace you're deploying to.
In Kubernetes 1.6 and GKE, we introduce role based cess control. The authors of your took need to give the service account the ability to get deployments (along with probably quite a few others) to its account creation.
https://kubernetes.io/docs/admin/authorization/rbac/