This is a list of useful information regarding Kubernetes that the GitLab SupportTeam sometimes uses while troubleshooting. GitLab is making this public, so that anyonecan make use of the Support team's collected knowledge
WARNING:These commands can alter or break your Kubernetes components so use these at your own risk.
List of Helm CLI commands and it’s purpose: SETUP # initialize helm helm init # update helm MAC brew upgrade kubernetes-helm helm init —upgrade LINUX curl -fsSL -o gethelm.sh chmod 700 g. Microk8s tips and tricks. Pushing to this insecure registry may fail in some versions of Docker unless the daemon is explicitly configured to trust this registry.
If you are on a paid tier and are not sure howto use these commands, it is best to contact Supportand they will assist you with any issues you are having.
Generic Kubernetes commands
How to authorize to your GCP project (can be especially useful if you have projectsunder different GCP accounts):
How to access Kubernetes dashboard:
How to SSH to a Kubernetes node and enter the container as roothttps://github.com/kubernetes/kubernetes/issues/30656:
- For GCP, you may find the node name and run
gcloud compute ssh node-name. - List containers using
docker ps. - Enter container using
docker exec --user root -ti container-id bash.
- For GCP, you may find the node name and run
How to copy a file from local machine to a pod:
What to do with pods in
CrashLoopBackoffstatus:Check logs via Kubernetes dashboard.
Check logs via Kubectl:
How to tail all Kubernetes cluster events in real time:
How to get logs of the previously terminated pod instance:
No logs are kept in the containers/pods themselves. Everything is written to
stdout.This is the principle of Kubernetes, read Twelve-factor appfor details.How to get cron jobs configured on a cluster
When one configures cron-based backups,you will be able to see the new schedule here. Some details about the schedules can be foundin Running Automated Tasks with a CronJob
GitLab-specific Kubernetes information
Minimal configuration that can be used to test a Kubernetes Helm chart.
Tailing logs of a separate pod. An example for a
webservicepod:Tail and follow all pods that share a label (in this case,
webservice):One can stream logs from all containers at once, similar to the Omnibuscommand
gitlab-ctl tail:Check all events in the
gitlabnamespace (the namespace name can be different if youspecified a different one when deploying the Helm chart):Most of the useful GitLab tools (console, Rake tasks, etc) are found in the task-runnerpod. You may enter it and run commands inside or run them from the outside:
You can also use
gitlab-rake, instead of/usr/local/bin/gitlab-rake.Troubleshooting Operations > Kubernetes integration:
- Check the output of
kubectl get events -w --all-namespaces. - Check the logs of pods within
gitlab-managed-appsnamespace. - On the side of GitLab check Sidekiq log and Kubernetes log. When GitLab is installedvia Helm Chart,
kubernetes.logcan be found inside the Sidekiq pod.
- Check the output of
How to get your initial administrator password https://docs.gitlab.com/charts/installation/deployment.html#initial-login:
How to connect to a GitLab PostgreSQL database:
How to get information about Helm installation status:
How to update GitLab installed using Helm Chart:
After https://gitlab.com/gitlab-org/charts/gitlab/-/issues/780 is fixed, it shouldbe possible to use Updating GitLab using the Helm Chartfor upgrades.
How to apply changes to GitLab configuration:
Modify the
gitlab.yamlfile.Run the following command to apply changes:
How to get the manifest for a release. It can be useful because it contains the information aboutall Kubernetes resources and dependent charts:
Installation of minimal GitLab configuration via Minikube on macOS
This section is based on Developing for Kubernetes with Minikubeand Helm. Referto those documents for details.
Install Kubectl via Homebrew:
Install Minikube via Homebrew:
Start Minikube and configure it. If Minikube cannot start, try running
minikube delete && minikube startand repeat the steps:Install Helm via Homebrew and initialize it:
Copy the Minikube minimum values YAML fileto your workstation:
Find the IP address in the output of
minikube ipand update the YAML file withthis IP address.Install the GitLab Helm Chart:
If you want to modify some GitLab settings, you can use the above-mentioned configurationas a base and create your own YAML file.
Monitor the installation progress via
helm status gitlabandminikube dashboard.The installation could take up to 20-30 minutes depending on the amount of resourceson your workstation.When all the pods show either a
RunningorCompletedstatus, get the GitLab password asdescribed in Initial login,and log in to GitLab via the UI. It will be accessible viahttps://gitlab.domainwheredomainis the value provided in the YAML file.
- PDF Link: cheatsheet-openshift-A4.pdf, Category: Cloud
- Blog URL: https://cheatsheet.dennyzhang.com/cheatsheet-openshift-A4
- Related posts: PKS CheatSheet, Kubectl CheatSheet, #denny-cheatsheets
File me Issues or star this repo.
1.1 OpenShift FAQ
| Name | Summary |
|---|---|
| Kubernetes versions for different OpenShift versions | openshift 3.9, openshift 3.10, openshift 3.11 |
1.2 OpenShift Key Components
| Name | Command |
|---|---|
| Computing virtualization | RHV (Red Hat Virtualization), based on KVM |
| SDN networking | Based upon OVS |
| VM/Cluster lifecycle management | CloudForms ? |
| Node healing | Notification of failed components but no recovery |
| Container optimized OS | |
| Container Image Compliance Scan | CloudForms OpenSCAP, like Harbor Clair |
| Container runtime | dockerd, cri-o |
| Container image registry | OpenShift Container Registry (OCR), powered by Redhat Quay |
| Packages k8s cluster orchestrator | tectonic ? |
| Component Packaging | Ansible modules? |
| CSI for Persistent volume | GlusterFS, NFS, Local storage |
| Authorization | OpenShift Container Platform policy engine |
| Disater Recovery | Notification of failed components but no recovery |
| Control Plane | |
| Reference | Link: OpenShift Container Platform Cluster Limits |
| Reference | Link: OpenShift Key Components, Link: PKS Key Components |
1.3 New Concepts From OpenShift
| Name | Command |
|---|---|
| BuildConfig | |
| Source2Image(s2i) | |
| Templates | Like helm chart |
| Pipelines | Jenkins |
| Fine grained security policies OOTB | Like k8s psp |
| Security Context Contraints(SCC) | |
| Red Hat Container Catalog (RHCC) | |
| Route | Like k8s ingress |
| Metering and Chargeback | |
| Operator SDK |
1.4 OpenShift Solutions
| Name | Command |
|---|---|
| OpenShift Online | Hosted by Red Hat in AWS public cloud |
| OpenShift Dedicated | Virtual private cloud, managed by Red Hat in any AWS region |
| OpenShift Container Platform | Any on-premise, public, or private cloud infra with RedHat Enterprise Linux |
| OKD | |
| Minishift | |
| Reference | Link: OpenShift plans and pricing |
1.5 OpenShift Glossary
| Name | Command |
|---|---|
| OKD | The Origin Community Distribution of Kubernetes that powers Red Hat OpenShift. |
| oc command line | OpenShift command line: oc <action> <object_type> <object_name_or_id> |
| Project | Namespace in Kubernetes. Resources are aggregated by projects. oc get project |
| Build | Builds create a new image from source code, other images, Dockerfiles, etc. oc get build |
| Build Configuration | How to build source code and a base image into a new image. oc get bc |
| Route | Endpoint in Kubernetes. A route is an external DNS entry |
| Deployment Configuration | oc get dc |
| ImageStream | oc get is |
| ImageStreamTag | oc get istag |
| ImageStreamImage | oc get isimage |
| Template | oc get template |
| Template Instance | oc get templateinstance |
| Explain | Online manual oc explain pod |
| Red Hat Registry | By default, all images are pulled from registry.redhat.io. |
| OpenShift SaaS Version | https://openshift.io/ |
| OpenShift online | https://cloud.openshift.com |
| Reference | |
| Reference | OpenShift CheatSheet, Rancher CheatSheet, PKS CheatSheet |
1.6 OpenShift Assumptions
| Name | Summary |
|---|---|
| Single instance of K8S | One OpenShift One K8S. Use k8s namespace soly for multi-tenancy |
| No mixed versions | Versions must match between master and node hosts, excluding upgrade; Old oc can talk to new servers |
| Node roles | Master nodes, worker nodes, and etcd nodes. |
1.7 OpenShift Maintainance
| Name | Command |
|---|---|
| Install clusters | Run ansible playbooks to install OpenShift |
| Upgrade clusters | Support both in-place upgrade and blue-green deployments; Use ansible to upgrade clusters |
| Node problem healing |
1.8 OpenShift Cfg Files
| Name | Summary |
|---|---|
| The default image stream and template files | /usr/share/openshift/examples/, /etc/origin/examples/ |
| Data folder for master and worker nodes | /var/lib |
| Volumes and potential core dumps of the binary | /var/lib/origin |
| Cloud provider specific conf(AWS, Azure, etc) | /etc/origin/cloudprovider |
| Additional third party volume plug-ins | /usr/libexec/kubernetes/kubelet-plugins, /etc/origin/kubelet-plugins |
| All certificates, conf files, admin.kubeconfig, etc | /etc/origin/master |
| Master node conf profile | /etc/origin/master/admin.kubeconfig |
| Used for node bootstrapping nodes other than master | /etc/origin/master/bootstrap.kubeconfig |
| Node conf profile | /etc/origin/node/node.kubeconfig, /etc/origin/node/node-config.yaml |
1.9 OC – Highlights
| Name | Command |
|---|---|
| Get api requests verbose output with kubectl call | oc --loglevel 999 get pod/dummy-deployment-6d6759c786-5kwth |
| Start a pod and get a shell for debug | oc debug dc/jorge |
| Impersonate for oc command | oc --as=jorge get pods, oc --as-group=developers get pods |
| Use oc to do admin operations | oc adm <sub-command> |
| Try experimental commands of oc | oc ex <sub-command> |
| Explain OpenShift/Kubernetes concepts to me | oc explain pod, oc explain replicaset |
| Enable oc shell autocompletion | echo 'source <(oc completion zsh)' >>~/.zshrc, then reload terminal |
| Reference | OpenShift CheatSheet, Kubectl CheatSheet |
Helm Commands Cheat Sheet Pdf
1.10 OC – Admin
| Name | Command |
|---|---|
| Login/logout | oc login, oc logout, oc whoami |
| List route | oc get route |
| List all object types | oc types, oc api-resources |
| Start a local OpenShift all-in-one cluster | oc cluster up |
1.11 OC – Developer
Helm Commands Cheat Sheet
| Name | Command |
|---|---|
| Create a project | oc new-project <projectname> --description=<description> --display-name=<display_name> |
| Check status of current project | oc statusLink: OC CLI Operations |
| Show oc cli profile | oc config viewLink: Managing CLI Profiles |
| Get all resource | oc get all |
| Switch project | oc project <projectname> |
| Create an application | oc new-app https://github.com/sclorg/cakephp-ex |
| Create a new build | oc new-build https://github.com/sclorg/cakephp-ex |
| Manually start a build with given conf | oc start-build <buildconfig_name> |
| Stop a build that is in progress | oc cancel-build <build_name> |
| Import an external image | oc import-image <image_stream> |
| Tag an image | oc tag <current_image> <image_stream> |
1.12 OpenShift Source Code
| Name | Command |
|---|---|
| Openshift Ansible Deployment | GitHub: openshift-ansible/playbooks |
1.13 OpenShift Opportunty
| Name | Command |
|---|---|
| Doesn’t support multiple clusters | |
| OC command line could be a strengh or a weakness | |
| Lack of SDN solution | |
| Time-consuming for administrators’ operations |
1.14 OpenShift CLI Help All
1.15 OpenShift CLI Help Admin
1.16 More Resources
License: Code is licensed under MIT License.