Just some commands that had value at some time or another.
Debugging
Sometimes debugging is hard because you are using an optimized images without troubleshooting tools or even a shell. Ephemeral containers come to the rescue there with some useful kubectl debug commands but if you need to see the attached volumes these tools fall short and while it is possible to do it manually it is tedious. Make sure you are aware of kubectl-superdebug :
Resources
All resources in a namespace
Just iterate over the resource type and look for them:
for i in `kubectl api-resources --verbs list --namespaced -o name`; do kubectl get --sho-kind --ignore-not-found $i; done
Which pods still have persistent volume claim
kubectl get pods --all-namespaces -o=json | jq -c '.items[] | {name: .metadata.name, namespace: .metadata.namespace, claimName:.spec.volumes[] | select (has ("persistentVolumeClaim") ).persistentVolumeClaim.claimName }'
Networking
Jump portals
In order to do this you'd need to be able to exec into pods and make sure socat is available on the pod. When that is possible it is possible to tunnel via the pod towards a target.
On the pod setup a tunnel to remote endpoint:
socat tcp-l:<local-port>,fork,reuseaddr tcp:<target-host>:<target-port>
kubectl port-forward pod/<jump-pod> <local-port>:<target-port>
resources:
- socat commad list: https://exploit-notes.hdks.org/exploit/network/port-forwarding/port-forwarding-with-socat/
- k8s port-forward docs: https://kubernetes.io/docs/tasks/access-application-cluster/port-forward-access-application-cluster/
No comments:
Post a Comment