Advanced kubectl usage - the perfect developer machine
In my last post “Debugging on Kubernetes – the perfect developer machine” I wrote about how you can use kubectl, kubefwd and telepresence to access and debug services on your Kubernetes cluster. This time I want to take one step back and show you some neat tricks to help with your experience with one of the tools used when working with Kubernetes: kubectl.
Every developer who has some service running on kubernetes quite possible uses kubectl a lot. It helps us with checking pods and deployments, allows to deploy new services on the cluster and even manage roles and permissions. But the commands tend to get long extremely fast. Take for example the following command:
kubectl --namespace=kube-system get deployment --watch --show-labels -o=wide
It watches all deployments in the namespace kube-system and prints their labels in the output. Remembering all those flags can be a real pain. Also typing the command without error (even with auto complete) is not no easy feast. I searched for a solution which keeps tab-completion while still reducing the possibilities of typos and that works with one of my favorite tools for working in the bash. After some research I came across this blog post by Ahmet Alp Balkan. A lot of developers already have aliased kubectl as k. This reduces the shell clutter a lot, but the method described in the post takes this to the next level. After a short period of getting used to the syntax (and forking the project to include port-forward and istio resources) I fell in love with the aliases. The above command is aliased by (and i know, this looks cryptic and terrifying at the start, but after getting used to it, it really makes working with kubectl a lot faster).
kubectl comes with a lot of commands and functionality. But there is always stuff missing. In my case, i wanted and easier command for swapping my currently selected kubernetes context as well as a script which helps me organize all my kubeconfigs and merges new once into my ~/.kube/config file. Also a cleaning utility for said file would be nice to have, ah and when im already at it … . Yeah, for me a lot of functionality was present but I simply could not remember all the commands with all the flags I wanted to use. This is where krew comes to the rescue.
Most will know package managers, be it apt, brew or npm. Krew is such an package manager for kubectl plugins. It allows to discover plugins from a curated list and allows for easy installation of those. To give some insight, here are some plugins i currently use.
kubectx and kubens
kubectx and kubens allow for faster navigation within many kubernetes clusters. If you use a cluster for production and one for development purposes and maybe even a minikube or k3s instance running on your local machine, you might want to switch which cluster you currently address. The same goes for namespaces within one cluster. kubectx and kubens reduce the clutter by shortening the command to do so. And when you aliased kubectl with k, the command to switch to any namespace becomes.
k ns develop
After that all commands address resources within the namespace develop. No need for the -n develop flag anymore.
While at it, i import all my kubeconfigs into the ~/.kube/config file. This can grow fast, as i reimport a context and get a new entry in this file. Sometimes a cluster is not accessible anymore or the config is old and no longer valid. To not have to manually cleanup all my context I use the config-cleanup plugin. It tries to connect to each cluster defined in your kubeconfig. If no connection is possible, the deletable context are listed to your shell. If you trust everything else you can also just delete them in your kubeconfig. This keeps your kubeconfig really clean and short (as short as it gets).
Whenever i get a new kubeconfig with a cluster to look at, i usually run kubectl get all --all-namespaces and look what i will find in there. But even then i usually miss something, as get all does not retrieve information about everything in the cluster, but one some resources. get-all really gets everything, every role, every deployment and pods, and every CRD that is on the cluster. This can really help to get a picture of the application landscape.
I sometimes get a kubeconfig file stand alone or only get the values that I need to insert into my preferred place for kubeconfigs. To make my life easier, I then merge all kubeconfigs into the ~/.kube/config file. As I can’t remember the command for this in kubectl, I use konfig. It allows to merge multiple kubernetes contexts into one file.
When you worked with Opaque kubernetes secrets, you know they are base64 encoded textstrings. To access the information in the secret, you need to grab the encoded strong and decode it. This takes two commands (or json pathing in kubectl, which im not getting into). With view-secret I can simply provide the name and the key and get the base64 decoded version. Also i can decode all values in one go.
Kubectl is a really powerful tool, and when interacting with k8s clusters, often times there is no other way to get the information needed. The provided aliases as well as krew help a lot to make the most of it. For people who want to have a productive experience I highly recommend having a look into these tools.
As always here are some further readings into the whole tooling and advanced kubectl use:
- Stark & Wayne – Silly kubectl tricks
Blog Series from Stark & Wayne about kubectl Tricks. Especially part 9 (not linked on the page at time of writing) about kubectl subcommands is really nice.
Webpage for krew, with some docs and a Quickstart guide. Also has a list of all available kubectl plugins, that krew can download and install without any more setup.
- kubectl plugins
Docs about kubectl plugins, how they can be created, used and managed. Quite helpful if there is no plugin that does what you need