OpsCanvas
Search
K

Helpful kubectl commands

The kubectl cli is the primary tool for inspecting your application environments and is very useful for viewing information that isn't yet made available via the OpsCanvas web application.
These examples assume you've aliased the command kubectl to k as documented here and that you have configured a default namespace for the context as documented here.
‼️
Don't forget you need to set the kubectl context to the appropriate environment for the commands to work k config use-context <alias> more info here.

List pods

To get a list of pods running in the environment's namespace, use the command:
k get pods
This will return a list of pod names in your environment and their status.
NOTE: if you haven't set a default namespace you will need to specify it by appending -n <environment type> to the command.

The "jump pod"

The jump pod is a special pod added to all environments that allows for users to have a terminal in the private subnet. The jump pod is running Ubuntu 23.04 and has apt-get installed which can be used to install utilities that can be used to debug and inspect your application environment.

Log into a pod

It can be useful to log into application pods to check for logs that may be written to files (not a best practice) or examine environment variables.
k exec --tty --stdin <pod name> -- /bin/bash

List all resources in the Kubernetes environment

If you want to dig deeper into the Kubernetes cluster than just your services, you can view all the resources, deployments, and config maps using the following command.
k get all

Pod environment variables

You can log into a pod and view its environment variables using echo $... but there is an alternative, more Kubernetes native way to do the same. In Kubernetes environment variables that aren't marked "sensitive" (or "secret") are stored in configmaps. Basically, a map of a name to a value, and that name is injected into the pod as an environment variable.
Configmaps are named resources in Kubernetes, where the name is deterministically constructed from the pod name (minus the random suffix) + -config. Get a list of pods and then use the following command to see the config map.
k describe configmaps <pod name>-config

Pod secrets

Variables that are marked as "secret" in the OpsCanvas UI are stored as Kubernetes secrets. These secrets will be injected into pods as environment variables the same as configmap values, but they are treated differently by Kubernetes - unsurprisingly they are called secrets.
The process for viewing secrets using kubectl is slightly different.
You can find the full list of secrets in the namespace with the command, but this will be a very long list.
k describe secrets
To find information about the secrets for a specific service, get the pod name using list pods and remove the random suffix using the following command:
k describe secrets <pod name>-secrets
You'll notice that this returns information about the available secrets but not the values, to get the base64 encoded values of all the secrets in a pod execute.
k get secret <pod name>-secrets -o jsonpath='{.data}'
This will return all of the secrets that are available to the given pod along with their base64 encoded value. Here's a one-liner to view the value of a specific secret assuming you have base64 installed in your terminal:
k get secret <pod name>-secrets -o jsonpath='{.data.<secret name>}' | base64 --decode -

Get pod logs

To view all logs written to a service's stdout since the pod started, run the following command:
k logs <pod name>
Append --tail <n> to view the last n log lines (e.g. the last 25 lines):
k logs <pod name> --tail 25
Append --follow to see a live tail of logs:
k logs <pod name> --follow