Kubernetes

May 16, 2020 Linux, DevOps 1 minute, 14 seconds

Pod deletion preference is based on a ordered series of checks, defined in code here: https://github.com/kubernetes/kubernetes/blob/release-1.11/pkg/controller/controller_utils.go#L737

Summarizing- precedence is given to delete pods:

  • that are unassigned to a node, vs assigned to a node
  • that are in pending or not running state, vs running
  • that are in not-ready, vs ready
  • that have been in ready state for fewer seconds
  • that have higher restart counts
  • that have newer vs older creation times
  • These checks are not directly configurable.

origin

kubectl auth can-i list deployment --as=system:serviceaccount:default:<NAME> -n <NAME>

kubectl run test -n NAMESPACE --rm -i --tty --image debian -- bash

aws --profile=<AWS PROFILE> eks update-kubeconfig --name <CLUSTER NAME>

Deploy dashboard

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml

Start proxy

kubectl proxy [-p 8080]

Access dashboard http://localhost:8001/api/v1/namespaces/kube-system/services/https:kubernetes-dashboard:/proxy/ (adjust port if necessary)

Get login token

kubectl -n kube-system get secret # list service accounts
kubectl -n kube-system describe secret deployment-controller-token-****

Alternative grant dashboard admin rights: Create `dashboard-admin.yml' with following content:

apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRoleBinding
metadata:
  name: kubernetes-dashboard
  labels:
    k8s-app: kubernetes-dashboard
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kubernetes-dashboard
  namespace: kube-system

Deploy to your cluster kubectl create -f dashboard-admin.yml. Then you skip authentication in the login screen