-
Notifications
You must be signed in to change notification settings - Fork 0
/
cmds_kube.sh
345 lines (339 loc) · 11.6 KB
/
cmds_kube.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
# Kubectl alias
alias ketish='kubectl run busybox --image=busybox --rm -it --restart=Never -- /bin/sh'
alias ketiwget='kubectl run busybox --image=busybox --rm -it --restart=Never -- wget --timeout 2 -O-'
```
yq has been updated and requires all the commands to be rewritten in the new format
https://mikefarah.gitbook.io/yq/upgrading-from-v3
yq 3.x
yq write -- - 'spec.template.spec.containers[0].args[+]' '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname'
yq 4.x
yq eval '.spec.template.spec.containers[0].args += "--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname"' -
```
export dry='--dry-run=client'
export col_name='NAME:metadata.name'
export col_image='IMAGE:spec.containers[].image'
export col_annotation='ANNOTATIONS:metadata.annotations.description'
# Kube Liveness Probes
kube_explain_liveness() {
kubectl explain pod.spec.containers.livenessProbe
}
kube_liveness_command() {
# Add liveness exec command
FILE=$1
for i in "$@"
do
if [[ $i == "$FILE" ]]; then continue; fi
yq w -i "$FILE" 'spec.containers[0].livenessProbe.exec.command[+]' "$i"
done
}
kube_liveness_httpget() {
# Add liveness httpget
FILE=$1
HTTPPATH=$2
PORT=$3
if [[ -z $HTTPPATH ]]; then HTTPPATH="/healtz"; fi
if [[ -z $PORT ]]; then PORT="80"; fi
yq w -i "$FILE" 'spec.containers[0].livenessProbe.httpGet.path' "$HTTPPATH"
yq w -i "$FILE" 'spec.containers[0].livenessProbe.httpGet.port' "$PORT"
}
kube_liveness_tcp() {
# Add liveness tcp
FILE=$1
PORT=$2
yq w -i "$FILE" 'spec.containers[0].livenessProbe.tcpSocket.port' "$PORT"
}
kube_liveness_seconds() {
# Add liveness delay and period
FILE=$1
DELAY=$2
PERIOD=$3
if [[ -z $DELAY ]]; then DELAY="5"; fi
if [[ -z $PERIOD ]]; then PERIOD="5"; fi
yq w -i "$FILE" 'spec.containers[0].livenessProbe.initialDelaySeconds' "$DELAY"
yq w -i "$FILE" 'spec.containers[0].livenessProbe.periodSeconds' "$PERIOD"
}
# Kube Readiness Probes
kube_explain_readiness() {
kubectl explain pod.spec.containers.readinessProbe
}
kube_readiness_command() {
# Add readiness exec command
FILE=$1
for i in "$@"
do
if [[ $i == "$FILE" ]]; then continue; fi
yq w -i "$FILE" --style=single 'spec.containers[0].readinessProbe.exec.command[+]' "$i"
done
}
kube_readiness_httpget() {
# Add readiness httpget
FILE=$1
HTTPPATH=$2
PORT=$3
if [[ -z $HTTPPATH ]]; then HTTPPATH="/healtz"; fi
if [[ -z $PORT ]]; then PORT="80"; fi
yq w -i "$FILE" 'spec.containers[0].readinessProbe.httpGet.path' "$HTTPPATH"
yq w -i "$FILE" 'spec.containers[0].readinessProbe.httpGet.port' "$PORT"
}
kube_readiness_tcp() {
# Add readiness tcp
FILE=$1
PORT=$2
if [[ -z $PORT ]]; then PORT="80"; fi
yq w -i "$FILE" 'spec.containers[0].readinessProbe.tcpSocket.port' "$PORT"
}
kube_readiness_seconds() {
# Add readiness delay and period
FILE=$1
DELAY=$2
PERIOD=$3
if [[ -z $DELAY ]]; then DELAY="5"; fi
if [[ -z $PERIOD ]]; then PERIOD="5"; fi
yq w -i "$FILE" 'spec.containers[0].readinessProbe.initialDelaySeconds' "$DELAY"
yq w -i "$FILE" 'spec.containers[0].readinessProbe.periodSeconds' "$PERIOD"
}
# kube cronjobs
kube_cronjobs_seconds() {
# Set the max number of seconds before terminating a job
FILE=$1
SECONDS=$2
if [[ -z $SECONDS ]]; then SECONDS="30"; fi
yq w -i "$FILE" 'spec.startingDeadlineSeconds' "$SECONDS"
}
# kube jobs
kube_jobs_seconds() {
# Set the max number of seconds before terminating a job
FILE=$1
SECONDS=$2
if [[ -z $SECONDS ]]; then SECONDS="30"; fi
yq w -i "$FILE" 'spec.activeDeadlineSeconds' "$SECONDS"
}
kube_jobs_completions() {
# Set the number of times this job should run
FILE=$1
NUM=$2
if [[ -z $NUM ]]; then NUM="5"; fi
yq w -i "$FILE" 'spec.completions' "$NUM"
}
kube_jobs_parallelism() {
# Set the number of jobs that should run in parrallel
FILE=$1
NUM=$2
if [[ -z $NUM ]]; then NUM="5"; fi
yq w -i "$FILE" 'spec.parallelism' "$NUM"
}
# kube configmap
kube_cm_env_file() {
# Loads configmap as environment variables into a pod
FILE=$1
CONFIGMAP=$2
if [[ -z $CONFIGMAP ]]; then CONFIGMAP="THISCM"; fi
yq w -i "$FILE" 'spec.containers[0].envFrom[0].configMapRef.name' "$CONFIGMAP"
}
kube_cm_env_key() {
# Creates a pod environment variable from a config map key
FILE=$1 # YAML file to update
CONFIGMAP=$2 # Name of the configmap
KEY=$3 # Key reference in the configmap
VARNAME="$4"
if [[ -z $CONFIGMAP ]]; then CONFIGMAP="THISCM"; fi
if [[ -z $KEY ]]; then KEY="THISKEY"; fi
if [[ -z $VARNAME ]]; then VARNAME="THISVAR"; fi
yq w -i "$FILE" 'spec.containers[0].env[0].name' "$VARNAME"
yq w -i "$FILE" 'spec.containers[0].env[0].valueFrom.configMapKeyRef.name' "$CONFIGMAP"
yq w -i "$FILE" 'spec.containers[0].env[0].valueFrom.configMapKeyRef.key' "$KEY"
}
kube_cm_mount() {
# Mounts a configmap as a volume
FILE=$1
CONFIGMAP=$2
MOUNTPATH=$3
if [[ -z $CONFIGMAP ]]; then CONFIGMAP="CMNAME"; fi
if [[ -z $MOUNTPATH ]]; then MOUNTPATH="/mnt/data"; fi
yq w -i "$FILE" 'spec.containers[0].volumeMounts[0].name' "$CONFIGMAP"
yq w -i "$FILE" 'spec.containers[0].volumeMounts[0].mountPath' "$MOUNTPATH"
yq w -i "$FILE" 'spec.volumes[0].name' "$CONFIGMAP"
yq w -i "$FILE" 'spec.volumes[0].configMap.name' "$CONFIGMAP"
}
# Kube secrets
kube_secrets_mount() {
# Mounts a secret as a volume
FILE=$1
SECRET=$2
MOUNTPATH=$3
if [[ -z $SECRET ]]; then SECRET="SECNAME"; fi
if [[ -z $MOUNTPATH ]]; then MOUNTPATH="/mnt/data"; fi
yq w -i "$FILE" 'spec.containers[0].volumeMounts[0].name' "$SECRET"
yq w -i "$FILE" 'spec.containers[0].volumeMounts[0].mountPath' "$MOUNTPATH"
yq w -i "$FILE" 'spec.containers[0].volumeMounts[0].readOnly' "true"
yq w -i "$FILE" 'spec.volumes[0].name' "$SECRET"
yq w -i "$FILE" 'spec.volumes[0].secret.secretName' "$SECRET"
}
kube_secrets_env_key() {
# Creates a pod environment variable from a secret
FILE=$1
SECRET=$2
KEY=$3
if [[ -z $SECRET ]]; then SECRET="SECNAME"; fi
if [[ -z $KEY ]]; then KEY="REF"; fi
if [[ -z $4 ]]; then VARNAME="FILL THIS IN"; else VARNAME=$4; fi
yq w -i "$FILE" 'spec.containers[0].env[0].name' "$VARNAME"
yq w -i "$FILE" 'spec.containers[0].env[0].valueFrom.secretKeyRef.name' "$SECRET"
yq w -i "$FILE" 'spec.containers[0].env[0].valueFrom.secretKeyRef.key' "$KEY"
}
# Kube Security Context
kube_security_capabilities() {
# Add security capabilities to container
FILE=$1
for i in "$@"
do
if [[ $i == "$FILE" ]]; then continue; fi
yq w -i "$FILE" --style=single 'spec.containers[0].securityContext.capabilities.add[+]' "$i"
done
}
kube_security_userid() {
# Add User ID to pod
FILE=$1
USERID=$2
if [[ -z $USERID ]]; then USERID="1001"; fi
yq w -i "$FILE" 'spec.securityContext.runAsUser' "$USERID"
}
kube_security_groupid() {
# Add Group ID to pod
FILE=$1
GROUPID=$2
if [[ -z $GROUPID ]]; then GROUPID="1001"; fi
yq w -i "$FILE" 'spec.securityContext.runAsGroup' "$GROUPID"
}
# Kube install
kube_install_metrics() {
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml
}
kube_install_metrics_insecure() {
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/download/v0.3.7/components.yaml
k -n kube-system get deploy metrics-server -oyaml | \
yq write -- - 'spec.template.spec.containers[0].args[+]' '--kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname' | \
yq write -- - 'spec.template.spec.containers[0].args[+]' '--kubelet-insecure-tls' | \
kubectl apply -f -
}
# Kube networkPolicy
kube_network_policy_create() {
# Creates a network policy
FILE=$1
NAME=$2
NAMESPACE=$3
if [[ ! -f $FILE ]]; then touch $FILE; fi
if [[ -z $NAMESPACE ]]; then NAMESPACE="default"; fi
yq w -i "$FILE" 'apiVersion' "networking.k8s.io/v1"
yq w -i "$FILE" 'kind' "NetworkPolicy"
yq w -i "$FILE" 'metadata.name' "$NAME"
yq w -i "$FILE" 'metadata.namespace' "$NAMESPACE"
yq w -i "$FILE" 'spec.podSelector.matchLabels.app' "$NAME"
}
kube_network_policy_add_ingress() {
# Add generic ingress template
FILE=$1
NAME=$2
if [[ -z $NAME ]]; then NAME="NONAME"; fi
if [[ ! -f $FILE ]]; then kube_network_policy_create $FILE $NAME; fi
yq w -i "$FILE" 'spec.policyTypes[+]' "Ingress"
yq w -i "$FILE" 'spec.ingress[0].from[0].podSelector.matchLabels.app' "$NAME"
yq w -i "$FILE" 'spec.ingress[0].from[1].namespaceSelector.matchLabels.app' "$NAME"
yq w -i "$FILE" 'spec.ingress[0].from[2].ipBlock.cidr' "172.17.0.0/16"
yq w -i "$FILE" 'spec.ingress[0].from[2].ipBlock.except[0]' "172.17.1.0/24"
yq w -i "$FILE" 'spec.ingress[0].ports[0].protocol' "TCP"
yq w -i "$FILE" 'spec.ingress[0].ports[0].port' "8080"
}
kube_network_policy_add_egress() {
# Add generic egress template
FILE=$1
NAME=$2
if [[ ! -f $FILE ]]; then kube_network_policy_create $FILE $NAME; fi
yq w -i "$FILE" 'spec.policyTypes[+]' "Egress"
yq w -i "$FILE" 'spec.egress[0].to[0].ipBlock.cidr' "0.0.0.0/0"
yq w -i "$FILE" 'spec.egress[0].to[0].ipBlock.except[0]' "10.0.0.0/24"
yq w -i "$FILE" 'spec.egress[0].ports[0].protocol' "TCP"
yq w -i "$FILE" 'spec.egress[0].ports[0].port' "8080"
}
# Containers
kube_pod_add_container() {
# Add generic egress template
FILE=$1
NAME=$2
IMAGE=$3
COMMAND=$4
if [[ -z $IMAGE ]]; then IMAGE="busybox"; fi
if [[ -z $COMMAND ]]; then COMMAND="sleep 36000"; fi
yq w -i "$FILE" 'spec.containers[1].name' "$NAME"
yq w -i "$FILE" 'spec.containers[1].image' "$IMAGE"
yq w -i "$FILE" 'spec.containers[1].command[0]' "/bin/sh"
yq w -i "$FILE" 'spec.containers[1].command[1]' -- "-c"
yq w -i "$FILE" --style=single 'spec.containers[1].command[2]' "$COMMAND"
}
# Volumes
kube_volume_create() {
# Creates a volume
FILE=$1
NAME=$2
yq w -i "$FILE" 'spec.volumes[0].name' "$NAME"
yq w -i "$FILE" 'spec.volumes[0].emptyDir' ''
}
kube_volume_mount() {
# Mounts a volume to a container
FILE=$1
NAME=$2
MOUNTPATH=$3
CONTAINER=$4
if [[ -z $MOUNTPATH ]]; then MOUNTPATH="/mnt/data"; fi
if [[ -z $CONTAINER ]]; then CONTAINER="0"; fi
yq w -i "$FILE" "spec.containers[$CONTAINER].volumeMounts[0].name" "$NAME"
yq w -i "$FILE" "spec.containers[$CONTAINER].volumeMounts[0].mountPath" "$MOUNTPATH"
}
# Kube PersistentVolumes
kube_pv_create() {
# Creates a persistent colume yaml spec
FILE=$1
NAME=$2
STORAGECLASS=$3
CAPACITY=$4
ACCESSMODE=$5
MOUNTPATH=$6
if [[ ! -f $FILE ]]; then touch $FILE; fi
if [[ -z $STORAGECLASS ]]; then STORAGECLASS="normal"; fi
if [[ -z $CAPACITY ]]; then CAPACITY="10GI"; fi
if [[ -z $ACCESSMODE ]]; then ACCESSMODE="ReadWriteOnce"; fi
if [[ -z $MOUNTPATH ]]; then MOUNTPATH="/mnt/data"; fi
yq w -i "$FILE" 'apiVersion' "v1"
yq w -i "$FILE" 'kind' "PersistentVolume"
yq w -i "$FILE" 'metadata.name' "$NAME"
yq w -i "$FILE" 'metadata.labels.type' "local"
yq w -i "$FILE" 'spec.storageClassName' "$STORAGECLASS"
yq w -i "$FILE" 'spec.capacity.storage' "$CAPACITY"
yq w -i "$FILE" 'spec.accessModes[0]' "$ACCESSMODE"
yq w -i "$FILE" 'spec.hostPath.path' "$MOUNTPATH"
}
kube_pvc_create() {
# Creates a persistent colume yaml spec
FILE=$1
NAME=$2
STORAGECLASS=$3
ACCESSMODE=$4
REQUEST=$6
if [[ ! -f $FILE ]]; then touch $FILE; fi
if [[ -z $STORAGECLASS ]]; then STORAGECLASS="normal"; fi
if [[ -z $ACCESSMODE ]]; then ACCESSMODE="ReadWriteOnce"; fi
if [[ -z $REQUEST ]]; then REQUEST="3Gi"; fi
yq w -i "$FILE" 'apiVersion' "v1"
yq w -i "$FILE" 'kind' "PersistentVolumeClaim"
yq w -i "$FILE" 'metadata.name' "$NAME"
yq w -i "$FILE" 'spec.storageClassName' "$STORAGECLASS"
yq w -i "$FILE" 'spec.accessModes[0]' "$ACCESSMODE"
yq w -i "$FILE" 'spec.resources.requests.storage' "$REQUEST"
}
kube_pvc_mount() {
# Mounts pvc to pod yaml
FILE=$1
NAME=$2
yq w -i "$FILE" 'spec.volumes[0].name' "$NAME"
yq w -i "$FILE" 'spec.volumes[0].persistentVolumeClaim.claimName' "$NAME"
}