Kubernetes/GCP GKE Aspects: Difference between revisions

From Federal Burro of Information
Jump to navigationJump to search
No edit summary
No edit summary
Line 34: Line 34:
* FrontEndConfig
* FrontEndConfig
* BackEndConfig
* BackEndConfig
THIS IS ALWAYS CHANGING!!!  :


https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
== Script to check all ingresses for tls policy ==
<pre>
#!/bin/sh
for namespace in `kubectl get ns -o name | cut -d \/ -f 2`
do
  echo "namespace: $namespace"
  for ingress in `kubectl get ingress -n $namespace -o name`
    do
    echo "  ingress: $ingress"
    for frontendconfig in `kubectl get $ingress -n $namespace -o json | jq -r '.metadata.annotations."networking.gke.io/v1beta1.FrontendConfig"'`
      do
      echo "  frontendconfig: $frontendconfig"
      if [[ $frontendconfig != "null" ]]
        then
        policy=`kubectl get frontendconfig $frontendconfig -n $namespace -o json | jq -r '.spec.sslPolicy'`
        echo "  sslPolicy: $policy"
        fi
      done
    done
done
</pre>

Revision as of 22:19, 21 April 2022

Show nodes in each node pool:


gcloud container clusters list

export CLUSTERNAME=mycluster
export LOCATION=us-central1

for i in `gcloud container node-pools list --cluster ${CLUSTERNAME} --region ${LOCATION} | grep -v NAME | awk '{print $1}'`
 do
 echo $i ;
 kubectl get node -l cloud.google.com/gke-nodepool=$i
 done

cordon one node pool:

for i in `kns get no -l cloud.google.com/gke-nodepool=production-gcp-env-blue -o name`
do
 echo $i
 #kubectl node cordon $i
done


GKE Ingress Features

How do you get access to GCP Load Balancer features via kubernetes?

Via annotation and two CRDs:

  • FrontEndConfig
  • BackEndConfig

THIS IS ALWAYS CHANGING!!!  :

https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features


Script to check all ingresses for tls policy

#!/bin/sh

for namespace in `kubectl get ns -o name | cut -d \/ -f 2`
do
  echo "namespace: $namespace"
  for ingress in `kubectl get ingress -n $namespace -o name`
    do
    echo "  ingress: $ingress"
    for frontendconfig in `kubectl get $ingress -n $namespace -o json | jq -r '.metadata.annotations."networking.gke.io/v1beta1.FrontendConfig"'`
      do
      echo "  frontendconfig: $frontendconfig"
      if [[ $frontendconfig != "null" ]]
        then
        policy=`kubectl get frontendconfig $frontendconfig -n $namespace -o json | jq -r '.spec.sslPolicy'`
        echo "  sslPolicy: $policy"
        fi
      done
    done
done