Kubernetes/GCP GKE Aspects
From Federal Burro of Information
Jump to navigationJump to search
Show nodes in each node pool:
gcloud container clusters list
export CLUSTERNAME=mycluster
export LOCATION=us-central1
for i in `gcloud container node-pools list --cluster ${CLUSTERNAME} --region ${LOCATION} | grep -v NAME | awk '{print $1}'`
do
echo $i ;
kubectl get node -l cloud.google.com/gke-nodepool=$i
done
cordon one node pool:
for i in `kns get no -l cloud.google.com/gke-nodepool=production-gcp-env-blue -o name` do echo $i #kubectl node cordon $i done
GKE Ingress Features
How do you get access to GCP Load Balancer features via kubernetes?
Via annotation and two CRDs:
- FrontEndConfig
- BackEndConfig
THIS IS ALWAYS CHANGING!!! :
https://cloud.google.com/kubernetes-engine/docs/how-to/ingress-features
Script to check all ingresses for tls policy
#!/bin/sh
for namespace in `kubectl get ns -o name | cut -d \/ -f 2`
do
echo "namespace: $namespace"
for ingress in `kubectl get ingress -n $namespace -o name`
do
echo " ingress: $ingress"
for frontendconfig in `kubectl get $ingress -n $namespace -o json | jq -r '.metadata.annotations."networking.gke.io/v1beta1.FrontendConfig"'`
do
echo " frontendconfig: $frontendconfig"
if [[ $frontendconfig != "null" ]]
then
policy=`kubectl get frontendconfig $frontendconfig -n $namespace -o json | jq -r '.spec.sslPolicy'`
echo " sslPolicy: $policy"
fi
done
done
done
Authenticating to k8s with gcp creds in python
reference: https://github.com/googleapis/python-container/issues/6
so useful:
pip install kubernetes
pip install google-api-python-client
pip install google-cloud-container
from google.cloud import container_v1
import google.auth
import google.auth.transport.requests
from kubernetes import client as kubernetes_client
from tempfile import NamedTemporaryFile
import base64
def check_k8s_client():
project_id = 'your-project-name'
zone = 'us-central1-b'
cluster_id = 'your-cluster-name'
print('Attempting to init k8s client from cluster response.')
container_client = container_v1.ClusterManagerClient()
response = container_client.get_cluster(project_id, zone, cluster_id)
credentials, project = google.auth.default(
scopes=['https://www.googleapis.com/auth/cloud-platform'])
creds, projects = google.auth.default()
auth_req = google.auth.transport.requests.Request()
creds.refresh(auth_req)
configuration = kubernetes_client.Configuration()
configuration.host = f'https://{response.endpoint}'
with NamedTemporaryFile(delete=False) as ca_cert:
ca_cert.write(
base64.b64decode(response.master_auth.cluster_ca_certificate))
configuration.ssl_ca_cert = ca_cert.name
configuration.api_key_prefix['authorization'] = 'Bearer'
configuration.api_key['authorization'] = creds.token
k8s_client = kubernetes_client.BatchV1Api(
kubernetes_client.ApiClient(configuration))
ret = k8s_client.list_job_for_all_namespaces()
print(ret)
check_k8s_client()
