Kubectl fields plugin

Introduction to Kubernetes

Kubernetes is an open-source container orchestration system for automating application deployment, scaling, and management. kubectl provides a CLI interface to manage Kubernetes clusters. Kubectl enables the users to run different operations like describe, edit, exec, explain, logs, run, etc on Kubernetes clusters.

Kubernetes objects can be created, updated, and deleted by writing object configuration files either in declarative/imperative method. Kubernetes object configuration files need to follow a pre-defined parental hierarchy structure. All the configuration files need to be addressed in the same pre-defined sequential/parental order to get processed by Kubernetes.

The kubectl CLI has an extended feature called kubectl plugins – this advanced feature allows the users to develop plugins to customize kubectl for personal use.

This blog post focuses on one such plugin authored by us, which saves a lot of developers and users time while writing or editing Kubernetes object configuration files.

kubectl-fields plugin

kubectl explain --recursive | grep doesn’t show the exact hierarchy of matched fields, but this plugin does! You can use it to dump a one-liner parental hierarchy of all matching fields in any kubectl resource.

https://github.com/rewanth1997/kubectl-fields#examples

In-depth explanation

Let’s say you need to add the capabilities field to the pods configuration file. To achieve this, the first thing is to have the knowledge of the capabilities hierarchy to place that in the object configuration file.

The current methodology to find a hierarchical order for any field is to use grep or similar command for the specific field.

[email protected]:~/go/src/kubectl-fields$ kubectl explain --recursive po.spec | grep capabilities
         capabilities   <Object>
         capabilities   <Object>

The above result shows only the matched patterns but it doesn’t show the parental hierarchy. Alternatively, the search can be extended with grep advanced functionalities.

[email protected]:~/go/src/kubectl-fields$ kubectl explain --recursive po.spec | grep capabilities -C 5
      resources <Object>
         limits <map[string]string>
         requests       <map[string]string>
      securityContext   <Object>
         allowPrivilegeEscalation       <boolean>
         capabilities   <Object>
            add <[]string>
            drop        <[]string>
         privileged     <boolean>
         procMount      <string>
         readOnlyRootFilesystem <boolean>
--
      resources <Object>
         limits <map[string]string>
         requests       <map[string]string>
      securityContext   <Object>
         allowPrivilegeEscalation       <boolean>
         capabilities   <Object>
            add <[]string>
            drop        <[]string>
         privileged     <boolean>
         procMount      <string>
         readOnlyRootFilesystem <boolean>

Even the above grep command doesn’t show the complete hierarchy for capabilities.

The only way to find the hierarchy is to print the complete output, scroll up and down to find the parent/child elements.

  1[email protected]:~/go/src/kubectl-fields$ kubectl explain --recursive po.spec
  2KIND:     Pod
  3VERSION:  v1
  4
  5RESOURCE: spec <Object>
  6
  7DESCRIPTION:
  8     Specification of the desired behavior of the pod. More info:
  9     https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
 10
 11     PodSpec is a description of a pod.
 12
 13FIELDS:
 14   activeDeadlineSeconds	<integer>
 15   affinity	<Object>
 16      nodeAffinity	<Object>
 17         preferredDuringSchedulingIgnoredDuringExecution	<[]Object>
 18            preference	<Object>
 19               matchExpressions	<[]Object>
 20                  key	<string>
 21                  operator	<string>
 22                  values	<[]string>
 23               matchFields	<[]Object>
 24                  key	<string>
 25                  operator	<string>
 26                  values	<[]string>
 27            weight	<integer>
 28         requiredDuringSchedulingIgnoredDuringExecution	<Object>
 29            nodeSelectorTerms	<[]Object>
 30               matchExpressions	<[]Object>
 31                  key	<string>
 32                  operator	<string>
 33                  values	<[]string>
 34               matchFields	<[]Object>
 35                  key	<string>
 36                  operator	<string>
 37                  values	<[]string>
 38      podAffinity	<Object>
 39         preferredDuringSchedulingIgnoredDuringExecution	<[]Object>
 40            podAffinityTerm	<Object>
 41               labelSelector	<Object>
 42                  matchExpressions	<[]Object>
 43                     key	<string>
 44                     operator	<string>
 45                     values	<[]string>
 46                  matchLabels	<map[string]string>
 47               namespaces	<[]string>
 48               topologyKey	<string>
 49            weight	<integer>
 50         requiredDuringSchedulingIgnoredDuringExecution	<[]Object>
 51            labelSelector	<Object>
 52               matchExpressions	<[]Object>
 53                  key	<string>
 54                  operator	<string>
 55                  values	<[]string>
 56               matchLabels	<map[string]string>
 57            namespaces	<[]string>
 58            topologyKey	<string>
 59      podAntiAffinity	<Object>
 60         preferredDuringSchedulingIgnoredDuringExecution	<[]Object>
 61            podAffinityTerm	<Object>
 62               labelSelector	<Object>
 63                  matchExpressions	<[]Object>
 64                     key	<string>
 65                     operator	<string>
 66                     values	<[]string>
 67                  matchLabels	<map[string]string>
 68               namespaces	<[]string>
 69               topologyKey	<string>
 70            weight	<integer>
 71         requiredDuringSchedulingIgnoredDuringExecution	<[]Object>
 72            labelSelector	<Object>
 73               matchExpressions	<[]Object>
 74                  key	<string>
 75                  operator	<string>
 76                  values	<[]string>
 77               matchLabels	<map[string]string>
 78            namespaces	<[]string>
 79            topologyKey	<string>
 80   automountServiceAccountToken	<boolean>
 81   containers	<[]Object>
 82      args	<[]string>
 83      command	<[]string>
 84      env	<[]Object>
 85         name	<string>
 86         value	<string>
 87         valueFrom	<Object>
 88            configMapKeyRef	<Object>
 89               key	<string>
 90               name	<string>
 91               optional	<boolean>
 92            fieldRef	<Object>
 93               apiVersion	<string>
 94               fieldPath	<string>
 95            resourceFieldRef	<Object>
 96               containerName	<string>
 97               divisor	<string>
 98               resource	<string>
 99            secretKeyRef	<Object>
100               key	<string>
101               name	<string>
102               optional	<boolean>
103      envFrom	<[]Object>
104         configMapRef	<Object>
105            name	<string>
106            optional	<boolean>
107         prefix	<string>
108         secretRef	<Object>
109            name	<string>
110            optional	<boolean>
111      image	<string>
112      imagePullPolicy	<string>
113      lifecycle	<Object>
114         postStart	<Object>
115            exec	<Object>
116               command	<[]string>
117            httpGet	<Object>
118               host	<string>
119               httpHeaders	<[]Object>
120                  name	<string>
121                  value	<string>
122               path	<string>
123               port	<string>
124               scheme	<string>
125            tcpSocket	<Object>
126               host	<string>
127               port	<string>
128         preStop	<Object>
129            exec	<Object>
130               command	<[]string>
131            httpGet	<Object>
132               host	<string>
133               httpHeaders	<[]Object>
134                  name	<string>
135                  value	<string>
136               path	<string>
137               port	<string>
138               scheme	<string>
139            tcpSocket	<Object>
140               host	<string>
141               port	<string>
142      livenessProbe	<Object>
143         exec	<Object>
144            command	<[]string>
145         failureThreshold	<integer>
146         httpGet	<Object>
147            host	<string>
148            httpHeaders	<[]Object>
149               name	<string>
150               value	<string>
151            path	<string>
152            port	<string>
153            scheme	<string>
154         initialDelaySeconds	<integer>
155         periodSeconds	<integer>
156         successThreshold	<integer>
157         tcpSocket	<Object>
158            host	<string>
159            port	<string>
160         timeoutSeconds	<integer>
161      name	<string>
162      ports	<[]Object>
163         containerPort	<integer>
164         hostIP	<string>
165         hostPort	<integer>
166         name	<string>
167         protocol	<string>
168      readinessProbe	<Object>
169         exec	<Object>
170            command	<[]string>
171         failureThreshold	<integer>
172         httpGet	<Object>
173            host	<string>
174            httpHeaders	<[]Object>
175               name	<string>
176               value	<string>
177            path	<string>
178            port	<string>
179            scheme	<string>
180         initialDelaySeconds	<integer>
181         periodSeconds	<integer>
182         successThreshold	<integer>
183         tcpSocket	<Object>
184            host	<string>
185            port	<string>
186         timeoutSeconds	<integer>
187      resources	<Object>
188         limits	<map[string]string>
189         requests	<map[string]string>
190      securityContext	<Object>
191         allowPrivilegeEscalation	<boolean>
192         capabilities	<Object>
193            add	<[]string>
194            drop	<[]string>
195         privileged	<boolean>
196         procMount	<string>
197         readOnlyRootFilesystem	<boolean>
198         runAsGroup	<integer>
199         runAsNonRoot	<boolean>
200         runAsUser	<integer>
201         seLinuxOptions	<Object>
202            level	<string>
203            role	<string>
204            type	<string>
205            user	<string>
206         windowsOptions	<Object>
207            gmsaCredentialSpec	<string>
208            gmsaCredentialSpecName	<string>
209      stdin	<boolean>
210      stdinOnce	<boolean>
211      terminationMessagePath	<string>
212      terminationMessagePolicy	<string>
213      tty	<boolean>
214      volumeDevices	<[]Object>
215         devicePath	<string>
216         name	<string>
217      volumeMounts	<[]Object>
218         mountPath	<string>
219         mountPropagation	<string>
220         name	<string>
221         readOnly	<boolean>
222         subPath	<string>
223         subPathExpr	<string>
224      workingDir	<string>
225   dnsConfig	<Object>
226      nameservers	<[]string>
227      options	<[]Object>
228         name	<string>
229         value	<string>
230      searches	<[]string>
231   dnsPolicy	<string>
232   enableServiceLinks	<boolean>
233   hostAliases	<[]Object>
234      hostnames	<[]string>
235      ip	<string>
236   hostIPC	<boolean>
237   hostNetwork	<boolean>
238   hostPID	<boolean>
239   hostname	<string>
240   imagePullSecrets	<[]Object>
241      name	<string>
242   initContainers	<[]Object>
243      args	<[]string>
244      command	<[]string>
245      env	<[]Object>
246         name	<string>
247         value	<string>
248         valueFrom	<Object>
249            configMapKeyRef	<Object>
250               key	<string>
251               name	<string>
252               optional	<boolean>
253            fieldRef	<Object>
254               apiVersion	<string>
255               fieldPath	<string>
256            resourceFieldRef	<Object>
257               containerName	<string>
258               divisor	<string>
259               resource	<string>
260            secretKeyRef	<Object>
261               key	<string>
262               name	<string>
263               optional	<boolean>
264      envFrom	<[]Object>
265         configMapRef	<Object>
266            name	<string>
267            optional	<boolean>
268         prefix	<string>
269         secretRef	<Object>
270            name	<string>
271            optional	<boolean>
272      image	<string>
273      imagePullPolicy	<string>
274      lifecycle	<Object>
275         postStart	<Object>
276            exec	<Object>
277               command	<[]string>
278            httpGet	<Object>
279               host	<string>
280               httpHeaders	<[]Object>
281                  name	<string>
282                  value	<string>
283               path	<string>
284               port	<string>
285               scheme	<string>
286            tcpSocket	<Object>
287               host	<string>
288               port	<string>
289         preStop	<Object>
290            exec	<Object>
291               command	<[]string>
292            httpGet	<Object>
293               host	<string>
294               httpHeaders	<[]Object>
295                  name	<string>
296                  value	<string>
297               path	<string>
298               port	<string>
299               scheme	<string>
300            tcpSocket	<Object>
301               host	<string>
302               port	<string>
303      livenessProbe	<Object>
304         exec	<Object>
305            command	<[]string>
306         failureThreshold	<integer>
307         httpGet	<Object>
308            host	<string>
309            httpHeaders	<[]Object>
310               name	<string>
311               value	<string>
312            path	<string>
313            port	<string>
314            scheme	<string>
315         initialDelaySeconds	<integer>
316         periodSeconds	<integer>
317         successThreshold	<integer>
318         tcpSocket	<Object>
319            host	<string>
320            port	<string>
321         timeoutSeconds	<integer>
322      name	<string>
323      ports	<[]Object>
324         containerPort	<integer>
325         hostIP	<string>
326         hostPort	<integer>
327         name	<string>
328         protocol	<string>
329      readinessProbe	<Object>
330         exec	<Object>
331            command	<[]string>
332         failureThreshold	<integer>
333         httpGet	<Object>
334            host	<string>
335            httpHeaders	<[]Object>
336               name	<string>
337               value	<string>
338            path	<string>
339            port	<string>
340            scheme	<string>
341         initialDelaySeconds	<integer>
342         periodSeconds	<integer>
343         successThreshold	<integer>
344         tcpSocket	<Object>
345            host	<string>
346            port	<string>
347         timeoutSeconds	<integer>
348      resources	<Object>
349         limits	<map[string]string>
350         requests	<map[string]string>
351      securityContext	<Object>
352         allowPrivilegeEscalation	<boolean>
353         capabilities	<Object>
354            add	<[]string>
355            drop	<[]string>
356         privileged	<boolean>
357         procMount	<string>
358         readOnlyRootFilesystem	<boolean>
359         runAsGroup	<integer>
360         runAsNonRoot	<boolean>
361         runAsUser	<integer>
362         seLinuxOptions	<Object>
363            level	<string>
364            role	<string>
365            type	<string>
366            user	<string>
367         windowsOptions	<Object>
368            gmsaCredentialSpec	<string>
369            gmsaCredentialSpecName	<string>
370      stdin	<boolean>
371      stdinOnce	<boolean>
372      terminationMessagePath	<string>
373      terminationMessagePolicy	<string>
374      tty	<boolean>
375      volumeDevices	<[]Object>
376         devicePath	<string>
377         name	<string>
378      volumeMounts	<[]Object>
379         mountPath	<string>
380         mountPropagation	<string>
381         name	<string>
382         readOnly	<boolean>
383         subPath	<string>
384         subPathExpr	<string>
385      workingDir	<string>
386   nodeName	<string>
387   nodeSelector	<map[string]string>
388   preemptionPolicy	<string>
389   priority	<integer>
390   priorityClassName	<string>
391   readinessGates	<[]Object>
392      conditionType	<string>
393   restartPolicy	<string>
394   runtimeClassName	<string>
395   schedulerName	<string>
396   securityContext	<Object>
397      fsGroup	<integer>
398      runAsGroup	<integer>
399      runAsNonRoot	<boolean>
400      runAsUser	<integer>
401      seLinuxOptions	<Object>
402         level	<string>
403         role	<string>
404         type	<string>
405         user	<string>
406      supplementalGroups	<[]integer>
407      sysctls	<[]Object>
408         name	<string>
409         value	<string>
410      windowsOptions	<Object>
411         gmsaCredentialSpec	<string>
412         gmsaCredentialSpecName	<string>
413   serviceAccount	<string>
414   serviceAccountName	<string>
415   shareProcessNamespace	<boolean>
416   subdomain	<string>
417   terminationGracePeriodSeconds	<integer>
418   tolerations	<[]Object>
419      effect	<string>
420      key	<string>
421      operator	<string>
422      tolerationSeconds	<integer>
423      value	<string>
424   volumes	<[]Object>
425      awsElasticBlockStore	<Object>
426         fsType	<string>
427         partition	<integer>
428         readOnly	<boolean>
429         volumeID	<string>
430      azureDisk	<Object>
431         cachingMode	<string>
432         diskName	<string>
433         diskURI	<string>
434         fsType	<string>
435         kind	<string>
436         readOnly	<boolean>
437      azureFile	<Object>
438         readOnly	<boolean>
439         secretName	<string>
440         shareName	<string>
441      cephfs	<Object>
442         monitors	<[]string>
443         path	<string>
444         readOnly	<boolean>
445         secretFile	<string>
446         secretRef	<Object>
447            name	<string>
448         user	<string>
449      cinder	<Object>
450         fsType	<string>
451         readOnly	<boolean>
452         secretRef	<Object>
453            name	<string>
454         volumeID	<string>
455      configMap	<Object>
456         defaultMode	<integer>
457         items	<[]Object>
458            key	<string>
459            mode	<integer>
460            path	<string>
461         name	<string>
462         optional	<boolean>
463      csi	<Object>
464         driver	<string>
465         fsType	<string>
466         nodePublishSecretRef	<Object>
467            name	<string>
468         readOnly	<boolean>
469         volumeAttributes	<map[string]string>
470      downwardAPI	<Object>
471         defaultMode	<integer>
472         items	<[]Object>
473            fieldRef	<Object>
474               apiVersion	<string>
475               fieldPath	<string>
476            mode	<integer>
477            path	<string>
478            resourceFieldRef	<Object>
479               containerName	<string>
480               divisor	<string>
481               resource	<string>
482      emptyDir	<Object>
483         medium	<string>
484         sizeLimit	<string>
485      fc	<Object>
486         fsType	<string>
487         lun	<integer>
488         readOnly	<boolean>
489         targetWWNs	<[]string>
490         wwids	<[]string>
491      flexVolume	<Object>
492         driver	<string>
493         fsType	<string>
494         options	<map[string]string>
495         readOnly	<boolean>
496         secretRef	<Object>
497            name	<string>
498      flocker	<Object>
499         datasetName	<string>
500         datasetUUID	<string>
501      gcePersistentDisk	<Object>
502         fsType	<string>
503         partition	<integer>
504         pdName	<string>
505         readOnly	<boolean>
506      gitRepo	<Object>
507         directory	<string>
508         repository	<string>
509         revision	<string>
510      glusterfs	<Object>
511         endpoints	<string>
512         path	<string>
513         readOnly	<boolean>
514      hostPath	<Object>
515         path	<string>
516         type	<string>
517      iscsi	<Object>
518         chapAuthDiscovery	<boolean>
519         chapAuthSession	<boolean>
520         fsType	<string>
521         initiatorName	<string>
522         iqn	<string>
523         iscsiInterface	<string>
524         lun	<integer>
525         portals	<[]string>
526         readOnly	<boolean>
527         secretRef	<Object>
528            name	<string>
529         targetPortal	<string>
530      name	<string>
531      nfs	<Object>
532         path	<string>
533         readOnly	<boolean>
534         server	<string>
535      persistentVolumeClaim	<Object>
536         claimName	<string>
537         readOnly	<boolean>
538      photonPersistentDisk	<Object>
539         fsType	<string>
540         pdID	<string>
541      portworxVolume	<Object>
542         fsType	<string>
543         readOnly	<boolean>
544         volumeID	<string>
545      projected	<Object>
546         defaultMode	<integer>
547         sources	<[]Object>
548            configMap	<Object>
549               items	<[]Object>
550                  key	<string>
551                  mode	<integer>
552                  path	<string>
553               name	<string>
554               optional	<boolean>
555            downwardAPI	<Object>
556               items	<[]Object>
557                  fieldRef	<Object>
558                     apiVersion	<string>
559                     fieldPath	<string>
560                  mode	<integer>
561                  path	<string>
562                  resourceFieldRef	<Object>
563                     containerName	<string>
564                     divisor	<string>
565                     resource	<string>
566            secret	<Object>
567               items	<[]Object>
568                  key	<string>
569                  mode	<integer>
570                  path	<string>
571               name	<string>
572               optional	<boolean>
573            serviceAccountToken	<Object>
574               audience	<string>
575               expirationSeconds	<integer>
576               path	<string>
577      quobyte	<Object>
578         group	<string>
579         readOnly	<boolean>
580         registry	<string>
581         tenant	<string>
582         user	<string>
583         volume	<string>
584      rbd	<Object>
585         fsType	<string>
586         image	<string>
587         keyring	<string>
588         monitors	<[]string>
589         pool	<string>
590         readOnly	<boolean>
591         secretRef	<Object>
592            name	<string>
593         user	<string>
594      scaleIO	<Object>
595         fsType	<string>
596         gateway	<string>
597         protectionDomain	<string>
598         readOnly	<boolean>
599         secretRef	<Object>
600            name	<string>
601         sslEnabled	<boolean>
602         storageMode	<string>
603         storagePool	<string>
604         system	<string>
605         volumeName	<string>
606      secret	<Object>
607         defaultMode	<integer>
608         items	<[]Object>
609            key	<string>
610            mode	<integer>
611            path	<string>
612         optional	<boolean>
613         secretName	<string>
614      storageos	<Object>
615         fsType	<string>
616         readOnly	<boolean>
617         secretRef	<Object>
618            name	<string>
619         volumeName	<string>
620         volumeNamespace	<string>
621      vsphereVolume	<Object>
622         fsType	<string>
623         storagePolicyID	<string>
624         storagePolicyName	<string>
625         volumePath	<string>

This is a tedious job and consumes a lot of time. If there are multiple matching fields in different objects, that will make the situation worse.

We provide a solution, an alternative approach to this problem. kubectl fields plugin solves this problem by printing one-liner parental hierarchy of any field in any selected resource.

[email protected]:~/go/src/kubectl-fields$ kubectl fields po.spec capabilities
containers.securityContext.capabilities
initContainers.securityContext.capabilities

Conclusion

kubectl fields plugin is now integrated with krew, a kubectl plugin manager. This plugin integration works on all platforms. So, this plugin can be installed directly with krew. It’s as simple as,

kubectl krew install fields

References

https://github.com/rewanth1997/kubectl-fields

Subscribe to our Newsletter
Subscription Form
DOWNLOAD THE EBOOK

Fill in your details and get your copy of the ebook in few seconds

Ebook Download
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download ICS Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Cloud Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Code Review Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Red Team Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download DevSecOps Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download Product Security Assessment Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download AI/ML Sample Report
DOWNLOAD A SAMPLE REPORT

Fill in your details and get your copy of sample report in few seconds

Download IoT Sample Report

Let’s make cyberspace secure together!

Requirements

Connect Now Form

What our clients are saying!

Trusted by