Introduction to Kubernetes
Kubernetes is an open-source container orchestration system for automating application deployment, scaling, and management. kubectl provides a CLI interface to manage Kubernetes clusters. Kubectl enables the users to run different operations like describe, edit, exec, explain, logs, run, etc on Kubernetes clusters.
Kubernetes objects can be created, updated, and deleted by writing object configuration files either in declarative/imperative method. Kubernetes object configuration files need to follow a pre-defined parental hierarchy structure. All the configuration files need to be addressed in the same pre-defined sequential/parental order to get processed by Kubernetes.
The kubectl CLI has an extended feature called kubectl plugins – this advanced feature allows the users to develop plugins to customize kubectl for personal use.
This blog post focuses on one such plugin authored by us, which saves a lot of developers and users time while writing or editing Kubernetes object configuration files.
kubectl-fields plugin
kubectl explain --recursive | grep doesn’t show the exact hierarchy of matched fields, but this plugin does! You can use it to dump a one-liner parental hierarchy of all matching fields in any kubectl resource.
In-depth explanation
Let’s say you need to add the capabilities field to the pods configuration file. To achieve this, the first thing is to have the knowledge of the capabilities hierarchy to place that in the object configuration file.
The current methodology to find a hierarchical order for any field is to use grep or similar command for the specific field.
[email protected]:~/go/src/kubectl-fields$ kubectl explain --recursive po.spec | grep capabilities
capabilities <Object>
capabilities <Object>
The above result shows only the matched patterns but it doesn’t show the parental hierarchy. Alternatively, the search can be extended with grep advanced functionalities.
[email protected]:~/go/src/kubectl-fields$ kubectl explain --recursive po.spec | grep capabilities -C 5
resources <Object>
limits <map[string]string>
requests <map[string]string>
securityContext <Object>
allowPrivilegeEscalation <boolean>
capabilities <Object>
add <[]string>
drop <[]string>
privileged <boolean>
procMount <string>
readOnlyRootFilesystem <boolean>
--
resources <Object>
limits <map[string]string>
requests <map[string]string>
securityContext <Object>
allowPrivilegeEscalation <boolean>
capabilities <Object>
add <[]string>
drop <[]string>
privileged <boolean>
procMount <string>
readOnlyRootFilesystem <boolean>
Even the above grep command doesn’t show the complete hierarchy for capabilities.
The only way to find the hierarchy is to print the complete output, scroll up and down to find the parent/child elements.
1[email protected]:~/go/src/kubectl-fields$ kubectl explain --recursive po.spec
2KIND: Pod
3VERSION: v1
4
5RESOURCE: spec <Object>
6
7DESCRIPTION:
8 Specification of the desired behavior of the pod. More info:
9 https://git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status
10
11 PodSpec is a description of a pod.
12
13FIELDS:
14 activeDeadlineSeconds <integer>
15 affinity <Object>
16 nodeAffinity <Object>
17 preferredDuringSchedulingIgnoredDuringExecution <[]Object>
18 preference <Object>
19 matchExpressions <[]Object>
20 key <string>
21 operator <string>
22 values <[]string>
23 matchFields <[]Object>
24 key <string>
25 operator <string>
26 values <[]string>
27 weight <integer>
28 requiredDuringSchedulingIgnoredDuringExecution <Object>
29 nodeSelectorTerms <[]Object>
30 matchExpressions <[]Object>
31 key <string>
32 operator <string>
33 values <[]string>
34 matchFields <[]Object>
35 key <string>
36 operator <string>
37 values <[]string>
38 podAffinity <Object>
39 preferredDuringSchedulingIgnoredDuringExecution <[]Object>
40 podAffinityTerm <Object>
41 labelSelector <Object>
42 matchExpressions <[]Object>
43 key <string>
44 operator <string>
45 values <[]string>
46 matchLabels <map[string]string>
47 namespaces <[]string>
48 topologyKey <string>
49 weight <integer>
50 requiredDuringSchedulingIgnoredDuringExecution <[]Object>
51 labelSelector <Object>
52 matchExpressions <[]Object>
53 key <string>
54 operator <string>
55 values <[]string>
56 matchLabels <map[string]string>
57 namespaces <[]string>
58 topologyKey <string>
59 podAntiAffinity <Object>
60 preferredDuringSchedulingIgnoredDuringExecution <[]Object>
61 podAffinityTerm <Object>
62 labelSelector <Object>
63 matchExpressions <[]Object>
64 key <string>
65 operator <string>
66 values <[]string>
67 matchLabels <map[string]string>
68 namespaces <[]string>
69 topologyKey <string>
70 weight <integer>
71 requiredDuringSchedulingIgnoredDuringExecution <[]Object>
72 labelSelector <Object>
73 matchExpressions <[]Object>
74 key <string>
75 operator <string>
76 values <[]string>
77 matchLabels <map[string]string>
78 namespaces <[]string>
79 topologyKey <string>
80 automountServiceAccountToken <boolean>
81 containers <[]Object>
82 args <[]string>
83 command <[]string>
84 env <[]Object>
85 name <string>
86 value <string>
87 valueFrom <Object>
88 configMapKeyRef <Object>
89 key <string>
90 name <string>
91 optional <boolean>
92 fieldRef <Object>
93 apiVersion <string>
94 fieldPath <string>
95 resourceFieldRef <Object>
96 containerName <string>
97 divisor <string>
98 resource <string>
99 secretKeyRef <Object>
100 key <string>
101 name <string>
102 optional <boolean>
103 envFrom <[]Object>
104 configMapRef <Object>
105 name <string>
106 optional <boolean>
107 prefix <string>
108 secretRef <Object>
109 name <string>
110 optional <boolean>
111 image <string>
112 imagePullPolicy <string>
113 lifecycle <Object>
114 postStart <Object>
115 exec <Object>
116 command <[]string>
117 httpGet <Object>
118 host <string>
119 httpHeaders <[]Object>
120 name <string>
121 value <string>
122 path <string>
123 port <string>
124 scheme <string>
125 tcpSocket <Object>
126 host <string>
127 port <string>
128 preStop <Object>
129 exec <Object>
130 command <[]string>
131 httpGet <Object>
132 host <string>
133 httpHeaders <[]Object>
134 name <string>
135 value <string>
136 path <string>
137 port <string>
138 scheme <string>
139 tcpSocket <Object>
140 host <string>
141 port <string>
142 livenessProbe <Object>
143 exec <Object>
144 command <[]string>
145 failureThreshold <integer>
146 httpGet <Object>
147 host <string>
148 httpHeaders <[]Object>
149 name <string>
150 value <string>
151 path <string>
152 port <string>
153 scheme <string>
154 initialDelaySeconds <integer>
155 periodSeconds <integer>
156 successThreshold <integer>
157 tcpSocket <Object>
158 host <string>
159 port <string>
160 timeoutSeconds <integer>
161 name <string>
162 ports <[]Object>
163 containerPort <integer>
164 hostIP <string>
165 hostPort <integer>
166 name <string>
167 protocol <string>
168 readinessProbe <Object>
169 exec <Object>
170 command <[]string>
171 failureThreshold <integer>
172 httpGet <Object>
173 host <string>
174 httpHeaders <[]Object>
175 name <string>
176 value <string>
177 path <string>
178 port <string>
179 scheme <string>
180 initialDelaySeconds <integer>
181 periodSeconds <integer>
182 successThreshold <integer>
183 tcpSocket <Object>
184 host <string>
185 port <string>
186 timeoutSeconds <integer>
187 resources <Object>
188 limits <map[string]string>
189 requests <map[string]string>
190 securityContext <Object>
191 allowPrivilegeEscalation <boolean>
192 capabilities <Object>
193 add <[]string>
194 drop <[]string>
195 privileged <boolean>
196 procMount <string>
197 readOnlyRootFilesystem <boolean>
198 runAsGroup <integer>
199 runAsNonRoot <boolean>
200 runAsUser <integer>
201 seLinuxOptions <Object>
202 level <string>
203 role <string>
204 type <string>
205 user <string>
206 windowsOptions <Object>
207 gmsaCredentialSpec <string>
208 gmsaCredentialSpecName <string>
209 stdin <boolean>
210 stdinOnce <boolean>
211 terminationMessagePath <string>
212 terminationMessagePolicy <string>
213 tty <boolean>
214 volumeDevices <[]Object>
215 devicePath <string>
216 name <string>
217 volumeMounts <[]Object>
218 mountPath <string>
219 mountPropagation <string>
220 name <string>
221 readOnly <boolean>
222 subPath <string>
223 subPathExpr <string>
224 workingDir <string>
225 dnsConfig <Object>
226 nameservers <[]string>
227 options <[]Object>
228 name <string>
229 value <string>
230 searches <[]string>
231 dnsPolicy <string>
232 enableServiceLinks <boolean>
233 hostAliases <[]Object>
234 hostnames <[]string>
235 ip <string>
236 hostIPC <boolean>
237 hostNetwork <boolean>
238 hostPID <boolean>
239 hostname <string>
240 imagePullSecrets <[]Object>
241 name <string>
242 initContainers <[]Object>
243 args <[]string>
244 command <[]string>
245 env <[]Object>
246 name <string>
247 value <string>
248 valueFrom <Object>
249 configMapKeyRef <Object>
250 key <string>
251 name <string>
252 optional <boolean>
253 fieldRef <Object>
254 apiVersion <string>
255 fieldPath <string>
256 resourceFieldRef <Object>
257 containerName <string>
258 divisor <string>
259 resource <string>
260 secretKeyRef <Object>
261 key <string>
262 name <string>
263 optional <boolean>
264 envFrom <[]Object>
265 configMapRef <Object>
266 name <string>
267 optional <boolean>
268 prefix <string>
269 secretRef <Object>
270 name <string>
271 optional <boolean>
272 image <string>
273 imagePullPolicy <string>
274 lifecycle <Object>
275 postStart <Object>
276 exec <Object>
277 command <[]string>
278 httpGet <Object>
279 host <string>
280 httpHeaders <[]Object>
281 name <string>
282 value <string>
283 path <string>
284 port <string>
285 scheme <string>
286 tcpSocket <Object>
287 host <string>
288 port <string>
289 preStop <Object>
290 exec <Object>
291 command <[]string>
292 httpGet <Object>
293 host <string>
294 httpHeaders <[]Object>
295 name <string>
296 value <string>
297 path <string>
298 port <string>
299 scheme <string>
300 tcpSocket <Object>
301 host <string>
302 port <string>
303 livenessProbe <Object>
304 exec <Object>
305 command <[]string>
306 failureThreshold <integer>
307 httpGet <Object>
308 host <string>
309 httpHeaders <[]Object>
310 name <string>
311 value <string>
312 path <string>
313 port <string>
314 scheme <string>
315 initialDelaySeconds <integer>
316 periodSeconds <integer>
317 successThreshold <integer>
318 tcpSocket <Object>
319 host <string>
320 port <string>
321 timeoutSeconds <integer>
322 name <string>
323 ports <[]Object>
324 containerPort <integer>
325 hostIP <string>
326 hostPort <integer>
327 name <string>
328 protocol <string>
329 readinessProbe <Object>
330 exec <Object>
331 command <[]string>
332 failureThreshold <integer>
333 httpGet <Object>
334 host <string>
335 httpHeaders <[]Object>
336 name <string>
337 value <string>
338 path <string>
339 port <string>
340 scheme <string>
341 initialDelaySeconds <integer>
342 periodSeconds <integer>
343 successThreshold <integer>
344 tcpSocket <Object>
345 host <string>
346 port <string>
347 timeoutSeconds <integer>
348 resources <Object>
349 limits <map[string]string>
350 requests <map[string]string>
351 securityContext <Object>
352 allowPrivilegeEscalation <boolean>
353 capabilities <Object>
354 add <[]string>
355 drop <[]string>
356 privileged <boolean>
357 procMount <string>
358 readOnlyRootFilesystem <boolean>
359 runAsGroup <integer>
360 runAsNonRoot <boolean>
361 runAsUser <integer>
362 seLinuxOptions <Object>
363 level <string>
364 role <string>
365 type <string>
366 user <string>
367 windowsOptions <Object>
368 gmsaCredentialSpec <string>
369 gmsaCredentialSpecName <string>
370 stdin <boolean>
371 stdinOnce <boolean>
372 terminationMessagePath <string>
373 terminationMessagePolicy <string>
374 tty <boolean>
375 volumeDevices <[]Object>
376 devicePath <string>
377 name <string>
378 volumeMounts <[]Object>
379 mountPath <string>
380 mountPropagation <string>
381 name <string>
382 readOnly <boolean>
383 subPath <string>
384 subPathExpr <string>
385 workingDir <string>
386 nodeName <string>
387 nodeSelector <map[string]string>
388 preemptionPolicy <string>
389 priority <integer>
390 priorityClassName <string>
391 readinessGates <[]Object>
392 conditionType <string>
393 restartPolicy <string>
394 runtimeClassName <string>
395 schedulerName <string>
396 securityContext <Object>
397 fsGroup <integer>
398 runAsGroup <integer>
399 runAsNonRoot <boolean>
400 runAsUser <integer>
401 seLinuxOptions <Object>
402 level <string>
403 role <string>
404 type <string>
405 user <string>
406 supplementalGroups <[]integer>
407 sysctls <[]Object>
408 name <string>
409 value <string>
410 windowsOptions <Object>
411 gmsaCredentialSpec <string>
412 gmsaCredentialSpecName <string>
413 serviceAccount <string>
414 serviceAccountName <string>
415 shareProcessNamespace <boolean>
416 subdomain <string>
417 terminationGracePeriodSeconds <integer>
418 tolerations <[]Object>
419 effect <string>
420 key <string>
421 operator <string>
422 tolerationSeconds <integer>
423 value <string>
424 volumes <[]Object>
425 awsElasticBlockStore <Object>
426 fsType <string>
427 partition <integer>
428 readOnly <boolean>
429 volumeID <string>
430 azureDisk <Object>
431 cachingMode <string>
432 diskName <string>
433 diskURI <string>
434 fsType <string>
435 kind <string>
436 readOnly <boolean>
437 azureFile <Object>
438 readOnly <boolean>
439 secretName <string>
440 shareName <string>
441 cephfs <Object>
442 monitors <[]string>
443 path <string>
444 readOnly <boolean>
445 secretFile <string>
446 secretRef <Object>
447 name <string>
448 user <string>
449 cinder <Object>
450 fsType <string>
451 readOnly <boolean>
452 secretRef <Object>
453 name <string>
454 volumeID <string>
455 configMap <Object>
456 defaultMode <integer>
457 items <[]Object>
458 key <string>
459 mode <integer>
460 path <string>
461 name <string>
462 optional <boolean>
463 csi <Object>
464 driver <string>
465 fsType <string>
466 nodePublishSecretRef <Object>
467 name <string>
468 readOnly <boolean>
469 volumeAttributes <map[string]string>
470 downwardAPI <Object>
471 defaultMode <integer>
472 items <[]Object>
473 fieldRef <Object>
474 apiVersion <string>
475 fieldPath <string>
476 mode <integer>
477 path <string>
478 resourceFieldRef <Object>
479 containerName <string>
480 divisor <string>
481 resource <string>
482 emptyDir <Object>
483 medium <string>
484 sizeLimit <string>
485 fc <Object>
486 fsType <string>
487 lun <integer>
488 readOnly <boolean>
489 targetWWNs <[]string>
490 wwids <[]string>
491 flexVolume <Object>
492 driver <string>
493 fsType <string>
494 options <map[string]string>
495 readOnly <boolean>
496 secretRef <Object>
497 name <string>
498 flocker <Object>
499 datasetName <string>
500 datasetUUID <string>
501 gcePersistentDisk <Object>
502 fsType <string>
503 partition <integer>
504 pdName <string>
505 readOnly <boolean>
506 gitRepo <Object>
507 directory <string>
508 repository <string>
509 revision <string>
510 glusterfs <Object>
511 endpoints <string>
512 path <string>
513 readOnly <boolean>
514 hostPath <Object>
515 path <string>
516 type <string>
517 iscsi <Object>
518 chapAuthDiscovery <boolean>
519 chapAuthSession <boolean>
520 fsType <string>
521 initiatorName <string>
522 iqn <string>
523 iscsiInterface <string>
524 lun <integer>
525 portals <[]string>
526 readOnly <boolean>
527 secretRef <Object>
528 name <string>
529 targetPortal <string>
530 name <string>
531 nfs <Object>
532 path <string>
533 readOnly <boolean>
534 server <string>
535 persistentVolumeClaim <Object>
536 claimName <string>
537 readOnly <boolean>
538 photonPersistentDisk <Object>
539 fsType <string>
540 pdID <string>
541 portworxVolume <Object>
542 fsType <string>
543 readOnly <boolean>
544 volumeID <string>
545 projected <Object>
546 defaultMode <integer>
547 sources <[]Object>
548 configMap <Object>
549 items <[]Object>
550 key <string>
551 mode <integer>
552 path <string>
553 name <string>
554 optional <boolean>
555 downwardAPI <Object>
556 items <[]Object>
557 fieldRef <Object>
558 apiVersion <string>
559 fieldPath <string>
560 mode <integer>
561 path <string>
562 resourceFieldRef <Object>
563 containerName <string>
564 divisor <string>
565 resource <string>
566 secret <Object>
567 items <[]Object>
568 key <string>
569 mode <integer>
570 path <string>
571 name <string>
572 optional <boolean>
573 serviceAccountToken <Object>
574 audience <string>
575 expirationSeconds <integer>
576 path <string>
577 quobyte <Object>
578 group <string>
579 readOnly <boolean>
580 registry <string>
581 tenant <string>
582 user <string>
583 volume <string>
584 rbd <Object>
585 fsType <string>
586 image <string>
587 keyring <string>
588 monitors <[]string>
589 pool <string>
590 readOnly <boolean>
591 secretRef <Object>
592 name <string>
593 user <string>
594 scaleIO <Object>
595 fsType <string>
596 gateway <string>
597 protectionDomain <string>
598 readOnly <boolean>
599 secretRef <Object>
600 name <string>
601 sslEnabled <boolean>
602 storageMode <string>
603 storagePool <string>
604 system <string>
605 volumeName <string>
606 secret <Object>
607 defaultMode <integer>
608 items <[]Object>
609 key <string>
610 mode <integer>
611 path <string>
612 optional <boolean>
613 secretName <string>
614 storageos <Object>
615 fsType <string>
616 readOnly <boolean>
617 secretRef <Object>
618 name <string>
619 volumeName <string>
620 volumeNamespace <string>
621 vsphereVolume <Object>
622 fsType <string>
623 storagePolicyID <string>
624 storagePolicyName <string>
625 volumePath <string>
This is a tedious job and consumes a lot of time. If there are multiple matching fields in different objects, that will make the situation worse.
We provide a solution, an alternative approach to this problem. kubectl fields plugin solves this problem by printing one-liner parental hierarchy of any field in any selected resource.
[email protected]:~/go/src/kubectl-fields$ kubectl fields po.spec capabilities
containers.securityContext.capabilities
initContainers.securityContext.capabilities
Conclusion
kubectl fields plugin is now integrated with krew, a kubectl plugin manager. This plugin integration works on all platforms. So, this plugin can be installed directly with krew. It’s as simple as,
kubectl krew install fields
