[Common] Split kubectl improvements

rascasoft · rascasoft · commit e9c857b8b7d4 · 2024-09-02T18:08:11.000+02:00
Since these steps applies both to Kubelab and Minikube, lte's have a dedicated
file for kubectl improvements.
diff --git a/Common/Kubernetes-Install-Kubelab.md b/Common/Kubernetes-Install-Kubelab.md
@@ -21,18 +21,20 @@ And then launch the playbooks pointing to the `training_kfs_kubelab` inventory,
 using the `training_kfs_kubelab` as `k8s_host_group`:
 
 ```console
-(ansible-venv) $ ansible-playbook -i kiralab/ -e k8s_host_group=training_kfs_kubelab mmul.kubelab/tests/kubelab.yml
+(ansible-venv) $ ansible-playbook -i kiralab/ -e k8s_host_group=training_kfs mmul.kubelab/tests/kubelab.yml
 ...
 PLAY RECAP *******************************************************************************************************
 training-kfs-01            : ok=61   changed=43   unreachable=0    failed=0    skipped=30   rescued=0    ignored=0
 training-kfs-02            : ok=39   changed=30   unreachable=0    failed=0    skipped=37   rescued=0    ignored=0
 training-kfs-03            : ok=39   changed=30   unreachable=0    failed=0    skipped=37   rescued=0    ignored=0
 ```
 
-Then make `kubectl` available to the system:
+## Install kubectl
+
+Make `kubectl` available to the system:
 
 ```console
-$ export KUBE_VERSION='v1.30'
+$ export KUBE_VERSION='v1.30.4'
 
 $ curl -LO "https://dl.k8s.io/release/${KUBE_VERSION}/bin/linux/amd64/kubectl"
 ...
@@ -44,7 +46,7 @@ mode of 'kubectl' changed from 0664 (rw-rw-r--) to 0775 (rwxrwxr-x)
 And use it to check the cluster:
 
 ```console
-$ export KUBECONFIG=training-kfs/admin.conf
+$ export KUBECONFIG=~/training-kfs/admin.conf
 (no output)
 
 $ kubectl cluster-info
@@ -59,3 +61,8 @@ training-kfs-01   Ready    control-plane   3m39s   v1.30.4
 training-kfs-02   Ready    control-plane   3m8s    v1.30.4
 training-kfs-03   Ready    control-plane   2m32s   v1.30.4
 ```
+
+## Extend kubectl functionalities
+
+There are plenty of ways to extend `kubectl` functionalies, follow [Kubernetes-Kubectl-Improvements.md](Kubernetes-Kubectl-Improvements.md)
+to activate some of them.
diff --git a/Common/Kubernetes-Install-Minikube.md b/Common/Kubernetes-Install-Minikube.md
@@ -149,36 +149,7 @@ kube-system   kube-scheduler-minikube            1/1     Running   0
 kube-system   storage-provisioner                1/1     Running   2 (6m ago)   6m13s
 ```
 
-### Enable kubectl command completion
+## Extend kubectl functionalities
 
-The `kubectl` command can be used to produce a bash completion file to be
-included in your shell.
-
-The `bash-completion` package is mandatory:
-
-```console
-$ sudo yum -y install bash-completion
-...
-
-$ source /etc/profile.d/bash_completion.sh
-(no output)
-```
-
-And then the completion can be activated:
-
-```console
-$ kubectl completion bash > ~/.kubectl-completion
-(no output)
-
-$ echo "source ~/.kubectl-completion" >> ~/.bash_profile
-(no output)
-
-$ source ~/.kubectl-completion
-(no output)
-
-$ kubectl <PRESS TAB>
-annotate       attach         cluster-info   cordon         describe       exec           kustomize      patch          replace        set            version
-api-resources  auth           completion     cp             diff           explain        label          plugin         rollout        taint          wait
-api-versions   autoscale      config         create         drain          expose         logs           port-forward   run            top
-apply          certificate    convert        delete         edit           get            options        proxy          scale          uncordon
-```
+There are plenty of ways to extend `kubectl` functionalies, follow [Kubernetes-Kubectl-Improvements.md](Kubernetes-Kubectl-Improvements.md)
+to activate some of them.
diff --git a/Common/Kubernetes-Kubectl-Improvements.md b/Common/Kubernetes-Kubectl-Improvements.md
@@ -0,0 +1,184 @@
+# Lab | Kubernetes kubectl improvements
+
+Whenever you installed Kubernetes following [Kubernetes-Install-Kubelab.md](Kubernetes-Install-Kubelab.md)
+or [Kubernetes-Install-Minikube.md](Kubernetes-Install-Minikube.md), in both
+cases you should have installed also the `kubectl` command to interact with the
+cluster.
+
+This lab helps to improve `kubectl` functionalities by enabling auto completion
+and `krew` utilities.
+
+## Enable kubectl command completion
+
+The `kubectl` command can be used to produce a bash completion file to be
+included in your shell.
+
+The `bash-completion` package is mandatory for both a Red Hat based
+installation:
+
+```console
+$ sudo yum -y install bash-completion
+...
+```
+
+As well as Debian based:
+
+```console
+$ sudo apt install -y bash-completion
+(no output)
+```
+
+Bash completion is usually enabled by default, but can be manually activated:
+
+```console
+$ source /etc/profile.d/bash_completion.sh
+(no output)
+```
+
+Once this is done to enable auto completion with `kubectl` use these commands:
+
+```console
+$ kubectl completion bash > ~/.kubectl-completion
+(no output)
+
+$ echo "source ~/.kubectl-completion" >> ~/.bash_profile
+(no output)
+
+$ source ~/.kubectl-completion
+(no output)
+
+$ kubectl <PRESS TAB>
+annotate       attach         cluster-info   cordon         describe       exec           kustomize      patch          replace        set            version
+api-resources  auth           completion     cp             diff           explain        label          plugin         rollout        taint          wait
+api-versions   autoscale      config         create         drain          expose         logs           port-forward   run            top
+apply          certificate    convert        delete         edit           get            options        proxy          scale          uncordon
+```
+
+Remember that "Tab" is your friend. Use it!
+
+## Use krew to extend kubectl functionalities
+
+To Install krew you will need `git` on your system.
+
+If you use Red Hat based systems install it via:
+
+```console
+$ sudo yum -y install git
+...
+```
+
+or with Debian based system use:
+
+```console
+$ sudo apt install -y git
+...
+```
+
+Then you can proceed by downloading `krew` and installing it:
+
+```console
+$ curl -LO https://github.com/kubernetes-sigs/krew/releases/download/v0.4.4/krew-linux_amd64.tar.gz
+...
+
+$ tar -xzvf krew-linux_amd64.tar.gz
+...
+
+$ sudo mv krew-linux_amd64 /usr/local/bin/krew
+
+$ krew install krew
+Adding "default" plugin index from https://github.com/kubernetes-sigs/krew-index.git.
+Updated the local copy of plugin index.
+Installing plugin: krew
+Installed plugin: krew
+\
+ | Use this plugin:
+ |     kubectl krew
+ | Documentation:
+ |     https://krew.sigs.k8s.io/
+ | Caveats:
+ | \
+ |  | krew is now installed! To start using kubectl plugins, you need to add
+ |  | krew's installation directory to your PATH:
+ |  |
+ |  |   * macOS/Linux:
+ |  |     - Add the following to your ~/.bashrc or ~/.zshrc:
+ |  |         export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
+ |  |     - Restart your shell.
+ |  |
+ |  |   * Windows: Add %USERPROFILE%\.krew\bin to your PATH environment variable
+ |  |
+ |  | To list krew commands and to get help, run:
+ |  |   $ kubectl krew
+ |  | For a full list of available plugins, run:
+ |  |   $ kubectl krew search
+ |  |
+ |  | You can find documentation at
+ |  |   https://krew.sigs.k8s.io/docs/user-guide/quickstart/.
+ | /
+/
+
+$ echo 'export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"' >> .bash_profile
+
+$ export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
+```
+
+There are plenty of plugins that can be installed, we will start with `who-can`
+and `tree`:
+
+```console
+$ kubectl krew install who-can
+...
+
+$ kubectl krew install tree
+...
+```
+
+With this plugins in place it will be possible to know who can list certain
+objects, like Pods:
+
+```console
+$ kubectl who-can list pods
+No subjects found with permissions to list pods assigned through RoleBindings
+
+CLUSTERROLEBINDING                             SUBJECT                         TYPE            SA-NAMESPACE
+cluster-admin                                  system:masters                  Group           
+kubeadm:cluster-admins                         kubeadm:cluster-admins          Group           
+system:controller:attachdetach-controller      attachdetach-controller         ServiceAccount  kube-system
+system:controller:cronjob-controller           cronjob-controller              ServiceAccount  kube-system
+system:controller:daemon-set-controller        daemon-set-controller           ServiceAccount  kube-system
+system:controller:deployment-controller        deployment-controller           ServiceAccount  kube-system
+system:controller:endpoint-controller          endpoint-controller             ServiceAccount  kube-system
+system:controller:endpointslice-controller     endpointslice-controller        ServiceAccount  kube-system
+system:controller:ephemeral-volume-controller  ephemeral-volume-controller     ServiceAccount  kube-system
+system:controller:generic-garbage-collector    generic-garbage-collector       ServiceAccount  kube-system
+system:controller:horizontal-pod-autoscaler    horizontal-pod-autoscaler       ServiceAccount  kube-system
+system:controller:job-controller               job-controller                  ServiceAccount  kube-system
+system:controller:namespace-controller         namespace-controller            ServiceAccount  kube-system
+system:controller:node-controller              node-controller                 ServiceAccount  kube-system
+system:controller:persistent-volume-binder     persistent-volume-binder        ServiceAccount  kube-system
+system:controller:pod-garbage-collector        pod-garbage-collector           ServiceAccount  kube-system
+system:controller:pvc-protection-controller    pvc-protection-controller       ServiceAccount  kube-system
+system:controller:replicaset-controller        replicaset-controller           ServiceAccount  kube-system
+system:controller:replication-controller       replication-controller          ServiceAccount  kube-system
+system:controller:resourcequota-controller     resourcequota-controller        ServiceAccount  kube-system
+system:controller:statefulset-controller       statefulset-controller          ServiceAccount  kube-system
+system:coredns                                 coredns                         ServiceAccount  kube-system
+system:kube-controller-manager                 system:kube-controller-manager  User            
+system:kube-scheduler                          system:kube-scheduler           User            
+trivy-operator                                 trivy-operator                  ServiceAccount  trivy-system
+```
+
+Or the tree structure of a deployment:
+
+```console
+$ kubectl tree -n kube-system deployment coredns
+NAMESPACE    NAME                                                           READY  REASON  AGE
+kube-system  Deployment/coredns                                             -              36m
+kube-system  └─ReplicaSet/coredns-7db6d8ff4d                                -              35m
+kube-system    ├─ConfigAuditReport/replicaset-coredns-7db6d8ff4d            -              24m
+kube-system    ├─ExposedSecretReport/replicaset-coredns-7db6d8ff4d-coredns  -              23m
+kube-system    ├─Pod/coredns-7db6d8ff4d-bp7r5                               True           35m
+kube-system    ├─Pod/coredns-7db6d8ff4d-gwvgl                               True           35m
+kube-system    ├─SbomReport/replicaset-coredns-7db6d8ff4d-coredns           -              23m
+kube-system    └─VulnerabilityReport/replicaset-coredns-7db6d8ff4d-coredns  -              23m
+```
