handy_things

Home

Handy Tips and Commands

This document contains a collection of useful tips and commands for working with Kubernetes and Docker.

1. Retrieving YAML Manifests for Existing Resources

If you need the YAML definition for a resource that's already running in your Kubernetes cluster but you don't have the original manifest file, you can retrieve it using kubectl get ... -o yaml.

Example for a Pod:(Replace nginx with your actual pod name and specify a namespace if not default.)

kubectl get po nginx -o yaml > pod.yaml

Example for a DaemonSet (like kube-proxy):

kubectl get ds kube-proxy -n kube-system -o yaml > kube-proxy.yaml

2. Locating Docker Registry Credentials

If you've previously logged into a Docker registry (like Docker Hub) using docker login, Docker stores the authentication credentials (usually an encoded token) in a configuration file.

  1. Locate the Docker config file: The file is typically located at ~/.docker/config.json for regular users, or /root/.docker/config.json if you logged in as root.

    cat ~/.docker/config.json
# Or if you logged in as root:
# sudo cat /root/.docker/config.json

  2. Interpret the auths section: Inside this JSON file, there's an auths section containing entries for each registry you've logged into. The auth field for a registry typically holds a base64 encoded string, which is often username:password (for older setups) or more commonly an access token.

    Example config.json snippet:

    {
  "auths": {
    "https://index.docker.io/v1/": {
      "auth": "dXNlcm5hbWU6cGFzc3dvcmQ="
      // This is an example, your auth string will be different
    }
  }
}

  3. Decode the auth string: To decode it, copy the auth string and use base64 -d.

    # Replace YOUR_AUTH_STRING with the actual string from your config.json
echo "YOUR_AUTH_STRING" | base64 -d
# This will output the decoded credentials, often in the format 'username:token' or 'username:password'.

    Note: Handling these credentials carefully is important for security.

3. Quickly Create a Service Account with Cluster Admin Privileges

For testing or development purposes, you might need a Service Account (SA) with broad permissions. Warning: Granting cluster-admin privileges is powerful and should be done with extreme caution, especially in production environments.

  1. Create a Service Account: (Assuming in the default namespace, or specify -n <your-namespace>)

  2. Create a ClusterRoleBinding: This command binds the cluster-admin ClusterRole to the demo Service Account in the default namespace.

    (Changed binding name to be more descriptive and less likely to conflict if sa-demo was used for a namespaced RoleBinding elsewhere.)

Home

Previousgetting_started_with_dockerNextingress

Last updated