Author Archives: Niklas - Page 6

My kubectl CheatSheet

Pods
List pods in current namespace

kubectl get pods

List pods i all namespaces

kubectl get pods -A

View details about a pod

kubectl describe pod <pod-name>

ConfigMaps
List ConfigMaps

kubectl get configmaps

View details about a ConfigMap

kubectl describe configmap <config-map-name>

Create a ConfigMap the holds a file

kubectl create configmap <config-map-name> --from-file=<file-name>

Deployments
List Deployments

kubectl get deployments

View details about a Deployment

kubectl describe deployment <deployment-name>

Services
List Services

kubectl get services

View details about a Service

kubectl describe service <service-name>

ServiceAccounts
List ServiceAccounts

kubectl get serviceaccounts

View details about a ServiceAccount

kubectl describe serviceaccount <service-account-name>

Secrets
List all secrets

kubectl get secrets

View details about a secret

kubectl describe secret <secret-name>

Get secret contents as JSON

kubectl get secret <secret-name> -o jsonpath='{.data}'

Create a secret with passwords

kubectl create secret generic <secret-name> --from-literal=username=<username> --from-literal=password='<password>'

Create a secret with files

kubectl create secret generic <secret-name> --from-file=truststore.jks --from-file=keystore.p12

Edit a secret

kubectl edit secrets <secret-name>

Delete a secret

kubectl delete secret <secret-name>

Logs
Setup “tail” on a pod. Here we want to see the last 500 lines of the log and setup a “tail” for new logs to the console

kubectl -n <namespace> logs -f --tail=500 --timestamps <exact-pod-name>

IntegrationPlattform
Get all objects of kind IntegrationPlattform

kubectl get IntegrationPlatform

View settings of the IntegrationPlattform

kubectl describe IntegrationPlatform <integration-plattform-name>

Setup Camel-K in VMware Tansu (Kubernetes) with a Harbor registry

Here is how I set up a Camel-K installation in VMware Tansu with a Harbor registry.

  1. Log into Harbor
  2. Got to your project
  3. Create a Robot Account with both push and pull permissions (you might need Admin permissions in the project for this)
  4. Copy the JWT at the end of the creation process
  5. Log into VMware Tansu CLI
  6. Create a secret with that JWT token
    kubectl create secret docker-registry camel-k-stage --docker-server=<Harbor adress> --docker-username="robot\$camel-k-stage" --docker-password='<JWT token>'
  7. Install Camel-K Operator
    kamel install --registry <Harbor adress> --organization <Harbor project name> --registry-secret camel-k-stage
  8. Your Camel-K operator is now ready for use

Tested on Harbor v2.0 and VMware Tansu Kubernetes v1.22

Camel-K: Custom HTTP Client with Kerberos auth

I haven’t been able to do this using the Apache Camel HTTP component yet, so I put together a Processor to do it for me instead. To make this work we need a krb5.conf and login.conf file with settings for our domain.
Example krb5.conf

[libdefaults]
    default_realm = MYDOMAIN.SE

[realms]
    MYDOMAIN.SE = {
        kdc = kdc.mydomain.se
    }

Example Login.conf

com.sun.security.jgss.krb5.initiate {
  com.sun.security.auth.module.Krb5LoginModule required
 doNotPrompt=false useTicketCache=true;
};

Camel flow:

public class MyFlow extends RouteBuilder {

  @Override
  public void configure() throws Exception {
    from("timer:myTimer?repeatCount=1")
          .process(new CustomHTTPClient())
          .log("${body}");                  
  }

  // Create a custom Authenticator
  static class MyAuthenticator extends Authenticator {
    public PasswordAuthentication getPasswordAuthentication() {
      return (new PasswordAuthentication("username", 
                                         "password".toCharArray()));
    }
  }

  // Camel Processor
  public static class CustomHTTPClient implements Processor {

    public void process(Exchange exchange) throws Exception {
      // Setup Kerberos authentication via Java VM options
      System.setProperty("java.security.krb5.conf", "/etc/krb5.conf");
      System.setProperty("java.security.auth.login.config", "/etc/login.conf");
      System.setProperty("javax.security.auth.useSubjectCredsOnly", "false");
      System.setProperty("sun.security.krb5.debug", "true"); // Debug logging 

      // Set a custom Authenticator
      Authenticator.setDefault(new MyAuthenticator());

      // Custom "HTTPClient"
      URL url = new URL("https://resource.mydomain.se/data");
      InputStream ins = url.openConnection().getInputStream();
      BufferedReader reader = new BufferedReader(new InputStreamReader(ins));
      String str = "";
      for (String line; (line = reader.readLine()) != null; str += line);

      // Set payload as message back to flow
      exchange.getIn().setBody(str);
    }
  }
}

Kamel run arguments:

kamel run MyFlow.java 
               --resource file:krb5.conf@/etc/krb5.conf 
               --resource file:login.conf@/etc/login.conf

Tested on Apache Camel K Runtime 1.16.0, Apache Camel 3.19.0, Minikube v1.29.0 and WSL2 Ubuntu 20.04.4 LTS