When encoding secrets consider using the below form command this is because the echo command adds a trailing newline to the printed output by default which might cause problems while parsing the passed values for example. To solve this issue add the -n switch to the echo command to stop it from adding a trailing newline.
echo -n "ValueToBeEncoded" | base64
You can use the below command to test if a user is authorized to perform certain actions in the cluster. kubectl auth can-i --as= [-n ]
kubectl auth can-i list pod --as=default
no
kubectl auth can-i create deployments --namespace default --as john
yes
##ServiceAccounts
To test a serviceaccount use the below format
kubectl auth can-i --as=system:serviceaccount:: [-n ]
kubectl auth can-i list pods --as=system:serviceaccount:default:keycloak
no
#Resource limits and Pod QoS
the below shares an important perspective on how resource limits behave in practice and what to do to limit the pods resources to avoid an OOM situation
For example setting the requests == limits so that the pods have the guaranteed QoS and will be considered for eviction last.
- To check if the pod was set with the proper QoS use the blow command
kubectl describe pod filebeat-filebeat-dglzj | grep -i qos
https://stackoverflow.com/a/67261569/16760585
source <(kubectl completion bash) && kubectl completion bash > ~/.kube/completion.bash.inc