Command line access

info

Access to the PAAS kubernetes API with kubectl requires that you are on a Sikt network.

To investigate the status status of your application in the Platon PaaS, you will sometimes need to use the kubectl command line utility. This application allows you to examine the status of the various resources your application haas in the Platon PaaS.

Installing `kubectl`

You can find installation instructions for kubectl in the Kubernetes documentation.

After you have installed kubectl you can verify that it works by running kubectl in your terminal. This should give you some usage instructions:

$ kubectl
kubectl controls the Kubernetes cluster manager.

Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/
[...]

Configuring `kubectl`

Before you can access the Kubernetes cluster, you need to configure it to talk to the Platon Paas cluster.

caution

Make sure you fetch a new token in case you need to access any new projects or groups that has been created after your current token was issued.

The Platon PaaS console provides the required configuration. Go to that web page and click the "Log in" button in the top right corner. Once you have logged in, you should see an overview page with a set of buttons on the right hand side. One of the buttons is labeled "Kube config".

Click this button to get a page with configuration for kubectl. The easiest configuration to use is the section under Shell config:

kubectl config set-cluster paas2 --server=https://38B1D1609274C2E9AB111FAB92F8B185.gr7.eu-north-1.eks.amazonaws.com
kubectl config set clusters.paas2.certificate-authority-data LS0tLS1CRUdJTiBDRVJUSU[...]
kubectl config set-credentials username --token=eyJ0eXA[...]
kubectl config set-context paas2-username --user=username --cluster=paas2
kubectl config use-context paas2-username

Copy these commands and run them in your terminal:

$ kubectl config set-cluster paas2 --server=https://38B1D1609274C2E9AB111FAB92F8B185.gr7.eu-north-1.eks.amazonaws.com
Cluster "paas2" set.
$ kubectl config set clusters.paas2.certificate-authority-data LS0tLS1CRUdJTiBDRVJUSU[...]
Property "clusters.paas2.certificate-authority-data" set.
$ kubectl config set-credentials username --token=eyJ0eXA[...]
User "username" set.
$ kubectl config set-context paas2-username --user=username --cluster=paas2
Context "paas2-username" modified.
$ kubectl config use-context paas2-username
Switched to context "paas2-username".

After you have configured kubectl you can run kubectl version to verify that you can connect to the Platon PaaS cluster:

$ kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.17", GitCommit:"953be8927218ec8067e1af2641e540238ffd7576", GitTreeState:"clean", BuildDate:"2023-02-22T13:34:27Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23+", GitVersion:"v1.23.17-eks-c12679a", GitCommit:"d5ce2cee85d99653d6f8c278043213db21b1cd72", GitTreeState:"clean", BuildDate:"2023-05-22T20:32:28Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}

If you can see a "Server Version" line in the output, kubectl was able to connect to the cluster.

Locating your project in Kubernetes

Each GitLab project gets its own namespace in Kubernetes. To examine the project, you must locate the namespace identifier.

You can view your namespace in the Platon PaaS console. Search for your project at that page and click it to get details. There you should see a line specifying the namespace. E.g.:

Kubernetes Namespace: platon-kurs-username-website

In this case, platon-kurs-username-website is the namespace. You provide the namespace to kubectl with the -n option. E.g.:

$ kubectl -n platon-kurs-username-website get all
NAME                            READY   STATUS    RESTARTS   AGE
pod/production-dfb888cd-h85nx   1/1     Running   0          30m
pod/production-dfb888cd-r4jsv   1/1     Running   0          30m
pod/staging-9f6f6bf54-whlzh     1/1     Running   0          87m

NAME                 TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
service/production   ClusterIP   172.16.253.58   <none>        80/TCP    30m
service/staging      ClusterIP   172.16.56.15    <none>        80/TCP    87m

NAME                         READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/production   2/2     2            2           30m
deployment.apps/staging      1/1     1            1           87m

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/production-dfb888cd   2         2         2       30m
replicaset.apps/staging-9f6f6bf54     1         1         1       87m

note

Here you used kubectl get all to show multiple resources in your project. Despite being named all, this is just a subset of the resources in your project. In particular, there are secrets (that cannot be listed) and ingresses (that are not listed by default).

To view specific resources, you should specify the resource you are interested in. For example, to view ingresses:

$ kubectl -n platon-kurs-username-website get ingresses
NAME         HOSTS                                       ADDRESS         PORTS     AGE
production   username-website.paas2.uninett.no           172.16.130.93   80, 443   33m
staging      username-website-staging.paas2.uninett.no   172.16.130.93   80, 443   90m

Examining resources

There are two main commands to examine resources:

kubectl get [type]: List resources of [type].
kubectl describe [type] [name]: Show detailed information about a particular resource.

For example, you can list all deployments using kubectl get deployments:

$ kubectl -n platon-kurs-username-website get deployments
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
production   2/2     2            2           37m
staging      1/1     1            1           94m

And examine a particular deployemnt using kubectl describe deployment:

$ kubectl -n platon-kurs-username-website describe deployment production
Name:                   production
Namespace:              platon-kurs-username-website
[...]

You can also dump the raw resource in YAML-format using kubectl get [type] [name] -o yaml:

$ kubectl -n platon-kurs-username-website get deployment production -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
[...]

Resource types

There are many resource types available in Kubernetes. The two that are most useful to look at are:

deployment: A deployment tells Kubernetes to run a set of container images.
pod: A pod is responsible for running the actual container images. It consists of one or more containers.

Viewing logs

You can view the logs of your containers using the kubectl logs-command. To view the logs you must specify the name of a pod, which you can get using kubectl get pods. You can then get the logs from the pod using kubectl logs [pod]:

$ kubectl -n platon-kurs-username-website get pods
NAME                        READY   STATUS    RESTARTS   AGE
production-dfb888cd-h85nx   1/1     Running   0          45m
production-dfb888cd-r4jsv   1/1     Running   0          45m
staging-9f6f6bf54-whlzh     1/1     Running   0          102m
§
$ kubectl -n platon-kurs-username-website logs production-dfb888cd-h85nx | head
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
[...]

Installing kubectl

Configuring kubectl

Locating your project in Kubernetes​

Examining resources​

Resource types​

Viewing logs​