Useful Kubernetes Tricks

Find which RoleBinding/ClusterRoleBinding is related to a ServiceAccount

kubectl get clusterrolebindings -o json | jq -r '
  .items[] | 
  select(
    .subjects // [] | .[] | 
    [.kind,.namespace,.name] == ["ServiceAccount","kube-system","node-controller"]
  ) |
  .metadata.name'

kubectl get clusterrolebindings -o json | jq -r '.items[] | select(.subjects // [] | .[] | [.name] == ["<YOUR_ACCOUNT_NAME>"] ) |  .metadata.name'

kubectl get rolebindings --all-namespaces -o json | jq -r '.items[] | select(.subjects // [] | .[] | [.name] == ["<YOUR_ACCOUNT_NAME>"] ) |  .metadata.name'

Force iptables re-sync

kubectl delete pod -l component=kube-proxy -n kube-system

Delete namespace in terminating state

1. kubectl get namespace <your_namespace> -o json > tmp.json
2. Open tmp.json and remove any lines from finalizers. Just save it!
3. kubectl proxy
4. curl -k -H "Content-Type: application/json" -X PUT --data-binary @tmp.json http://127.0.0.1:8001/api/v1/namespaces/<your_namespace>/finalize
5. kubectl delete namespace <your_namespace>
6. If you have any other namespaces that you want to delete, just replace <your_namespace> with new namespace name.

Downgrade Helm Application

helm install stable/nginx-ingress --version v0.23.0

Batch Delete CustomResourceDefinition/Secret

kubectl get customresourcedefinition  | grep 'kubeless'|awk '{print $1}'|xargs kubectl delete customresourcedefinition

kubectl get secret --all-namespaces | grep 'istio' |awk '{print $1 " " $2}' | xargs -n2 sh -c 'kubectl delete secret -n $0 $1'