Skip to content

Command Reference

A comprehensive reference of all commands used in the RCIIS DevOps workflow, organized by functional area.

Local Development Commands

Cluster Management

Create Local Clusters

# Create Cilium-based cluster (recommended)
./scripts/create_local_cilium.sh

# Create Calico-based cluster (alternative)
./scripts/create_local.sh

# Create minimal cluster for CI/CD
./local/scripts/create_local.sh

Cluster Operations

# List Kind clusters
kind get clusters

# Delete specific cluster
kind delete cluster --name cilium-cluster

# Get cluster info
kubectl cluster-info --context kind-cilium-cluster

# Switch context
kubectl config use-context kind-cilium-cluster

# View all contexts
kubectl config get-contexts

Cluster Cleanup

# Delete local cluster
./scripts/delete_local.sh

# Clean Docker resources
docker system prune -f

# Remove kubeconfig contexts
kubectl config delete-context kind-cilium-cluster

Application Deployment

Direct Deployment

# Deploy single application
kubectl apply -f apps/rciis/nucleus/local/

# Deploy with Kustomize
kustomize build --enable-alpha-plugins --enable-exec apps/rciis/nucleus/local/ | kubectl apply -f -

# Deploy with Helm
helm upgrade --install nucleus charts/rciis \
  --namespace rciis-local \
  --create-namespace \
  -f apps/rciis/nucleus/local/values.yaml

ArgoCD Deployment

# Deploy ArgoCD applications
kubectl apply -f apps/rciis/nucleus/local/

# Sync specific application
argocd app sync nucleus-local

# Get application status
argocd app get nucleus-local

# List all applications
argocd app list

Secret Management Commands

SOPS Operations

Basic Encryption/Decryption

# Encrypt a file
sops -e secret.yaml > secret.enc.yaml

# Decrypt a file (view only)
sops -d secret.enc.yaml

# Edit encrypted file
sops secret.enc.yaml

# Encrypt in-place
sops -e -i secret.yaml

Age Key Management

# Generate new age key
age-keygen -o ~/.config/sops/age/keys.txt

# Display public key
age-keygen -y ~/.config/sops/age/keys.txt

# Set permissions
chmod 600 ~/.config/sops/age/keys.txt
chmod 700 ~/.config/sops/age/

Advanced SOPS Operations

# Update keys for existing file
sops updatekeys secret.enc.yaml

# Add new age recipient
sops -r -i --add-age age1new... secret.enc.yaml

# Remove age recipient
sops -r -i --rm-age age1old... secret.enc.yaml

# Rotate keys for all files
find . -name "*.enc.yaml" -exec sops updatekeys {} \;

KSOPS Operations

# Test KSOPS functionality
ksops --help

# Build with KSOPS
kustomize build --enable-alpha-plugins --enable-exec .

# Verify KSOPS installation
which ksops
ksops --version

Kubernetes Operations

Resource Management

Pod Operations

# List pods in all namespaces
kubectl get pods --all-namespaces

# Get pods in specific namespace
kubectl get pods -n rciis-local

# Describe pod
kubectl describe pod <pod-name> -n <namespace>

# Get pod logs
kubectl logs -f <pod-name> -n <namespace>

# Execute command in pod
kubectl exec -it <pod-name> -n <namespace> -- /bin/bash

# Port forward to pod
kubectl port-forward pod/<pod-name> 8080:80 -n <namespace>

Service Operations

# List services
kubectl get svc --all-namespaces

# Port forward to service
kubectl port-forward svc/<service-name> 8080:80 -n <namespace>

# Get service endpoints
kubectl get endpoints -n <namespace>

# Test service connectivity
kubectl run -it --rm debug --image=busybox --restart=Never -- wget -qO- http://service-name.namespace:port

Deployment Operations

# List deployments
kubectl get deployments -n <namespace>

# Scale deployment
kubectl scale deployment <deployment-name> --replicas=3 -n <namespace>

# Restart deployment
kubectl rollout restart deployment/<deployment-name> -n <namespace>

# Check rollout status
kubectl rollout status deployment/<deployment-name> -n <namespace>

# Get deployment history
kubectl rollout history deployment/<deployment-name> -n <namespace>

# Rollback deployment
kubectl rollout undo deployment/<deployment-name> -n <namespace>

Resource Monitoring

Resource Usage

# Node resource usage
kubectl top nodes

# Pod resource usage
kubectl top pods --all-namespaces

# Pod resource usage in namespace
kubectl top pods -n <namespace>

# Sort pods by CPU usage
kubectl top pods --all-namespaces --sort-by=cpu

# Sort pods by memory usage
kubectl top pods --all-namespaces --sort-by=memory

Events and Debugging

# Get events in all namespaces
kubectl get events --all-namespaces --sort-by='.lastTimestamp'

# Get events in specific namespace
kubectl get events -n <namespace> --sort-by='.lastTimestamp'

# Watch events
kubectl get events --watch

# Debug network connectivity
kubectl run -it --rm debug --image=nicolaka/netshoot --restart=Never

Helm Operations

Repository Management

# Add Helm repositories
helm repo add projectcalico https://projectcalico.docs.tigera.io/charts
helm repo add cert-manager https://charts.jetstack.io
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add argo https://argoproj.github.io/argo-helm
helm repo add strimzi https://strimzi.io/charts/
helm repo add cilium https://helm.cilium.io/

# Update repositories
helm repo update

# List repositories
helm repo list

# Search for charts
helm search repo nginx

Chart Operations

# Install chart
helm install <release-name> <chart> -n <namespace> --create-namespace

# Upgrade release
helm upgrade <release-name> <chart> -n <namespace> -f values.yaml

# Install or upgrade
helm upgrade --install <release-name> <chart> -n <namespace> -f values.yaml

# Uninstall release
helm uninstall <release-name> -n <namespace>

# List releases
helm list --all-namespaces

# Get release values
helm get values <release-name> -n <namespace>

# Get release manifests
helm get manifest <release-name> -n <namespace>

Chart Development

# Lint chart
helm lint charts/rciis

# Test chart rendering
helm template <release-name> charts/rciis -f values.yaml

# Package chart
helm package charts/rciis

# Verify chart
helm verify rciis-0.1.0.tgz

# Push to OCI registry
helm push rciis-0.1.0.tgz oci://harbor.devops.africa/rciis

Chart Testing

# Chart testing with ct
ct lint --target-branch master --chart-dirs charts

# List changed charts
ct list-changed --target-branch master --chart-dirs charts

# Install and test charts
ct install --target-branch master --chart-dirs charts

ArgoCD Operations

Application Management

Application Operations

# List applications
argocd app list

# Get application details
argocd app get <app-name>

# Sync application
argocd app sync <app-name>

# Force sync (ignore differences)
argocd app sync <app-name> --force

# Delete application
argocd app delete <app-name>

# Set application to auto-sync
argocd app set <app-name> --sync-policy automated

# Disable auto-sync
argocd app unset <app-name> --sync-policy automated

Application Status

# Get sync status
argocd app get <app-name> -o json | jq '.status.sync.status'

# Get health status
argocd app get <app-name> -o json | jq '.status.health.status'

# Watch application
argocd app wait <app-name> --health

# Get application logs
argocd app logs <app-name>

Server Operations

# Login to ArgoCD
argocd login argocd-server.argocd.svc.cluster.local

# Get version
argocd version

# List clusters
argocd cluster list

# Add cluster
argocd cluster add <context-name>

# List repositories
argocd repo list

# Add repository
argocd repo add <repo-url> --username <user> --password <pass>

Local ArgoCD Access

# Get admin password
kubectl -n argocd get secret argocd-initial-admin-secret \
  -o jsonpath="{.data.password}" | base64 -d && echo

# Port forward to ArgoCD UI
kubectl port-forward svc/argocd-server -n argocd 8080:443

# Access UI at https://localhost:8080
# Username: admin
# Password: (from above command)

Monitoring and Observability

Application Monitoring

# Check application health
kubectl get applications -n argocd

# Monitor application sync status
kubectl get applications -n argocd -w

# Check ArgoCD controller logs
kubectl logs -f deployment/argocd-application-controller -n argocd

# Check repo server logs
kubectl logs -f deployment/argocd-repo-server -n argocd

Infrastructure Monitoring

# Check node status
kubectl get nodes -o wide

# Check component status
kubectl get componentstatuses

# Check cluster events
kubectl get events --all-namespaces --sort-by='.lastTimestamp' | tail -20

# Check resource quotas
kubectl get resourcequota --all-namespaces

Network Debugging

# Test DNS resolution
kubectl run -it --rm debug --image=busybox --restart=Never -- nslookup kubernetes.default

# Test service connectivity
kubectl run -it --rm debug --image=nicolaka/netshoot --restart=Never

# Check network policies
kubectl get networkpolicies --all-namespaces

# Test pod-to-pod connectivity
kubectl exec -it <pod1> -- ping <pod2-ip>

CI/CD Commands

GitHub Actions Integration

# Trigger workflow manually
gh workflow run release.yaml

# List workflow runs
gh run list --workflow=release.yaml

# View workflow run
gh run view <run-id>

# Download artifacts
gh run download <run-id>

Container Registry Operations

# Login to Harbor registry
helm registry login -u 'robot$magnabot' -p '<password>' harbor.devops.africa

# Push Helm chart
helm push rciis-0.1.0.tgz oci://harbor.devops.africa/rciis

# List chart versions
helm search repo harbor.devops.africa/rciis --versions

# Pull chart
helm pull oci://harbor.devops.africa/rciis/rciis --version 0.1.0

Troubleshooting Commands

Common Debugging

# Check cluster health
kubectl get nodes
kubectl get pods --all-namespaces | grep -v Running

# Check resource constraints
kubectl describe nodes | grep -A 5 "Allocated resources"

# Check pod resource usage
kubectl top pods --all-namespaces --sort-by=memory

# Check disk usage
kubectl get pv
kubectl get pvc --all-namespaces

Application Debugging

# Check application logs
kubectl logs -f deployment/<app-name> -n <namespace>

# Get recent events
kubectl get events -n <namespace> --sort-by='.lastTimestamp' | tail -10

# Describe problematic resources
kubectl describe pod <pod-name> -n <namespace>
kubectl describe deployment <deployment-name> -n <namespace>

# Check configuration
kubectl get configmap <configmap-name> -n <namespace> -o yaml
kubectl get secret <secret-name> -n <namespace> -o yaml

Network Troubleshooting

# Test cluster DNS
kubectl run -it --rm debug --image=busybox --restart=Never -- nslookup kubernetes.default.svc.cluster.local

# Test external DNS
kubectl run -it --rm debug --image=busybox --restart=Never -- nslookup google.com

# Check ingress status
kubectl get ingress --all-namespaces

# Test ingress connectivity
curl -H "Host: app.local" http://localhost/

Storage Debugging

# Check persistent volumes
kubectl get pv

# Check persistent volume claims
kubectl get pvc --all-namespaces

# Describe storage issues
kubectl describe pv <pv-name>
kubectl describe pvc <pvc-name> -n <namespace>

# Check storage classes
kubectl get storageclass

Utility Commands

YAML/JSON Processing

# Format YAML
yq eval '.' file.yaml

# Extract specific field
yq eval '.metadata.name' file.yaml

# Update YAML field
yq eval '.spec.replicas = 3' -i deployment.yaml

# Convert YAML to JSON
yq eval -o json file.yaml

# Process JSON
jq '.metadata.name' file.json

# Pretty print JSON
jq '.' file.json

File Operations

# Find files by pattern
find . -name "*.yaml" -type f

# Search content in files
grep -r "searchterm" --include="*.yaml" .

# Replace text in files
sed -i 's/oldtext/newtext/g' file.yaml

# Base64 encode/decode
echo "secret" | base64
echo "c2VjcmV0" | base64 -d

Git Operations

# Check repository status
git status

# View commit history
git log --oneline -10

# Show file changes
git diff HEAD~1 file.yaml

# Create and switch branch
git checkout -b feature/new-feature

# Commit changes
git add .
git commit -m "Add new feature"

# Push changes
git push origin feature/new-feature

This command reference provides quick access to all essential operations in the RCIIS DevOps workflow. Keep this handy for daily operations and troubleshooting.