javiermolinar · March 28, 2022 12:59 · Sep 19, 2020 · Apr 12, 2020 · Apr 12, 2020 · Nov 2, 2019
diff --git a/kubernetes.md b/kubernetes.md
@@ -390,6 +390,19 @@ For many steps here you will want to see what a `Pod` running in the k8s cluster
 kubectl run -it --rm --restart=Never busybox --image=busybox sh
 ```
 
+#### Debugging with an ephemeral debug container
+
+Ephemeral containers are useful for interactive troubleshooting when `kubectl exec` is insufficient because a container has crashed or a container image doesn't include debugging utilities, such as with `distroless` images. 
+
+This allows a user to inspect a running pod without restarting it and without having to enter the container itself to, for example, check the filesystem, execute additional debugging utilities, or initial network requests from the pod network namespace. Part of the motivation for this enhancement is to also eliminate most uses of SSH for node debugging and maintenance
+
+```bash
+# First, create a pod for the example: 
+kubectl run ephemeral-demo --image=k8s.gcr.io/pause:3.1 --restart=Never
+# add a debugging container 
+kubectl alpha debug -it ephemeral-demo --image=busybox --target=ephemeral-demo
+```
+
 #### Generateing k8s YAML from local files using `--dry-run`
 ```bash
 # generate a kubernetes tls file
@@ -423,8 +436,9 @@ With such setup it was easy to observe in real time how my pods are being create
 
 [1]: https://docs.helm.sh/using_helm/#installing-helm
 1. [Debug Services](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/)
-2. [Docker for Mac with Kubernetes — Enable Ingress and K8S Dashboard](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
-3. [Example recipes for Kubernetes Network Policies](https://github.com/ahmetb/kubernetes-network-policy-recipes)
-4. [How To Use GPG on the Command Line](http://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line/)
+1. [debug-running-pod](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-running-pod/)
+1. [Docker for Mac with Kubernetes — Enable Ingress and K8S Dashboard](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
+1. [Example recipes for Kubernetes Network Policies](https://github.com/ahmetb/kubernetes-network-policy-recipes)
+1. [How To Use GPG on the Command Line](http://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line/)
 5. [Using Your YubiKey with OpenPGP](https://support.yubico.com/support/solutions/articles/15000006420-using-your-yubikey-with-openpgp)
-6. [Kubernetes Deployments with Helm - Secrets](https://developer.epages.com/blog/tech-stories/kubernetes-deployments-with-helm-secrets/)
+1. [Kubernetes Deployments with Helm - Secrets](https://developer.epages.com/blog/tech-stories/kubernetes-deployments-with-helm-secrets/)
diff --git a/kubernetes.md b/kubernetes.md
@@ -339,7 +339,7 @@ watch kubectl top node
 kubectl get po --v=8
 ```
 
-# troubleshoot headless services  
+####  troubleshoot headless services  
 ```bash
 k get ep
 # ssh to one of the container and run dns check:

diff --git a/kubernetes.md b/kubernetes.md
@@ -339,6 +339,13 @@ watch kubectl top node
 kubectl get po --v=8
 ```
 
+# troubleshoot headless services  
+```bash
+k get ep
+# ssh to one of the container and run dns check:
+host <httpd-discovery>
+```
+
 #### Alias
 
 ```bash

diff --git a/kubernetes.md b/kubernetes.md
@@ -232,7 +232,8 @@ kubectl config get-contexts
 kubectl config current-context           
 kubectl config use-context docker-desktop
 kubectl port-forward service/ok 8080:8080 8081:80 -n the-project
-
+# Delete evicted pods
+kubectl get po --all-namespaces | awk '{if ($4 ~ /Evicted/) system ("kubectl -n " $1 " delete pods " $2)}'
 ```
 
 ### Namespaces and Context

diff --git a/kubernetes.md b/kubernetes.md
@@ -35,14 +35,8 @@ complete -F __start_kubectl k
 ### Creating a Kubernetes cluster
 1. After Docker for Mac is installed, configure it with sufficient resources. You can do that via the [Advanced menu](https://docs.docker.com/docker-for-mac/#advanced) in Docker for Mac's preferences. Set **CPUs** to at least **4** and Memory to at least **8.0 GiB**.
 2. Now enable Docker for Mac's [Kubernetes capabilities](https://docs.docker.com/docker-for-mac/#kubernetes) and wait for the cluster to start up.
-3. Follow instructions [here](https://github.com/kubernetes/dashboard/wiki/Installation) to setup **k8s Dashboard**. 
-> If you intend to use **traefik** as your `ingress controller`, then skip this step as you can add it [below](#ingress-controller-with-traefik)
-
-    1. `kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/alternative/kubernetes-dashboard.yaml`
-    2. `kubectl get pods --namespace kube-system`
-    3. `kubectl port-forward kubernetes-dashboard-86bcb9fc9c-nw7md 9090:9090 --namespace=kube-system`
-    4. Access Dashboard at http://localhost:9090
-4. Follow instructions [here](https://github.com/knative/docs/blob/master/install/Knative-with-Docker-for-Mac.md) to setup **Istio** and **Knative**. 
+3. Install [kubernetic](https://kubernetic.com/) app. This works as replacement for `kubernetes-dashboard`
+4. Follow instructions [here](https://github.com/knative/docs/blob/master/install/Knative-with-Docker-for-Mac.md) and [here](https://polarsquad.github.io/istio-workshop/) to setup **Istio** and **Knative**. 
 
 ---
 

diff --git a/kubernetes.md b/kubernetes.md
@@ -226,7 +226,11 @@ kubectl get persistentvolume
 kubectl get  PersistentVolumeClaim --namespace default
 kubectl get pods --namespace kube-system
 kubectl get ep
+kubectl get sa
 kubectl get serviceaccount
+kubectl get clusterroles
+kubectl get roles
+kubectl get ClusterRoleBinding
 # Show Merged kubeconfig settings.
 kubectl config view
 kubectl config get-contexts

diff --git a/kubernetes.md b/kubernetes.md
@@ -48,6 +48,15 @@ complete -F __start_kubectl k
 
 ## Install Tools (Optional)
 
+
+### Skaffold
+  [Skaffold](https://skaffold.dev/docs/) is a command line tool (from Google) that facilitates continuous development for Kubernetes applications.
+  It also provides building blocks and describe customizations for a CI/CD pipeline.
+```bash
+brew install skaffold
+skaffold version
+```
+
 ### Helm
   [helm][1] has client-side cli and server-side `tiller` components
 

diff --git a/kubernetes.md b/kubernetes.md
@@ -111,6 +111,12 @@ helm create mychart
 └── values.yaml
 ```
 
+#### optionally add `helm-secrets` [plugin](https://developer.epages.com/blog/tech-stories/kubernetes-deployments-with-helm-secrets/)
+
+```bash
+helm plugin install https://github.com/futuresimple/helm-secrets 
+```
+
 ### Ingress Controller with Traefik
 > based on [Docker for Mac with Kubernetes — Ingress Controller with Traefik](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
 
@@ -403,4 +409,7 @@ With such setup it was easy to observe in real time how my pods are being create
 [1]: https://docs.helm.sh/using_helm/#installing-helm
 1. [Debug Services](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/)
 2. [Docker for Mac with Kubernetes — Enable Ingress and K8S Dashboard](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
-3. [Example recipes for Kubernetes Network Policies](https://github.com/ahmetb/kubernetes-network-policy-recipes)
+3. [Example recipes for Kubernetes Network Policies](https://github.com/ahmetb/kubernetes-network-policy-recipes)
+4. [How To Use GPG on the Command Line](http://blog.ghostinthemachines.com/2015/03/01/how-to-use-gpg-command-line/)
+5. [Using Your YubiKey with OpenPGP](https://support.yubico.com/support/solutions/articles/15000006420-using-your-yubikey-with-openpgp)
+6. [Kubernetes Deployments with Helm - Secrets](https://developer.epages.com/blog/tech-stories/kubernetes-deployments-with-helm-secrets/)
diff --git a/kubernetes.md b/kubernetes.md
@@ -165,6 +165,12 @@ brew install kompose
 kompose convert -f docker-compose.yaml
 ```
 
+### kube-ps1
+optionally add Kubernetes prompt info for bash
+```bash
+brew install kube-ps1
+```
+
 ### Kubefwd
 > [kubefwd](https://github.com/txn2/kubefwd) is a command line utility built to port forward some or all pods within a Kubernetes namespace
 #### Install
@@ -291,9 +297,9 @@ kubectl exec -it my-pod-name -- /bin/sh
 ### CI/CD
 > Redeploy newly build image to existing k8s deployment
 ```
-APP_NAME=ngx-starter-kit
-BUILD_NUMBER:1.0.0-SNAPSHOT
-kubectl set image -f kubernetes/sample-app-deployment.yaml sample-app= xmlking/$APP_NAME:$BUILD_NUMBER
+BUILD_NUMBER = 1.5.0-SNAPSHOT // GIT_SHORT_SHA
+kubectl diff -f sample-app-deployment.yaml
+kubectl -n=staging set image -f sample-app-deployment.yaml sample-app=xmlking/ngxapp:$BUILD_NUMBER
 ```
 
 ### Rolling back deployments
@@ -319,6 +325,43 @@ watch kubectl top node
 kubectl get po --v=8
 ```
 
+#### Alias
+
+```bash
+alias k="kubectl"
+alias watch="watch "
+alias kg="kubectl get"
+alias kgdep="kubectl get deployment"
+alias ksys="kubectl --namespace=kube-system"
+alias kd="kubectl describe"
+alias bb="kubectl run busybox --image=busybox:1.30.1 --rm -it --restart=Never --command --"
+```
+
+> you can use `busybox` for debuging inside cluster
+
+```bash
+bb nslookup demo
+bb wget -qO- http://demo:8888
+bb sh
+```
+
+#### Container Security
+> for better security add following securityContext settings to manifest
+```yaml
+securityContext:
+  # Blocking Root Containers
+  runAsNonRoot: true
+  # Setting a Read-Only Filesystem
+  readOnlyRootFilesystem: true
+  # Disabling Privilege Escalation
+  allowPrivilegeEscalation: false
+  # For maximum security, you should drop all capabilities, and only add specific capabilities if they’re needed:
+    capabilities:
+      drop: ["all"]
+      add: ["NET_BIND_SERVICE"]
+```
+
+
 #### Debug k8s
 
 For many steps here you will want to see what a `Pod` running in the k8s cluster sees. The simplest way to do this is to run an interactive busybox `Pod`:

diff --git a/kubernetes.md b/kubernetes.md
@@ -326,6 +326,14 @@ For many steps here you will want to see what a `Pod` running in the k8s cluster
 kubectl run -it --rm --restart=Never busybox --image=busybox sh
 ```
 
+#### Generateing k8s YAML from local files using `--dry-run`
+```bash
+# generate a kubernetes tls file
+kubectl create secret tls keycloak-secrets-tls \
+--key tls.key --cert tls.crt \
+-o yaml --dry-run > 02-keycloak-secrets-tls.yml
+```
+
 #### iTerm2 tips
 > in iTerm2
 1. split screen horizontally

diff --git a/kubernetes.md b/kubernetes.md
@@ -193,6 +193,8 @@ sudo kubefwd services -l system=wx -n the-project
 ### Kubectl commands
 > commonly used Kubectl commands
 
+> you can pratice kubectl commands at [katacoda](https://www.katacoda.com/courses/kubernetes/playground) playground
+
 ```
 kubectl version
 kubectl cluster-info

diff --git a/kubernetes.md b/kubernetes.md
@@ -114,23 +114,31 @@ helm create mychart
 ### Ingress Controller with Traefik
 > based on [Docker for Mac with Kubernetes — Ingress Controller with Traefik](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
 
+`cd .deploy/traefik`
+
 1. Create a file called `traefik-values.yaml`.
     ```yaml
     dashboard:
       enabled: true
       domain: traefik.k8s
+    ssl:
+      enabled: true
+      insecureSkipVerify: true
     kubernetes:
       namespaces:
         - default
         - kube-system
     ```
+
 2. Install the Traefik Chart and check if the pod is up and running.
     ```bash
     helm install stable/traefik --name=traefik --namespace=kube-system -f traefik-values.yaml
     kubectl get pods --namespace=kube-system
     kubectl get ingress traefik-dashboard --namespace=kube-system -o yaml
     # to see traefik logs
     kubectl logs $(kubectl get pods --namespace=kube-system -lapp=traefik -o jsonpath='{.items[0].metadata.name}') -f --namespace=kube-system
+    # To update, if you change `traefik-values.yaml` later
+    helm upgrade --namespace=kube-system  -f traefik-values.yaml traefik stable/traefik
     ```
 
 3. Add your domains to MacOS `/etc/hosts` as needed. Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
@@ -141,12 +149,13 @@ helm create mychart
 
 4. Deploying the K8s dashboard and check if the pod is up and running.
     ```
-    cd /Developer/Work/tools/helm
+    cd .deploy/traefik
     git clone https://github.com/thmshmm/chart-k8s-dashboard.git k8s-dshbrd/
     helm install k8s-dshbrd --name kubernetes-dashboard --namespace=kube-system
     kubectl get ingress kubernetes-dashboard --namespace=kube-system -o yaml
     ```
 
+
 ### kompose
 > cli tool to conver Docker Compose files to Kubernetes
 ```bash

diff --git a/kubernetes.md b/kubernetes.md
@@ -130,7 +130,7 @@ helm create mychart
     kubectl get pods --namespace=kube-system
     kubectl get ingress traefik-dashboard --namespace=kube-system -o yaml
     # to see traefik logs
-    kubectl logs $(kubectl get pods --namespace=kube-system -lapp=traefik -o jsonpath='{.items[0].metadata.name}') -f -namespace=kube-system
+    kubectl logs $(kubectl get pods --namespace=kube-system -lapp=traefik -o jsonpath='{.items[0].metadata.name}') -f --namespace=kube-system
     ```
 
 3. Add your domains to MacOS `/etc/hosts` as needed. Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)

diff --git a/kubernetes.md b/kubernetes.md
@@ -129,6 +129,8 @@ helm create mychart
     helm install stable/traefik --name=traefik --namespace=kube-system -f traefik-values.yaml
     kubectl get pods --namespace=kube-system
     kubectl get ingress traefik-dashboard --namespace=kube-system -o yaml
+    # to see traefik logs
+    kubectl logs $(kubectl get pods --namespace=kube-system -lapp=traefik -o jsonpath='{.items[0].metadata.name}') -f -namespace=kube-system
     ```
 
 3. Add your domains to MacOS `/etc/hosts` as needed. Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)

diff --git a/kubernetes.md b/kubernetes.md
@@ -131,8 +131,7 @@ helm create mychart
     kubectl get ingress traefik-dashboard --namespace=kube-system -o yaml
     ```
 
-3. Add your domains to MacOS `/etc/hosts` as needed.
-> Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
+3. Add your domains to MacOS `/etc/hosts` as needed. Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
 
     ```
     127.0.0.1       localhost traefik.k8s web.traefik.k8s keycloak.traefik.k8s 

diff --git a/kubernetes.md b/kubernetes.md
@@ -132,7 +132,7 @@ helm create mychart
     ```
 
 3. Add your domains to MacOS `/etc/hosts` as needed.
-    Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
+> Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
 
     ```
     127.0.0.1       localhost traefik.k8s web.traefik.k8s keycloak.traefik.k8s 

diff --git a/kubernetes.md b/kubernetes.md
@@ -131,7 +131,9 @@ helm create mychart
     kubectl get ingress traefik-dashboard --namespace=kube-system -o yaml
     ```
 
-3. Add your domains to MacOS `/etc/hosts` as needed. Other option:  wildcard DNS in localhost development][1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
+3. Add your domains to MacOS `/etc/hosts` as needed.
+    Other options:  `wildcard DNS in localhost development` [1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
+
     ```
     127.0.0.1       localhost traefik.k8s web.traefik.k8s keycloak.traefik.k8s 
     ```

diff --git a/kubernetes.md b/kubernetes.md
@@ -131,7 +131,7 @@ helm create mychart
     kubectl get ingress traefik-dashboard --namespace=kube-system -o yaml
     ```
 
-3. add your domains to MacOS `/etc/hosts` as needed.
+3. Add your domains to MacOS `/etc/hosts` as needed. Other option:  wildcard DNS in localhost development][1](https://gist.github.com/eloypnd/5efc3b590e7c738630fdcf0c10b68072), [2](https://medium.com/localz-engineering/kubernetes-traefik-locally-with-a-wildcard-certificate-e15219e5255d)
     ```
     127.0.0.1       localhost traefik.k8s web.traefik.k8s keycloak.traefik.k8s 
     ```

diff --git a/kubernetes.md b/kubernetes.md
@@ -37,6 +37,7 @@ complete -F __start_kubectl k
 2. Now enable Docker for Mac's [Kubernetes capabilities](https://docs.docker.com/docker-for-mac/#kubernetes) and wait for the cluster to start up.
 3. Follow instructions [here](https://github.com/kubernetes/dashboard/wiki/Installation) to setup **k8s Dashboard**. 
 > If you intend to use **traefik** as your `ingress controller`, then skip this step as you can add it [below](#ingress-controller-with-traefik)
+
     1. `kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/alternative/kubernetes-dashboard.yaml`
     2. `kubectl get pods --namespace kube-system`
     3. `kubectl port-forward kubernetes-dashboard-86bcb9fc9c-nw7md 9090:9090 --namespace=kube-system`

diff --git a/kubernetes.md b/kubernetes.md
@@ -35,7 +35,8 @@ complete -F __start_kubectl k
 ### Creating a Kubernetes cluster
 1. After Docker for Mac is installed, configure it with sufficient resources. You can do that via the [Advanced menu](https://docs.docker.com/docker-for-mac/#advanced) in Docker for Mac's preferences. Set **CPUs** to at least **4** and Memory to at least **8.0 GiB**.
 2. Now enable Docker for Mac's [Kubernetes capabilities](https://docs.docker.com/docker-for-mac/#kubernetes) and wait for the cluster to start up.
-3. Follow instructions [here](https://github.com/kubernetes/dashboard/wiki/Installation) to setup **k8s Dashboard**. If you intend to use **traefik** as your `ingress controller`, then skip this step as you can add it [below](#ingress-controller-with-traefik)
+3. Follow instructions [here](https://github.com/kubernetes/dashboard/wiki/Installation) to setup **k8s Dashboard**. 
+> If you intend to use **traefik** as your `ingress controller`, then skip this step as you can add it [below](#ingress-controller-with-traefik)
     1. `kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/alternative/kubernetes-dashboard.yaml`
     2. `kubectl get pods --namespace kube-system`
     3. `kubectl port-forward kubernetes-dashboard-86bcb9fc9c-nw7md 9090:9090 --namespace=kube-system`

diff --git a/kubernetes.md b/kubernetes.md
@@ -35,7 +35,7 @@ complete -F __start_kubectl k
 ### Creating a Kubernetes cluster
 1. After Docker for Mac is installed, configure it with sufficient resources. You can do that via the [Advanced menu](https://docs.docker.com/docker-for-mac/#advanced) in Docker for Mac's preferences. Set **CPUs** to at least **4** and Memory to at least **8.0 GiB**.
 2. Now enable Docker for Mac's [Kubernetes capabilities](https://docs.docker.com/docker-for-mac/#kubernetes) and wait for the cluster to start up.
-3. Follow instructions [here](https://github.com/kubernetes/dashboard/wiki/Installation) to setup **k8s Dashboard**.
+3. Follow instructions [here](https://github.com/kubernetes/dashboard/wiki/Installation) to setup **k8s Dashboard**. If you intend to use **traefik** as your `ingress controller`, then skip this step as you can add it [below](#ingress-controller-with-traefik)
     1. `kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/v1.10.1/src/deploy/alternative/kubernetes-dashboard.yaml`
     2. `kubectl get pods --namespace kube-system`
     3. `kubectl port-forward kubernetes-dashboard-86bcb9fc9c-nw7md 9090:9090 --namespace=kube-system`

diff --git a/kubernetes.md b/kubernetes.md
@@ -108,6 +108,40 @@ helm create mychart
 │   └── service.yaml
 └── values.yaml
 ```
+
+### Ingress Controller with Traefik
+> based on [Docker for Mac with Kubernetes — Ingress Controller with Traefik](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
+
+1. Create a file called `traefik-values.yaml`.
+    ```yaml
+    dashboard:
+      enabled: true
+      domain: traefik.k8s
+    kubernetes:
+      namespaces:
+        - default
+        - kube-system
+    ```
+2. Install the Traefik Chart and check if the pod is up and running.
+    ```bash
+    helm install stable/traefik --name=traefik --namespace=kube-system -f traefik-values.yaml
+    kubectl get pods --namespace=kube-system
+    kubectl get ingress traefik-dashboard --namespace=kube-system -o yaml
+    ```
+
+3. add your domains to MacOS `/etc/hosts` as needed.
+    ```
+    127.0.0.1       localhost traefik.k8s web.traefik.k8s keycloak.traefik.k8s 
+    ```
+
+4. Deploying the K8s dashboard and check if the pod is up and running.
+    ```
+    cd /Developer/Work/tools/helm
+    git clone https://github.com/thmshmm/chart-k8s-dashboard.git k8s-dshbrd/
+    helm install k8s-dshbrd --name kubernetes-dashboard --namespace=kube-system
+    kubectl get ingress kubernetes-dashboard --namespace=kube-system -o yaml
+    ```
+
 ### kompose
 > cli tool to conver Docker Compose files to Kubernetes
 ```bash

diff --git a/kubernetes.md b/kubernetes.md
@@ -155,6 +155,7 @@ kubectl get persistentvolume
 kubectl get  PersistentVolumeClaim --namespace default
 kubectl get pods --namespace kube-system
 kubectl get ep
+kubectl get serviceaccount
 # Show Merged kubeconfig settings.
 kubectl config view
 kubectl config get-contexts

diff --git a/kubernetes.md b/kubernetes.md
@@ -157,6 +157,7 @@ kubectl get pods --namespace kube-system
 kubectl get ep
 # Show Merged kubeconfig settings.
 kubectl config view
+kubectl config get-contexts
 # Display the current-context
 kubectl config current-context           
 kubectl config use-context docker-desktop
@@ -188,6 +189,8 @@ kubectl config set-context prod --namespace=prod --cluster=minikube --user=minik
 
 > Switch to the Appropriate Context
 ```
+# List contexts
+kubectl config get-contexts
 # Switch to Dev context
 kubectl config use-context dev
 # Switch to QA context

diff --git a/kubernetes.md b/kubernetes.md
@@ -69,7 +69,7 @@ helm init
 helm version
 # show if tiller is installed
 kubectl get pods --namespace kube-system
-# upgrade
+# upgrade helm version
 helm init --upgrade
 ```
 

diff --git a/kubernetes.md b/kubernetes.md
@@ -79,7 +79,9 @@ helm init --upgrade
 helm repo update
 
 # install postgre chart
-helm install --name my-postgre stable/postgresql
+# helm install --name nginx stable/nginx-ingress
+helm install --name pg --namespace default --set postgresPassword=postgres,persistence.size=1Gi stable/postgresql
+kubectl get pods -n default
 
 # list installed charts
 helm ls

diff --git a/kubernetes.md b/kubernetes.md
@@ -78,13 +78,16 @@ helm init --upgrade
 # update charts repo
 helm repo update
 
-# Install postgre chart
+# install postgre chart
 helm install --name my-postgre stable/postgresql
 
-#  delete postgre
+# list installed charts
+helm ls
+
+# delete postgre
 $ helm delete my-postgre
 
-#  delete postgre and purge
+# delete postgre and purge
 $ helm delete --purge my-postgre
 ```
 

diff --git a/kubernetes.md b/kubernetes.md
@@ -256,6 +256,8 @@ kubectl top node
 kubectl top pod
 # if you want to have a terminal show the output of these commands every 2 seconds without having to run the command over and over you can use the watch command such as
 watch kubectl top node
+# --v=8 for debuging 
+kubectl get po --v=8
 ```
 
 #### Debug k8s

diff --git a/kubernetes.md b/kubernetes.md
@@ -290,4 +290,5 @@ With such setup it was easy to observe in real time how my pods are being create
 
 [1]: https://docs.helm.sh/using_helm/#installing-helm
 1. [Debug Services](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/)
-2. [Docker for Mac with Kubernetes — Enable Ingress and K8S Dashboard](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
+2. [Docker for Mac with Kubernetes — Enable Ingress and K8S Dashboard](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)
+3. [Example recipes for Kubernetes Network Policies](https://github.com/ahmetb/kubernetes-network-policy-recipes)
diff --git a/kubernetes.md b/kubernetes.md
@@ -289,4 +289,5 @@ With such setup it was easy to observe in real time how my pods are being create
 ## Reference 
 
 [1]: https://docs.helm.sh/using_helm/#installing-helm
-1. [Debug Services](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/)
+1. [Debug Services](https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/)
+2. [Docker for Mac with Kubernetes — Enable Ingress and K8S Dashboard](https://medium.com/@thms.hmm/docker-for-mac-with-kubernetes-ingress-controller-with-traefik-e194919591bb)