Kubernetes Overview
Implementation Referenceβ
Source Files:
packages/core/src/adapters/k8s-adapter.ts- Kubernetes adapter implementationpackages/core/src/k8s/kubectl-client.ts- kubectl wrapper clientpackages/core/src/k8s/types.ts- Kubernetes type definitionspackages/core/src/k8s/pod-executor.ts- Pod execution logicapps/xec/src/commands/in.ts- Container/pod execution command
Key Functions:
K8sAdapter.execute()- Main execution entry pointKubectlClient.exec()- Execute commands in podsKubectlClient.getPods()- List podsKubectlClient.getNamespaces()- List namespacesKubectlClient.portForward()- Setup port forwardingKubectlClient.logs()- Stream pod logs
Overviewβ
Xec provides seamless integration with Kubernetes clusters through the @xec-sh/core execution engine. This enables command execution in pods, resource management, and cluster operations using familiar Xec patterns.
Prerequisitesβ
kubectl Configurationβ
Xec uses kubectl for Kubernetes operations:
# Verify kubectl is installed
kubectl version --client
# Verify cluster access
kubectl cluster-info
# Check current context
kubectl config current-context
Cluster Accessβ
Ensure proper cluster authentication:
# List available contexts
kubectl config get-contexts
# Switch context
kubectl config use-context my-cluster
# Test access
xec in my-pod:container whoami
Basic Conceptsβ
Target Definitionβ
Define Kubernetes targets in configuration:
targets:
pods:
web:
type: kubernetes
namespace: default
pod: web-server
container: nginx # Optional, defaults to first container
api:
type: kubernetes
namespace: production
pod: api-server-.* # Regex pattern for pod selection
worker:
type: kubernetes
namespace: jobs
selector: app=worker # Label selector
Execution Contextβ
Kubernetes execution context includes:
- Namespace - Kubernetes namespace
- Pod - Target pod name or pattern
- Container - Specific container in pod
- Context - kubectl context (cluster)
Pod Executionβ
Direct Executionβ
Execute commands in pods using the Kubernetes adapter:
import { $ } from '@xec-sh/core';
// Execute in pod
const result = await $.k8s('my-pod')`ls -la /app`;
console.log(result.stdout);
// Execute in specific namespace
const result = await $.k8s('my-pod', {
namespace: 'production'
})`kubectl get services`;
// Execute in specific container
const result = await $.k8s('my-pod', {
container: 'app'
})`npm list`;
// Execute with working directory
const result = await $.k8s('my-pod', {
cwd: '/app'
})`npm test`;
CLI Executionβ
Use the in command for pod execution:
# Execute in pod
xec in my-pod ls -la
# Execute in specific container
xec in my-pod:nginx nginx -t
# Execute in namespace
xec in prod/my-pod whoami
# Interactive shell
xec in my-pod /bin/bash
Namespace Managementβ
Working with Namespacesβ
// List namespaces
const namespaces = await $.k8s.getNamespaces();
namespaces.forEach(ns => {
console.log({
name: ns.metadata.name,
status: ns.status.phase,
created: ns.metadata.creationTimestamp
});
});
// Execute in specific namespace
await $.k8s('my-pod', {
namespace: 'staging'
})`echo "Running in staging"`;
// Get pods in namespace
const pods = await $.k8s.getPods('production');
Default Namespaceβ
Configure default namespace:
# .xec/config.yaml
kubernetes:
defaultNamespace: production
targets:
pods:
app:
type: kubernetes
pod: my-app
# Uses defaultNamespace if not specified
Pod Selectionβ
By Nameβ
Select pods by exact name:
// Exact pod name
await $.k8s('web-server-abc123')`ps aux`;
// With namespace
await $.k8s('prod/web-server-abc123')`ps aux`;
By Patternβ
Select pods using patterns:
// Regex pattern
await $.k8s('web-server-.*')`uptime`;
// Glob pattern
await $.k8s('worker-*')`celery status`;
// First matching pod
const pod = await $.k8s.findPod('api-.*');
await $.k8s(pod.metadata.name)`health-check`;
By Labelsβ
Select pods using label selectors:
// Label selector
const pods = await $.k8s.getPods({
labelSelector: 'app=web,env=production'
});
// Execute on all matching pods
for (const pod of pods) {
await $.k8s(pod.metadata.name)`restart-app`;
}
Container Selectionβ
Multi-Container Podsβ
Work with specific containers:
// List containers in pod
const pod = await $.k8s.getPod('my-pod');
const containers = pod.spec.containers.map(c => c.name);
console.log('Containers:', containers);
// Execute in specific container
await $.k8s('my-pod', {
container: 'sidecar'
})`tail -f /var/log/sidecar.log`;
// Execute in init container
await $.k8s('my-pod', {
container: 'init-db',
containerType: 'init'
})`check-migration`;
Default Containerβ
Xec uses the first container by default:
targets:
pods:
multi:
type: kubernetes
pod: multi-container-pod
container: app # Specify default container
Resource Managementβ
Getting Resourcesβ
Query Kubernetes resources:
// Get deployments
const deployments = await $.k8s.get('deployments');
// Get services
const services = await $.k8s.get('services', {
namespace: 'default'
});
// Get specific resource
const configmap = await $.k8s.get('configmap/app-config');
// Get with JSON output
const pods = await $.k8s.getJson('pods', {
labelSelector: 'app=web'
});
Resource Operationsβ
Manage Kubernetes resources:
// Scale deployment
await $.k8s.scale('deployment/web', 3);
// Restart deployment
await $.k8s.rollout.restart('deployment/api');
// Delete pod
await $.k8s.delete('pod/failed-pod');
// Apply configuration
await $.k8s.apply('./k8s/deployment.yaml');
Cluster Informationβ
Cluster Statusβ
Get cluster information:
// Cluster info
const info = await $.k8s.clusterInfo();
console.log('Kubernetes master:', info.master);
// Node status
const nodes = await $.k8s.get('nodes');
nodes.forEach(node => {
console.log({
name: node.metadata.name,
status: node.status.conditions,
capacity: node.status.capacity
});
});
// Component status
const components = await $.k8s.get('componentstatuses');
Context Managementβ
Work with multiple clusters:
// Get current context
const context = await $.k8s.currentContext();
// List contexts
const contexts = await $.k8s.getContexts();
// Switch context (affects subsequent operations)
await $.k8s.useContext('production-cluster');
// Execute with specific context
await $.k8s('my-pod', {
context: 'staging-cluster'
})`hostname`;
Authenticationβ
Service Accountβ
Use service account authentication:
targets:
pods:
admin:
type: kubernetes
pod: admin-pod
serviceAccount: admin-sa
Kubeconfigβ
Specify custom kubeconfig:
// Use custom kubeconfig
await $.k8s('my-pod', {
kubeconfig: '/path/to/kubeconfig'
})`whoami`;
// Environment variable
process.env.KUBECONFIG = '/path/to/kubeconfig';
await $.k8s('my-pod')`ls`;
Configuration in Xecβ
Kubernetes Settingsβ
Configure Kubernetes in .xec/config.yaml:
kubernetes:
defaultNamespace: default
defaultContext: minikube
timeout: 30s
# kubectl path (if not in PATH)
kubectlPath: /usr/local/bin/kubectl
# Default labels for operations
labels:
managed-by: xec
environment: development
targets:
pods:
web:
type: kubernetes
namespace: default
pod: web-.*
container: nginx
db:
type: kubernetes
namespace: database
selector: app=postgres
# Pattern-based selection
workers:
type: kubernetes
namespace: jobs
podPattern: worker-\d+
# Multi-cluster target
prod-api:
type: kubernetes
context: production
namespace: api
pod: api-server
Kubernetes Tasksβ
Define Kubernetes operations as tasks:
tasks:
deploy:
description: Deploy application to Kubernetes
steps:
- command: kubectl apply -f k8s/
scale:
params:
- name: replicas
default: 3
steps:
- command: kubectl scale deployment/web --replicas=${params.replicas}
logs:
params:
- name: pod
steps:
- command: kubectl logs -f ${params.pod}
debug:
params:
- name: pod
steps:
- command: kubectl describe pod ${params.pod}
- command: kubectl logs ${params.pod} --previous
Performance Characteristicsβ
Based on Implementation:
Operation Timingsβ
- Pod Exec: 200-500ms (API call + network)
- Pod List: 50-200ms
- Namespace List: 20-50ms
- Log Streaming: 100ms to start
- Port Forward: 200-500ms to establish
Resource Usageβ
- Memory: ~5MB per active connection
- CPU: Minimal except during operations
- Network: HTTPS API calls to cluster
Error Handlingβ
Common Errorsβ
| Error | Code | Solution |
|---|---|---|
| Pod not found | 3 | Verify pod name and namespace |
| Container not found | 3 | Check container name in pod |
| Permission denied | 11 | Check RBAC permissions |
| Connection refused | 4 | Verify cluster connectivity |
| Context not found | 2 | Check kubeconfig contexts |
| Namespace not found | 3 | Create namespace or fix name |
Error Recoveryβ
// Retry with pod selection
async function executeWithRetry(pattern: string, command: string) {
for (let i = 0; i < 3; i++) {
try {
const pod = await $.k8s.findPod(pattern);
if (pod) {
return await $.k8s(pod.metadata.name)`${command}`;
}
} catch (error) {
if (i === 2) throw error;
await new Promise(r => setTimeout(r, 1000));
}
}
}
// Wait for pod ready
async function executeWhenReady(pod: string, command: string) {
await $.k8s.waitForPod(pod, {
condition: 'Ready',
timeout: 60000
});
return await $.k8s(pod)`${command}`;
}
Best Practicesβ
Pod Selectionβ
- Use specific names when possible
- Verify pod existence before execution
- Handle multiple matches with patterns
- Use labels for group operations
- Specify namespace explicitly
Resource Managementβ
// Good: Explicit namespace
await $.k8s('my-pod', {
namespace: 'production'
})`command`;
// Good: Error handling
try {
await $.k8s('my-pod')`risky-operation`;
} catch (error) {
if (error.code === 'PodNotFound') {
console.log('Pod not available');
}
}
// Good: Wait for readiness
await $.k8s.waitForPod('new-pod');
await $.k8s('new-pod')`startup-check`;
Securityβ
# Use service accounts
targets:
pods:
secure:
type: kubernetes
pod: secure-pod
serviceAccount: limited-sa
namespace: restricted
Related Topicsβ
- Pod Execution - Detailed pod execution
- Port Forwarding - Kubernetes port forwarding
- Log Streaming - Pod log management
- File Operations - File transfer with pods
- in Command - CLI pod execution