Kubernetes Targets
Kubernetes targets enable command execution within pods running in Kubernetes clusters. Xec provides native Kubernetes integration with support for multiple clusters, namespaces, port forwarding, and pod selection strategies.
Basic Configuration
Define Kubernetes pods in the targets.pods section:
targets:
pods:
frontend:
namespace: production
selector: app=frontend
container: nginx
Pod Properties
Essential Properties
targets:
pods:
basic:
# Pod selection (one required)
pod: my-pod-name # Specific pod name
selector: app=myapp # OR label selector
# Context
namespace: default # Kubernetes namespace
container: app # Container name (if multiple)
Advanced Properties
targets:
pods:
advanced:
# Cluster configuration
context: production-cluster # kubectl context
kubeconfig: ~/.kube/prod # Custom kubeconfig
namespace: my-namespace
# Pod selection
selector: "app=web,tier=frontend"
container: nginx
# Execution options
tty: true # Allocate TTY
stdin: true # Keep stdin open
timeout: 60000 # Command timeout (ms)
# Command execution
shell: /bin/bash # Shell to use
workdir: /app # Working directory
# Additional flags
execFlags: # Extra kubectl exec flags
- --pod-running-timeout=1m
- --preserve-whitespace
Pod Selection Strategies
By Pod Name
targets:
pods:
specific:
pod: nginx-deployment-7848d4b86f-vp7wq
namespace: production
container: nginx
By Label Selector
targets:
pods:
by-label:
selector: app=backend
namespace: production
# Multiple labels
multi-label:
selector: "app=web,environment=prod,version=v2"
# Label expressions
expression:
selector: "environment in (production, staging)"
By Field Selector
targets:
pods:
by-field:
fieldSelector: "status.phase=Running"
selector: app=worker
Dynamic Selection
targets:
pods:
# Select first matching pod
first-match:
selector: app=web
strategy: first # Default
# Select random pod
random:
selector: app=web
strategy: random
# Select newest pod
newest:
selector: app=web
strategy: newest
Namespace Configuration
targets:
# Global Kubernetes settings
kubernetes:
$namespace: production # Default namespace
$context: prod-cluster # Default context
pods:
# Inherits global namespace
web:
selector: app=web
# Override namespace
database:
namespace: data-tier
selector: app=postgres
Context Management
Multiple Clusters
targets:
pods:
# Production cluster
prod-app:
context: production-aws
namespace: production
selector: app=api
# Staging cluster
staging-app:
context: staging-gcp
namespace: staging
selector: app=api
# Development cluster
dev-app:
context: minikube
namespace: development
selector: app=api
Custom Kubeconfig
targets:
pods:
custom-cluster:
kubeconfig: /path/to/custom/kubeconfig
context: my-context
namespace: my-namespace
selector: app=myapp
Container Selection
Single Container Pods
targets:
pods:
simple:
selector: app=nginx
# Container automatically selected if only one
Multi-Container Pods
targets:
pods:
# Specify container
sidecar:
selector: app=web
container: nginx # Main container
# Different container
logs:
selector: app=web
container: fluent-bit # Sidecar container
Execution Options
Interactive Sessions
targets:
pods:
interactive:
selector: app=debug
tty: true # TTY for interactive commands
stdin: true # Keep stdin open
shell: /bin/bash
Command Execution
targets:
pods:
execute:
selector: app=web
# Direct command
shell: false # No shell wrapping
# With shell
shell: /bin/sh # Wrap in shell
# Custom shell
shell: /bin/bash
Working Directory
targets:
pods:
workspace:
selector: app=builder
workdir: /workspace
# Commands execute in /workspace
Environment Variables
targets:
pods:
configured:
selector: app=worker
env:
WORKER_ID: ${env.HOSTNAME}
QUEUE_URL: https://sqs.amazonaws.com/queue
DEBUG: "true"
Port Forwarding
targets:
pods:
forwarded:
selector: app=web
portForward:
- 8080:80 # Local:Pod
- 9229:9229 # Debugger
- 5432:5432 # Database
Service Account
targets:
pods:
privileged:
selector: app=admin
serviceAccount: admin-sa
namespace: kube-system
Resource Requirements
targets:
pods:
# Target pods with specific resources
high-memory:
selector: "app=analytics,resources.memory>=4Gi"
low-cpu:
selector: "app=background,resources.cpu<500m"
Pod Annotations
targets:
pods:
annotated:
selector: app=web
annotations:
"prometheus.io/scrape": "true"
"prometheus.io/port": "9090"
Init Containers
targets:
pods:
# Execute in init container
init:
selector: app=database
container: init-schema
initContainer: true
Ephemeral Containers
targets:
pods:
debug:
selector: app=production
ephemeralContainer:
name: debugger
image: busybox
command: ["/bin/sh"]
Real-World Examples
Production API Pod
targets:
pods:
api:
context: production-cluster
namespace: production
selector: "app=api,version=stable"
container: api
workdir: /app
env:
API_ENV: production
timeout: 30000
Database Migration
targets:
pods:
migrate:
namespace: data
selector: app=postgres
container: postgres
workdir: /migrations
env:
PGUSER: postgres
PGDATABASE: production
Debug Session
targets:
pods:
debug:
namespace: development
selector: app=problematic
container: app
tty: true
stdin: true
shell: /bin/bash
Batch Job
targets:
pods:
job:
namespace: jobs
selector: "job-name=data-processor"
container: processor
timeout: 3600000 # 1 hour
Cluster Operations
Node Selection
targets:
pods:
gpu-pod:
selector: app=ml-training
nodeSelector:
"kubernetes.io/gpu": "true"
zone-specific:
selector: app=regional
nodeSelector:
"topology.kubernetes.io/zone": "us-east-1a"
Deployment Strategies
targets:
pods:
# Rolling update target
rolling:
selector: "app=web,deployment=rolling"
strategy: newest # Target newest pods
# Canary deployment
canary:
selector: "app=web,version=canary"
maxPods: 1 # Limit to one pod
Security
RBAC Configuration
targets:
pods:
restricted:
namespace: secure
selector: app=sensitive
serviceAccount: restricted-sa
securityContext:
runAsNonRoot: true
runAsUser: 1000
Network Policies
targets:
pods:
isolated:
namespace: isolated
selector: app=backend
networkPolicy: deny-all
Monitoring and Logging
Metrics Collection
targets:
pods:
metrics:
selector: app=monitored
metrics:
enabled: true
port: 9090
path: /metrics
Log Streaming
targets:
pods:
logs:
selector: app=verbose
container: app
logOptions:
follow: true
timestamps: true
tail: 100
Troubleshooting
Pod Discovery
# List available pods
kubectl get pods -n production
# Check pod selection
xec test pods.frontend
# Debug selector
kubectl get pods -l app=frontend -n production
Common Issues
No Pods Found
# Check selector and namespace
targets:
pods:
fixed:
namespace: correct-namespace # Verify namespace
selector: "app=correct-label" # Verify labels
Container Not Found
# List containers in pod
kubectl get pod <pod-name> -o jsonpath='{.spec.containers[*].name}'
targets:
pods:
fixed:
container: correct-container-name
Permission Denied
# Check RBAC permissions
kubectl auth can-i exec pods -n production
# Use correct service account
targets:
pods:
authorized:
serviceAccount: exec-sa
Connection Issues
# Check cluster connectivity
kubectl cluster-info
# Verify context
kubectl config current-context
targets:
pods:
connected:
context: correct-context
kubeconfig: ~/.kube/config
Best Practices
1. Use Selectors Over Pod Names
# Good - selector (flexible)
selector: app=web
# Avoid - specific pod (fragile)
pod: web-7f8b9c5d4-x2kp9
2. Specify Container Names
# Good - explicit container
container: nginx
# May fail - ambiguous with multiple containers
# No container specified
3. Set Appropriate Timeouts
targets:
pods:
batch:
timeout: 3600000 # Long-running jobs
health:
timeout: 5000 # Quick checks
4. Use Namespaces
# Good - organized by namespace
namespace: production
# Avoid - everything in default
namespace: default
5. Handle Pod Lifecycle
targets:
pods:
resilient:
selector: app=web
waitReady: true # Wait for pod ready
maxRetries: 3 # Retry on failure
Advanced Features
Custom Resources
targets:
pods:
operator:
crd: myapp.example.com/v1
resource: myapp-instance
namespace: operators
Helm Integration
targets:
pods:
helm:
$helm:
release: my-release
chart: stable/nginx
Istio Service Mesh
targets:
pods:
mesh:
selector: app=web
istio:
virtualService: web-vs
destinationRule: web-dr
Next Steps
- Kubernetes Commands - K8s-specific commands
See Also
- kubectl Reference
- Pod Logs - Viewing pod logs
- Port Forwarding - Kubernetes port forwarding