kubectl get pod/svc/deployment -n kube-system
kubectl get all -n kube-system
kubectl logs xxx -n kube-system
kubectl logs -f -l component=controller --all-containers -n kube-system
kubectl exec -it nginx-56b8c64cb4-t97vb -- /bin/bash
kubectl exec -it my-pod --container main-app -- /bin/bash
kubectl delete pod -l app=flannel -n kube-system
kubectl scale deployment spark-worker-deployment --replicas=8
kubectl rollout restart -n skywalking deployment skywalking-oap
kubectl logs --tail=100 frontend-65c58c957d-bzbg2 --previous
kubectl get events --sort-by=.metadata.creationTimestamp
kubectl get events --field-selector type=Warning
kubectl get events --field-selector involvedObject.kind=Node
导出proxy
kubectl get ds -n kube-system -l k8s-app=kube-proxy -o yaml>kube-proxy-ds.yaml
导出kube-dns
kubectl get deployment -n kube-system -l k8s-app=kube-dns -o yaml >kube-dns-dp.yaml
kubectl get services -n kube-system -l k8s-app=kube-dns -o yaml >kube-dns-services.yaml
导出所有 configmap
kubectl get configmap -n kube-system -o wide -o yaml > configmap.yaml
kubectl get pods -n kube-system |grep Evicted| awk '{print $1}'|xargs kubectl delete pod -n kube-system
vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
kubectl cluster-info
kubectl get componentstatuses
kubectl get cs -o=go-template='{{printf "NAME\t\t\tHEALTH_STATUS\tMESSAGE\t\n"}}{{range .items}}{{$name := .metadata.name}}{{range .conditions}}{{printf "%-24s%-16s%-20s\n" $name .status .message}}{{end}}{{end}}'
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin-user | awk '{print $1}')
echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
ps -ef | grep kubelet
kubectl get clusterrole cs:admin -o yaml
kubectl create clusterrolebinding system:kube-proxy --clusterrole=cluster-admin --user=system:kube-proxy
journalctl -u kubelet -f
journalctl -l -u kubelet
kubectl cordon node1
kubectl drain node1
kubectl uncordon node1
*/30 * * * * /k8s/kubernetes/bin/kubectl get pod --all-namespaces | awk '{if($4=="Terminating"){system("/k8s/kubernetes/bin/kubectl delete pod -n "$1" "$2" --grace-period=0 --force")}}'
*/10 * * * * /k8s/kubernetes/bin/kubectl get pod --all-namespaces | awk '{if($4=="Evicted"){system("/k8s/kubernetes/bin/kubectl delete pod -n "$1" "$2" --grace-period=0 --force")}}'
kubectl批处理
kubectl get deployments --all-namespaces |grep -vE "^auth-center|^apollo|^ops-monit|^kube-|^default"|while read line; do ns=`echo $line|awk '{print $1}'`; dp=`echo $line|awk '{print $2}'`; kubectl scale --replicas=1 deploy/$dp -n $ns; done
kubectl get deployments --all-namespaces |grep -vE "^auth-center|^apollo|^ops-monit|^kube-|^default"|while read line
do
ns=`echo $line|awk '{print $1}'`
dp=`echo $line|awk '{print $2}'`
con=`echo $dp|sed 's/deploy-//g'`
kubectl patch deployment $dp -n $ns --patch "{\"spec\": {\"template\": {\"spec\": {\"containers\": [{\"name\": \"$con\",\"resources\": {\"requests\": {\"cpu\":\"50m\"}}}]}}}}"
done
kubectl get deployments --all-namespaces |grep -vE "^auth-center|^apollo|^ops-monit|^kube-|^default|^infra|^cis|^terminal|^mdm"|while read line
do
ns=`echo $line|awk '{print $1}'`
dp=`echo $line|awk '{print $2}'`
con=`echo $dp|sed 's/deploy-//g'`
kubectl patch deployment $dp -n $ns --patch "{\"spec\": {\"template\": {\"spec\": {\"containers\": [{\"name\": \"$con\",\"env\": [{\"name\":\"JAVA_TOOL_OPTIONS\",\"value\":\"-javaagent:/opt/agents/apm-javaagent/apm-javaagent.jar=appName=$con\"}]}]}}}}"
done
kubectl get deployments --all-namespaces -o jsonpath="{range .items[*]}{.metadata.namespace}{'@'}{.metadata.name}{'@'}{.spec.template.spec.containers[0].name}{'@'}{.spec.template.spec.containers[0].image}{'\n'}{end}"
kubectl get pods --all-namespaces -o jsonpath="{range .items[*]}{.metadata.namespace}{'@'}{.metadata.name}{'\t'}{.status.containerStatuses[0].lastState.terminated.exitCode}{':'}{.status.containerStatuses[0].lastState.terminated.reason}{'\n'}{end}"|grep -v ":$"
cluster-admin创建
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1beta1
metadata:
name: admin
annotations:
rbac.authorization.kubernetes.io/autoupdate: "true"
roleRef:
kind: ClusterRole
name: cluster-admin
apiGroup: rbac.authorization.k8s.io
subjects:
- kind: ServiceAccount
name: admin
namespace: kube-system
---
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin
namespace: kube-system
labels:
kubernetes.io/cluster-service: "true"
addonmanager.kubernetes.io/mode: Reconcile
kubectl create -f admin-role.yaml
echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep admin-token | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)
修改默认的namespace配置
kubectl config view
kubectl config set-context kubernetes-admin@kubernetes --namespace=monitoring
增加配置,并设置为默认
kubectl config set-context kube --namespace=kube-system --cluster=kubernetes --user=kubernetes-admin
kubectl config set current-context kube
删除配置
kubectl config delete-context kube
查看节点标签
kubectl get node --show-labels
kubectl label node k8snode1 disktype=ssd
kubectl label node k8s-node1 disktype-
获取资源版本
kubectl api-versions
获取资源类型
kubectl api-resources
获取yaml文件编写需要的内容
kubectl explain Deployment
kubectl explain Deployment.metadata
查看污点
kubectl describe node node1
删除master污点
kubectl taint nodes sl-master node-role.kubernetes.io/master-
kubectl taint nodes --all node-role.kubernetes.io/master-
恢复master污点
kubectl taint nodes sl-master node-role.kubernetes.io/master=:NoSchedule
kubectl taint nodes 10.118.71.12 testmsg=update:NoExecute
自动补全
yum install -y bash-completion
kubectl completion bash >/etc/bash_completion.d/k8s.bash
deployment 添加容忍(配合标签使用可限制pod只部署到某个node)
# deployment的yaml需要在template:spec下面加上
tolerations:
- key: "INFAR_ONLY"
operator: "Exists"
effect: "NoExecute"
# 通常情况下,如果给一个节点添加了一个 effect 值为 NoExecute 的 taint,则任何不能忍受这个 taint 的 pod 都会马上被驱逐,任何可以忍受这个 taint 的 pod 都不会被驱逐。但是,如果 pod 存在一个 effect 值为 NoExecute 的 toleration 指定了可选属性 tolerationSeconds 的值,则表示在给节点添加了上述 taint 之后,pod 还能继续在节点上运行的时间。
# 对于tolerations属性的写法:
其中的key、value、effect 与Node的Taint设置需保持一致, 还有以下几点说明:
1、如果operator的值是Exists,则value属性可省略。
2、如果operator的值是Equal,则表示其key与value之间的关系是equal(等于)。
3、如果不指定operator属性,则默认值为Equal。
另外,还有两个特殊值:
1、空的key 如果再配合Exists 就能匹配所有的key与value ,也是是能容忍所有node的所有Taints。
2、空的effect 匹配所有的effect。
污点配置例子:
kubectl taint nodes k8snode1 INFAR_ONLY=:NoExecute
kubectl label node k8snode1 nodeAppType=INFAR_ONLY
#yaml文件容忍污点配置:
tolerations:
- key: "INFAR_ONLY"
operator: "Exists"
effect: "NoExecute"
#tolerationSeconds: 600 #加了会10分钟驱逐一次任何pod
#容忍任何污点:
tolerations:
- operator: Exists
#指定node
nodeSelector:
#NodeAffinity: #优先 INFAR_ONLY 节点,没有则调度其它节点,和nodeSelector二选一
nodeAppType: INFAR_ONLY
创建kubeconfig
kubectl config view --minify --raw
cd /opt/kubernetes/ssl/
openssl genrsa -out liaoxin.key 2048
openssl req -new -key liaoxin.key -out liaoxin.csr -subj "/CN=liaoxin/O=liaoxin"
openssl x509 -req -in liaoxin.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out liaoxin.crt -days 3650
openssl x509 -in liaoxin.crt -text -noout
kubectl config set-cluster k8s-test --embed-certs=true --certificate-authority=ca.pem --server="https://10.118.71.223:6443"
kubectl config set-credentials liaoxin --embed-certs=true --client-certificate=liaoxin.crt --client-key=liaoxin.key
kubectl config set-context liaoxin@k8s-test --cluster=k8s-test --user=liaoxin
kubectl create clusterrolebinding liaoxin@admin --clusterrole=cluster-admin --user=liaoxin
kubectl config use-context liaoxin@k8s-test
kubectl config view
cat /root/.kube/config
无法删除的ns
kubectl proxy
kubectl get ns auth-center -o json | jq 'del(.spec.finalizers)' |curl -v -H "Content-Type: application/json" -X PUT --data-binary @- http://127.0.0.1:8001/api/v1/namespaces/auth-center/finalize
node证书过期更新
kubectl get csr
kubectl certificate approve node-xxxxx
手动认证,认证完后节点恢复正常
python使用证书连接K8S
from kubernetes import client
configuration = client.Configuration()
configuration.host = 'https://11.37.20.2:5443'
configuration.ssl_ca_cert = './ca.crt'
configuration.cert_file = './client.crt'
configuration.key_file = './client.key'
v1 = client.CoreV1Api(client.ApiClient(configuration))
ret = v1.list_pod_for_all_namespaces()
for i in ret.items:
print("%s\t%s\t%s" % (i.status.pod_ip, i.metadata.namespace, i.metadata.name))