kubectl 简明手册（一）（Cheat Sheet）

Kubectl 命令自动补全：

BASH

source <(kubectl completion bash) # setup autocomplete in bash into the current shell, bash-completion package should be installed first.

echo "source <(kubectl completion bash)" >> ~/.bashrc # add autocomplete permanently to your bash shell.

You can also use a shorthand alias for kubectl that also works with completion:

alias k=kubectl

complete -F __start_kubectl k

ZSH

source <(kubectl completion zsh)  # setup autocomplete in zsh into the current shell

echo "[[ $commands[kubectl] ]] && source <(kubectl completion zsh)" >> ~/.zshrc # add autocomplete permanently to your zsh shell

Kubectl 环境和配置 

如何配置/修改Kubectl的通信集群信息：详情参考：Authenticating Across Clusters with kubeconfig 

kubectl config view # Show Merged kubeconfig settings.



# use multiple kubeconfig files at the same time and view merged config

KUBECONFIG=~/.kube/config:~/.kube/kubconfig2



kubectl config view



# get the password for the e2e user

kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'



kubectl config view -o jsonpath='{.users[].name}'    # display the first user

kubectl config view -o jsonpath='{.users[*].name}'   # get a list of users

kubectl config get-contexts                          # display list of contexts 

kubectl config current-context                       # display the current-context

kubectl config use-context my-cluster-name           # set the default context to my-cluster-name



# add a new user to your kubeconf that supports basic auth

kubectl config set-credentials kubeuser/foo.kubernetes.com --username=kubeuser --password=kubepassword



# permanently save the namespace for all subsequent kubectl commands in that context.

kubectl config set-context --current --namespace=ggckad-s2



# set a context utilizing a specific username and namespace.

kubectl config set-context gce --user=cluster-admin --namespace=foo \

  && kubectl config use-context gce



kubectl config unset users.foo                       # delete user foo

Kubectl apply

kubectl apply命令通过Kubenets资源文件管理Kubenets应用，参考：Kubectl Book

创建 objects

Kubernetes manifests 可以是 YAML 或者 JSON 格式. 文件扩展名为 .yaml, .yml, 或者 .json

kubectl apply -f ./my-manifest.yaml            # create resource(s)

kubectl apply -f ./my1.yaml -f ./my2.yaml      # create from multiple files

kubectl apply -f ./dir                         # create resource(s) in all manifest files in dir

kubectl apply -f https://git.io/vPieo          # create resource(s) from url

kubectl create deployment nginx --image=nginx  # start a single instance of nginx



# create a Job which prints "Hello World"

kubectl create job hello --image=busybox -- echo "Hello World"



# create a CronJob that prints "Hello World" every minute

kubectl create cronjob hello --image=busybox   --schedule="*/1 * * * *" -- echo "Hello World"   



kubectl explain pods                           # get the documentation for pod manifests



# Create multiple YAML objects from stdin

cat <<EOF | kubectl apply -f -

apiVersion: v1

kind: Pod

metadata:

  name: busybox-sleep

spec:

  containers:

  - name: busybox

    image: busybox

    args:

    - sleep

    - "1000000"

---

apiVersion: v1

kind: Pod

metadata:

  name: busybox-sleep-less

spec:

  containers:

  - name: busybox

    image: busybox

    args:

    - sleep

    - "1000"

EOF



# Create a secret with several keys

cat <<EOF | kubectl apply -f -

apiVersion: v1

kind: Secret

metadata:

  name: mysecret

type: Opaque

data:

  password: $(echo -n "s33msi4" | base64 -w0)

  username: $(echo -n "jane" | base64 -w0)

EOF

查看, 搜索资源

​
# Get commands with basic output

kubectl get services                          # List all services in the namespace

kubectl get pods --all-namespaces             # List all pods in all namespaces

kubectl get pods -o wide                      # List all pods in the current namespace, with more details

kubectl get deployment my-dep                 # List a particular deployment

kubectl get pods                              # List all pods in the namespace

kubectl get pod my-pod -o yaml                # Get a pod's YAML

# Describe commands with verbose output

kubectl describe nodes my-node

kubectl describe pods my-pod

# List Services Sorted by Name

kubectl get services --sort-by=.metadata.name

# List pods Sorted by Restart Count

kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'

# List PersistentVolumes sorted by capacity

kubectl get pv --sort-by=.spec.capacity.storage

# Get the version label of all pods with label app=cassandra

kubectl get pods --selector=app=cassandra -o \

  jsonpath='{.items[*].metadata.labels.version}'

# Retrieve the value of a key with dots, e.g. 'ca.crt'

kubectl get configmap myconfig \

  -o jsonpath='{.data.ca\.crt}'

# Get all worker nodes (use a selector to exclude results that have a label

# named 'node-role.kubernetes.io/master')

kubectl get node --selector='!node-role.kubernetes.io/master'

# Get all running pods in the namespace

kubectl get pods --field-selector=status.phase=Running

# Get ExternalIPs of all nodes

kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'

# List Names of Pods that belong to Particular RC

# "jq" command useful for transformations that are too complex for jsonpath, it can be found at jq

sel=${$(kubectl get rc my-rc --output=json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}

echo $(kubectl get pods --selector=$sel --output=jsonpath={.items..metadata.name})

# Show labels for all pods (or any other Kubernetes object that supports labelling)

kubectl get pods --show-labels

# Check which nodes are ready

JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \

 && kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"

# Output decoded secrets without external tools

kubectl get secret my-secret -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"\n"}}{{$v|base64decode}}{{"\n\n"}}{{end}}'

# List all Secrets currently in use by a pod

kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq

# List all containerIDs of initContainer of all pods

# Helpful when cleaning up stopped containers, while avoiding removal of initContainers.

kubectl get pods --all-namespaces -o jsonpath='{range .items[*].status.initContainerStatuses[*]}{.containerID}{"\n"}{end}' | cut -d/ -f3

# List Events sorted by timestamp

kubectl get events --sort-by=.metadata.creationTimestamp

# Compares the current state of the cluster against the state that the cluster would be in if the manifest was applied.

kubectl diff -f ./my-manifest.yaml

# Produce a period-delimited tree of all keys returned for nodes

# Helpful when locating a key within a complex nested JSON structure

kubectl get nodes -o json | jq -c 'path(..)|[.[]|tostring]|join(".")'

# Produce a period-delimited tree of all keys returned for pods, etc

kubectl get pods -o json | jq -c 'path(..)|[.[]|tostring]|join(".")'

# Produce ENV for all pods, assuming you have a default container for the pods, default namespace and the `env` command is supported.

# Helpful when running any supported command across all pods, not just `env`

for pod in $(kubectl get po --output=jsonpath={.items..metadata.name}); do echo $pod && kubectl exec -it $pod -- env; done

​

更新资源

kubectl set image deployment/frontend www=image:v2               # Rolling update "www" containers of "frontend" deployment, updating the image

kubectl rollout history deployment/frontend                      # Check the history of deployments including the revision 

kubectl rollout undo deployment/frontend                         # Rollback to the previous deployment

kubectl rollout undo deployment/frontend --to-revision=2         # Rollback to a specific revision

kubectl rollout status -w deployment/frontend                    # Watch rolling update status of "frontend" deployment until completion

kubectl rollout restart deployment/frontend                      # Rolling restart of the "frontend" deployment





cat pod.json | kubectl replace -f -                              # Replace a pod based on the JSON passed into std



# Force replace, delete and then re-create the resource. Will cause a service outage.

kubectl replace --force -f ./pod.json



# Create a service for a replicated nginx, which serves on port 80 and connects to the containers on port 8000

kubectl expose rc nginx --port=80 --target-port=8000



# Update a single-container pod's image version (tag) to v4

kubectl get pod mypod -o yaml | sed 's/\(image: myimage\):.*$/\1:v4/' | kubectl replace -f -



kubectl label pods my-pod new-label=awesome                      # Add a Label

kubectl annotate pods my-pod icon-url=http://goo.gl/XXBTWq       # Add an annotation

kubectl autoscale deployment foo --min=2 --max=10                # Auto scale a deployment "foo"

资源打包

# Partially update a node

kubectl patch node k8s-node-1 -p '{"spec":{"unschedulable":true}}'



# Update a container's image; spec.containers[*].name is required because it's a merge key

kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'



# Update a container's image using a json patch with positional arrays

kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'



# Disable a deployment livenessProbe using a json patch with positional arrays

kubectl patch deployment valid-deployment  --type json   -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/livenessProbe"}]'



# Add a new element to a positional array

kubectl patch sa default --type='json' -p='[{"op": "add", "path": "/secrets/1", "value": {"name": "whatever" } }]'

编制资源 Editing resources

kubectl edit svc/docker-registry                      # Edit the service named docker-registry

KUBE_EDITOR="nano" kubectl edit svc/docker-registry   # Use an alternative editor