一些自用的kubectl命令
重启pod
1 2 3
| NAME_SPACE=default kubectl get pod podname -n=${NAME_SPACE} -o yaml | kubectl replace --force -f -
|
强制删除pod
解决:加参数 --force --grace-period=0
grace-period表示过渡存活期,默认30s,在删除POD之前允许POD慢慢终止其上的容器进程,从而优雅退出
0表示立即终止POD
1 2
| kubectl delete pod <your-pod-name> -n=<name-space> --force --grace-period=0
|
根据状态过滤批量操作
过滤条件: ImagePullBackOff|CrashLoopBackOff|Evicted|Terminating
1 2 3 4 5 6 7 8
| NAME_SPACE=default
# kubectl get pods -n=${NAME_SPACE} | grep -E 'ImagePullBackOff|CrashLoopBackOff' | awk '{print $1}' | xargs kubectl delete pod -n=${NAME_SPACE}
# kubectl get pods -n=${NAME_SPACE} | grep -E 'Evicted|Terminating' | awk '{print $1}' | xargs kubectl get pod -n=${NAME_SPACE} -o yaml | kubectl replace --force -f -
|
pod-forward
1 2 3 4
| kubectl port-forward --address 0.0.0.0 pod/pod名称 暴露端口:内部端口 kubectl port-forward --address 0.0.0.0 service/service名称 暴露端口:内部端口
|
kubectl expose
1 2 3 4 5 6 7 8 9
| kubectl -n=default delete svc log-np
kubectl -n=default expose pod log-0 --name=log-np --type=NodePort --overrides \ '{ "apiVersion": "v1","spec":{"ports": [{"port":9200,"protocol":"TCP","targetPort":9200,"nodePort":30792}]}}'
kubectl -n=default expose pod manager-0 --name=manager-np --type=NodePort --overrides \ '{ "apiVersion": "v1","spec":{"ports": [{"protocol":"TCP","port":5000,"targetPort":5000,"nodePort":30750}]}}'
|
xargs查看pod日志
1 2 3 4 5
| NAME_SPACE=bigdata POD_NAME="kafka-clean"
kubectl -n=${NAME_SPACE} get pods | grep $POD_NAME | awk '{print $1}' | xargs kubectl -n=${NAME_SPACE} logs
|
生成kubernetes集群最高权限admin用户的token
参考:https://jimmysong.io/kubernetes-handbook/guide/auth-with-kubeconfig-or-token.html
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
| cat <<EOF >./my-admin-role.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1beta1 metadata: name: my-admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: my-admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: my-admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile
EOF
kubectl create -f my-admin-role.yaml
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep 'my-admin-token' | awk '{print $1}')
|
生成kubernetes集群最高权限admin用户的token(高版本)
参考:https://blog.csdn.net/wuchenlhy/article/details/128578633
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39
| cat <<EOF >./my-admin-role.yaml kind: ClusterRoleBinding apiVersion: rbac.authorization.k8s.io/v1 metadata: name: my-admin annotations: rbac.authorization.kubernetes.io/autoupdate: "true" roleRef: kind: ClusterRole name: cluster-admin apiGroup: rbac.authorization.k8s.io subjects: - kind: ServiceAccount name: my-admin namespace: kube-system --- apiVersion: v1 kind: ServiceAccount metadata: name: my-admin namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: v1 kind: Secret metadata: name: my-admin-secret namespace: kube-system annotations: kubernetes.io/service-account.name: my-admin type: kubernetes.io/service-account-token
EOF
kubectl create -f my-admin-role.yaml kubectl -n kube-system describe secret my-admin-secret
|
启用kubectl proxy
1
| nohup kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' --reject-paths=' ' --port=18880 &
|
获取当前kubeconfig
1 2
| kubectl config view --minify --raw
|
根据pv自动创建pvc
创建create_pvc.sh脚本,使用类似./create_pvc.sh pv001 default
调用即可
也可直接修改参数,执行以下语句
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
| cat << 'EEOFF' >./create_pvc.sh
#!/bin/bash
pv_name=$1 namespace=$2
storage=$(kubectl get pv ${pv_name} -o yaml | grep storage: | awk '{print $2}') storageClassName=$(kubectl get pv ${pv_name} -o yaml | grep storageClassName: | awk '{print $2}')
cat <<EOF | kubectl create -f - apiVersion: v1 kind: PersistentVolumeClaim metadata: namespace: ${namespace} name: ${pv_name} spec: accessModes: - ReadWriteMany resources: requests: storage: ${storage} storageClassName: ${storageClassName} volumeName: ${pv_name} EOF
EEOFF chmod a+x create_pvc.sh
./create_pvc.sh pv001 default
|
根据进程pid获取运行容器信息
1 2 3 4 5 6
| # 示例 pid=1234
docker ps | grep $(nsenter -t $pid -u hostname)
|