Kubernetes 常用指令
kubectl 基本指令
run 建立 Pod
kubectl run po $PODNAME --image=$IMAGENAME --restart=Never --dry-run=client
-dry-run參數常用來生成建立 POD 的 YAML 檔案(證照考試常用)
apply 透過文件創建物件
kubectl apply -f $FILE.YAML
delete 删除物件
kubectl delete pod $PODNAME
get 查看物件
kubectl get pod --namespace=$NSNAME
- 只查看特定 namespace 中的 pod
kubectl get pods -o wide
- 查看 pod 的所有細節
kubectl get all -A
- 查看所有 namespace 的 pod
kubectl get deployment $DPNAME
- 查看 deployment 細節
kubectl get pod $PODNAME -o yaml
#取得建立 POD 時的 YAML 檔案
kubectl get pod $PODNAME -v 6
- 獲取每一個 kubectl 命令在 API level 的 log,使用 6,7,8,9 不同的 level,數值越大得到的信息詳細
kubectl get pods $PODNAME --watch -v 6
- 持續監聽 lubectl 在 API level 的操作
kubectl get events
- 查看創建 pod 中發生的 issue
kubectl get deployments
- 取得 deployments 資訊
kubectl get rs
- 取得 Replication Set 資訊
kubectl get services --sort-by=.metadata.name
- 透過排序名字列出 service
kubectl get pods --sort-by='.status.containerStatuses[0].restartCount'
- 透過 restart count 列出 pods
kubectl get pv --sort-by=.spec.capacity.storage
- 透過容量列出 Persistent Volumes
kubectl get pods --selector=app=cassandra -o \
jsonpath='{.items[*].metadata.labels.version}'
- 透過 version label app = cassandra 取得 pods
kubectl get configmap myconfig \
-o jsonpath='{.data.ca\.crt}'
- 取得 configmap 中的 ca.crt
kubectl get secret my-secret --template='{{index .data "key-name-with-dashes"}}'
kubectl get node --selector='!node-role.kubernetes.io/control-plane'
- 排除包含標籤 node-role.kubernetes.io/control-plane 的 node
kubectl get pods --field-selector=status.phase=Running
- 取得正在運行的 pod
kubectl get nodes -o jsonpath='{.items[*].status.addresses[?(@.type=="ExternalIP")].address}'
- 取得 nodes 上所有 ExternalIPs
sel=${$(kubectl get rc my-rc --output=json | jq -j '.spec.selector | to_entries | .[] | "\(.key)=\(.value),"')%?}
echo $(kubectl get pods --selector=$sel --output=jsonpath={.items..metadata.name})
- 取得 my-rc 中的 pod 名稱
kubectl get pods --show-labels
- 取得所有的 pod 並附註 label
JSONPATH='{range .items[*]}{@.metadata.name}:{range @.status.conditions[*]}{@.type}={@.status};{end}{end}' \
&& kubectl get nodes -o jsonpath="$JSONPATH" | grep "Ready=True"
- 取得所有正在運行的 Node
kubectl get node -o custom-columns='NODE_NAME:.metadata.name,STATUS:.status.conditions[?(@.type=="Ready")].status'
- 取得所有正在運行的 Node,並附加客製 Column
kubectl get secret my-secret -o go-template='{{range $k,$v := .data}}{{"### "}}{{$k}}{{"\n"}}{{$v|base64decode}}{{"\n\n"}}{{end}}'
- 取得 decoded 過的 secrets
kubectl get pods -o json | jq '.items[].spec.containers[].env[]?.valueFrom.secretKeyRef.name' | grep -v null | sort | uniq
- 取得有被 pod 使用的 secret
kubectl get pods --all-namespaces -o jsonpath='{range .items[*].status.initContainerStatuses[*]}{.containerID}{"\n"}{end}' | cut -d/ -f3
- 取得所有包含 init countainer 的 containerIDs
kubectl get events --sort-by=.metadata.creationTimestamp
- 透過排序 timestamp 取得所有 events
kubectl events --types=Warning
- 取得所有 warning events
kubectl get nodes -o json | jq -c 'paths|join(".")'
"apiVersion"
"items"
"items.0"
"items.0.apiVersion"
"items.0.kind"
"items.0.metadata"
"items.0.metadata.annotations"
"items.0.metadata.annotations.flannel.alpha.coreos.com/backend-data"
"items.0.metadata.annotations.flannel.alpha.coreos.com/backend-type"
"items.0.metadata.annotations.flannel.alpha.coreos.com/kube-subnet-manager"
"items.0.metadata.annotations.flannel.alpha.coreos.com/public-ip"
"items.0.metadata.annotations.kubeadm.alpha.kubernetes.io/cri-socket"
"items.0.metadata.annotations.node.alpha.kubernetes.io/ttl"
"items.0.metadata.annotations.volumes.kubernetes.io/controller-managed-attach-detach"
"items.0.metadata.creationTimestamp"
"items.0.metadata.labels"
"items.0.metadata.labels.beta.kubernetes.io/arch"
"items.0.metadata.labels.beta.kubernetes.io/os"
"items.0.metadata.labels.kubernetes.io/arch"
"items.0.metadata.labels.kubernetes.io/hostname"
"items.0.metadata.labels.kubernetes.io/os"
"items.0.metadata.labels.node-role.kubernetes.io/control-plane"
"items.0.metadata.labels.node.kubernetes.io/exclude-from-external-load-balancers"
"items.0.metadata.name"
"items.0.metadata.resourceVersion"
"items.0.metadata.uid"
"items.0.spec"
"items.0.spec.podCIDR"
"items.0.spec.podCIDRs"
"items.0.spec.podCIDRs.0"
"items.0.spec.taints"
"items.0.spec.taints.0"
"items.0.spec.taints.0.effect"
"items.0.spec.taints.0.key"
"items.0.status"
"items.0.status.addresses"
"items.0.status.addresses.0"
"items.0.status.addresses.0.address"
"items.0.status.addresses.0.type"
"items.0.status.addresses.1"
"items.0.status.addresses.1.address"
"items.0.status.addresses.1.type"
"items.0.status.allocatable"
"items.0.status.allocatable.cpu"
"items.0.status.allocatable.ephemeral-storage"
"items.0.status.allocatable.hugepages-2Mi"
"items.0.status.allocatable.memory"
"items.0.status.allocatable.pods"
"items.0.status.capacity"
"items.0.status.capacity.cpu"
"items.0.status.capacity.ephemeral-storage"
"items.0.status.capacity.hugepages-2Mi"
"items.0.status.capacity.memory"
"items.0.status.capacity.pods"
"items.0.status.conditions"
"items.0.status.conditions.0"
"items.0.status.conditions.0.lastHeartbeatTime"
"items.0.status.conditions.0.lastTransitionTime"
"items.0.status.conditions.0.message"
"items.0.status.conditions.0.reason"
"items.0.status.conditions.0.status"
"items.0.status.conditions.0.type"
"items.0.status.conditions.1"
"items.0.status.conditions.1.lastHeartbeatTime"
"items.0.status.conditions.1.lastTransitionTime"
"items.0.status.conditions.1.message"
"items.0.status.conditions.1.reason"
"items.0.status.conditions.1.status"
"items.0.status.conditions.1.type"
"items.0.status.conditions.2"
"items.0.status.conditions.2.lastHeartbeatTime"
"items.0.status.conditions.2.lastTransitionTime"
"items.0.status.conditions.2.message"
"items.0.status.conditions.2.reason"
"items.0.status.conditions.2.status"
"items.0.status.conditions.2.type"
"items.0.status.conditions.3"
"items.0.status.conditions.3.lastHeartbeatTime"
"items.0.status.conditions.3.lastTransitionTime"
"items.0.status.conditions.3.message"
"items.0.status.conditions.3.reason"
"items.0.status.conditions.3.status"
"items.0.status.conditions.3.type"
"items.0.status.conditions.4"
"items.0.status.conditions.4.lastHeartbeatTime"
"items.0.status.conditions.4.lastTransitionTime"
"items.0.status.conditions.4.message"
"items.0.status.conditions.4.reason"
"items.0.status.conditions.4.status"
"items.0.status.conditions.4.type"
"items.0.status.daemonEndpoints"
"items.0.status.daemonEndpoints.kubeletEndpoint"
"items.0.status.daemonEndpoints.kubeletEndpoint.Port"
"items.0.status.images"
"items.0.status.images.0"
"items.0.status.images.0.names"
"items.0.status.images.0.names.0"
"items.0.status.images.0.names.1"
"items.0.status.images.0.sizeBytes"
"items.0.status.images.1"
"items.0.status.images.1.names"
"items.0.status.images.1.names.0"
"items.0.status.images.1.names.1"
"items.0.status.images.1.sizeBytes"
"items.0.status.images.2"
"items.0.status.images.2.names"
"items.0.status.images.2.names.0"
"items.0.status.images.2.names.1"
"items.0.status.images.2.sizeBytes"
"items.0.status.images.3"
"items.0.status.images.3.names"
"items.0.status.images.3.names.0"
"items.0.status.images.3.names.1"
"items.0.status.images.3.sizeBytes"
"items.0.status.images.4"
"items.0.status.images.4.names"
"items.0.status.images.4.names.0"
"items.0.status.images.4.names.1"
"items.0.status.images.4.sizeBytes"
"items.0.status.images.5"
"items.0.status.images.5.names"
"items.0.status.images.5.names.0"
"items.0.status.images.5.names.1"
"items.0.status.images.5.sizeBytes"
"items.0.status.images.6"
"items.0.status.images.6.names"
"items.0.status.images.6.names.0"
"items.0.status.images.6.names.1"
"items.0.status.images.6.sizeBytes"
"items.0.status.images.7"
"items.0.status.images.7.names"
"items.0.status.images.7.names.0"
"items.0.status.images.7.names.1"
"items.0.status.images.7.sizeBytes"
"items.0.status.images.8"
"items.0.status.images.8.names"
"items.0.status.images.8.names.0"
"items.0.status.images.8.names.1"
"items.0.status.images.8.sizeBytes"
"items.0.status.images.9"
"items.0.status.images.9.names"
"items.0.status.images.9.names.0"
"items.0.status.images.9.names.1"
"items.0.status.images.9.sizeBytes"
"items.0.status.nodeInfo"
"items.0.status.nodeInfo.architecture"
"items.0.status.nodeInfo.bootID"
"items.0.status.nodeInfo.containerRuntimeVersion"
"items.0.status.nodeInfo.kernelVersion"
"items.0.status.nodeInfo.kubeProxyVersion"
"items.0.status.nodeInfo.kubeletVersion"
"items.0.status.nodeInfo.machineID"
"items.0.status.nodeInfo.operatingSystem"
"items.0.status.nodeInfo.osImage"
"items.0.status.nodeInfo.systemUUID"
"items.1"
"items.1.apiVersion"
"items.1.kind"
"items.1.metadata"
"items.1.metadata.annotations"
"items.1.metadata.annotations.flannel.alpha.coreos.com/backend-data"
"items.1.metadata.annotations.flannel.alpha.coreos.com/backend-type"
"items.1.metadata.annotations.flannel.alpha.coreos.com/kube-subnet-manager"
"items.1.metadata.annotations.flannel.alpha.coreos.com/public-ip"
"items.1.metadata.annotations.kubeadm.alpha.kubernetes.io/cri-socket"
"items.1.metadata.annotations.node.alpha.kubernetes.io/ttl"
"items.1.metadata.annotations.volumes.kubernetes.io/controller-managed-attach-detach"
"items.1.metadata.creationTimestamp"
"items.1.metadata.labels"
"items.1.metadata.labels.beta.kubernetes.io/arch"
"items.1.metadata.labels.beta.kubernetes.io/os"
"items.1.metadata.labels.kubernetes.io/arch"
"items.1.metadata.labels.kubernetes.io/hostname"
"items.1.metadata.labels.kubernetes.io/os"
"items.1.metadata.name"
"items.1.metadata.resourceVersion"
"items.1.metadata.uid"
"items.1.spec"
"items.1.spec.podCIDR"
"items.1.spec.podCIDRs"
"items.1.spec.podCIDRs.0"
"items.1.status"
"items.1.status.addresses"
"items.1.status.addresses.0"
"items.1.status.addresses.0.address"
"items.1.status.addresses.0.type"
"items.1.status.addresses.1"
"items.1.status.addresses.1.address"
"items.1.status.addresses.1.type"
"items.1.status.allocatable"
"items.1.status.allocatable.cpu"
"items.1.status.allocatable.ephemeral-storage"
"items.1.status.allocatable.hugepages-2Mi"
"items.1.status.allocatable.memory"
"items.1.status.allocatable.pods"
"items.1.status.capacity"
"items.1.status.capacity.cpu"
"items.1.status.capacity.ephemeral-storage"
"items.1.status.capacity.hugepages-2Mi"
"items.1.status.capacity.memory"
"items.1.status.capacity.pods"
"items.1.status.conditions"
"items.1.status.conditions.0"
"items.1.status.conditions.0.lastHeartbeatTime"
"items.1.status.conditions.0.lastTransitionTime"
"items.1.status.conditions.0.message"
"items.1.status.conditions.0.reason"
"items.1.status.conditions.0.status"
"items.1.status.conditions.0.type"
"items.1.status.conditions.1"
"items.1.status.conditions.1.lastHeartbeatTime"
"items.1.status.conditions.1.lastTransitionTime"
"items.1.status.conditions.1.message"
"items.1.status.conditions.1.reason"
"items.1.status.conditions.1.status"
"items.1.status.conditions.1.type"
"items.1.status.conditions.2"
"items.1.status.conditions.2.lastHeartbeatTime"
"items.1.status.conditions.2.lastTransitionTime"
"items.1.status.conditions.2.message"
"items.1.status.conditions.2.reason"
"items.1.status.conditions.2.status"
"items.1.status.conditions.2.type"
"items.1.status.conditions.3"
"items.1.status.conditions.3.lastHeartbeatTime"
"items.1.status.conditions.3.lastTransitionTime"
"items.1.status.conditions.3.message"
"items.1.status.conditions.3.reason"
"items.1.status.conditions.3.status"
"items.1.status.conditions.3.type"
"items.1.status.conditions.4"
"items.1.status.conditions.4.lastHeartbeatTime"
"items.1.status.conditions.4.lastTransitionTime"
"items.1.status.conditions.4.message"
"items.1.status.conditions.4.reason"
"items.1.status.conditions.4.status"
"items.1.status.conditions.4.type"
"items.1.status.daemonEndpoints"
"items.1.status.daemonEndpoints.kubeletEndpoint"
"items.1.status.daemonEndpoints.kubeletEndpoint.Port"
"items.1.status.images"
"items.1.status.images.0"
"items.1.status.images.0.names"
"items.1.status.images.0.names.0"
"items.1.status.images.0.names.1"
"items.1.status.images.0.sizeBytes"
"items.1.status.images.1"
"items.1.status.images.1.names"
"items.1.status.images.1.names.0"
"items.1.status.images.1.names.1"
"items.1.status.images.1.sizeBytes"
"items.1.status.images.2"
"items.1.status.images.2.names"
"items.1.status.images.2.names.0"
"items.1.status.images.2.names.1"
"items.1.status.images.2.sizeBytes"
"items.1.status.images.3"
"items.1.status.images.3.names"
"items.1.status.images.3.names.0"
"items.1.status.images.3.names.1"
"items.1.status.images.3.sizeBytes"
"items.1.status.nodeInfo"
"items.1.status.nodeInfo.architecture"
"items.1.status.nodeInfo.bootID"
"items.1.status.nodeInfo.containerRuntimeVersion"
"items.1.status.nodeInfo.kernelVersion"
"items.1.status.nodeInfo.kubeProxyVersion"
"items.1.status.nodeInfo.kubeletVersion"
"items.1.status.nodeInfo.machineID"
"items.1.status.nodeInfo.operatingSystem"
"items.1.status.nodeInfo.osImage"
"items.1.status.nodeInfo.systemUUID"
"kind"
"metadata"
"metadata.resourceVersion"
- 產生一個以句點分隔的樹,其中包含為 Node 等返回的所有 key
kubectl get pods -o json | jq -c 'paths|join(".")'
"apiVersion"
"items"
"kind"
"metadata"
"metadata.resourceVersion"
- 產生一個以句點分隔的樹,其中包含為 Pod 等返回的所有 key
for pod in $(kubectl get po --output=jsonpath={.items..metadata.name}); do echo $pod && kubectl exec -it $pod -- env; done
- 找出有使用 env 指令的 pod
kubectl get deployment nginx-deployment --subresource=status
- 取得 deployment nginx-deployment 中的 subresource
create 創建物件
kubectl create deployment $DPNAME --image=$IMAGENAME --replicas 3
- 創建一個 deployment
kubectl create job $JOBNAME --image=$IMAGENAME -- sh -c "sleep 50"
- 創建一個 job
kubectl create cronjob $CRONJOBNAME --image=$IMAGENAME --schedule="*/1 * * * *" -- echo "Hello World”
- 創建一個 cronjob
kubectl create ns $NSNAME
- 創建 namespace
describe 詳細描述物件資訊
kubectl describe nodes $NODENAME
- 查看 Node
kubectl describe pods $PODNAME
- 查看 Pod
delete 刪除物件
kubectl delete pod $PODNAME
kubectl delete service $SERVICENAME
kubectl delete deployments.apps web
kubectl delete persistentvolumeclaims $PVCNAME
kubectl delete persistentvolume $PVNAME
kubectl delete pod $PODNAME --grace-period=$SECOND
- 在時間內刪除 pod
kubectl delete pod $PODNAME --grace-period=0 --force
- 強制刪除 pod (SIGKILL)
expose 創建 service
kubectl expose -f $FILENAME
kubectl expose --port=$PORT --protocol=TCP/UDP --target-port=$NAME --name=$NAME ----externalip=$IP
log 查看日誌 log
kubectl logs $PODNAME
kubectl logs $POD_NAME -c $CONTAINER_NAME
kubectl logs $POD_NAME --all-containers
kubectl logs --selector $KEY1=$VALUE1
kubectl logs -f $POD_NAME
follow latest logs
kubectl logs -f $POD_NAME $CONTAINER_NAME
若 Pod 內有兩個以上的 container,要在指令後方加上 container name,否則會發生 error
kubectl logs $POD_NAME --tail 5
- get 最近的 5 個 log
kubectl logs $POD_NAME -f --previous
- 查看 Pod 之前的 log
exec 在 pod 中執行指令
kubectl exec $POD_NAME -- ls /
- 在 POD 執行指令
kubectl exec --stdin --tty $POD_NAME -- /bin/sh
- 連線 POD 的 SHELL
kubectl exec $PODNAME -c my-container -- ls /
- 在多個同樣的 PODS 裡面運行指令
annotate 在 pod 中建立註解
kubectl annotate [--overwrite] (-f FILENAME | TYPE NAME) KEY_1=VAL_1 ... KEY_N=VAL_N [--resource-version=version]`
- 在 pod 上建立一般描述 Annotation
debug 建立 debug 模式
kubectl debug (POD | TYPE[[.VERSION].GROUP]/NAME) [ -- COMMAND [args...] ]`
set 更新 image
kubectl set image deployment/web nginx**=**nginx:1.14.2`
rollout 更新回滾
kubectl rollout undo deployment $DPNAME --to-revision=1
kubectl rollout history deployment $DPNAME
查看 rollout history
kubectl rollout history deployment $DPNAME --revision=1
查看 revision history
scale 擴展 Deployment
kubectl scale deployment $DP_NAME --replicas 5
taint 限制節點不能建立 pod
kubectl taint nodes $NODENAME $KEY1=$VALUE1:NoSchedule
- 新增 taint
kubectl taint nodes $NODENAME $KEY1=$VALUE1:NoSchedule-
- 移除 taint
label 為資源加上 label
kubectl label nodes $NODENAME hardware=local_gpu
cordon 標記節點不能建立 pod
kubectl cordon $NODENAME
drain 非強制的刪除節點上的 Pod
kubectl drain $NODE_NAME --ingore-daemonsets`
top 查看資源 CPU Memory
kubectl top pods
kubectl top nodes
auth 確認權限
kubectl auth can-i $OPTION $RESOURCES
- kubectl auth can-i create nodes
- kubectl auth can-i delete pods
- kubectl auth can-i delete nodes --as dev-user`
config 環境初始設定
kubectl config view
- 展示 kubeconfig 的設定內容
kubectl config view -o jsonpath='{.users[?(@.name == "e2e")].user.password}'
- 取得 user e2e 的 password
kubectl config view -o jsonpath='{.users[*].name}'
- 取得用戶清單
kubectl config get-contexts
- 取得 context 清單
kubectl config current-context
- 取得 current context
kubectl config use-context my-cluster-name
- 設定 the default context to my-cluster-name
kubectl cluster-info
kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: [<https://172.31.9.108:6443>](<https://172.31.9.108:6443/>)
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
kubectl config view --raw
apiVersion: v1
clusters:
- cluster:
certificate-authority-data:
server: [<https://172.31.9.108:6443>](<https://172.31.9.108:6443/>)
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data:
client-key-data:
kubectl config get-contexts
patch 更新物件
kubectl patch node $NODENAME -p '{"spec":{"unschedulable":true}}'
- 單獨升級 node
kubectl patch pod valid-pod -p '{"spec":{"containers":[{"name":"kubernetes-serve-hostname","image":"new image"}]}}'`
- 更新 pod 中的 container image
kubectl patch pod valid-pod --type='json' -p='[{"op": "replace", "path": "/spec/containers/0/image", "value":"new image"}]'`
- 透過 json patch 更新 container 的 image
kubectl patch deployment valid-deployment --type json -p='[{"op": "remove", "path": "/spec/template/spec/containers/0/livenessProbe"}]'
- 關閉 deployment 中的 livenessProbe
kubectl patch sa default --type='json' -p='[{"op": "add", "path": "/secrets/1", "value": {"name": "whatever" } }]'`
- 將新的 element 加入到 positional array
kubectl patch deployment nginx-deployment --subresource='scale' --type='merge' -p '{"spec":{"replicas":2}}'`
- 升級 deployment 中的 replica,更新其中的 subresources
kubeadm 基本指令
init 初始化一個控制平面節點
kubeadm init
join 將工作節點並將其加入集群
kubeadm join --discovery-token abcdef.1234567890abcdef 1.2.3.4:6443
upgrade 支持升級的規劃和執行
kubeadm upgrade plan $VERSION $FLAG
- 檢查可升級到哪些版本,並驗證你當前的集群是否可升級
kubeadm upgrade apply $VERSION
- 將 Kubernetes 集群升级到指定版本
config 列出默認靜態配置
kubeadm config print
reset 還原由 init 或 join 所做更改
kubeadm reset [flags]
token 在 server 上創造 token
kubeadm token create $TOKEN
version 输出 kubeadm 的版本
kubeadm version
特殊使用情境
檢視服務紀錄檔
systemctl status kubelet
systemctl status kube-controller-manager -l
journalctl -u kube-controller-manager
journalctl -u kubelet
檢視 Control Plane 服務
service kube-apiserver status
service kube-controller-manager status
service kube-scheduler status
service kubelet status
service kube-proxy status
kubectl logs kube-apiserver-master -n kube-system
sudo journalctl -u kube-apiserver
檢視 worker node
service kubelet status
sudo journalctl –u kubelet
檢視 certification
openssl x509 -in /var/lib/kubelet/worker-1.crt -text
資源縮寫
| 資源名稱 | 縮寫 |
|---|---|
| cluster | |
| componentstatuses | cs |
| configmaps | cm |
| daemonsets | ds |
| deployments | deploy |
| endpoints | ep |
| events | ev |
| horizontalpodautoscaler | hpa |
| ingress | ing |
| nodes | no |
| namespaces | ns |
| persistentvolumeclaims | pvc |
| persisitentvolume | pv |
| pods | po |
| podsecuritypolicy | psp |
| replicasets | rs |
| replicationcontrollers | rc |
| resoucesquotas | quota |
| services | svc |
| storageclasses | sc |