kubectl

Kubernetes 命令行工具 kubectl，让你可以对 Kubernetes 集群运行命令。你可以使用 kubectl 来部署应用、监测和管理集群资源以及查看日志。

有关更多信息，包括 kubectl 操作的完整列表，请参见 kubectl 参考文件。

kubectl 可安装在各种 Linux 平台、 macOS 和 Windows 上。在下面找到你喜欢的操作系统。

安装

在 Linux 系统中安装 kubectl

用以下命令下载最新发行版：


curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
mv kubectl /usr/bin/kubectl
chmod +x /usr/bin/kubectl

下载某个指定的版本：


xxxxxxxxxx
curl -L https://dl.k8s.io/release/v1.18.4/bin/linux/amd64/kubectl -o /usr/bin/kubectl
chmod +x /usr/bin/kubectl

在 Windows 上安装 kubectl

下载kubectl 1.18.4: https://dl.k8s.io/release/v1.18.4/bin/windows/amd64/kubectl.exe

查看版本号


x
kubectl version

[root@CLCSVL1946 cqy]# kubectl version
Client Version: v1.28.2
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.25.5-r0-25.2.34.3

Get,Describe

Nodes


xxxxxxxxxx
alias kgn='kubectl get nodes'
alias kgno='kubectl get nodes -o wide'
alias kdn='kubectl describe nodes'

# 没有权限，使用 kubectl get pods 过滤 Node 信息
alias kgn0='echo "NODE (The Infomation from pods mate info.)"; kubectl get pods -o=custom-columns="NODE:.spec.nodeName" | grep -v -E "NODE|none" | sort | uniq'

# 这些字段都可以通过 kubectl get nodes|pod -o json xxx 获得
# 查看集群 节点 总容量、可分配容量（这里没法看Allocated resources）
kubectl get nodes -o=custom-columns="Name:.metadata.name,CapacityCPU:.status.capacity.cpu,CapacityMEM:.status.capacity.memory,CapacityDisk:.status.capacity.ephemeral-storage,AllocatableCPU:.status.allocatable.cpu,AllocatableMEM:.status.allocatable.memory,AllocatableDisk:.status.allocatable.ephemeral-storage"
alias kgn1='kubectl get nodes -o=custom-columns="Name:.metadata.name,CapacityCPU:.status.capacity.cpu,CapacityMEM:.status.capacity.memory,CapacityDisk:.status.capacity.ephemeral-storage,AllocatableCPU:.status.allocatable.cpu,AllocatableMEM:.status.allocatable.memory,AllocatableDisk:.status.allocatable.ephemeral-storage"'

# 查看集群 节点 已分配Allocated resources 的 CPU、内存
kubectl describe nodes | grep -E '(^(Name|Allocated resources):)|(^  (memory|cpu) )'
alias kgn2='kubectl describe nodes | grep -E '"'"'(^(Name|Allocated resources):)|(^  (memory|cpu) )'"'"''

# 查看集群 节点 运行中Non-terminated Pods 的 CPU、内存
kubectl describe node | \grep -E '(^Name:)|.*\%.*\%.*\%.*\%'
alias kgn3='kubectl describe node | \grep -E '"'"'(^Name:)|.*\%.*\%.*\%.*\%'"'"''

Namespace


xxxxxxxxxx
#查看所有namespace
kubectl get namespace
kubectl get ns
[root@master ~]# kubectl get namespace
NAME          STATUS    AGE
default       Active    3d
kube-public   Active    3d
kube-system   Active    3d
rook-ceph     Active    3d

alias kgns='kubectl get namespace'
alias kds='kubectl describe namespace'

Deployments


xxxxxxxxxx
#查看所有Deployments
kubectl get deployments
kubectl get deploy
[root@master ~]# kubectl get deployments
NAME               DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   2         2         2            2           4h
1 .  DESIRED：用户期望的 Pod 副本个数（spec.replicas 的值）；
2 .  CURRENT：当前处于 Running 状态的 Pod 的个数；
3 .  UP-TO-DATE：当前处于最新版本的 Pod 的个数，所谓最新版本指的是 Pod 的 Spec 部分与 Deployment 里 Pod 模板里定义的完全一致；
4 .  AVAILABLE：当前已经可用的 Pod 的个数，即：既是 Running 状态，又是最新版本，并且已经处于 Ready（健康检查正确）状态的 Pod 的个数。

#查看所有Deployments，包括镜像等
kubectl get deployments -o wide

#查看具体的Deployments，以yaml格式
kubectl get deployments -oyaml deployment_name

alias kgd='kubectl get deployments.apps'
alias kgdo='kubectl get deployments.apps -o wide'
alias kgdoy='kubectl get deployments.apps -o yaml' # 带上具体的deployments
alias kdd='kubectl describe deployments.apps'

# 查看所有Deployments的副本数、内存、cpu
alias kgd0='kubectl get deployments.apps -o=custom-columns='"'"'name:metadata.name,replicas:spec.replicas,cpu.request:spec.template.spec.containers[0].resources.requests.cpu,memory.request:spec.template.spec.containers[0].resources.requests.memory,cpu.limits:spec.template.spec.containers[0].resources.limits.cpu,memory.limits:spec.template.spec.containers[0].resources.limits.memory'"'"

DamonSet


xxxxxxxxxx
#查看所有DamonSet
kubectl get daemonsets
[root@cdpfn1jks01 ~]# kubectl get daemonsets.apps
NAME       DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
filebeat   8         8         8       8            8           <none>          29d

#查看所有DamonSet，包括镜像等
kubectl get daemonsets -o wide

#查看具体的DamonSet，以yaml格式
kubectl get daemonsets -oyaml daemonset_name

alias kgds='kubectl get daemonsets.apps'
alias kgdso='kubectl get daemonsets.apps -o wide'
alias kgdsoy='kubectl get daemonsets.apps -o yaml' # 带上具体的daemonsets
alias kdds='kubectl describe daemonsets.apps'

StatefulSet


xxxxxxxxxx
# 查看StatefulSet
kubectl get statefulsets.apps

alias kgss='kubectl get statefulsets.apps'
alias kgsso='kubectl get statefulsets.apps -o wide'
alias kgssoy='kubectl get statefulsets.apps -o yaml'
alias kdss='kubectl describe statefulsets.apps'

CronJobs


xxxxxxxxxx
# 查看CronJob
kubectl get cronjobs.batch

alias kgcj='kubectl get cronjobs.batch'
alias kgcjo='kubectl get cronjobs.batch -o wide'
alias kgcjoy='kubectl get cronjobs.batch -o yaml'
alias kdcj='kubectl describe cronjobs.batch'

Jobs


xxxxxxxxxx
# 查看Jobs
kubectl get jobs.batch

alias kgj='kubectl get jobs.batch'
alias kgjo='kubectl get jobs.batch -o wide'
alias kgjoy='kubectl get jobs.batch -o yaml'
alias kdj='kubectl describe jobs.batch'

Secret


xxxxxxxxxx
# 查看 Secret 对象
kubectl get secrets
[root@master ~]# kubectl get secrets
NAME                  TYPE                                  DATA      AGE
default-token-7vj6c   kubernetes.io/service-account-token   3         5d

kubectl describe secrets/default-token-7vj6c
[root@master ~]# kubectl describe secrets/default-token-7vj6c
Name:         default-token-7vj6c
Namespace:    default
......

alias kgsec='kubectl get secrets'
alias kgsecoy='kubectl get secrets -o yaml'
alias kdsec='kubectl describe secrets'

# 解析 kubernetes.io/dockerconfigjson 类型的 secret
kubectl get secrets xsio-registry-secret --output="jsonpath={.data.\.dockerconfigjson}" | base64 -d

alias kgsecd='func() { [ "$1" == "" ] && { echo -e "secret_name is empty.\nexit 1"; return 1; }; secd=$(kubectl get secrets $1 --output="jsonpath={.data.\.dockerconfigjson}" | base64 -d); echo ${secd}; echo ${secd} | sed '"'"'s/.*auth":\s*"\(.*\)".*/\1/'"'"' | base64 -d; }; func'

# 解析 kubernetes.io/tls 类型的 secret
# kubectl get secrets t.b8h.cn --output="jsonpath={.data.tls\.crt}" | base64 -d | openssl x509 -noout -dates

alias kgsecdtls='func() { [ "$1" == "" ] && { echo -e "secret_name is empty.\nexit 1"; return 1; }; kubectl get secrets $1 --output="jsonpath={.data.tls\.crt}" | base64 -d | openssl x509 -noout -dates; }; func'

Services


xxxxxxxxxx
# 查看 Services 对象
alias kgsvc='kubectl get services'
alias kgsvcoy='kubectl get services -o yaml'
alias kgsvcm='kubectl get servicemonitors.monitoring.coreos.com'
alias kdsvc='kubectl describe services'

Endpoints


xxxxxxxxxx
# 查看 endpoints 对象
alias kgep='kubectl get endpoints'
alias kgepoy='kubectl get endpoints -o yaml'
alias kdep='kubectl describe endpoints'

ServiceMonitors


xxxxxxxxxx
# 查看 ServiceMonitors 对象
alias kgsvcm='kubectl get servicemonitors.monitoring.coreos.com'
alias kdsvcm='kubectl describe servicemonitors.monitoring.coreos.com'

Configmaps


xxxxxxxxxx
# 查看 Configmaps 对象
alias kgcm='kubectl get configmaps'
alias kgcmoy='kubectl get configmaps -o yaml'
alias kdcm='kubectl describe configmaps'

Ingress


xxxxxxxxxx
#查看所有ingress
kubectl get ingress

#查看ingress
kubectl get ingress -oyaml app-ing

#编辑ingress
kubectl edit ingress app-ing

alias kgi='kubectl get ingress'
alias kgioy='kubectl get ingress -o yaml' # 带上具体的ingress
alias kdi='kubectl describe ingress'

StorageClass、PV、PVC


xxxxxxxxxx
# 查看 StorageClass 对象
alias kgsc='kubectl get storageclass'
alias kgscoy='kubectl get storageclass -o yaml'

# 查看PV、PVC
alias kgpv='kubectl get pv'
alias kgpvo='kubectl get pv -o wide'
alias kgpvoy='kubectl get pv -o yaml'
alias kgpvc='kubectl get pvc'
alias kgpvco='kubectl get pvc -o wide'
alias kgpvcoy='kubectl get pvc -o yaml'

ReplicaSet


xxxxxxxxxx
#查看所有ReplicaSet
kubectl get replicaset
kubectl get rs
[root@master ~]# kubectl get rs
NAME                          DESIRED   CURRENT   READY     AGE
nginx-deployment-67594d6bf6   2         2         2         17m

alias kgrs='kubectl get replicasets.apps'
alias kgrso='kubectl get replicasets.apps -o wide'
alias kgrsoy='kubectl get replicasets.apps -o yaml'

Top


xxxxxxxxxx
# 查看pod的cpu , memory使用率情况
alias ktp='kubectl top pod'

# 查看node的cpu , memory使用率情况
alias ktn='kubectl top node'

Pod


xxxxxxxxxx
#查看 namespaces: kube-system 的 Pod 的状态
kubectl get pods -n kube-system
[root@localhost ~]# kubectl get pods -n kube-system
NAME                                   READY     STATUS    RESTARTS   AGE
coredns-78fcdf6894-kxt2n               1/1       Running   0          1h

#查看namespaces: --all-namespaces 的 pod 的状态
kubectl get pods --all-namespaces
kubectl get pods -A
[root@localhost ~]# kubectl get pods --all-namespaces
NAMESPACE     NAME                                            READY     STATUS    RESTARTS   AGE
kube-system   coredns-78fcdf6894-62247                        1/1       Running   0          1h

#查看namespaces: --all-namespaces 的 pod 的状态，显示IP和node
kubectl get pods --all-namespaces -o wide
[root@localhost ~]# kubectl get pods --all-namespaces -o wide
NAMESPACE     NAME                                   READY     STATUS    RESTARTS   AGE       IP                NODE
kube-system   coredns-78fcdf6894-t22b2               1/1       Running   1          1d        10.32.0.3         master

#查看namespaces: default的 pod 的状态
kubectl get pods
[root@localhost ~]# kubectl get pods
NAME                                READY     STATUS    RESTARTS   AGE
nginx-deployment-67594d6bf6-vq5kw   1/1       Running   0          40m

#查看namespaces: default的 pod 的状态，显示IP和node
kubectl get pods -o wide
[root@localhost ~]# kubectl get pods -o wide
NAME                                READY     STATUS    RESTARTS   AGE       IP          NODE
nginx-deployment-67594d6bf6-vq5kw   1/1       Running   0          40m       10.32.0.6   master

# --field-selector
kubectl get pods --field-selector=status.phase=Running
kubectl get pods --field-selector=status.phase!=Running
kubectl get pods --field-selector=status.phase!=Running,spec.restartPolicy=Always
kubectl get pods --field-selector=status.phase=Pending
kubectl get pods --field-selector=status.phase=Failed
kubectl get pods --field-selector=status.phase!=Running | grep Completed
kubectl get pods --field-selector=status.phase!=Running | grep Evicted

可在字段选择器中使用 =、== 和 != （= 和 == 的意义是相同的）操作符。

alias kgp='kubectl get pods'
alias kgpo='kubectl get pods -o wide'
alias kgpoy='kubectl get pods -o yaml'
alias kgpoj='kubectl get pods -o json'

# 统计namespaces: --all-namespaces 每个node运行的pod数量
kubectl get pods --all-namespaces -o wide | awk '{if (NR>1){print $(NF-2)}}' | sort |uniq -c | sort -n -r

# 统计每个node运行的pod数量
kubectl get pods -o wide | awk '{if (NR>1){print $(NF-2)}}' | sort |uniq -c | sort -n -r

#查看 pods 详情
kubectl describe pod -n kube-system

#查看具体pod 详情
kubectl describe pod kubernetes-dashboard-767dc7d4d-qsm89 -n kube-system

# 从 pod_short_name 获得 pod_name
alias kgpn='func() { kubectl get pods -o=custom-columns='"'"'name:metadata.name'"'"' | \grep $1 | head -n ${2-1}; }; func'

#查看具体pod 详情
alias kdp='func() { [ "$1" == "" ] && { echo -e "pod_name is empty.\nexit 1"; return 1; }; pod_name=$(kgpn $1); set -x; kubectl describe pod ${pod_name}; set +x;}; func'

Flux/Helm/Git


xxxxxxxxxx
kubectl get gitrepositories.source.toolkit.fluxcd.io
kubectl get helmrepositories.source.toolkit.fluxcd.io
kubectl get hc
kubectl get helmcharts.source.toolkit.fluxcd.io
kubectl get ks
kubectl get kustomizations.kustomize.toolkit.fluxcd.io
kubectl get hr
kubectl get helmreleases.helm.toolkit.fluxcd.io

alias kggrepo='kubectl get gitrepositories.source.toolkit.fluxcd.io'
alias kghrepo='kubectl get helmrepositories.source.toolkit.fluxcd.io'
alias kghc='kubectl get helmcharts.source.toolkit.fluxcd.io'
alias kgks='kubectl get kustomizations.kustomize.toolkit.fluxcd.io'
alias kghr='kubectl get helmreleases.helm.toolkit.fluxcd.io'
alias kghroy='kubectl get helmreleases.helm.toolkit.fluxcd.io -o yaml'
alias kdhc='kubectl describe helmcharts.source.toolkit.fluxcd.io'
alias kdks='kubectl describe kustomizations.kustomize.toolkit.fluxcd.io'
alias kdhr='kubectl describe helmreleases.helm.toolkit.fluxcd.io'

Event


xxxxxxxxxx
kubectl get events

alias kgevt='kubectl get events.events.k8s.io'

命令

Apply


xxxxxxxxxx
# Kubernetes 对象的创建和更新操作 12
kubectl apply -f nginx-deployment.yaml

# Kubernetes 对象的创建和更新操作，记录操作命令 17
kubectl apply -f nginx-deployment.yaml --record

# Tips
kubectl apply -f xxx.yaml 中的所有image均从docker hub获取

# 发布
alias kaf='func() { set -x; kubectl apply -f $1; set +x;}; func'

Scale


xxxxxxxxxx
# 水平扩展 / 收缩 ReplicaSet 的数量 17
kubectl scale deployment nginx-deployment --replicas=4

alias kbscd='func() { [ "$1" == "" ] && { echo -e "deployment_name is empty.\nexit 1"; return 1; }; set -x; kubectl scale deployment $1 --replicas=${2-1}; set +x;}; func'

kubectl scale statefulset prometheus --replicas=1

alias kbscss='func() { [ "$1" == "" ] && { echo -e "statefulset_name is empty.\nexit 1"; return 1; }; set -x; kubectl scale statefulset $1 --replicas=${2-1}; set +x;}; func'

Set


xxxxxxxxxx
# 修改使用的镜像
kubectl set image deployment/nginx-deployment nginx=nginx:1.8.1

Rollout


xxxxxxxxxx
# 把整个 Deployment 回滚到上一个版本
kubectl rollout undo deployment/nginx-deployment

# 对 Deployment 的多次更新操作，最后 只生成一个 ReplicaSet
#让这个 Deployment 进入了一个“暂停”状态。
kubectl rollout pause deployment/nginx-deployment
#随意使用 kubectl edit 或者 kubectl set image 指令，修改这个Deployment 的内容
#把这个 Deployment“恢复”回来
kubectl rollout resume deploy/nginx-deployment

# 查看 Deployment 的 详情，如：Events
kubectl describe deployment nginx-deployment

# 查看 Deployment 对象的状态变化
kubectl rollout status deployment/nginx-deployment

# 查看每次 Deployment / DaemonSet 变更对应的版本
kubectl rollout history deployment/<deployment>
kubectl rollout history daemonset/<daemonset>

看到每个版本对应的 Deployment / DaemonSet 的 API 对象的细节
kubectl rollout history deployment/<deployment> --revision=<id>
kubectl rollout history daemonset/<daemonset> --revision=<id>

# 回滚
kubectl rollout undo deploy/httpd

# 回滚到指定版本
kubectl rollout undo deployment httpd --to-revision=1

# 查看 Deployment 所有版本的镜像
kubectl rollout history deployment app | awk 'NR>2 {print $1}' | xargs -i -t -r kubectl rollout history deployment app --revision={} |grep Image
alias krhdi='func() { [ "$1" == "" ] && { echo -e "deployment_name is empty.\nexit 1"; return 1; }; kubectl rollout history deployment $1 | awk '"'"'NR>2 {print $1}'"'"' | xargs -i -t -r kubectl rollout history deployment $1 --revision={} |grep Image;}; func'

Edit


xxxxxxxxxx
# 编辑 Etcd 里的 API 对象 17
kubectl edit deployment/nginx-deployment
kubectl edit deployment/nginx-deployment -n default
kubectl edit deployment/kubernetes-dashboard -n kube-system

#编辑Deployments
alias ked='func() { [ "$1" == "" ] && { echo -e "deployment_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit deployment $1; set +x;}; func'

#编辑DaemonSet
alias keds='func() { [ "$1" == "" ] && { echo -e "daemonset_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit daemonset $1; set +x;}; func'

#编辑StatefulSets
alias kess='func() { [ "$1" == "" ] && { echo -e "statefulsets_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit statefulsets $1; set +x;}; func'

#编辑CronJobs
alias kecj='func() { [ "$1" == "" ] && { echo -e "cronjobs_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit cronjobs $1; set +x;}; func'

#编辑Jobs
alias kej='func() { [ "$1" == "" ] && { echo -e "jobs_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit jobs $1; set +x;}; func'

#编辑secrets
alias kesec='func() { [ "$1" == "" ] && { echo -e "secrets_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit secrets $1; set +x;}; func'

#编辑services
alias kesvc='func() { [ "$1" == "" ] && { echo -e "services_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit services $1; set +x;}; func'

#编辑configmaps
alias kecm='func() { [ "$1" == "" ] && { echo -e "configmaps_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit configmaps $1; set +x;}; func'

#编辑ingress
alias kei='func() { [ "$1" == "" ] && { echo -e "ingress_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit ingress $1; set +x;}; func'

#编辑hr
alias kehr='func() { [ "$1" == "" ] && { echo -e "hr_name is empty.\nexit 1"; return 1; }; set -x; kubectl edit hr $1; set +x;}; func'

Delete


xxxxxxxxxx
# 删除 Etcd 里的 API 对象 12
kubectl delete -f nginx-deployment.yaml
kubectl delete deployment/nginx-deployment

#删除Deployments
alias kdeld='func() { [ "$1" == "" ] && { echo -e "deployment_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete deployment $1; set +x;}; func'

#删除DaemonSet
alias kdelds='func() { [ "$1" == "" ] && { echo -e "daemonset_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete daemonset $1; set +x;}; func'

#删除StatefulSets
alias kdelss='func() { [ "$1" == "" ] && { echo -e "statefulsets_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete statefulsets $1; set +x;}; func'

#删除CronJobs
alias kdelcj='func() { [ "$1" == "" ] && { echo -e "cronjobs_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete cronjobs $1; set +x;}; func'

#删除Jobs
alias kdelj='func() { [ "$1" == "" ] && { echo -e "jobs_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete jobs $1; set +x;}; func'

#删除ingress
alias kdeli='func() { [ "$1" == "" ] && { echo -e "ingress_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete ingress $1; set +x;}; func'

#删除pod
kubectl delete pod xxx

alias kdelp='func() { [ "$1" == "" ] && { echo -e "pod_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete pod $1; set +x;}; func'

#删除hr
alias kdelhr='func() { [ "$1" == "" ] && { echo -e "hr_name is empty.\nexit 1"; return 1; }; set -x; kubectl delete hr $1; set +x;}; func'

alias kdelf='func() { set -x; kubectl delete -f $1; set +x;}; func'

eviction，即驱赶的意思，意思是当节点出现异常时，kubernetes将有相应的机制驱赶该节点上的Pod。多见于资源不足时导致的驱赶。

#删除所有Evicted状态的pod
kubectl get pods | grep Evicted | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep Completed | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep Error | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep Pending | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep OutOfmemory | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep OutOfcpu | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep CrashLoopBackOff | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep ContainerStatusUnknown | awk '{print $1}' | xargs -t -r kubectl delete pod
kubectl get pods | grep ImagePullBackOff | awk '{print $1}' | xargs -t -r kubectl delete pod

Rollout


xxxxxxxxxx
##滚动更新Deployments
kubectl rollout restart deployment xxx;

##滚动更新DaemonSet
kubectl rollout restart daemonset xxx;

#滚动更新Deployments
alias krrd='func() { [ "$1" == "" ] && { echo -e "deployment_name is empty.\nexit 1"; return 1; }; set -x; kubectl rollout restart deployment $1; set +x;}; func'

#滚动更新DaemonSet
alias krrds='func() { [ "$1" == "" ] && { echo -e "daemonset_name is empty.\nexit 1"; return 1; }; set -x; kubectl rollout restart daemonset $1; set +x;}; func'

#滚动更新StatefulSets
alias krrss='func() { [ "$1" == "" ] && { echo -e "statefulsets_name is empty.\nexit 1"; return 1; }; set -x; kubectl rollout restart statefulsets $1; set +x;}; func'

# 重启大部分服务
exclude_deployment='angel|hadoopdts|hadoopetl|maxwell|nginx|tms|toolclis|mhd|airflow|ext'
kubectl get deployment | awk '{print $1}' | grep -E -v ${exclude_deployment} | xargs -i -t kubectl rollout restart deployment {}

Config


xxxxxxxxxx
# 设置默认namespace
kubectl config set-context --current --namespace=<namespace>

# 获取当前namespace
kubectl config view --minify --output "jsonpath={..namespace}"

# 快速切换namespace
alias ksetns='func() { [ "$1" == "" ] && { echo -e "namespace is empty.\nexit 1"; return 1; }; set -x; kubectl config set-context --current --namespace=$1; set +x;}; func'
alias kgetns='kubectl config view --minify --output "jsonpath={..namespace}"'

alias kdefault='set -x; kubectl config set-context --current --namespace=default; set +x'
alias kkube-system='set -x; kubectl config set-context --current --namespace=kube-system; set +x'
alias kingress-nginx='set -x; kubectl config set-context --current --namespace=ingress-nginx; set +x'

alias ktest='set -x; kubectl config set-context --current --namespace=test; set +x'
alias kstage='set -x; kubectl config set-context --current --namespace=stage; set +x'
alias kprod='set -x; kubectl config set-context --current --namespace=prod; set +x'
alias kmoni='set -x; kubectl config set-context --current --namespace=monitoring; set +x'
alias ksre='set -x; kubectl config set-context --current --namespace=sre; set +x'

Exec


xxxxxxxxxx
#使用 kubectl exec 指令，进入到这个 Pod 当中（即容器的 Namespace 中） 12
kubectl exec -it pod_name -- /bin/bash

kubectl exec -it $(kubectl get pods | grep pod_name | awk '{print $1}')  -- /bin/bash

alias kex='func() { pod_name=$(kgpn $1); set -x; kubectl exec -it ${pod_name} -- /bin/bash; set +x;}; func'
alias kexsh='func() { pod_name=$(kgpn $1); set -x; kubectl exec -it ${pod_name} -- /bin/sh; set +x;}; func'

# 依次进入 filebeat 容器，不能使用xargs的写法，for写法
for i in $(kubectl get pods | grep filebeat | awk '{print $1}'); do set -x; kubectl exec -i -t $i -- bash; set +x; wait; done

alias kfex='func() { [ "$1" == "" ] && { echo -e "pod_name is empty.\nexit 1"; return 1; }; for i in $(kubectl get pods | grep $1 | awk '"'"'{print $1}'"'"'); do set -x; kubectl exec -i -t $i -- bash; set +x; wait; done;}; func'

# 批量在pod中执行命令，不支持用通配符，xargs写法
kubectl get pods | grep filebeat | awk '{print $1}' | xargs -i -t kubectl exec -i {} -- df -h /
# for 写法
for i in $(kubectl get pods | grep apiv2 | awk '{print $1}'); do set -x; kubectl exec -i $i -- df -h /; set +x; wait; done

# 批量在pod中执行sh -c命令，可以用通配符，xargs写法
kubectl get pods | grep filebeat | awk '{print $1}' | xargs -i -t kubectl exec -i {} -- sh -c "df -h /"
alias kxexc='kubectl get pods | grep filebeat | awk '"'"'{print $1}'"'"' | xargs -i -t kubectl exec -i {} -- sh -c'
alias kxexcd='kubectl get pods | grep delete-logs | awk '"'"'{print $1}'"'"' | xargs -i -t kubectl exec -i {} -- sh -c'
# for写法
for i in $(kubectl get pods | grep filebeat | awk '{print $1}'); do set -x; kubectl exec -i $i -- sh -c "df -h /"; set +x; wait; done
alias kfexc='func() { [ "$1" == "" ] && { echo -e "pod_name is empty.\nexit 1"; return 1; }; for i in $(kubectl get pods | grep $1 | awk '"'"'{print $1}'"'"'); do set -x; kubectl exec -i $i -- sh -c "$2"; set +x; wait; done;}; func'

# 批量在k8s节点执行sh -c命令
kubectl get nodes -o=custom-columns="NAME:.metadata.name" | awk 'NR>1' | xargs -i -t kubectl node-shell {} -- sh -c "df -h /"
alias kxexns='kubectl get nodes -o=custom-columns="NAME:.metadata.name" | awk '"'"'NR>1'"'"' | xargs -i -t kubectl node-shell {} -- sh -c'

# 查看磁盘占用
kxexc "df -h /"

# 统计 /opt/log/stash/ 目录大小
kxexc "du -sh /opt/log/stash/"
kxexc "du -sh /opt/log/stash/*"

# 删除 /opt/log/stash/ 目录下的tmp/gz/zip文件
kxexc "rm -rf /opt/log/stash/*/*.tmp && rm -rf /opt/log/stash/*/*.gz && rm -rf /opt/log/stash/*/*.zip"
alias kxexcrm='kubectl get pods | grep filebeat | awk '"'"'{print $1}'"'"' | xargs -i -t kubectl exec -i {} -- sh -c "rm -rf /opt/log/stash/*/*.tmp && rm -rf /opt/log/stash/*/*.gz && rm -rf /opt/log/stash/*/*.zip"'
alias kxexcrmd='kubectl get pods | grep delete-logs | awk '"'"'{print $1}'"'"' | xargs -i -t kubectl exec -i {} -- sh -c "rm -rf /opt/log/stash/*/*.tmp && rm -rf /opt/log/stash/*/*.gz && rm -rf /opt/log/stash/*/*.zip"'

# 删除2天之前的日志
kxexc "find /opt/log/stash -type f -mtime +2 | xargs rm -rf"
kxexcd "find /opt/log/stash -type f -mtime +2 | xargs rm -rf"

# 查看大于5G的日志
kxexc "find /opt/log/stash -type f -size 5242880k"
kxexcd "find /opt/log/stash -type f -size 5242880k"

# 日志路径修改权限
kxexc "chown -R 1001:1001 /opt/log/stash /tmp"

Logs


xxxxxxxxxx
kubectl logs [-f] [-p] POD [-c CONTAINER]
-c, --container="": 容器名。
-f, --follow[=false]: 指定是否持续输出日志
--tail=-1: 要显示的最新的日志条数。默认为-1，显示所有的日志

# 持续输出所有的日志，会停不下来
#kubectl logs -f xxx

# 输出最新的100条日志
#kubectl logs --tail 100 xxx

# 持续输出最新的日志
kubectl logs -f --tail 1 xxx

#查看日志
alias kl='func() { pod_name=$(kgpn $1); set -x; kubectl logs --tail=100 ${pod_name}; set +x;}; func'
alias klc='func() { pod_name=$(kgpn $1); set -x; kubectl logs --tail=100 ${pod_name} -c $2; set +x;}; func'

# 从 pod_short_name 执行 kubectl logs -f --tail 1
alias klf='func() { pod_name=$(kgpn $1); kubectl logs --tail=10 -f ${pod_name};}; func'
alias klfc='func() { pod_name=$(kgpn $1); kubectl logs --tail=10 -f ${pod_name} -c $2;}; func'

CP


xxxxxxxxxx
#拷贝容器内的文件到本地：
kubectl cp default/venus-registry-web-8cd94fc99-fws4b:demo.txt demo.txt
容器内仅能使用相对路径，否则会报错: Removing leading '/' from member names
cp命令需要将文件压缩再拷回本地，因为 tar 默认将文件路径视为相对路径，而不是绝对路径，所以会报建这个错误。

#拷贝本地文件到容器内：
kubectl cp demo.txt default/venus-registry-web-8cd94fc99-fws4b:demo.txt

Patch


xxxxxxxxxx
# 更新pod image 注意: spec.containers[*].name 是必须的，因为这是合并的关键字
# Pod 更新可能不会更改 `spec.containers[*].image`、`spec.initContainers[*].image`、`spec.activeDeadlineSeconds`, `spec.tolerations`（仅添加到现有公差）或 `spec.terminationGracePeriodSeconds`（如果之前为负数，则允许将其设置为 1）以外的字段
kubectl patch pod toolclis-6d77df5b-mshqg -p '{"spec":{"containers":[{"name":"toolclis","image":"ccr.ccs.tencentyun.com/pretool-hub/toolclis"}]}}'

# 更新deployment image
kubectl patch deployment toolclis -p '{"spec":{"template":{"spec":{"containers":[{"name":"toolclis","image":"ccr.ccs.tencentyun.com/pretool-hub/toolclis:latest"}]}}}}'

# 更新deployment imagePullPolicy
kubectl patch deployment toolclis -p '{"spec":{"template":{"spec":{"containers":[{"name":"toolclis","imagePullPolicy":"Always"}]}}}}'
kubectl patch deployment toolclis -p '{"spec":{"template":{"spec":{"containers":[{"name":"toolclis","imagePullPolicy":"IfNotPresent"}]}}}}'

# 更新service的externalTrafficPolicy
kubectl patch service nginx-ingress-lb -p '{"spec":{"externalTrafficPolicy": "Cluster"}}' -n kube-system

# 更新apiservice
kubectl patch apiservice v1beta1.metrics.k8s.io -p '{"spec":{"service":{"name":"metrics-server", "namespace":"kube-system"}}}'

Taint


xxxxxxxxxx
# 在节点上更新污点配置
kubectl taint node node1 key=value:NoSchedule

# 删除taint
kubectl taint nodes node1 key:NoSchedule-

给节点 node1 增加一个 taint，它的 key 是 key，value 是 value，effect 是 NoSchedule。这表示只有拥有和这个 taint 相匹配的 toleration 的 pod 才能够被分配到 node1 这个节点。

cordon

将节点标记为 unschedulable, 之后再发创建pod，不会被调度到该节点，旧有的pod不会受到影响，仍正常对外提供服务


xxxxxxxxxx
# 标记节点为 unschedulable
kubectl cordon <node_name>

uncordon


xxxxxxxxxx
# 标记节点为 schedulable
kubectl uncordon <node_name>

drain

排水节点准备维护。

给定节点将被标记为 unschedulable，以防止新的 Pod 到达。如果 API 服务器支持 https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ ，“drain”会驱逐 Pod。否则，它将使用普通的 DELETE 来删除 pod。 “drain”会逐出或删除除镜像 pod（无法通过 API 服务器删除）之外的所有 pod。如果存在守护程序集管理的 pod，如果没有 --ignore-daemonsets，drain 将不会继续，并且无论如何它都不会删除任何守护程序集管理的 pod，因为这些 pod 会立即被守护程序集控制器替换，从而忽略不可调度的标记。如果有任何 Pod 既不是mirror Pod，也不是由 replication controller, replica set, daemon set, stateful set, or job 管理的，则 Drain 不会删除任何 Pod，除非您使用 --force。如果一个或多个 pod 的管理资源丢失，--force 还将允许继续删除。

“drain”等待优雅终止。在命令完成之前，不应在机器上进行操作。

当您准备好将节点重新投入使用时，请使用 kubectl uncordon，这将使节点再次可调度。


xxxxxxxxxx
kubectl drain <node_name>

API


xxxxxxxxxx
# 打印服务器上所支持的 API 资源
kubectl api-resources

# 以“组/版本”的格式输出服务端所支持的 API 版本
kubectl api-versions

其他


xxxxxxxxxx
# 集群信息
kubectl cluster-info

# 客户端和服务器的版本信息
kubectl version

工具

自动补全


xxxxxxxxxx
# 安装bash-completion
yum install -y bash-completion

#apt-get install -y bash-completion

# kubectl 自动补全
source <(kubectl completion bash)
echo "source <(kubectl completion bash)" >> ~/.bashrc

# 扩展 Shell 补全来适配此别名
alias k='kubectl'
complete -o default -F __start_kubectl k

echo 'alias k=kubectl' >>~/.bashrc
echo 'complete -o default -F __start_kubectl k' >>~/.bashrc

# helm 自动补全
source <(helm completion bash)
echo "source <(helm completion bash)" >> ~/.bashrc

# crictl 自动补全
source <(crictl completion bash)
echo "source <(crictl completion bash)" >> ~/.bashrc

# flux 自动补全
source <(flux completion bash)
echo "source <(flux completion bash)" >> ~/.bashrc

node_shell


xxxxxxxxxx
# 安装 kubectl -node_shell
# curl -LO https://github.com/kvaps/kubectl-node-shell/raw/master/kubectl-node_shell
curl -LO http://tc.gotodev.cn/kubectl-node_shell
chmod +x ./kubectl-node_shell
mv ./kubectl-node_shell /usr/bin/kubectl-node_shell
# 用法: kubectl node-shell <node>

alias kns='kubectl node-shell'