Last active
July 27, 2024 10:01
-
-
Save Nurlan199206/dbac50ecabba166b28c7543e4b4df79e to your computer and use it in GitHub Desktop.
Kubernetes команды примеры
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kubernetes commands | |
=============================================certificates renew====================================== | |
kubeadm certs check-expiration | |
kubeadm certs renew all | |
and restart etcd, kube-apiserver, kube-scheduler, kube-control-manager on the all control planes | |
and copy /etc/kubernetes/admin.conf to /root/.kube/config | |
===================================================================================================== | |
kubectl config view - посмотреть к какому кластеру подключен kubectl (API IP:PORT) | |
kubectl config set-context --current --namespace=kube-system - сменить NS | |
kubectl get pods && kubectl get services --all-namespaces | |
kubectl get nodes - список нодов | |
kubectl get deploy -n yourns --no-headers | awk '{print$1}' | xargs kubectl scale deploy --replicas=0 -n yourns | |
kubectl exec -it postgres-57f4746d96-7z5q8 -- psql -U username databasename - подключиться к psql | |
kubectl exec -it moonshard-db-5c674d46f9-2nz4r -- pg_dump -U db_user db_name > test.sql | |
kubectl convert -f your_file.json -o yaml - конверт json в yaml | |
kubectl create docker-registry image-pull-token --docker-server=registry.gitlab.com --docker-username=test --docker-password=TOKEN --docker-email=test@test.kz -n TEST - создать | |
для скачивания образов | |
kubectl taint nodes --all node-role.kubernetes.io/master- - запуска подов на мастере. | |
kubectl taint nodes --all node.kubernetes.io/not-ready- - убрать not-ready на нодах | |
kubectl get pod redis --watch | |
kubectl delete service,deployment nginx - удалить сервис и поды nginx | |
kubectl get pod NAME --output=yaml - показать значение пода | |
kubectl get deploy elasticsearch -o yaml - показать deployment в yaml | |
kubectl describe pod NAME --namespace=NAME - показать значения пода | |
kubectl delete pod NAME --grace-period=0 --force - удалить зависший pod | |
kubectl get pods | grep Evicted | awk '{print $1}' | xargs kubectl delete pod - Удалить Failed/Evicted pods | |
kubectl get pods --all-namespaces | grep -E OutOfcpu\|Evicted\|Completed\|OOMKilled\|Error\|ContainerStatusUnknown | awk '{print "kubectl delete po " $2 " -n " $1 }' | bash | |
kubectl get pods --all-namespaces | grep -E OutOfcpu\|Evicted\|Completed\|OOMKilled\|Error\|Terminating\|Pending | awk '{print "kubectl delete po --grace-period=0 --force " $2 " -n " $1 }'| bash | |
kubectl get pods -n altyn | grep Terminating | awk '{print $1}' | xargs kubectl delete pod -n altyn --grace-period=0 --force | |
kubectl logs NAME - посмотреть логи контейнера | |
kubectl logs -f NAME - посмотреть логи контейнера в интерактивном режиме | |
kubectl exec -ti NAME bash - интерактивный режим bash | |
kubectl expose deployment nginx --type=NodePort --port=80 - выставить сервис наружу | |
kubectl create -f ingress.yml - создание точки входа ingress | |
kubectl create configmap name-of-your-configmap --from-file=your-file.json - создание конфигмапа из файла | |
kubectl create configmap name-of-your-configmap-2 --from-file=your-file.txt | |
kubectl delete service NAME -n NAMESPACE | |
kubectl delete service NAME | |
kubectl delete deployment NAME | |
kubectl get deployments - вывести список Deployments | |
kubectl get rs - список ReplicaSet | |
kubectl rollout history deployment/nginx | |
kubectl set resources deployment/nginx -c=nginx --limits=cpu=200m,memory=512Mi | |
kubectl exec -ti -n monitoring prometheus-deployment-6bf45557bd-f5bvx -- /bin/sh | |
kubectl --namespace kube-system delete deployment kubernetes-dashboard | |
==================rollout and rollback=============== | |
kubectl set image deployment.v1.apps/nginx-deployment nginx=nginx:1.91 --record=true | |
kubectl describe deployment - описать развертывание | |
kubectl rollout history deployment/nginx - вывод истории развертывания | |
kubectl rollout history deployment/nginx --revision=1 - описание истории ревизии №1 | |
kubectl rollout undo deployment/nginx --to-revision=2 - откат к ревизии 2 | |
kubectl rollout status - проверить состояние развертывания | |
kubectl uncordon NODENAME. - Разрешить запуска подов на ноде, если статус schedulingDisabled | |
==================scale================================= | |
kubectl scale deployment/nginx --replicas=10 | |
===================Cronjobs============================= | |
kubectl create -f cronjob.yml | |
kubectl get cronjob NAME | |
kubectl delete cronjob NAME | |
kubectl get jobs --watch | |
========================Configmap================================ | |
kubectl get configmap NAME -n NAMESPACE | |
kubectl describe configmap NAME -n NAMESPACE | |
kubectl delete configmap NAME -n NAMESPACE | |
=======================proxy===================================== | |
kubectl proxy --address="192.168.0.105" -p 8001 --accept-hosts='^*$' | |
=====================clusterrole================================= | |
kubectl delete clusterrolebinding cluster-system-anonymous - удаление роли в кластере | |
kubectk get clusterrole - вывод списка ролей | |
kubectl get clusterrole system:NAME -o yaml | |
oc create clusterrolebinding grafana1 --clusterrole=cluster-monitoring-operator --user=grafana1 | |
====================volumes====================================== | |
kubectl get pv NAME - вывод списка томов PersistantVolume | |
kubectl delete pv NAME - удаление тома PersistantVolume | |
kubectl delete pvc NAME - удаление claim | |
kubectl get pvc NAME_PV - Вывод списка claim для PersistantVolume | |
grafana-pv-volume - описание pvc | |
======================secrets==================================== | |
cat /root/.kube/config | base64 - для Helm в gitlab CI/CD ENV Variables | |
kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt - создать secret db-user-pass на основе файлов | |
kubectl get secrets - вывод списка для secrets | |
kubectl describe secrets/db-user-pass | |
kubectl create secret tls kacd-tls --key="tls.key" --cert="tls.crt" - create secret TLS | |
kubectl get secret db-user-pass -o yaml - вывод логина и пароля secret db-user-pass | |
kubectl -n kube-system describe secret deployment-controller-token-9pn6n - получить token для дашборда | |
kubectl get secret go-post-kz-tls -n prod -o go-template='{{index .data "tls.crt"}}' | base64 -d - отобразить значение secret | |
=====================network===================================== | |
kubectl expose deployment hello-world --type=LoadBalancer --name=my-service - создание Service для Deployment hello-world с типом лоадбалансера. | |
=====================load balancer=============================== | |
1. Пример лоад балансера между 5 подами. | |
kubectl run hello-world --replicas=5 --labels="run=load-balancer-example" --image=gcr.io/google-samples/node-hello:1.0 --port=8080 | |
kubectl expose deployment hello-world --type=LoadBalancer --name=my-service | |
====================================kube-adm====================== | |
kubectl -n kube-system get cm kubeadm-config -oyaml - Просмотр ControlPlaneEndpoint для изменения IP для kube-api | |
kubectl -n kube-system edit cm kubeadm-config -oyaml - Редактируем ControlPlaneEndpoint для изменения IP для kube-api | |
===================================INTERACTIVE CONTAINER=========================================== | |
kubectl run -i --tty --rm debug --image=python:3.8.0b1-slim --restart=Never -- sh | |
========================== kubectl cert-manager - troubleshooting =============================== | |
kubectl describe certificate,order,challenge,certificaterequest,issuer - debug cert-manager | |
kubectl describe certificate quickstart-example-tls -n a-plus - проверка сертификата | |
kubectl get certificaterequest -n a-plus - проверка cert request | |
kubectl describe certificaterequest quickstart-example-tls-b5sp7 -n a-plus - проверка cert request | |
kubectl get order - показать заказы cert-manager | |
kubectl get issuer | |
kubectl get certificate | |
kubectl get challenge | |
kubectl describe order quickstart-example-tls-bdrxm-1316886580 | |
kubectl describe clusterissuer letsencrypt-staging | |
kubectl get certificate example-com-tls && kubectl cert-manager renew example-com-tls - using kubectl cert-manager plugin for manually update certificate | |
############################################## OpenShift 3.x/4.x ############################################################ | |
=================================ROLES Troubleshooting============================================= | |
oc adm policy add-role-to-user admin nurlan -n load-test - добавить роль админа на namespace load-test для юзера nurlan | |
oc get rolebinding.rbac -n openshift-monitoring | |
oc describe rolebinding.rbac -n NAMESPACE | |
oc get clusterrole - список ролей | |
oc get clusterrolebind - список clusterrolebinding | |
oc create clusterrolebinding grafana1 --clusterrole=cluster-monitoring-operator --user=grafana1 - создание clusterrolebinding с названием grafana1 для юзера grafana1 | |
oc get clusterrolebinding grafana1 - показать role binding для пользователя grafana1 | |
oc adm policy add-cluster-role-to-user cluster-admin admin - дать пользователю admin кластер админа | |
kubectl create rolebinding adm --clusterrole=admin --serviceaccount=altyn:altyn-adm --namespace=altyn | |
========================================service account CI/CD========================================================== | |
oc adm policy add-role-to-user system:controller:deployment-controller system:serviceaccount:altyn:default -n altyn - выдать права deployment-controller для service account default | |
oc adm policy add-role-to-user system:controller:replicaset-controller system:serviceaccount:altyn:default -n altyn | |
oc create clusterrole beta-deployer --verb=get,list,watch,create,delete,patch,update --resource=deployments.apps - создание прав на изменение deployment для service account | |
oc create clusterrolebinding deployer-srvacct-default-binding --clusterrole=beta-deployer --serviceaccount=beta:deployer - привязать роли к service account | |
======================================================================================================================= | |
oc get csr -o name | xargs oc adm certificate approve - апрувнуть сертификаты в OpenShift 3.11 после Redeploy certificate. | |
oc adm certificate approve csr-xxxxxx | |
kubectl --v=3 --server="https://myserver.kz:6443" --token=MYTKEN set image deployment/web web=registry.gitlab.kz/project-2.0/web:"$IMAGE_TAG_PROD" - автодеплой в GitLab для CI/CD | |
oc get pods -l app=openshift-console - список подов с лейблом | |
oc delete pods -l app=openshift-console - удалить поды с лейблом | |
oc patch node test-node04 -p '{"spec":{"unschedulable":false}}' - разрешить запуск подов на указанной ноде. | |
oc adm top nodes - показать top ноды | |
oc get clusteroperators.config.openshift.io | |
====================================================openshift-router============================================================ | |
oc create configmap haproxy-custom-configs --from-file=error-page-503.http | |
oc set volume dc/router --remove --name custom-configs - revert changes openshift router | |
oc set volume dc/router --add --name custom-configs -t configmap --configmap-name=haproxy-custom-configs -m /var/lib/haproxy/conf/error-page-503.http --sub-path=error-page-503.http | |
oc patch ingresscontroller/default -n openshift-ingress-operator --type=merge -p '{"spec":{"nodePlacement": {"nodeSelector": {"matchLabels": {"node-role.kubernetes.io/infra": ""}},"tolerations": [{"effect":"NoSchedule","key": "infra","value": "reserved"},{"effect":"NoExecute","key": "infra","value": "reserved"}]}}}' - move router pods on infra nodes | |
oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge -p '{"spec":{"tuningOptions": {"threadCount": 8}}}' | |
oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge -p '{"spec":{"tuningOptions": {"headerBufferBytes": 64000}}}' | |
oc expose service grafana --hostname cilium.diploma.kz --wildcard-policy=None -n cilium-monitoring | |
oc expose service hubble-ui --hostname hubble.diploma.kz --wildcard-policy=None |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment