Skip to content

Instantly share code, notes, and snippets.

@Nurlan199206

Nurlan199206/kubectl

Last active July 27, 2024 10:01
Show Gist options
  • Save Nurlan199206/dbac50ecabba166b28c7543e4b4df79e to your computer and use it in GitHub Desktop.
Save Nurlan199206/dbac50ecabba166b28c7543e4b4df79e to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes команды примеры
Raw
kubectl
kubernetes commands
=============================================certificates renew======================================
kubeadm certs check-expiration
kubeadm certs renew all
and restart etcd, kube-apiserver, kube-scheduler, kube-control-manager on the all control planes
and copy /etc/kubernetes/admin.conf to /root/.kube/config
=====================================================================================================
kubectl config view - посмотреть к какому кластеру подключен kubectl (API IP:PORT)
kubectl config set-context --current --namespace=kube-system - сменить NS
kubectl get pods && kubectl get services --all-namespaces
kubectl get nodes - список нодов
kubectl get deploy -n yourns --no-headers | awk '{print$1}' | xargs kubectl scale deploy --replicas=0 -n yourns
kubectl exec -it postgres-57f4746d96-7z5q8 -- psql -U username databasename - подключиться к psql
kubectl exec -it moonshard-db-5c674d46f9-2nz4r -- pg_dump -U db_user db_name > test.sql
kubectl convert -f your_file.json -o yaml - конверт json в yaml
kubectl create docker-registry image-pull-token --docker-server=registry.gitlab.com --docker-username=test --docker-password=TOKEN --docker-email=test@test.kz -n TEST - создать
для скачивания образов
kubectl taint nodes --all node-role.kubernetes.io/master- - запуска подов на мастере.
kubectl taint nodes --all node.kubernetes.io/not-ready- - убрать not-ready на нодах
kubectl get pod redis --watch
kubectl delete service,deployment nginx - удалить сервис и поды nginx
kubectl get pod NAME --output=yaml - показать значение пода
kubectl get deploy elasticsearch -o yaml - показать deployment в yaml
kubectl describe pod NAME --namespace=NAME - показать значения пода
kubectl delete pod NAME --grace-period=0 --force - удалить зависший pod
kubectl get pods | grep Evicted | awk '{print $1}' | xargs kubectl delete pod - Удалить Failed/Evicted pods
kubectl get pods --all-namespaces | grep -E OutOfcpu\|Evicted\|Completed\|OOMKilled\|Error\|ContainerStatusUnknown | awk '{print "kubectl delete po " $2 " -n " $1 }' | bash
kubectl get pods --all-namespaces | grep -E OutOfcpu\|Evicted\|Completed\|OOMKilled\|Error\|Terminating\|Pending | awk '{print "kubectl delete po --grace-period=0 --force " $2 " -n " $1 }'| bash
kubectl get pods -n altyn | grep Terminating | awk '{print $1}' | xargs kubectl delete pod -n altyn --grace-period=0 --force
kubectl logs NAME - посмотреть логи контейнера
kubectl logs -f NAME - посмотреть логи контейнера в интерактивном режиме
kubectl exec -ti NAME bash - интерактивный режим bash
kubectl expose deployment nginx --type=NodePort --port=80 - выставить сервис наружу
kubectl create -f ingress.yml - создание точки входа ingress
kubectl create configmap name-of-your-configmap --from-file=your-file.json - создание конфигмапа из файла
kubectl create configmap name-of-your-configmap-2 --from-file=your-file.txt
kubectl delete service NAME -n NAMESPACE
kubectl delete service NAME
kubectl delete deployment NAME
kubectl get deployments - вывести список Deployments
kubectl get rs - список ReplicaSet
kubectl rollout history deployment/nginx
kubectl set resources deployment/nginx -c=nginx --limits=cpu=200m,memory=512Mi
kubectl exec -ti -n monitoring prometheus-deployment-6bf45557bd-f5bvx -- /bin/sh
kubectl --namespace kube-system delete deployment kubernetes-dashboard
==================rollout and rollback===============
kubectl set image deployment.v1.apps/nginx-deployment nginx=nginx:1.91 --record=true
kubectl describe deployment - описать развертывание
kubectl rollout history deployment/nginx - вывод истории развертывания
kubectl rollout history deployment/nginx --revision=1 - описание истории ревизии №1
kubectl rollout undo deployment/nginx --to-revision=2 - откат к ревизии 2
kubectl rollout status - проверить состояние развертывания
kubectl uncordon NODENAME. - Разрешить запуска подов на ноде, если статус schedulingDisabled
==================scale=================================
kubectl scale deployment/nginx --replicas=10
===================Cronjobs=============================
kubectl create -f cronjob.yml
kubectl get cronjob NAME
kubectl delete cronjob NAME
kubectl get jobs --watch
========================Configmap================================
kubectl get configmap NAME -n NAMESPACE
kubectl describe configmap NAME -n NAMESPACE
kubectl delete configmap NAME -n NAMESPACE
=======================proxy=====================================
kubectl proxy --address="192.168.0.105" -p 8001 --accept-hosts='^*$'
=====================clusterrole=================================
kubectl delete clusterrolebinding cluster-system-anonymous - удаление роли в кластере
kubectk get clusterrole - вывод списка ролей
kubectl get clusterrole system:NAME -o yaml
oc create clusterrolebinding grafana1 --clusterrole=cluster-monitoring-operator --user=grafana1
====================volumes======================================
kubectl get pv NAME - вывод списка томов PersistantVolume
kubectl delete pv NAME - удаление тома PersistantVolume
kubectl delete pvc NAME - удаление claim
kubectl get pvc NAME_PV - Вывод списка claim для PersistantVolume
grafana-pv-volume - описание pvc
======================secrets====================================
cat /root/.kube/config | base64 - для Helm в gitlab CI/CD ENV Variables
kubectl create secret generic db-user-pass --from-file=./username.txt --from-file=./password.txt - создать secret db-user-pass на основе файлов
kubectl get secrets - вывод списка для secrets
kubectl describe secrets/db-user-pass
kubectl create secret tls kacd-tls --key="tls.key" --cert="tls.crt" - create secret TLS
kubectl get secret db-user-pass -o yaml - вывод логина и пароля secret db-user-pass
kubectl -n kube-system describe secret deployment-controller-token-9pn6n - получить token для дашборда
kubectl get secret go-post-kz-tls -n prod -o go-template='{{index .data "tls.crt"}}' | base64 -d - отобразить значение secret
=====================network=====================================
kubectl expose deployment hello-world --type=LoadBalancer --name=my-service - создание Service для Deployment hello-world с типом лоадбалансера.
=====================load balancer===============================
1. Пример лоад балансера между 5 подами.
kubectl run hello-world --replicas=5 --labels="run=load-balancer-example" --image=gcr.io/google-samples/node-hello:1.0 --port=8080
kubectl expose deployment hello-world --type=LoadBalancer --name=my-service
====================================kube-adm======================
kubectl -n kube-system get cm kubeadm-config -oyaml - Просмотр ControlPlaneEndpoint для изменения IP для kube-api
kubectl -n kube-system edit cm kubeadm-config -oyaml - Редактируем ControlPlaneEndpoint для изменения IP для kube-api
===================================INTERACTIVE CONTAINER===========================================
kubectl run -i --tty --rm debug --image=python:3.8.0b1-slim --restart=Never -- sh
========================== kubectl cert-manager - troubleshooting ===============================
kubectl describe certificate,order,challenge,certificaterequest,issuer - debug cert-manager
kubectl describe certificate quickstart-example-tls -n a-plus - проверка сертификата
kubectl get certificaterequest -n a-plus - проверка cert request
kubectl describe certificaterequest quickstart-example-tls-b5sp7 -n a-plus - проверка cert request
kubectl get order - показать заказы cert-manager
kubectl get issuer
kubectl get certificate
kubectl get challenge
kubectl describe order quickstart-example-tls-bdrxm-1316886580
kubectl describe clusterissuer letsencrypt-staging
kubectl get certificate example-com-tls && kubectl cert-manager renew example-com-tls - using kubectl cert-manager plugin for manually update certificate
############################################## OpenShift 3.x/4.x ############################################################
=================================ROLES Troubleshooting=============================================
oc adm policy add-role-to-user admin nurlan -n load-test - добавить роль админа на namespace load-test для юзера nurlan
oc get rolebinding.rbac -n openshift-monitoring
oc describe rolebinding.rbac -n NAMESPACE
oc get clusterrole - список ролей
oc get clusterrolebind - список clusterrolebinding
oc create clusterrolebinding grafana1 --clusterrole=cluster-monitoring-operator --user=grafana1 - создание clusterrolebinding с названием grafana1 для юзера grafana1
oc get clusterrolebinding grafana1 - показать role binding для пользователя grafana1
oc adm policy add-cluster-role-to-user cluster-admin admin - дать пользователю admin кластер админа
kubectl create rolebinding adm --clusterrole=admin --serviceaccount=altyn:altyn-adm --namespace=altyn
========================================service account CI/CD==========================================================
oc adm policy add-role-to-user system:controller:deployment-controller system:serviceaccount:altyn:default -n altyn - выдать права deployment-controller для service account default
oc adm policy add-role-to-user system:controller:replicaset-controller system:serviceaccount:altyn:default -n altyn
oc create clusterrole beta-deployer --verb=get,list,watch,create,delete,patch,update --resource=deployments.apps - создание прав на изменение deployment для service account
oc create clusterrolebinding deployer-srvacct-default-binding --clusterrole=beta-deployer --serviceaccount=beta:deployer - привязать роли к service account
=======================================================================================================================
oc get csr -o name | xargs oc adm certificate approve - апрувнуть сертификаты в OpenShift 3.11 после Redeploy certificate.
oc adm certificate approve csr-xxxxxx
kubectl --v=3 --server="https://myserver.kz:6443" --token=MYTKEN set image deployment/web web=registry.gitlab.kz/project-2.0/web:"$IMAGE_TAG_PROD" - автодеплой в GitLab для CI/CD
oc get pods -l app=openshift-console - список подов с лейблом
oc delete pods -l app=openshift-console - удалить поды с лейблом
oc patch node test-node04 -p '{"spec":{"unschedulable":false}}' - разрешить запуск подов на указанной ноде.
oc adm top nodes - показать top ноды
oc get clusteroperators.config.openshift.io
====================================================openshift-router============================================================
oc create configmap haproxy-custom-configs --from-file=error-page-503.http
oc set volume dc/router --remove --name custom-configs - revert changes openshift router
oc set volume dc/router --add --name custom-configs -t configmap --configmap-name=haproxy-custom-configs -m /var/lib/haproxy/conf/error-page-503.http --sub-path=error-page-503.http
oc patch ingresscontroller/default -n openshift-ingress-operator --type=merge -p '{"spec":{"nodePlacement": {"nodeSelector": {"matchLabels": {"node-role.kubernetes.io/infra": ""}},"tolerations": [{"effect":"NoSchedule","key": "infra","value": "reserved"},{"effect":"NoExecute","key": "infra","value": "reserved"}]}}}' - move router pods on infra nodes
oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge -p '{"spec":{"tuningOptions": {"threadCount": 8}}}'
oc -n openshift-ingress-operator patch ingresscontroller/default --type=merge -p '{"spec":{"tuningOptions": {"headerBufferBytes": 64000}}}'
oc expose service grafana --hostname cilium.diploma.kz --wildcard-policy=None -n cilium-monitoring
oc expose service hubble-ui --hostname hubble.diploma.kz --wildcard-policy=None
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment