一些超实用的 Kubernetes 日常运维常用命令

kubectl port-forward <pod_name> <forward_port> --namespace <namespace> --address <IP默认：127.0.0.1>

kubectl port-forward redis-master 6379:6379

kubectl port-forward my-nginx-master 8080:80

kubectl port-forward monitoring-grafana --namespace=monitoring 3000:3000

$ kubectl create -f ./hello-world.yaml --validate

I0709 06:33:05.600829 14160 schema.go:126] unknown field: entrypoint
I0709 06:33:05.600988 14160 schema.go:129] this may be a false alarm,
see https:///GoogleCloudPlatform/kubernetes/issues/6842
pods/hello-world

kubectl api-resorces

查看所有标签：
kubectl get nodes --show-lables
设置标签：
kubectl label node xxx.xxx.xxx.xxx  type=nginx
删除标签：
kubectl label nodes xxx.xxx.xxx.xxx key-
修改覆盖标签：
kubectl label nodes xxx.xxx.xxx.xxx <key>=<value> --overwrite

查看所有node上的污点：
kubectl descrile nodes |grep Taints
查看某个node污点：
kubectl descrile node xxx.xxx.xxx.xxx |grep Taints
添加污点：
kubectl taint node xxx.xxx.xxx.xxx key=value:NoSchedule
删除污点：
kubectl taint nodes xxx.xxx.xxx.xxx key:NoSchedule-   
或者
kubectl taint nodes xxx.xxx.xxx.xxx key-

kubectl get pods --sort-by=.metadata.creationTimestamp

kubectl get pods --sort-by=.metadata.creationTimestamp | awk 'NR == 1; NR > 1 {print $0 | "tac"}'
 kubectl get pods --sort-by=.metadata.creationTimestamp | tail -n +2 | tac
 kubectl get pods --sort-by={metadata.creationTimestamp} --no-headers | tac
 kubectl get pods --sort-by=.metadata.creationTimestamp | tail -n +2 | tail -r

kubectl get pods --all-namespaces -o custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace,QOS-CLASS:.status.qosClass

kubectl get secrets -o json --namespace namespace-old | \
   jq '.items[].metadata.namespace = "namespace-new"' | \
   kubectl create-f  -

kubectl -n kube-system describe $(kubectl -n kube-system get secret -n kube-system -o name | grep namespace) | grep token

#clean Evicted
 kubectl get pods --all-namespaces -o wide | grep Evicted | awk '{print $1,$2}' | xargs -L1 kubectl delete pod -n 
 # clean error
 kubectl get pods --all-namespaces -o wide | grep Error | awk '{print $1,$2}' | xargs -L1 kubectl delete pod -n 
 #clean compete
 kubectl get pods --all-namespaces -o wide | grep Completed | awk '{print $1,$2}' | xargs -L1 kubectl delete pod -n

kubectl get pod -n $namespace |grep Terminating|awk '{print $1}'|xargs kubectl delete pod --grace-period=0 --force

for ns in $(kubectl get ns --no-headers | cut -d ' ' -f1); do \
   for po in $(kubectl -n $ns get po --no-headers --ignore-not-found | grep Terminating | cut -d ' ' -f1); do \
     kubectl -n $ns delete po $po --force --grace-period 0; \
   done; \
 done;

#需要插件kubectl-neat支持https:///itaysk/kubectl-neat
 kubectl get cm nginx-config -oyaml | kubectl neat -o yaml

kubectl describe -A pvc | grep -E "^Name:.*$|^Namespace:.*$|^Used By:.*$" | grep -B 2 "<none>" | grep -E "^Name:.*$|^Namespace:.*$" | cut -f2 -d: | paste -d " " - - | xargs -n2 bash -c 'kubectl -n ${1} delete pvc ${0}'

kubectl get pvc --all-namespaces | tail -n +2 | grep -v Bound | awk '{print $1,$2}' | xargs -L1 kubectl delete pvc -n

# 方法一：通过 patch 模式
 kubectl get deploy -o name -n <NAMESPACE>|xargs -I{} kubectl patch {} -p '{"spec":{"replicas":0}}'
  
 # 方法二：通过资源伸缩副本数
 kubectl get deploy -o name |xargs -I{} kubectl scale --replicas=0 {}

kubectl patch daemonsets nginx-ingress-controller -p '{"spec":{"template":{"spec":{"nodeSelector":{"project/xdp":"none"}}}}}'

kubectl get pv | tail -n +2 | grep -v Bound | awk '{print $1}' | xargs -L1 kubectl delete pv

kubectl get pods -A --sort-by='.status.containerStatuses[0].restartCount'

kubectl -n <namespace> rollout restart deployment <deployment-name>

docker ps -q | xargs docker inspect --format '{{.Name}}, {{.State.Pid}}, {{.Id}}, {{.GraphDriver.Data.WorkDir}}'

docker inspect --format '{{/*通过变量组合展示容器绑定端口列表*/}}已绑定端口列表：{{println}}{{range $p,$conf := .NetworkSettings.Ports}}{{$p}} -> {{(index $conf 0).HostPort}}{{println}}{{end}}' Web_web_1

docker inspect --format '{{range .Containers}}{{.Name}}{{println}}{{else}}With No Containers{{end}}' bridge

docker inspect bridge --format '{{/*查看网络的默认网关*/}}{{(index .IPAM.Config 0).Gateway}}'

docker ps -q | xargs docker inspect --format '{{if not .State.Restarting}}{{.Name}}容器没有配置重启策略{{end}}'

docker inspect --format '{{or .State.Status .State.Restarting}}' configuration-center

docker inspect --format='{{range .NetworkSettings.Networks}}{{.IPAddress}}{{end}}' $(docker ps -q)

docker inspect --format='{{range .NetworkSettings.Networks}}{{.MacAddress}}{{end}}' $(docker ps -a -q)

docker inspect --format='{{.Name}}' $(docker ps -aq)|cut -d"/" -f2

kubectl run ephemeral-busybox \
   --rm \
   --stdin \
   --tty \
   --restart=Never \
   --image=lqshow/busybox-curl:1.28 \
   -- sh

docker inspect --format='{{.LogPath}}' docker-test1

kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools

kubectl get nodes --no-headers | awk '{print $1}' | xargs -I {} sh -c "echo {} ; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve --;"

kubectl get no -o=custom-columns="NODE:.metadata.name,ALLOCATABLE CPU:.status.allocatable.cpu,ALLOCATABLE MEMORY:.status.allocatable.memory"

kubectl get nodes --no-headers | awk '{print $1}' | xargs -I {} sh -c 'echo -n "{}\t"|tr "\n" " " ; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve -- | grep cpu | awk '\''{print $2$3}'\'';'

kubectl get nodes --no-headers | awk '{print $1}' | xargs -I {} sh -c 'echo "{}\t"|tr "\n" " " ; kubectl describe node {} | grep Allocated -A 5 | grep -ve Event -ve Allocated -ve percent -ve -- | grep memory | awk '\''{print $2$3}'\'';'

kubectl get pods -o custom-columns='NAME:metadata.name,IMAGES:spec.containers[*].image'

printf "    ThreadNUM  PID\t\tCOMMAND\n" && ps -eLf | awk '{$1=null;$3=null;$4=null;$5=null;$6=null;$7=null;$8=null;$9=null;print}' | sort |uniq -c |sort -rn | head -10

kubectl set env deploy <DEPLOYMENT_NAME> OC_XXX_HOST=bbb

kubectl port-forward nginx-po 3000:80

kubectl port-forward svc/nginx-web 3201

kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"/is-default-class":"true"}}}'

kubectl get pods -o name | xargs -I{} kubectl exec {} -- <command goes here>

kubectl get po calibre-web-76b9bf4d8b-2kc5j -o json | jq -j ".spec.containers[].name"

docker ps | grep APP_NAME
 docker inspect CONTAINER_ID | grep Pid
 nsenter -t PID -n

kubectl get pods -A --field-selector=status.phase!=Running | grep -v Complete

kubectl get no -o json | jq -r '.items | sort_by(.status.capacity.memory)[]|[.metadata.name,.status.capacity.memory]| @tsv'

# 案例1
 kubectl exec -i -t $(kubectl get pod -l <KEY>=<VALUE> -o name |sed 's/pods\///') -- bash
  
 # 案例2
 kubectl exec -i -t $(kubectl get pod -l <KEY>=<VALUE> -o jsonpath='{.items[0].metadata.name}') -- bash

kubectl get po -o json --all-namespaces | jq '.items | group_by(.spec.nodeName) | map({"nodeName": .[0].spec.nodeName, "count": length}) | sort_by(.count)'

kubectl get secret <SECRET-NAME> -n <SOURCE-NAMESPACE> -oyaml | sed "/namespace:/d" | kubectl apply --namespace=<TARGET-NAMESPACE> -f -

kubectl cordon <NODE-NAME>

kubectl drain <NODE-NAME> --delete-local-data --force --ignore-daemonsets

kubectl delete node <NODE-NAME>

kubeadm reset