【Kubernetes】一些自己的常用命令, 不定時更新

自動補全:

yum -y install bash-completion
echo "source <(kubectl completion bash)" >> ~/.bashrc

添加鏡像倉庫認證

kubectl -n $NAMESPACE create secret docker-registry $KEYNAME \
--docker-server=$DOCKER_REGISTRY_SERVER \
--docker-username=$DOCKER_USER \
--docker-password=$DOCKER_PASSWORD \
--docker-email=$DOCKER_EMAIL
echo "------------ create k8s-user secret ----------------"
kubectl get secret $KEYNAME --output="jsonpath={.data.\.dockerconfigjson}" | base64 -d
echo "------------ add k8s-user serviceaccount ----------------"
kubectl -n $NAMESPACE patch serviceaccount default -p '{"imagePullSecrets": [{"name": "k8s-user"}]}'

獲取集羣內部service&pod網段

ps -ef | grep -Po 'cluster-cidr\S+\s|service-cluster-ip-range\S+\s'

獲取集羣/組件狀態

kubectl get componentstatus
kubectl cluster-info

獲取kubelet狀態

systemctl status kubelet
journalctl -xefu kubelet

更新istio流量攔截網段

helm template install/kubernetes/helm/istio --set global.proxy.includeIPRanges="10.1.0.0/16\,10.2.0.0/20" -x templates/sidecar-injector-configmap.yaml | kubectl apply -f -

istio 開啓自動注入

kubectl label namespace default istio-injection=enabled

istio替換現有deploy, 注入sidercar

istioctl kube-inject -f <(kubectl get deploy xxx -o yaml) | kubectl replace -f -

重啓pod(無法直接重啓, 刪除或者replace pod可以達到重啓效果, 或者進入容器/cashbus/tomcat/restart.sh)

kubectl delete po -l app=sc-tag

kubectl get pod logtail-ds-698m5 -n kube-system -o yaml | kubectl replace --force -f -

轉發pod流量到kubectl運行節點上

# kiali
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=kiali -o jsonpath='{.items[0].metadata.name}') 20001:20001
# grafana
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=grafana -o jsonpath='{.items[0].metadata.name}') 3000:3000 &
# prometheus
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=prometheus -o jsonpath='{.items[0].metadata.name}') 9090:9090 &
# service Graph
kubectl -n istio-system port-forward $(kubectl -n istio-system get pod -l app=servicegraph -o jsonpath='{.items[0].metadata.name}') 8088:8088 &
# jaeger-collector
kubectl -n istio-system port-forward $(kubectl -n istio-system get po -l app=tracing-on-sls,component=collector -o jsonpath='{.items[0].metadata.name}') 9411:9411&

停止應用所有pod 沒法直接停止 可以 scale對應deployment爲0達到效果

kubectl scale xx sc-contract-sc-xxx --replicas=0

命令行處理yaml

cat <<EOF | kubectl create -f -
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
  name: simple
  annotations:
    nginx.ingress.kubernetes.io/rewrite-target: /
spec:
  rules:
  - http:
      paths:
      - path: /svc
        backend:
          serviceName: http-svc
          servicePort: 80
EOF

標記master可調度(不建議)

kubectl taint node -l node-role.kubernetes.io/master node-role.kubernetes.io/master=:PreferNoSchedule --overwrite
kubectl taint node -l node-role.kubernetes.io/master node-role.kubernetes.io/master-

標記節點不可調度

kubectl cordon node 

helm手動安裝

######### helm install
需要支持ipv6
/etc/sysctl.conf
net.ipv6.conf.all.disable_ipv6 = 0
net.ipv6.conf.default.disable_ipv6 = 0
net.ipv6.conf.lo.disable_ipv6 = 0
$ sysctl -p
/etc/sysconfig/network
NETWORKING_IPV6=yes
$ service network restart
curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash

helm tiller自行升級 官方源被牆 國內連不上 這裏用阿里鏡像源

export TILLER_TAG=v2.9.1
kubectl --namespace=kube-system set image deployments/tiller-deploy tiller=registry-vpc.cn-beijing.aliyuncs.com/google_containers/tiller:$TILLER_TAG

helm 自動補全

source <(helm completion bash)

獲取pod異常終止前的狀態

kubectl get pod -o go-template='{{range.status.containerStatuses}}{{"Container Name: "}}{{.name}}{{"\r\nLastState: "}}{{.lastState}}{{end}}' xxxxxxxx

刪除node

轉移節點正在運行的 resource
kubectl get no -o wide | awk '/NotReady/{print $1}' | xargs -i -t kubectl drain {} --ignore-daemonsets
刪除
kubectl get no -o wide | awk '/NotReady/{print $1}' | xargs -i -t kubectl delete node {}

逐出節點上所有pod

kubectl drain cn-beijing.i-xxxxx --delete-local-data --ignore-daemonsets

批量打ingress controller標籤 用作自動調度

kubectl get node | awk '!/master/{print $1}' |xargs -i -t kubectl label node {} node-role.kubernetes.io/ingress=true --overwrite

各種patch

patch configmap
kubectl patch -n kube-system cm tcp-services --patch '{"data":{"32218": "default/sc-xxx0debug:32219"}}'
patch serice
kubectl patch -n kube-system svc nginx-ingress-lb --patch '{"spec":{"ports":[{"name":"patch-test","port": 32222, "protocol":"TCP", "targetPort": 32222}]}}'
patch nodeSelector
kubectl patch deployment sc-demo-sc-demo -p '{"spec":{"template":{"spec":{"nodeSelector":{"env":"testing"}}}}}'
patch  readiness healthCheck  jsonpatch http://jsonpatch.com/ 

patch healthCheck, JSON Patch, RFC 6902

kubectl patch deployment xxxx --type='json' -p='[
{

"op": "replace",
"path": "/spec/template/spec/containers/0/readinessProbe",
"value": {
    "failureThreshold": 1,
    "initialDelaySeconds": 30,
    "periodSeconds": 3,
    "successThreshold": 3,
    "httpGet": {
      "path": "/rest/healthCheck",
      "port": "app-port"
    },
    "timeoutSeconds": 1
  }

}
]'

獲取所有運行鏡像 go-template示例

kubectl get deployment -o go-template --template='{{range .items}}{{range .spec.template.spec.containers }}{{printf "%s\n" .image}}{{end}}{{end}}'
kubectl get deployment -o go-template --template='{{range .items}}{{range .spec.template.spec.containers }}{{printf "%s\n" .image}}{{end}}{{end}}' | awk -F'[:/]' '{printf "    [\042%s\042]=\042%s\042\n",$(NF-1),$NF}'

刪除istio相關crd(customresourcedefinition)

kubectl get crd | awk '/istio/{print $1}' | xargs -i kubectl delete crd {}

清空整個namespace(慎用)

kubectl -n istio-system delete all --all

強制更新 helm "no deployed release"狀態的release，感覺還是比較雞肋. 至今沒找到好的辦法處理 "no deployed release"

helm upgrade --force -i -f ack-istio-default.yaml ack-istio-default incubator/ack-istio