从容器中拷贝文件

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11


kubectl cp -n namespace pod_name:app/test.txt ./test.txt --kubeconfig=./.kube/mykubeconfig

# 上面是linux，如果是windows的话，如下

kubectl cp -n namespace pod_name:app/test.txt .\test.txt --kubeconfig=.\.kube\mykubeconfig


# 从本地拷贝到容器里
kubectl cp -n kubesphere-controls-system .\curl kubectl-6f7f88ff9b-27lcq:tmp/curl --kubeconfig=.\.kube\local

docker cp container_name:file_path file_save_path

查看pod详情

1

kubectl describe pods -n namespace

删除节点

1
2
3
4
5
6
7


#先停止服务

systemctl stop docker

systemctl stop kubelet

kubectl delete node node_name

删除pod

1
2
3
4


kubectl delete pod pod_name -n namespace

强制删除
kubectl delete pod pod_name -n namespace --grace-period=0 --force

回滚

kubectl rollout history deployment/grafana -n kubesphere-monitoring-system

kubectl rollout history deployment/grafana --revision=83 -n kubesphere-monitoring-system

kubectl rollout undo deployment/grafana --to-revision=1 -n kubesphere-monitoring-system

进入容器

1
2
3
4
5
6


kubectl exec -it pod_name -n mynamespace --kubeconfig=/path/file -- /bin/bash

旧版命令会有相应提示，其实就是命令前面加了个'--'
[root@master ~]# kubectl exec -it nginx-deployment-f7ccf9478-ddxr6 -n default "/bin/bash"
kubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. 
Use kubectl exec [POD] -- [COMMAND] instead.

多集群

1
2


使用--kubeconfig
kubectl get svc -n default --kubeconfig=/path/.kube/config_file

节点label

1
2
3
4
5
6
7
8


查看
kubectl get nodes --show-labels

设置label
kubectl label nodes slave01 kubernetes.io/role=worker

覆盖
kubectl label --overwrite nodes slave01 kubernetes.io/role=worker1

查看api

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17


kubectl api-resources
NAME                     SHORTNAMES   APIVERSION   NAMESPACED   KIND
bindings                              v1           true         Binding
componentstatuses        cs           v1           false        ComponentStatus
configmaps               cm           v1           true         ConfigMap
endpoints                ep           v1           true         Endpoints
events                   ev           v1           true         Event
limitranges              limits       v1           true         LimitRange


kubectl api-resources -v 6
...
I0108 ... GET https://192.168.58.2:8443/api?timeout=32s 200 OK in 10 milliseconds
I0108 ... GET https://192.168.58.2:8443/apis?timeout=32s 200 OK in 1 milliseconds
I0108 ... GET https://192.168.58.2:8443/apis/apiregistration.k8s.io/v1?timeout=32s 200 OK in 7 milliseconds
I0108 ... GET https://192.168.58.2:8443/api/v1?timeout=32s 200 OK in 13 milliseconds
...

secret

# 创建tls证书
kubectl create secret tls my-tls-secret --cert=path/to/cert/file --key=path/to/key/file -n foreground --kubeconfig=.\.kube\kubeconfig

# 加密证书Opaque
kubectl create secret generic mycerts --from-file=private-rsa.pfx=.\private-rsa.pfx -n foreground  \
--kubeconfig=.\.kube\kubeconfig

然后yaml引用
```yaml
spec:
  volumes:
    - name: mycerts
      secret:
        secretName: mycerts
        defaultMode: 420
  ...
  containers:
    volumeMounts:
      - name: mycerts
        readOnly: true
        mountPath: /data/cer/

创建镜像仓库连接认证

kubectl create secret docker-registry secret-tiger-docker
–docker-email=tiger@acme.example
–docker-username=tiger
–docker-password=pass1234
–docker-server=my-registry.example:5000



https://kubernetes.io/docs/reference/kubectl/cheatsheet/