...menustart
...menuend
- 客户端小版本最多比服务器大1, 比如服务器版本是1.7.8 , 客户端版本可以用 1.8.x
- linux
- macos:
- replace
linuxwithdarwin
- replace
chmod +x ./kubectl
mv ./kubectl /usr/local/bin/kubectl
1. list pods
kubectl -n umc-dunkshot-prod2 get po
only name:
kubectl get po --no-headers -o custom-columns=:.metadata.name
2. exec
kubectl exec -ti -n <namespace> <name of workernode> <command>
i.e. kubectl exec -ti -n <namespace> <name of workernode>
3.
kubectl -n umc-dunkshot-dev2 get svc
4. find pod by ip
kubectl get po --all-namespaces -o wide | grep 10.0.0.39
5. get yaml
kubectl ... get ... -o yaml --export
6. service accont
create serviceaccount <name> , it will also create an secret
create role by create -f
create rolebinding by create -f
...
7. ImagePullSecret ( 如果需要从外部pull 镜像的话需要设置, in deployment)
- qcloudregistrykey ,
it seems that TKE will automatically use `tencenthubkey` ?
8. secret can not be access across namespaces
to dup a secret from namespace A into namespace B
kubectl get secret <secret-name> --namespace=A --export -o yaml | kubectl apply --namespace=B -f -
9. full service name across namespaces
<service-name>.<namespace-name>.svc.cluster.local
- doc: https://kubernetes.io/docs/concepts/cluster-administration/manage-deployment/
- 轻松了解Kubernetes部署功能
kubectl get 命令默认输出格式, 包含的信息比较有限
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-app-76b6449498-86b55 1/1 Running 0 23d
nginx-app-76b6449498-nlnkj 1/1 Running 0 23d
opdemo-64db96d575-5mhgg 1/1 Running 2 23d自定义列输出的用法如下:
-o custom-columns=<header>:<jsonpath>[,<header>:<jsonpath>]...- each
<header>:<jsonpath><header>is column name<jsonpath>is an expression to specify the resource
$ kubectl get pods -o custom-columns='NAME:metadata.name'
NAME
nginx-app-76b6449498-86b55
nginx-app-76b6449498-nlnkj
opdemo-64db96d575-5mhgg- 选择 Pod 名称的表达式是metadata.name,这是因为 Pod 的名称被定义在 Pod 资源的 metadata 字段下面的 name 字段中
- 我们可以在 API 文档或者使用
kubectl explain pod.metadata.name命令来查看
现在假如我们要在输出结果中添加另外一列数据,比如显示每个 Pod 正在运行的节点:
$ kubectl get pods \
-o custom-columns='NAME:metadata.name,NODE:spec.nodeName'
NAME NODE
nginx-app-76b6449498-86b55 ydzs-node2
nginx-app-76b6449498-nlnkj ydzs-node1
opdemo-64db96d575-5mhgg ydzs-node2# 选择一个列表的所有元素
$ kubectl get pods -o custom-columns='DATA:spec.containers[*].image'
# 选择一个列表的指定元素
$ kubectl get pods -o custom-columns='DATA:spec.containers[0].image'
# 选择和一个过滤表达式匹配的列表元素
$ kubectl get pods -o custom-columns='DATA:spec.containers[?(@.image!="nginx")].image'
# 选择特定位置下的所有字段(无论名称是什么)
$ kubectl get pods -o custom-columns='DATA:metadata.*'
# 选择具有特定名称的所有字段(无论其位置如何)
$ kubectl get pods -o custom-columns='DATA:..image'显示 Pod 的所有容器镜像:
$ kubectl get pods \
-o custom-columns='NAME:metadata.name,IMAGES:spec.containers[*].image'显示节点的可用区域:
$ kubectl get nodes \
-o custom-columns='NAME:metadata.name,ZONE:metadata.labels.failure-domain\.beta\.kubernetes\.io/zone'- 每个节点的可用区都可以通过标签
failure-domain.beta.kubernetes.io/zone来获得 - 如果你的 Kubernetes 集群部署在公有云上面(比如 AWS、Azure 或 GCP),那么上面的命令就非常有用了
- 访问 COS 某个bucket的策略
{
"version": "2.0",
"statement": [
{
"action": [
"cos:*"
],
"resource": "qcs::cos:::BUCKET-NAME/*",
"effect": "allow"
},
{
"effect": "allow",
"action": [
"monitor:*",
"cam:ListUsersForGroup",
"cam:ListGroups",
"cam:GetGroup"
],
"resource": "*"
}
]
}
- 更换证书
- 检查证书兼容性 https://myssl.com/
-
kubectl 查看node 状态
kubectl describe nodes. -
登陆节点,查看硬盘占用
- 查看总体占用
df | less - 查看某个path下的占用
ls -Sldu -m <path> | sort -nr | head -n 10du -shxm * | sort -nr | head -n 10
- 查看总体占用
docker images | grep "<none>" | grep umc-app-images | awk "{print \$3}" | xargs docker rmi
# more aggressive
docker images | grep umc-app-images | awk "{print \$3}" | xargs docker rmi
kubectl_umc get pods --all-namespaces | awk '{ if ($4!="Running") print $0_ }'
- 1 install cntlm
1) download from
https://dl.fedoraproject.org/pub/epel/7/x86_64/Packages/c/
2) rpm -Uvh xxx.rpm
- 2 Get password hash
- (type your password, press enter and copy the output)
- modify your username/domain first in
/etc/cntlm.conf - or
cntlm -H -u <Your username> -d cop-domain?
$ cntlm -H
Password:
PassLM 14BE8CB0282308185246B269C29C0A88
PassNT DD8F12AC2482B5BC43A6972E7DFD0F78
PassNTLMv2 934498581AFCBE80CA0457E0FD30B0F9 # Only for user '', domain ''
- 3 Edit cntlm configuration file(Example for testuser)
#vi /etc/cntlm.conf
Username YOURUSERNAME
Domain YOURCOMPANYDOMAIN
########Paste result of cntlm -H here###########
PassLM 14BE8CB0282308185246B269C29C0A88
PassNT DD8F12AC2482B5BC43A6972E7DFD0F78
PassNTLMv2 934498581AFCBE80CA0457E0FD30B0F9 # Only for user '', domain ''
Proxy YOUR_COMPANY_PROXY_HOST:PORT
NoProxy ...
Auth NTLM
-
4 Enable cntlm service at boot , and start it now
#systemctl enable cntlm#systemctl start cntlm
-
5 Set environment variables (HTTP_PROXY and HTTPS_PROXY)
- use:
127.0.0.1:3128
- use:
-
/usr/local/etc/cntlm.conf
- otherwise it might be in /etc/cntlm.conf
-
You can run cntlm in debug mode for testing purpose and see what’s happening:
cntlm -f# Run in foreground, do not fork into daemon mode.
-
If everything is fine you can launch it as a daemon just by typing:
cntlm
-
To have launchd start cntlm now and restart at startup:
sudo brew services start cntlm
-
set proxy env
export http_proxy=http://localhost:3128
export https_proxy=https://localhost:3128
- restart
brew services restart cntlm