Go to Qiita Advent Calendar 2024 Top
LoginSignup
1
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

More than 3 years have passed since last update.

@yukisyo

Kubernetesコマンド

Last updated at Posted at 2020-05-28

#ShortCut

po     ⇒ Pods
rs     ⇒ ReplicaSets
deploy ⇒ Deployments
svc    ⇒ Services
ns     ⇒ Namespaces
netpol ⇒ Network policies
pv     ⇒ Persistent Volumes
pvc    ⇒ PersistentVolumeClaims
sa     ⇒ Service Accounts

#jsonpath

kubectl config view 
   --kubeconfig=my-kube-config 
   -o jsonpath="{.contexts[?(@.context.user=='aws-user')].name}" 
   > /opt/outputs/aws-context-name

#backup

kubectl get all -A -o yaml > backup.yaml

ETCDCTL_API=3 etcdctl snapshot save snapshot.db
service kube-apiserver stop 
ETCDCTL_API=3 etcdctl snapshot restore snapshot.db --data-dir /var/lib/etcd-from-backup

#explain

kubectl explain persistmentvolume --recursive | less

#Pod

##Pot List

kubectl get pods
kubectl get pods -o wide
kubectl get pods -n kube-system // namespace指定
kubectl get pods --selector app=app1,env=prod // labelフィルタリング
kubectl get pods --l app=app1,env=prod // labelフィルタリング
kubectl get pods --all-namespaces
kubectl get pods --show-labels

##Pot Status

kubectl describe pod pod-name

##Create Pod

kubectl run pod-name --image nginx

##Edit Pod

kubectl edit pod pod-name
kubectl get pod <pod-name> -o yaml > pod-definition.yaml

##Create Pot By YML

kubectl create -f pod-difinition.yml
kubectl apply -f pod-difinition.yml

##Delete Pod

kubectl delete pod pod-name

#ReplicaSet
##Create Replicaset

kubectl create replicaset <replicaset-name> --image=nginx --replicas=5

##Get Replicaset

kubectl get replicasets

##Delete Replicaset

kubectl delete replicaset replicaset-name

#Deployment

##Scale

kubectl replace -f replicaset-definition.yml
kubectl scale --replicas=6 -f replicaset-definition.yml
kubectl scale --replicas=6 replicaset myapp-replicaset

##Generate Deployment YAML file (-o yaml)

kubectl create deployment --image=nginx nginx --replicas=4 --dry-run -o yaml > nginx-deployment.yaml
kubectl create deployment httpd-name; Replicats 4; Image: httpd
kubectl create deployment httpd-name --image=httpd
kubectl scale deployment httpd-name --replicas=6
kubectl set image deployment/<deployment-name> <container-name>=nginx:1.9.1 --record

##Rollout

kubectl rollout status deployment/myapp-deployment
kubectl rollout history deployment/myapp-deployment --revision=1
kubectl rollout undo deployment/myapp-deployment

#Configration
##Pod Env

###plain key-value

spec:
  containers:
  - name: container-name
    env:
    - name: DB_NAME
      value: PROD
    - name: DB_URL
      valueFrom:
        configMapKeyRef:
          name: myconfig
          key: db_url
    - name: DB_PASSWORD
      valueFrom:
        secretKeyRef:
          name: mysecret
          key: db_password

##configmap
###create configmap

kubectl create configmap <configmap-name> --from-literal=<key>=<value> --from-literal=<key2>=<value2>
kubectl create configmap <configmap-name> --from-file=<file_path>

kubectl get configmaps
kubectl describe configmaps

###use configmap in pod

spec:
  containers:
  - name: container-name
    envFrom:
    - configMapRef:
        name: myconfig

##secret
###create secret

kubectl create secret generic <secret-name> --from-literal=<key>=<value> --from-literal=<key2>=<value2>
kubectl create secret generic <secret-name> --from-file=<file_path>
echo -n 'secret-value' | base64
echo -n 'secret-value' | base64  --decode
kubectl get secrets
kubectl describe secrets
kubectl get secret <secret-name> -o wide

###use secret in pod

spec:
  containers:
  - name: container-name
    envFrom:
    - secretRef:
        name: mysecret

##Security Context

spec:
  securityContext:
    runAsUser: 1000
    capabilities:
      add: ["MAC_ADMIN"]
  containers:
  - name: nginx
    image: nginx
    command: ["sleep"]
    args:
    - ["300"]
    securityContext:
      runAsUser: 2000
      capabilities:
        add: ["MAC_USER"]

##Service Account
###Create Service Account

kubectl create serviceaccount <name>
kubectl describe secret serviceaccount-token-name
/var/run/secrets/kubernetes.io/serviceaccount

###Use Service Account in Pod

sepc:
# automoutServiceAccountToken: false
  serviceAccount: name
  containers:

##Resource Requirements

spec:
  containers:
  - name: name
    resources:
      requests:
        memory: "1Mi"
        cpu: 0.1
      limits:
        memory: "4Gi"
        cpu: 4

##Taints | Tolerations -Node

kubectl taint nodes node1 app=blue:NoSchedule // NoSchedule | PreferNoSchedule | NoExecute
// YAML側の設定は以下
spec:
 tolerations:
  - key: "app"
    operator: "Equal"
    value: "blue"
    effect: "NoSchedule"

##Remove Taints

kubectl taint nodes node1 app=blue:NoSchedule-

##Node Slector | Label Nodes

kubectl label nodes node-name label-key=label-name
// YAML側の設定は以下
spec:
  nodeSelector:
    label-key: label-name

##Node Affinity

apiVersion: v1
kind: Pod
metadata:
  name: with-pod-affinity
spec:
  affinity:
    nodeAffinity:
      requiredDuringSchedulingIgnoredDuringExecution:
        nodeSelectorTerms:
          - matchExpressions:
            - key: security
              operator: In
              values:
              - S1
  containers:
  - name: with-pod-affinity
    image: k8s.gcr.io/pause:2.0

#Service

kubectl expose deployment <deployment-name>
         --name=webapp-service 
         --type=NodePort 
         --target-port=8080 
         --port=80

kubectl expose pod <pod-name> --port=6379 --name=redis-service 
kubectl create service clusterip <pod-name> --tcp=6379:6379 --node-port=30080

kubectl expose pod <pod-name>--port=80 --name=nginx-service --type=NodePort
kubectl create service nodeport <pod-name> --tcp=80:80 --node-port=30080

#Namespace

##Get Pods

kubectl get pods --namespace=stg
kubectl get pods -n stg
kubectl get pods --all-namespaces
kubectl get ns

##Change Defualt Namespace

kubelctl config set-context $(kubectl config current-context) --namespace=dev

#Readinesss Probe / Liveness Probe

##HTTP Test

spec:
 containers:
 - name: container-name
   image: docker-image
   readinessProbe/livenessProbe:
    httpGet:
      path: /
      port: 80
    initialDelaySeconds: 10
    periodSeconds: 5
    failureThreshold: 8

##TCP Test

  readinessProbe/livenessProbe:
    tcpSocket:
      port: 80

##Exec Command

  readinessProbe/livenessProbe:
    exec:
      command:
      - cat 
      - index.html

#Logs

kubectl logs -f <pod-name> <container-name>

#Jobs

kubctl create job <job-name> --image=nginx

#Cron Jobs

kubctl create cronjob <job-name> --image=nginx --schedule="1 * * * *"

#Ingress Controller

apiVersion: apps/v1
kind: Deployment
metadata:
  name: ingress-controller
  namespace: ingress-space
spec:
  replicas: 1
  selector:
    matchLabels:
      name: nginx-ingress
  template:
    metadata:
      labels:
        name: nginx-ingress
    spec:
      serviceAccountName: ingress-serviceaccount
      containers:
        - name: nginx-ingress-controller
          image: quay.io/kubernetes-ingress-controller/nginx-ingress-controller:0.21.0
          args:
            - /nginx-ingress-controller
            - --configmap=$(POD_NAMESPACE)/nginx-configuration
            - --default-backend-service=app-space/default-http-backend
          env:
            - name: POD_NAME
              valueFrom:
                fieldRef:
                  fieldPath: metadata.name
            - name: POD_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
          ports:
            - name: http
              containerPort: 80
            - name: https
              containerPort: 443
1
1
1

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
1
1

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?