- 判断某个IP是否来自容器服务
kubectl get po -n prod -o custom-columns='name:.metadata.name,ip:.status.podIP' | grep 10.204.60.52
- 强制删除某个命名空间(如:autotest)下异常退出的容器
kubectl get po -n autotest | grep -E 'Evicted|Terminating|Unknown' | awk '{print $1}' | xargs kubectl delete po -n autotest --force --grace-period 0
- 查看某个ServiceAccount对应的token,可用于调用Api-server时作为Bearer Token认证
kubectl -n kube-system describe secret $(kubectl -n kube-system get secret | grep admin | awk '{print $1}')
用kubectl管理多集群
export KUBECONFIG=/path/to/config-cluster-1:/path/to/config-cluster-2 kubectl config use-context cluster-1-admin@cluster-1快速创建具备cluster-role权限的用户
kubectl create serviceaccount dashboard-admin -n kube-system kubectl create clusterrolebinding dashboard-cluster-admin --clusterrole=cluster-admin --serviceaccount=kube-system:dashboard-admin