openshift常用命令

oc get nodes //獲取集群所有節點
oc describe node node-name  //查看對應節點詳細信息，可以看到運行在該節點下的pod
oc get pods -n namespace-name //查看對應namespace下pod
oc get all  //查看當前project下的所有資源
oc status  //查看登錄在哪個project下
oc get pods -o wide -n namespace-name //查看對應namespace下pod詳情
oc describe pod pod-name -n namespace-name //查看pod詳細信息
oc get limitrange -n namespace-name //獲取對應namespace的limitrange配置文件
oc describe limitrange limitrange.config -n namespace-name //查看配置文件詳情
oc edit limitrange limitrange.config -n namespace-name //修改limitrange配置
oc project project-name //切換到project
oc adm policy add-scc-to-user anyuid -z default //為該project下default賬戶開啟anyuid，
可以使用root權限，一般是安裝/運行某些軟件時需要
oc adm policy remove-scc-from-user anyuid -z default //刪除default的anyuid權限
oc get pod //查看該project下的pod
oc get service //查看該project下的service
oc get endpoints  //查看該project下的Endpoints
oc delete pod pod-name -n namespace-name  //重啟pod
oc rollout history DeploymentConfig/dc-name  //查看dc歷史版本
oc rollout history DeploymentConfig/dc-name --revision=5 //回滾到5版本
oc scale dc pod-name --replicas=3 -n namespace //設置副本數為3
oc autoscale dc dc-name --min=2 --max=10 --cpu-percent=80  //設置自動伸縮最小2，最大10
oc get scc //查看scc
oc describe scc anyuid //查看anyuid詳細信息,user即包含已經開啟anyuid的project
oc describe clusterrole.rbac //查看集群管理員角色及權限
oc describe clusterrolebinding.rbac //查看用戶組及綁定的角色
oc adm policy add-cluster-role-to-user cluster-admin username //添加username為cluster-admin
oc get routes --all-namespaces  //查看所有namespace的route
oc logs -f pod-name //查看pod log
docker ps -a|grep pod-name //查看pod對應containerID
docker exec -it containerID /bin/sh  //登錄到container
oc new-project my-project  //創建project
oc new-app https://github.com/sclorg/cakephp-ex  //創建APP
oc status //查看當前項目狀態
oc api-resources //查看server支持的api資源
oc adm must-gather  //收集當前集群的狀態信息
oc adm top pods //查看pod資源狀態
oc adm top node //查看節點資源狀態
oc adm top images //查看images使用情況
oc adm cordon node1 //標記node1為SchedulingDisabled
oc adm manage-node <node1> --schedulable = false //標記node1為unschedulable
oc adm manage-node node1 --schedulable //標記node1為schedulable
oc adm drain node1 //將node1進入維護模式
oc delete node //刪除node
oc adm node-logs --role master -u NetworkManager.service //獲取節點網絡日志
oc get csr //查詢CSR(certificate signing requests)
oc adm certificate approve csr-name //approve CSR
oc adm certificate deny csr_name  //拒掉csr
oc get csr|xargs oc adm certificate approve csr //approve所有csr
echo 'openshift_master_bootstrap_auto_approve=true' >> /etc/ansible/hosts  //設置自動approve csr
oc get project projectname  //get project
oc describe project projectname //查看project信息
oc get pod pod-name -o yaml  //查看pod-name yaml文件
oc get nodes --show-labels //查看節點label
oc label nodes node-name label-key=label-value  //給node添加標簽，pod也要有對應label（在第二層spec下添加nodeSelector），pod就會運行在指定的node上
oc label nodes node-name key=new-value --overwrite //更新指定key值的label
oc label nodes node-name key-  //刪除指定key值的label
oadm manage-node node-name --list-pods  //查看運行在某node上的所有pod
oadm manage-node node-name --schedulable=false //mark node as unschedulable
oc get svc //查看service
oc patch dc dc-name -p '{"spec":{"template":{"spec":{"containers":[{"name":"dc-name","securityContext":{"runAsUser": 1000160000}}],"securityContext":{"runAsUser": 1000160000,"fsGroup": 1000160000}}}}}'   //修改dc-name yaml文件
oc login --token=iz56jscHZp9mSN3kHzjayaEnNo0DMI_nRlaiJyFmN74 --server=https://console.qa.c.sm.net:8443 //使用命令行登錄openshift，token是用你自己的賬戶在登錄網址時生成的token
oc rsh -t  //查看token
oc rsh pod-name  //使用命令行登錄pod
oc whoami --show-server  //查看當前登錄的服務地址
oc whoami //查看當前登錄賬戶
oc get dc -n namespace  //查看deployment config
oc get deploy -n namespace //查看deploy
oc edit deploy/deployname -o yaml -n namespace //編輯deploy yaml文件
oc get cronjob  //查看cronjob
oc edit cronjob/cronjob-name -n namespace-name  //編輯cronjob
oc describe cm/configmap-name -n namespace-name  //查看cronjob
oc get configmap -n namespace-name  //查詢configmap
oc get cm -n namespace-name  //查詢configmap
cat /etc/origin/master/master-config.yaml|grep cidr  //查看集群pod網段規划
oc edit vm appmngr54321-poc-msltoibh -n appmngr54321-poc -o yaml //編輯VM yaml文件
oc serviceaccounts get-token sa-name  //獲取sa-name的token
oc login url --token=token  //使用token登錄
oc scale deployment deployment-name --replicas 5  //擴展pod副本數量
oc config view //查看config
TOKEN=$(oc get secret $(oc get serviceaccount default -o jsonpath='{.secrets[0].name}') -o jsonpath='{.data.token}' | base64 --decode )  //get token
APISERVER=$(oc config view --minify -o jsonpath='{.clusters[0].cluster.server}')  //get apiserver
curl $APISERVER/api --header "Authorization: Bearer $TOKEN" --insecure  //curl API
oc api-versions  //get api versions
oc api-resources //get api-resources
oc get hpa  --all-namespaces//查詢HPA
oc describe hpa/hpaname -n namespace  //查看HPA，可以看到Metrics，Events
oc create serviceaccount caller //創建sa
oc adm policy add-cluster-role-to-user cluster-admin -z caller //賦予cluster-admin權限
oc serviceaccounts get-token caller //get sa token
echo $KUBECONFIG //獲取kubeconfig文件位置
oc get cm --all-namespaces -l app=deviation //根據labelselector篩選cm
oc describe PodMetrics podname  //查詢pod CPU/mem usage，openshift4.X適用
oc api-resources -o wide   //查看shortnames、apiGroup、verbs
oc delete pod --selector logging-infra=fluentd //按selector刪除
oc get pods -n logger -w  //watch 某個pod狀態
oc whoami  //查看當前登錄賬戶
oc explain pv.spec  //查看資源對象的定義
oc get MutatingWebhookConfiguration   //查看MutatingWebhook
oc get ValidatingWebhookConfiguration  //查看ValidatingWebhook
oc annotate validatingwebhookconfigurations <validating_webhook_name> service.beta.openshift.io/inject-cabundle=true   //給validatingwebhook注入CA
oc annotate mutatingwebhookconfigurations <mutating_webhook_name> service.beta.openshift.io/inject-cabundle=true   //給mutatingwebhook注入CA
 
oc get secrets/signing-key -n openshift-service-ca \
     -o template='{{index .data "tls.crt"}}' \
     | base64 -d \
     | openssl x509 -noout -enddate
//查看當前服務 CA 證書的到期日期
oc delete secret/signing-key -n openshift-service-ca  //手動更新該服務證書
 
for I in $(oc get ns -o jsonpath='{range .items[*]} {.metadata.name}{"\n"} {end}'); \
      do oc delete pods --all -n $I; \
      sleep 1; \
      done
//將新證書應用到所有服務，請重啟集群中的所有 pod
 
oc annotate crd <crd_name> \
 
 
service.beta.openshift.io/inject-cabundle=true   //給CRD注入CA
oc annotate apiservice <api_service_name> service.beta.openshift.io/inject-cabundle=true   //給apiservice 注入CA
oc annotate configmap <config_map_name> service.beta.openshift.io/inject-cabundle=true   //給configmap  注入CA
oc annotate service <service_name> service.beta.openshift.io/serving-cert-secret-name=<secret_name>   //給service 添加服務證書
oc get pv --selector=='path=testforocp' //根據label查詢pv
 
# oc get --raw "/apis/metrics.k8s.io/v1beta1" | jq .  
{
  "kind": "APIResourceList",
  "apiVersion": "v1",
  "groupVersion": "metrics.k8s.io/v1beta1",
  "resources": [
    {
      "name": "nodes",
      "singularName": "",
      "namespaced": false,
      "kind": "NodeMetrics",
      "verbs": [
        "get",
        "list"
      ]
    },
    {
      "name": "pods",
      "singularName": "",
      "namespaced": true,
      "kind": "PodMetrics",
      "verbs": [
        "get",
        "list"
      ]
    }
  ]
}
————————————————
版權聲明：本文為CSDN博主「SeasonRun」的原創文章，遵循CC 4.0 BY-SA版權協議，轉載請附上原文出處鏈接及本聲明。
原文鏈接：https://blog.csdn.net/haiziccc/article/details/105659109