namespace
create namespace
$ cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: <name>
labels:
name: <name>
EOFor
$ kaubectl create namespace <name> $ kubectl label namespace <name> name=<name> --overwrite
remove stuck namespace
check which item occupied the resource
[!NOTE] references:
$ ns='marslo-test'
$ for _r in $(kubectl api-resources --verbs=list --namespaced -o name); do
if [[ 'No resources found.' != "$(kubectl get -n ${ns} ${_r} 2>&1 >/dev/null)" ]]; then
echo "---- ${_r} ----"
kubectl get -n ${ns} ${_r}
fi
done
---- resourcequotas ----
NAME CREATED AT
builder-resource-quota 2019-11-15T17:12:52Z
---- secrets ----
NAME TYPE DATA AGE
default-token-l4s96 kubernetes.io/service-account-token 3 2y351d
---- serviceaccounts ----
NAME SECRETS AGE
default 1 2y351d[!NOTE|label:references]
# to modify `"finalizers": [ "kubernet" ]` to `"finalizers": []` $ export NAMESPACE="monitoring" $ kubectl get namespace $NAMESPACE -o json | tr -d "\n" | sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" | kubectl replace --raw /api/v1/namespaces/$NAMESPACE/finalize -f -or
$ myns='marslo-test' $ for _i in $(kubectl api-resources --verbs=list --namespaced -o name); do echo ----- ${_i} ------ kubectl get -n ${myns} ${_i} done----- configmaps ------ No resources found. ----- endpoints ------ No resources found. ----- events ------ No resources found. ----- limitranges ------ No resources found. ----- persistentvolumeclaims ------ No resources found. ----- pods ------ No resources found. ----- podtemplates ------ No resources found. ----- replicationcontrollers ------ No resources found. ----- resourcequotas ------ No resources found. ----- secrets ------ No resources found. ----- serviceaccounts ------ No resources found. ----- services ------ No resources found. ----- controllerrevisions.apps ------ No resources found. ----- daemonsets.apps ------ No resources found. ----- deployments.apps ------ No resources found. ----- replicasets.apps ------ No resources found. ----- statefulsets.apps ------ No resources found. ----- horizontalpodautoscalers.autoscaling ------ No resources found. ----- cronjobs.batch ------ No resources found. ----- jobs.batch ------ No resources found. ----- certificaterequests.certmanager.k8s.io ------ No resources found. ----- certificates.certmanager.k8s.io ------ No resources found. ----- challenges.certmanager.k8s.io ------ NAME STATE DOMAIN AGE marslo-dashboard-2318568841-0 pending marslo-dashboard.mycompany.com 72m ----- issuers.certmanager.k8s.io ------ No resources found. ----- orders.certmanager.k8s.io ------ No resources found. ----- leases.coordination.k8s.io ------ No resources found. ----- events.events.k8s.io ------ No resources found. ----- daemonsets.extensions ------ No resources found. ----- deployments.extensions ------ No resources found. ----- ingresses.extensions ------ No resources found. ----- networkpolicies.extensions ------ No resources found. ----- replicasets.extensions ------ No resources found. ----- pods.metrics.k8s.io ------ No resources found. ----- ingresses.networking.k8s.io ------ No resources found. ----- networkpolicies.networking.k8s.io ------ No resources found. ----- poddisruptionbudgets.policy ------ No resources found. ----- rolebindings.rbac.authorization.k8s.io ------ No resources found. ----- roles.rbac.authorization.k8s.io ------ No resources found.or list only available resources
#!/usr/bin/env bash myns='marslo-test' for _i in $(kubectl api-resources --verbs=list --namespaced -o name); do if [[ "$(kubectl -n ${myns} get ${_i} 2>&1)" = No* ]]; then : else echo ----- ${_i} ------ kubectl -n ${myns} get ${_i} fi doneoneline
$ kubectl api-resources --namespaced=true -o name | xargs -n 1 -I {} bash -c "echo \"----- {} -----\"; kubectl get -n ${myns} {};" # --ignore-not-found # -t, --verbose # Print the command line on the standard error output before executing it $ kubectl api-resources --namespaced=true -o name | xargs -t -n 1 kubectl get --show-kind --ignore-not-found -n ${myns}
remove all pods in namespace
$ kubectl delete pods -n <namespace> --allor
$ kubectl delete po $(kubectl -n <namespace> get po -o jsonpath='{range .items[*]}{.metadata.name} ') \ --force --grace-period=0 \ -n <namespace>$ kubectl get pods --all-namespaces | grep Evicted | awk '{print $2 " --namespace=" $1}' | xargs kubectl delete pod$ kubectl get pods --all-namespaces | grep -E OutOfcpu\|Evicted\|Completed\|OOMKilled\|Error\|ContainerStatusUnknown | awk '{print "kubectl delete po " $2 " -n " $1 }' | bash
$ kubectl get ns -o=custom-columns=Namespace:.metadata.name --no-headers |
xargs -n1 kubectl delete pods --all -nbackup namespaces
#!/usr/bin/env bash
# credit belongs to https://raw.githubusercontent.com/ppo/bash-colors/master/bash-colors.sh
# shellcheck disable=SC2015,SC2059
c() { [ $# == 0 ] && printf "\e[0m" || printf "$1" | sed 's/\(.\)/\1;/g;s/\([SDIUFNHT]\)/2\1/g;s/\([KRGYBMCW]\)/3\1/g;s/\([krgybmcw]\)/4\1/g;y/SDIUFNHTsdiufnhtKRGYBMCWkrgybmcw/12345789123457890123456701234567/;s/^\(.*\);$/\\e[\1m/g'; }
exitOnError() { if [ $? -ne 0 ]; then echo -e "$(c R)ERROR$(c) : $*" >&2; exit 1; fi; }
showHelp() { echo -e "${usage}"; exit 0; }
usage="""
\t $(c R)nsb$(c) - $(c iR)n$(c)ame$(c iR)s$(c)pace $(c iR)b$(c)ackup: to backup all available api-resources in given namespace
\nSYNOPSIS:
\n\t$(c sY)\$ nsb <namespace> [<namespace> [<namespace> [..]]]$(c)
\nEXAMPLE:
\n\tshow help
\t\t$(c G)\$ nsb$(c)
\n\tbackup namespace(s)
\t\t$(c G)\$ nsb <namespace> <namespace> <namespace> ...$(c)
"""
[[ 0 -eq $# ]] && showHelp
path="./backups-$(date +%Y%m%d)/namespace"
while read -r -d' ' ns; do
echo -e "\n\n\n================================ $(c iY)${ns}$(c) ================================"
for _ar in $(kubectl api-resources --verbs=list --namespaced -o name); do
if [[ "$(kubectl -n ${ns} get ${_ar} 2>&1)" = No* ]]; then
:
else
target="${path}/${ns}/${_ar}"
mkdir -p "${target}"
echo -e "\n----- $(c iY)${ns}$(c) : $(c iB)${_ar}$(c) ------"
kubectl -n ${ns} get ${_ar} | tee "${target}/status.log"
kubectl -n ${ns} describe ${_ar} > "${target}/${_ar}.describe.log"
echo -e "\n... backup $(c iB)${_ar}$(c) all to ${target}/${_ar}.yml"
kubectl -n ${ns} get ${_ar} -o yaml --export > "${target}/${_ar}.yml"
while read -r name; do
echo -e "\t... backup $(c iB)${_ar}$(c) $(c iG)${name}$(c) to ${target}/${name}.yml"
if [[ "${name}" =~ .*-token-.* ]]; then
kubectl -n ${ns} get ${_ar} ${name} -o yaml > ${target}/${name}.yml
else
kubectl -n ${ns} get ${_ar} ${name} -o yaml --export > ${target}/${name}.yml
fi
done < <(kubectl -n "${ns}" get "${_ar}" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}')
fi
done
echo -e "======================================================================="
done <<< "$@ "remove challenge.certmanager
$ kubectl -n marslo-test delete challenges.certmanager.k8s.io marslo-dashboard-2318568841-0 \
--force --grace-period=0
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
challenge.certmanager.k8s.io "marslo-dashboard-2318568841-0" force deleted
####
stuck
####
$ kubectl get ns
NAME STATUS AGE
cert-manager Active 103d
...
marslo-test Terminating 103d
...
$ kubectl delete namespace cert-manager
$ kubectl -n marslo-test describe challenges.certmanager.k8s.io
Name: marslo-dashboard-2318568841-0
Namespace: marslo-test
Labels: acme.cert-manager.io/order-name=marslo-dashboard-2318568841
Annotations: <none>
API Version: certmanager.k8s.io/v1alpha1
Kind: Challenge
Metadata:
Creation Timestamp: 2020-01-02T13:24:46Z
Deletion Grace Period Seconds: 0
Deletion Timestamp: 2020-01-02T13:26:37Z
Finalizers:
finalizer.acme.cert-manager.io
# Please edit the object below. Lines beginning with a '#' will be ignored,
Generation: 5
Owner References:
API Version: certmanager.k8s.io/v1alpha1
Block Owner Deletion: true
Controller: true
Kind: Order
Name: marslo-dashboard-2318568841
UID: 06c2cc11-fd96-473d-b672-9e7495dee3bf
Resource Version: 28236617
Self Link: /apis/certmanager.k8s.io/v1alpha1/namespaces/marslo-test/challenges/marslo-dashboard-2318568841-0
UID: cc6f18e3-1035-4f9f-aa25-9fdcf2340d36
Spec:
Authz URL: https://acme-v02.api.letsencrypt.org/acme/authz-v3/2065855459
Config:
http01:
Ingress Class: nginx
Dns Name: marslo-dashboard.mycompany.com
Issuer Ref:
Kind: ClusterIssuer
Name: marslo-cert
Key: cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY.TjEqvfuHdQXjDvwPm1FMc5pU4scT3qTDs5j4qc8XAqM
Token: cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY
Type: http-01
URL: https://acme-v02.api.letsencrypt.org/acme/chall-v3/2065855459/raQniA
Wildcard: false
Status:
Presented: true
Processing: true
Reason: Waiting for http-01 challenge propagation: failed to perform self checkubectl get request 'http://marslo-dashboard.mycompany.com/.well-known/acme-challenge/cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY': Get http://marslo-dashboard.mycompany.com/.well-known/acme-challenge/cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY: dial tcp: lookup marslo-dashboard.mycompany.com on 10.96.0.10:53: no such host
State: pending
Events: <none>
## inspired from https://github.com/jetstack/cert-manager/issues/1582#issuecomment-515354712
$ kubectl -n marslo-test edit challenges.certmanager.k8s.io marslo-dashboard-2318568841-0
challenge.certmanager.k8s.io/marslo-dashboard-2318568841-0 edited
## manual remove the finalizerlist
list all namespaces with name only
$ kubectl get ns -o custom-columns=":metadata.name" --no-headersor
$ kubectl get ns -o nameor
$ kubectl get ns --no-headers -o name
list all quota in cluster
$ while read ns; do
echo "~~~~~~~~~~~~ ${ns} ~~~~~~~~~~~~~"
kubectl -n ${ns} describe quota
done < <(kubectl get ns -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')or
$ while IFS= read -rd ' ' ns; do echo "~~~> ${ns}" kubectl -n ${ns} describe quota done < <(kubectl get ns -o jsonpath="{.items[*].metadata.name}"
Last updated