namespace

create namespace

$ cat << EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
  name: <name>
  labels:
    name: <name>
EOF
  • or

    $ kaubectl create namespace <name>
    $ kubectl label namespace <name> name=<name> --overwrite

remove stuck namespace

check which item occupied the resource

[!NOTE] references:

$ ns='marslo-test'
$ for _r in $(kubectl api-resources --verbs=list --namespaced -o name); do
    if [[ 'No resources found.' != "$(kubectl get -n ${ns} ${_r} 2>&1 >/dev/null)" ]]; then
      echo "---- ${_r} ----"
      kubectl get -n ${ns} ${_r}
    fi
  done

---- resourcequotas ----
NAME                     CREATED AT
builder-resource-quota   2019-11-15T17:12:52Z
---- secrets ----
NAME                  TYPE                                  DATA   AGE
default-token-l4s96   kubernetes.io/service-account-token   3      2y351d
---- serviceaccounts ----
NAME      SECRETS   AGE
default   1         2y351d
  • or modify spec.finalizers

    [!NOTE|label:references]

    # to modify `"finalizers": [ "kubernet" ]` to `"finalizers": []`
    $ export NAMESPACE="monitoring"
    $ kubectl get namespace $NAMESPACE -o json  |
              tr -d "\n" |
              sed "s/\"finalizers\": \[[^]]\+\]/\"finalizers\": []/" |
              kubectl replace --raw /api/v1/namespaces/$NAMESPACE/finalize -f -
  • or

    $ myns='marslo-test'
    $ for _i in $(kubectl api-resources --verbs=list --namespaced -o name); do
      echo ----- ${_i} ------
      kubectl get -n ${myns} ${_i}
    done
    ----- configmaps ------
    No resources found.
    ----- endpoints ------
    No resources found.
    ----- events ------
    No resources found.
    ----- limitranges ------
    No resources found.
    ----- persistentvolumeclaims ------
    No resources found.
    ----- pods ------
    No resources found.
    ----- podtemplates ------
    No resources found.
    ----- replicationcontrollers ------
    No resources found.
    ----- resourcequotas ------
    No resources found.
    ----- secrets ------
    No resources found.
    ----- serviceaccounts ------
    No resources found.
    ----- services ------
    No resources found.
    ----- controllerrevisions.apps ------
    No resources found.
    ----- daemonsets.apps ------
    No resources found.
    ----- deployments.apps ------
    No resources found.
    ----- replicasets.apps ------
    No resources found.
    ----- statefulsets.apps ------
    No resources found.
    ----- horizontalpodautoscalers.autoscaling ------
    No resources found.
    ----- cronjobs.batch ------
    No resources found.
    ----- jobs.batch ------
    No resources found.
    ----- certificaterequests.certmanager.k8s.io ------
    No resources found.
    ----- certificates.certmanager.k8s.io ------
    No resources found.
    ----- challenges.certmanager.k8s.io ------
    NAME                            STATE     DOMAIN                         AGE
    marslo-dashboard-2318568841-0   pending   marslo-dashboard.mycompany.com   72m
    ----- issuers.certmanager.k8s.io ------
    No resources found.
    ----- orders.certmanager.k8s.io ------
    No resources found.
    ----- leases.coordination.k8s.io ------
    No resources found.
    ----- events.events.k8s.io ------
    No resources found.
    ----- daemonsets.extensions ------
    No resources found.
    ----- deployments.extensions ------
    No resources found.
    ----- ingresses.extensions ------
    No resources found.
    ----- networkpolicies.extensions ------
    No resources found.
    ----- replicasets.extensions ------
    No resources found.
    ----- pods.metrics.k8s.io ------
    No resources found.
    ----- ingresses.networking.k8s.io ------
    No resources found.
    ----- networkpolicies.networking.k8s.io ------
    No resources found.
    ----- poddisruptionbudgets.policy ------
    No resources found.
    ----- rolebindings.rbac.authorization.k8s.io ------
    No resources found.
    ----- roles.rbac.authorization.k8s.io ------
    No resources found.
  • or list only available resources

    #!/usr/bin/env bash
    
    myns='marslo-test'
    for _i in $(kubectl api-resources --verbs=list --namespaced -o name); do
      if [[ "$(kubectl -n ${myns} get ${_i} 2>&1)" = No* ]]; then
        :
      else
        echo ----- ${_i} ------
        kubectl -n ${myns} get ${_i}
      fi
    done
  • oneline

    $ kubectl api-resources  --namespaced=true -o name |
      xargs -n 1 -I {} bash -c "echo \"----- {} -----\"; kubectl get -n ${myns} {};"
    
    # --ignore-not-found
    # -t, --verbose
    #               Print the command line on the standard error output before executing it
    $ kubectl api-resources  --namespaced=true -o name |
      xargs -t -n 1 kubectl get --show-kind --ignore-not-found -n ${myns}

remove all pods in namespace

$ kubectl delete pods -n <namespace> --all
  • or

    $ kubectl delete po $(kubectl -n <namespace> get po -o jsonpath='{range .items[*]}{.metadata.name} ') \
              --force --grace-period=0 \
              -n <namespace>
  • or

    $ kubectl get pods --all-namespaces |
              grep Evicted |
              awk '{print $2 " --namespace=" $1}' |
              xargs kubectl delete pod
  • or

    $ kubectl get pods --all-namespaces |
              grep -E OutOfcpu\|Evicted\|Completed\|OOMKilled\|Error\|ContainerStatusUnknown |
              awk '{print "kubectl delete po " $2 " -n " $1 }' |
              bash

delete in all namespaces

$ kubectl get ns -o=custom-columns=Namespace:.metadata.name --no-headers |
          xargs -n1 kubectl delete pods --all -n

backup namespaces

#!/usr/bin/env bash

# credit belongs to https://raw.githubusercontent.com/ppo/bash-colors/master/bash-colors.sh
# shellcheck disable=SC2015,SC2059
c() { [ $# == 0 ] && printf "\e[0m" || printf "$1" | sed 's/\(.\)/\1;/g;s/\([SDIUFNHT]\)/2\1/g;s/\([KRGYBMCW]\)/3\1/g;s/\([krgybmcw]\)/4\1/g;y/SDIUFNHTsdiufnhtKRGYBMCWkrgybmcw/12345789123457890123456701234567/;s/^\(.*\);$/\\e[\1m/g'; }
exitOnError() { if [ $? -ne 0 ]; then echo -e "$(c R)ERROR$(c) : $*" >&2; exit 1; fi; }
showHelp() { echo -e "${usage}"; exit 0; }

usage="""
\t $(c R)nsb$(c) - $(c iR)n$(c)ame$(c iR)s$(c)pace $(c iR)b$(c)ackup: to backup all available api-resources in given namespace
\nSYNOPSIS:
\n\t$(c sY)\$ nsb <namespace> [<namespace> [<namespace> [..]]]$(c)
\nEXAMPLE:
\n\tshow help
\t\t$(c G)\$ nsb$(c)
\n\tbackup namespace(s)
\t\t$(c G)\$ nsb <namespace> <namespace> <namespace> ...$(c)
"""

[[ 0 -eq $# ]] && showHelp
path="./backups-$(date +%Y%m%d)/namespace"

while read -r -d' ' ns; do

  echo -e "\n\n\n================================ $(c iY)${ns}$(c) ================================"
  for _ar in $(kubectl api-resources --verbs=list --namespaced -o name); do
    if [[ "$(kubectl -n ${ns} get ${_ar} 2>&1)" = No* ]]; then
      :
    else
      target="${path}/${ns}/${_ar}"
      mkdir -p "${target}"

      echo -e "\n----- $(c iY)${ns}$(c) : $(c iB)${_ar}$(c) ------"
      kubectl -n ${ns} get ${_ar} | tee "${target}/status.log"
      kubectl -n ${ns} describe ${_ar} > "${target}/${_ar}.describe.log"

      echo -e "\n... backup $(c iB)${_ar}$(c) all to ${target}/${_ar}.yml"
      kubectl -n ${ns} get ${_ar} -o yaml --export > "${target}/${_ar}.yml"

      while read -r name; do
        echo -e "\t... backup $(c iB)${_ar}$(c) $(c iG)${name}$(c) to ${target}/${name}.yml"
        if [[ "${name}" =~ .*-token-.* ]]; then
          kubectl -n ${ns} get ${_ar} ${name} -o yaml > ${target}/${name}.yml
        else
          kubectl -n ${ns} get ${_ar} ${name} -o yaml --export > ${target}/${name}.yml
        fi
      done < <(kubectl -n "${ns}" get "${_ar}" -o jsonpath='{range .items[*]}{.metadata.name}{"\n"}')

    fi
  done

  echo -e "======================================================================="
done <<< "$@ "

remove challenge.certmanager

$ kubectl -n marslo-test delete challenges.certmanager.k8s.io marslo-dashboard-2318568841-0 \
          --force --grace-period=0
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
challenge.certmanager.k8s.io "marslo-dashboard-2318568841-0" force deleted
####
stuck
####

$ kubectl get ns
NAME                   STATUS        AGE
cert-manager           Active        103d
...
marslo-test            Terminating   103d
...

$ kubectl delete namespace cert-manager

$ kubectl -n marslo-test describe challenges.certmanager.k8s.io
Name:         marslo-dashboard-2318568841-0
Namespace:    marslo-test
Labels:       acme.cert-manager.io/order-name=marslo-dashboard-2318568841
Annotations:  <none>
API Version:  certmanager.k8s.io/v1alpha1
Kind:         Challenge
Metadata:
  Creation Timestamp:             2020-01-02T13:24:46Z
  Deletion Grace Period Seconds:  0
  Deletion Timestamp:             2020-01-02T13:26:37Z
  Finalizers:
    finalizer.acme.cert-manager.io
# Please edit the object below. Lines beginning with a '#' will be ignored,
  Generation:  5
  Owner References:
    API Version:           certmanager.k8s.io/v1alpha1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Order
    Name:                  marslo-dashboard-2318568841
    UID:                   06c2cc11-fd96-473d-b672-9e7495dee3bf
  Resource Version:        28236617
  Self Link:               /apis/certmanager.k8s.io/v1alpha1/namespaces/marslo-test/challenges/marslo-dashboard-2318568841-0
  UID:                     cc6f18e3-1035-4f9f-aa25-9fdcf2340d36
Spec:
  Authz URL:  https://acme-v02.api.letsencrypt.org/acme/authz-v3/2065855459
  Config:
    http01:
      Ingress Class:  nginx
  Dns Name:           marslo-dashboard.mycompany.com
  Issuer Ref:
    Kind:    ClusterIssuer
    Name:    marslo-cert
  Key:       cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY.TjEqvfuHdQXjDvwPm1FMc5pU4scT3qTDs5j4qc8XAqM
  Token:     cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY
  Type:      http-01
  URL:       https://acme-v02.api.letsencrypt.org/acme/chall-v3/2065855459/raQniA
  Wildcard:  false
Status:
  Presented:   true
  Processing:  true
  Reason:      Waiting for http-01 challenge propagation: failed to perform self checkubectl get request 'http://marslo-dashboard.mycompany.com/.well-known/acme-challenge/cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY': Get http://marslo-dashboard.mycompany.com/.well-known/acme-challenge/cq9ofBV9ugv0zdf6ZMoPtFJjhuNrg17hVbAzQK1t2HY: dial tcp: lookup marslo-dashboard.mycompany.com on 10.96.0.10:53: no such host
  State:       pending
Events:        <none>


## inspired from https://github.com/jetstack/cert-manager/issues/1582#issuecomment-515354712
$ kubectl -n marslo-test edit challenges.certmanager.k8s.io  marslo-dashboard-2318568841-0
challenge.certmanager.k8s.io/marslo-dashboard-2318568841-0 edited
## manual remove the finalizer

list

list all namespaces with name only

$ kubectl get ns -o custom-columns=":metadata.name" --no-headers
  • or

    $ kubectl get ns -o name
  • or

    $ kubectl get ns --no-headers -o name

list all quota in cluster

$ while read ns; do
    echo "~~~~~~~~~~~~ ${ns} ~~~~~~~~~~~~~"
    kubectl -n ${ns} describe quota
  done < <(kubectl get ns -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}')
  • or

    $ while IFS= read -rd ' ' ns; do
        echo "~~~> ${ns}"
        kubectl -n ${ns} describe quota
      done < <(kubectl get ns -o jsonpath="{.items[*].metadata.name}"

Last updated