-
Notifications
You must be signed in to change notification settings - Fork 16
/
kubernetes.cli.txt
3731 lines (2835 loc) · 285 KB
/
kubernetes.cli.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
KUBERNETES
/=+===============================+=\
/ : : \
)==: VERSION :==(
\ :_______________________________: /
\=+===============================+=/
VERSION ==> #1.4.6
VERSION #Different API versions offer different possible entities:
# - batch/v1: only Job
# - autoscaling/v1: only HorizontalPodAutoscaler
# - v1beta1: Job, HorizontalPodAutoscaler, Deployment, ReplicaSet, DaemonSet, Ingress, NetworkPolicy, ThirdPartyResource, Scale
# - v1: everything else
#Can query:
# - GET HOST/api[s] or kubectl api[-]versions: available versions
# - GET HOST/version: current Git version
RESC[_LIST].apiVersion #Required
kubectl version #Print the client and server version information
-c
--client BOOL #Client version only (no server required). Def: false
kubectl create|run|set image|explain|edit|delete|
rolling-update|scale|autoscale|cluster-info|
taint|describe|log|apply|patch|replace|convert|
label|annotate ... #
--include-extended-apis BOOL #If true (def), include definitions of new APIs via calls to the API server.
kubectl ... #
--match-server-version BOOL #Require server version to match client version. Def: false
kubeadm init ...
--use-kubernetes-version STR #Choose a specific Kubernetes version for the control plane (default "v1.4.4")
kubectl convert #Convert config files between different API versions
#Both YAML and JSON formats are accepted.
#The command takes filename, directory, or URL as input, and convert it into format of version specified by --output-version flag.
#If target version is not specified or not supported, convert to latest version.
#The default output will be printed to stdout in YAML format.
#One can use -o option to change to output destination.
#--filename is required
kube-apiserver ...
--storage-versions STR,... #The per-group version to store resources in.
#Specified in the format "group1/version1,group2/version2,...".
#In the case where objects are moved from one group to the other, you may specify the format "group1=group2/v1beta1,group3/v1beta1,...".
#You only need to pass the groups you wish to change from the defaults.
#It defaults to a list of preferred versions of all registered groups, which is derived from the KUBE_API_VERSIONS environment variable.
#(default "apps/v1alpha1,authentication.k8s.io/v1beta1,authorization.k8s.io/v1beta1,autoscaling/v1,batch/v1,certificates.k8s.io/v1alpha1,
#componentconfig/v1alpha1,extensions/v1beta1,imagepolicy.k8s.io/v1alpha1,policy/v1alpha1,rbac.authorization.k8s.io/v1alpha1,storage.k8s.io/v1beta1,v1")
minikube start ... #
--kubernetes-version STR #Def: "v1.4.3"
/=+===============================+=\
/ : : \
)==: GENERATORS :==(
\ :_______________________________: /
\=+===============================+=/
kubectl create|expose|run|autoscale ... #
--generator "GENERATOR" #The name of the API generator to use:
# - create: configmap|deployment-basic|namespace|resourcequotas|secret-for-docker-registry|secret|secret-for-tls|service-cluster|service-loadbalancer|
# service-nodeport|serviceaccount/v1
# - expose: service/v1 (service port is "default") or service/v2 (service port is unnamed) (def)
# - run: default is according to --restart:
# - Always: 'deployment/v1beta1'
# - OnFailure: 'job/v1'
# - Never: 'run-pod/v1'
# - autoscale: 'horizontalpodautoscaler/v1' (only choice)
kubectl run ...
--service-generator STR #The name of the generator to use for creating a service.
#Only used if --expose is true
#Def: 'service/v2'
/=+===============================+=\
/ : : \
)==: KUBEADM :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/getting-started-guides/kubeadm/
http://kubernetes.io/docs/admin/kubeadm/
kubeadm #Easily bootstrap a secure Kubernetes cluster
kubeadm init #Run this in order to set up the Kubernetes master
--api-advertise-addresses IP #The IP addresses to advertise, in case autodetection fails
--api-port NUM #Port for API to bind to (default 6443)
--discovery-port NUM #Port for JWS discovery service to bind to (default 9898)
--pod-network-cidr CIDR #Specify range of IP addresses for the pod network; if set, the control plane will automatically allocate CIDRs for every node
--service-cidr CIDR #Use alternative range of IP address for service VIPs (default "10.96.0.0/12")
--token STR #Shared secret used to secure cluster bootstrap; if none is provided, one will be generated for you
--config FILE #Path to kubeadm config file
kubeadm join #Run this on any machine you wish to join an existing cluster
--config FILE
--api-port NUM
--discovery-port NUM
--token STR #See kubeadm init
kubeadm reset #Run this to revert any changes made to this host by 'kubeadm init' or 'kubeadm join'.
kubeadm init|join|reset
--skip-preflight-checks #Skip preflight checks normally run before modifying the system
/=+===============================+=\
/ : : \
)==: CLOUD PROVIDERS :==(
\ :_______________________________: /
\=+===============================+=/
kubelet|kubeadm init|kube-apiserver|
controller-manager ... #
--cloud-provider STR #The provider for cloud services.
#Enable cloud provider features (external load-balancers, storage, etc), e.g. "gce"
#By default, will attempt to auto-detect the cloud provider.
#Specify empty string for running with no cloud provider. [default=auto-detect] (default "auto-detect")
kubelet|kube-apiserver|controller-manager ...
--cloud-config FILE #The path to the cloud provider configuration file.
#Empty string for no configuration file.
kubelet|kube-proxy|apiserver|controller-manager|
scheduler ... #
--google-json-key STR #The Google Cloud Platform Service Account JSON Key to use for authentication.
kube-controller-manager ... #
--allocate-node-cidrs #Should CIDRs for Pods be allocated and set on the cloud provider.
--configure-cloud-routes #Should CIDRs allocated by allocate-node-cidrs be configured on the cloud provider. (default true)
--node-cidr-mask-size NUM #Mask size for node cidr in cluster. (default 24)
--enable-dynamic-provisioning #Enable dynamic provisioning for environments that support it. (default true)
--enable-hostpath-provisioner #Enable HostPath PV provisioning when running without a cloud provider.
#This allows testing and development of provisioning features.
#HostPath provisioning is not supported in any way, won't work in a multi-node cluster,
#and should not be used for anything other than testing or development.
/=+===============================+=\
/ : : \
)==: KUBE-APISERVER :==(
\ :_______________________________: /
\=+===============================+=/
kube-apiserver #The Kubernetes API server validates and configures data for the api objects which include pods, services, replicationcontrollers, and others.
#The API Server services REST operations and provides the frontend to the cluster’s shared state through which all other components interact.
/=+===============================+=\
/ : : \
)==: KUBE-SCHEDULER :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/admin/multiple-schedulers/
kube-scheduler #The Kubernetes scheduler is a policy-rich, topology-aware, workload-specific function that significantly impacts
#availability, performance, and capacity.
#The scheduler needs to take into account individual and collective resource requirements, quality of service requirements,
#hardware/software/policy constraints, affinity and anti-affinity specifications, data locality, inter-workload interference, deadlines, and so on.
#Workload-specific requirements will be exposed through the API as necessary.
--scheduler-name NAME #Name of the scheduler, used to select which pods will be processed by this scheduler,
#based on pod's annotation with key 'scheduler.alpha.kubernetes.io/name' (default "default-scheduler")
--policy-config-file PATH #File with scheduler policy configuration
--algorithm-provider STR #The scheduling algorithm provider to use, one of: DefaultProvider | ClusterAutoscalerProvider (default "DefaultProvider")
--failure-domains STR #Indicate the "all topologies" set for an empty topologyKey when it's used for PreferredDuringScheduling pod anti-affinity.
#(default "kubernetes.io/hostname,failure-domain.beta.kubernetes.io/zone,failure-domain.beta.kubernetes.io/region")
--hard-pod-affinity-symmetric-weight NUM #RequiredDuringScheduling affinity is not symmetric, but there is an implicit PreferredDuringScheduling affinity rule
#corresponding to every RequiredDuringScheduling affinity rule.
#--hard-pod-affinity-symmetric-weight represents the weight of implicit PreferredDuringScheduling affinity rule. (default 1)
/=+===============================+=\
/ : : \
)==: KUBE-CONTROLLER-MANAGER :==(
\ :_______________________________: /
\=+===============================+=/
kube-controller-manager #The Kubernetes controller manager is a daemon that embeds the core control loops shipped with Kubernetes.
#In applications of robotics and automation, a control loop is a non-terminating loop that regulates the state of the system.
#In Kubernetes, a controller is a control loop that watches the shared state of the cluster through the apiserver and makes changes
#attempting to move the current state towards the desired state.
#Examples of controllers that ship with Kubernetes today are the replication controller, endpoints controller, namespace controller,
#and serviceaccounts controller.
--controller-start-interval DUR #Interval between starting controller managers. (default 0s)
/=+===============================+=\
/ : : \
)==: ETCD :==(
\ :_______________________________: /
\=+===============================+=/
kube-apiserver ... #
--etcd-cafile PATH #SSL Certificate Authority file used to secure etcd communication.
--etcd-certfile PATH #SSL certification file used to secure etcd communication.
--etcd-keyfile PATH #SSL key file used to secure etcd communication.
--etcd-prefix STR #The prefix for all resource paths in etcd. (default "/registry")
--etcd-quorum-read #If true, enable quorum read.
--etcd-servers ORIGIN,... #List of etcd servers to connect with (http://ip:port), comma separated. (default [])
--etcd-servers-overrides ORIGIN,... #Per-resource etcd servers overrides, comma separated.
#The individual override format: group/resource#servers, where servers are http://ip:port, semicolon separated. (default [])
kube-apiserver ...
--storage-backend STR #The storage backend for persistence.
#Options: 'etcd2' (default), 'etcd3'.
--storage-media-type TYPE #The media type to use to store objects in storage.
#Some resources may only support a specific media type and will ignore this setting. (default "application/json")
/=+===============================+=\
/ : : \
)==: KUBELET :==(
\ :_______________________________: /
\=+===============================+=/
kubelet #Server
#The kubelet is the primary "node agent" that runs on each node.
#The kubelet works in terms of a PodSpec.
#A PodSpec is a YAML or JSON object that describes a pod.
#The kubelet takes a set of PodSpecs that are provided through various mechanisms (primarily through the apiserver)
#and ensures that the containers described in those PodSpecs are running and healthy.
#The kubelet doesn't manage containers which were not created by Kubernetes.
#Other than from an PodSpec from the apiserver, there are three ways that a container manifest can be provided to the Kubelet.
#File: Path passed as a flag on the command line. This file is rechecked every 20 seconds (configurable with a flag).
#HTTP endpoint: HTTP endpoint passed as a parameter on the command line. This endpoint is checked every 20 seconds (also configurable with a flag).
#HTTP server: The kubelet can also listen for HTTP and respond to a simple API (underspec'd currently) to submit a new manifest.
--runonce #If true, exit after spawning pods from local manifests or remote urls. Exclusive with --api-servers, and --enable-server
--enable-server #Enable the Kubelet's server (default true)
/=+===============================+=\
/ : : \
)==: KUBELET FILES :==(
\ :_______________________________: /
\=+===============================+=/
kubelet ...
--root-dir DIR #Directory path for managing kubelet files (volume mounts,etc). (default "/var/lib/kubelet")
--lock-file FILE #<Warning: Alpha feature> The path to file for kubelet to use as a lock file.
kubelet ...
--exit-on-lock-contention #Whether kubelet should exit upon lock-file contention.
kubelet ... #
--boot-id-file FILE #Comma-separated list of files to check for boot-id. Use the first one that exists. (default "/proc/sys/kernel/random/boot_id")
--machine-id-file FILE,... #Comma-separated list of files to check for machine-id. Use the first one that exists. (default "/etc/machine-id,/var/lib/dbus/machine-id")
/=+===============================+=\
/ : : \
)==: KUBECTL :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/prereqs/
BOOL in CLI: not specified???
kubectl ... #Client
kubectl create ...|edit|rolling-update|taint|
apply|replace|convert ... #
--schema-cache-dir '~/.kube/schema' #If non-empty, load/store cached API schemas in this directory, default is '$HOME/.kube/schema'
--validate BOOL #If true (def), use a schema to validate the input before sending it
kubectl create ...|expose|label|rolling-update|
autoscale|run ... #
--dry-run BOOL #If true (def: false), only print the object that would be sent, without sending it.
kubectl set image|patch|convert #
--local BOOL #If true (def), does not try to contact api-server but run locally.
kubectl completion bash|zsh #Output shell completion code for the given shell
#This command prints shell code which must be evaluation to provide interactive completion of kubectl commands.
/=+===============================+=\
/ : : \
)==: KUBECTL OUTPUT :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/kubectl-conventions/
http://kubernetes.io/docs/user-guide/docker-cli-to-kubectl/
http://kubernetes.io/docs/user-guide/kubectl-overview/
http://kubernetes.io/docs/user-guide/jsonpath/
http://kubernetes.io/docs/getting-started-guides/kubectl/
kubectl create|delete|scale|apply|replace ... #
-o
--output STR #Output mode. (resource/name).
--no-headers BOOL #When using the default or custom-column output format, don't print headers.
#Def: false
kubectl create|expose|run|convert|set image|get|
edit|autoscale|rolling-update|taint|patch|label|
annotate|config view|config get-contexts ... #
-o
--output STR #Output format.
#One of: json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...
#kubectl edit only supports yaml|json
--output-version STR #Output the formatted object with the given group version (for ex: 'extensions/v1beta1').
-a
--show-all BOOL #When printing, show all resources (default hide terminated pods.) Def: false
--show-labels BOOL #When printing, show all labels as the last column (default hide labels column). Def: false
--sort-by STR #If non-empty, sort list types using this field specification.
#The field specification is expressed as a JSONPath expression (e.g. '{.metadata.name}').
#The field in the API resource specified by this JSONPath expression must be an integer or a string
--template STR #Template string or path to template file to use when -o=go-template, -o=go-template-file.
#The template format is golang templates.
/=+===============================+=\
/ : : \
)==: KUBECONFIG :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/kubeconfig-file/
kubectl config ... #Modify kubeconfig files
#The loading order follows these rules:
# 1. If the --kubeconfig flag is set, then only that file is loaded. The flag may only be set once and no merging takes place.
# 2. If $KUBECONFIG environment variable is set, then it is used a list of paths (normal path delimitting rules for your system).
# These paths are merged.
# When a value is modified, it is modified in the file that defines the stanza.
# When a value is created, it is created in the first file that exists.
# If no files in the chain exist, then it creates the last file in the list.
# 3. Otherwise, ${HOME}/.kube/config is used and no merging takes place.
kubectl config set VARR VAL #Sets an individual value in a kubeconfig file
#VARR is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.
#VAL is the new value you wish to set.
#Binary fields such as 'certificate-authority-data' expect a base64 encoded string unless the --set-raw-bytes flag is used.
--set-raw-bytes BOOL #When writing a []byte PROPERTY_VALUE, write the given string directly without base64 decoding.
#Def: false
kubectl config unset VARR #Unsets an individual value in a kubeconfig file
#VARR is a dot delimited name where each token represents either an attribute name or a map key. Map keys may not contain dots.
kubectl config view #Display merged kubeconfig settings or a specified kubeconfig file
#You can use --output jsonpath={...} to extract specific values using a jsonpath expression.
--flatten BOOL #Flatten the resulting kubeconfig file into self-contained output (useful for creating portable kubeconfig files)
#Def: false
--merge BOOL #Merge the full hierarchy of kubeconfig files
#Def: true
--minify BOOL #Remove all information not used by current-context from the output
#Def: false
--raw BOOL #Display raw byte data
#Def: false
kubelet|kubectl|kube-proxy|controller-manager|
scheduler ... #
--kubeconfig FILE #Path to a kubeconfig file, specifying how to connect to the API server.
#--api-servers will be used for the location unless --require-kubeconfig is set. (default "/var/lib/kubelet/kubeconfig")
kubelet|kubectl
--require-kubeconfig #If true the Kubelet will exit if there are configuration errors,
#and will ignore the value of --api-servers in favor of the server defined in the kubeconfig file.
--experimental-bootstrap-kubeconfig FILE #<Warning: Experimental feature> Path to a kubeconfig file that will be used to get client certificate for kubelet.
#If the file specified by --kubeconfig does not exist, the bootstrap kubeconfig is used to request a client certificate from the API server.
#On success, a kubeconfig file referencing the generated key and obtained certificate is written to the path specified by --kubeconfig.
#The certificate and key file will be stored in the directory pointed by --cert-dir.
/=+===============================+=\
/ : : \
)==: CLUSTER :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/tutorials/kubernetes-basics/cluster-intro/
http://kubernetes.io/docs/getting-started-guides/
http://kubernetes.io/docs/getting-started-guides/aws/
https://github.com/kubernetes/kubernetes/blob/master/docs/design/aws_under_the_hood.md
http://kubernetes.io/docs/getting-started-guides/scratch/, and following topics
http://kubernetes.io/docs/getting-started-guides/docker-multinode/
http://kubernetes.io/docs/admin/cluster-large/
http://kubernetes.io/docs/admin/multiple-zones/
http://kubernetes.io/docs/admin/cluster-management/
http://kubernetes.io/docs/admin/etcd/
http://kubernetes.io/docs/admin/multi-cluster/
http://kubernetes.io/docs/user-guide/sharing-clusters/
METADATA.clusterName #CLUSTER
#This is used to distinguish resources with same name and namespace in different clusters.
#This field is not set anywhere right now and apiserver is going to ignore it if set in create or update request.
kubectl ...
kubectl config set-cluster CLUSTER_NAME ... #
--certificate-authority FILE #Path to a cert. file for the certificate authority
--insecure-skip-tls-verify BOOL #If true (def: false), the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
-s
--server HOST #The address and port of the Kubernetes API server
kubectl config set-cluster CLUSTER_NAME #Sets a cluster entry in kubeconfig
#Specifying a name that already exists will merge new fields on top of existing values for those fields.
--embed-certs BOOL #Embed client cert/key
#Def: false
kubectl config delete-cluster CLUSTER #Delete the specified cluster from the kubeconfig
kubectl config get-clusters #Display clusters defined in the kubeconfig
kubectl cluster[-]info #Display addresses of the master and services with label kubernetes.io/cluster-service=true
#To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
kubectl cluster[-]info dump #Dumps cluster info out suitable for debugging and diagnosing cluster problems.
#By default, dumps everything to stdout.
#You can optionally specify a directory with --output-directory.
#If you specify a directory, kubernetes will build a set of files in that directory.
#By default only dumps things in the 'kube-system' namespace, but you can switch to a different namespace with the --namespaces flag,
#or specify --all-namespaces to dump all namespaces.
#The command also dumps the logs of all of the pods in the cluster, these logs are dumped into different directories based on namespace and pod name.
--namespaces NAMESPACE,... #A comma separated list of namespaces to dump.
--output-directory DIR #Where to output the files. If empty or '-' uses stdout, otherwise creates a directory hierarchy in that directory
kube-controller-manager ... #
--cluster-name CLUSTER #The instance prefix for the cluster (default "kubernetes")
/=+===============================+=\
/ : : \
)==: CONTEXT :==(
\ :_______________________________: /
\=+===============================+=/
kubectl ...
kubectl config set-context ... #
--cluster CLUSTER #The name of the kubeconfig cluster to use
-n
--namespace NAMESPACE #If present, the namespace scope for this CLI request
--user USER #The name of the kubeconfig user to use
kubectl ... #
--context CONTEXT #The name of the kubeconfig context to use
kubectl config set-context #Sets a context entry in kubeconfig
#Specifying a name that already exists will merge new fields on top of existing values for those fields.
kubectl config current-context #Displays the current-context
kubectl config delete-context CONTEXT #Delete the specified context from the kubeconfig
kubectl config get-contexts [CONTEXT] #Describe one or many contexts form the kubeconfig file
kubectl config use-context CONTEXT #Sets the current-context in a kubeconfig file
/=+===============================+=\
/ : : \
)==: NAMESPACE :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/namespaces.md
http://kubernetes.io/docs/admin/namespaces/
http://kubernetes.io/docs/admin/namespaces/walkthrough/
https://github.com/kubernetes/kubernetes/blob/master/docs/design/namespaces.md
NAMESPACE #Sub-cluster
#The following entities are always at the cluster-level, i.e. do not use namespaces:
# - Namespace itself, Node, PersistentVolume, ThirdPartyResource, ComponentStatus
#Specified with each REST call, although optional for GET /RESOURCE (see above)
#Def: "default"
#Must be DNS label
METADATA.namespace #NAMESPACE
#Read-only
NAMESPACE.status.phase #STR. Current lifecycle phase of the namespace.
APIRESOURCE.namespaced #BOOL. Indicates if a resource is namespaced or not.
kubectl create namespace|ns NAMESPACE #Create a namespace with the specified name
kubectl get|cluster-info|top pode|describe
--all-namespaces BOOL #If present, list the requested object(s) across all namespaces.
#Namespace in current context is ignored even if specified with --namespace.
#Def: false
kubelet|kube-apiserver ...
--master-service-namespace STR #The namespace from which the kubernetes master services should be injected into pods (default "default")
minikube service [list]
-n
--namespace NAMESPACE #
/=+===============================+=\
/ : : \
)==: RESOURCES :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/whatisk8s/
http://kubernetes.io/docs/getting-started-guides/binary_release/
http://kubernetes.io/docs/user-guide/config-best-practices/
https://github.com/kubernetes/kubernetes/blob/master/docs/design/architecture.md
RESOURCES ==> #Only describes the ones in the following table:
# +-------------------------+-------------------------------------------------------------+-------------------------------+
# | REST NAME | REST ROUTE | RESC_TYPE (CLI) |
# +-------------------------+-------------------------------------------------------------+-------------------------------+
# | Cluster | None (whole API) | cluster |
# | APIResource | "" (top-level) | None |
# | Binding | /pods/NAME/binding | None (Pod subresource) |
# | ComponentStatus | /componentstatuses | componentstatus|cs |
# | ConfigMap | /configmaps | configmap|cm |
# | DaemonSet | /daemonsets | daemonset|ds |
# | Deployment | /deployments | deployment|deploy |
# | DeploymentRollback | /deployments/NAME/rollback | None (Deployment subresource) |
# | Endpoint | /endpoints | endpoint|ep |
# | Event | /events | event|ev |
# | Eviction | /pods/NAME/eviction | None (Pod subresource) |
# | HorizontalPodAutoscaler | /horizontalpodautoscalers | horizontalpodautoscaler|hpa |
# | Ingress | /ingresses | ingress|ing |
# | Job | /jobs | job |
# | LimitRange | /limitranges | limitrange|limits |
# | Namespace | /namespaces | namespace|ns |
# | NetworkPolicy | /networkpolicies | networkpolicy |
# | Node | /nodes | node|no |
# | PersistentVolume | /persistentvolumes | persistentvolume|pv |
# | PersistentVolumeClaim | /persistentvolumeclaims | persistentvolumeclaim|pvc |
# | Pod | /pods | pod|po |
# | PodTemplate | /podtemplates | podtemplate |
# | ReplicaSet | /replicasets | replicaset|rs |
# | ReplicationController | /replicationcontrollers | replicationcontroller|rc |
# | ResourceQuota | /resourcequotas | [resource]quota |
# | Scale | /deployments|replicasets|replicationcontrollers/NAME/scale | None (subresource) |
# | Secret | /secrets | secret |
# | Service | /services | service|svc |
# | ServiceAccount | /serviceaccounts | serviceaccount|sa |
# | ThirdPartyResource | /thirdpartyresources | thirdpartyresource |
# +-------------------------+-------------------------------------------------------------+-------------------------------+
CLI ==> #The following notations are for CLI
RESC... #Can be:
# - RESC_TYPE,... [RESC_NAME ...]:
# - if RESC_NAME not specified: all resource of that type
# - must also specify --all with kubectl set image|delete|taint|label|annotate
# - RESC_NAME is optional if --selector used
# - RESC_TYPE/RESC_NAME ...
#Optional if --filename used
RESC #Like RESC... but for a single resource, i.e. RESC_TYPE[/]RESC_NAME
#It seems kubctl edit needs /, and kubectl patch needs no / (verify???)
CLUSTER|POD|..._RESC[...] #Like RESC[...] but restrict to few possible RESC_TYPE
RESC_TYPE #Resource type (see below)
#Can use plural form (does not make any difference)
RESC_NAME
CLUSTER|POD|... #Resource name
API ==> #The following notations are for REST operations and --filename files
RESC.*
CLUSTER|POD|....* #Resource definition
RESC_LIST #List of resources
RESC_LIST.items #Array of RESC
RESC.spec|status #Many resources have those fields: "spec" is target state, "status" is current state
RESC[_LIST].kind
APIRESOURCE.kind #Resource type, e.g. 'Pod' or 'PodLists'. Required
kubectl get ... #
--show-kind BOOL #If present, list the resource type for the requested object(s). Def: false
kube-apiserver ... #
--runtime-config value #A set of key=value pairs that describe runtime configuration that may be passed to apiserver.
# - apis/<groupVersion> key can be used to turn on/off specific api versions.
# - apis/<groupVersion>/<resource> can be used to turn on/off specific resources.
# - api/all and api/legacy are special keys to control all and legacy api versions respectively.
/=+===============================+=\
/ : : \
)==: API RESOURCE :==(
\ :_______________________________: /
\=+===============================+=/
APIRESOURCE.name #STR
/=+===============================+=\
/ : : \
)==: REST API :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/api/
http://kubernetes.io/docs/devel/api-conventions.md
https://github.com/kubernetes/kubernetes/blob/master/docs/api.md
ROOT_URL #HOST/api/VERSION[/namespaces/NAMESPACE]/
#Implied for all endpoints below
NAMESPACE #Required. Exceptions:
# - optional with GET /ROOT/RESOURCE (not subresources)
# - some entities do not use namespaces (see namespace section)
RESOURCES #Plural lowercase resource name, e.g. "jobs"
#See resource list
RESOURCE #Either:
# - nothing (i.e. top-level): for APIResource
# - RESOURCES: for most resources
# - /PARENT/NAME/RESOURCES: for subresources, i.e.:
# - DeploymentRollback: under Deployment
# - Binding: optionally under Pod
# - Eviction: under Pod
# - Scale: under Deployment|ReplicaSet|ReplicationController
BODY TYPE ==> #Request|response body possible type:
# - application/json (def)
# - application/yaml
# - application/vnd.kubernetes.protobuf
kubelet|kube-proxy|controller-manager|scheduler #
--kube-api-content-type STR #Content type of requests sent to apiserver (def: "application/vnd.kubernetes.protobuf")
REST OPERATIONS ==> #Possible operations follow.
#Some resources cannot do all operations:
# - read-only:
# - APIResource: only GET /RESOURCE
# - ComponentStatus: only GET
# - update-only:
# - Binding|Eviction: only POST|PUT
# - DeploymentRollback: only POST
# - no creation|deletion:
# - Scale: no POST|DELETE
# - no mass delete:
# - Service: no DELETE /RESOURCE
GET|PUT|PATCH /RESOURCE/NAME/status #Like GET|PUT|PATCH /RESOURCE/NAME except:
# - targets RESOURCE.status, i.e. it must exist and be an OBJ
# - can only use QOBJ.pretty
QOBJ #Query variable with REST routes, for any call
QOBJ(...) #Query variable with REST routes, for specific calls
NON-REST ROUTES ==> #Do not use REST entities|operations
#Use different QOBJ
#List: /pods/NAME/attach, /pods/NAME/exec, /pods/NAME/portforward, /pods/NAME/log, */proxy*
NON-TOP-LEVEL REST RESOURCES ==> #The following do not have top-level REST routes, but are subresources of Pod: Container, Volume, SecurityContext
NON-TOP-LEVEL UTILITIES ==> #The following do not have top-level REST routes, but are utilities: selectors, object references, metadata
/=+===============================+=\
/ : : \
)==: MANIFEST FILE :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/working-with-resources/
kubectl create|expose|set image|get|edit|delete|
rollout ...|rolling-update|scale|autoscale|
describe|apply|patch|replace|convert|label|
annotate ... #
-f
--filename FILE|DIR|URL #Filename, directory, or URL to file to use to create the resource.
-R
--recursive BOOL #Process the directory used in -f, --filename recursively.
#Useful when you want to manage related manifests organized within the same directory.
#Def: false
kubelet ...
--manifest-url URL #URL for accessing the container manifest
--manifest-url-header STR #HTTP header to use when accessing the manifest URL, with the key separated from the value with a ':', as in 'key:value'
--pod-manifest-path FILE #Path to to the directory containing pod manifest files to run, or the path to a single pod manifest file.
/=+===============================+=\
/ : : \
)==: TIMEOUT :==(
\ :_______________________________: /
\=+===============================+=/
QOBJ(GET|DELETE /RESOURCE).timeoutSeconds #Call timeout
kubelet
--runtime-request-timeout DUR #Timeout of all runtime requests except long running request - pull, logs, exec and attach.
#When timeout exceeded, kubelet will cancel the request, throw out an error and retry later. Default: 2m0s (default 2m0s)
--streaming-connection-idle-timeout DUR #Maximum time a streaming connection can be idle before the connection is automatically closed.
#0 indicates no timeout. Example: '5m' (default 4h0m0s)
kubectl replace|delete|rolling-update|scale #
--timeout DUR #The length of time to wait before giving up, 0 means (rolling-update|scale) no wait or (replace|update) relative to object size.
#Def: 5m (rolling-update), 0 (otherwise).
kube-apiserver ... #
--min-request-timeout NUM #An optional field indicating the minimum number of seconds a handler must keep a request open before timing it out.
#Currently only honored by the watch request handler, which picks a randomized value above this number as the connection timeout, to spread out load.
#(default 1800)
/=+===============================+=\
/ : : \
)==: REST API READ :==(
\ :_______________________________: /
\=+===============================+=/
GET /RESOURCE #Response body: RESOURCE_LIST
GET /RESOURCE/NAME #Response body: RESOURCE
kubectl get RESC... #Display one or many resources
#This command will hide resources that have completed. For instance, pods that are in the Succeeded or Failed phases.
#You can see the full results for any resource by providing the '--show-all' flag.
#By specifying the output as 'template' and providing a Go template as the value of the --template flag,
#you can filter the attributes of the fetched resource(s).
--raw URI #Raw URI to request from the server. Uses the transport specified by the kubeconfig file.
kubectl describe RESC #Show details of a specific resource or group of resources
#This command joins many API calls together to form a detailed description of a given resource or group of resources.
#Will first check for an exact match on ERESOURCES.
#If no such resource exists, it will output details for every resource that has a name prefixed with NAME
kubectl explain RESC... #Documentation of resources
--recursive BOOL #Print the fields of fields (Currently only 1 level deep). Def: false
/=+===============================+=\
/ : : \
)==: REST API CREATE :==(
\ :_______________________________: /
\=+===============================+=/
POST /RESOURCE #Request body: RESOURCE. Response body: RESOURCE
kubectl create ... #Create a resource by filename or stdin
/=+===============================+=\
/ : : \
)==: REST API UPDATE :==(
\ :_______________________________: /
\=+===============================+=/
PUT /RESOURCE/NAME #Request body: RESOURCE. Response body: RESOURCE
kubectl apply #Apply a configuration to a resource by filename or stdin
#This resource will be created if it doesn't exist yet.
#To use 'apply', always create the resource initially with either 'apply' or 'create --save-config'.
#JSON and YAML formats are accepted.
#--filename is required
--overwrite BOOL #Automatically resolve conflicts between the modified and live configuration by using values from the modified configuration
#Def: true
kubectl replace|update #Replace a resource by filename or stdin
#JSON and YAML formats are accepted.
#If replacing an existing resource, the complete resource spec must be provided.
#This can be obtained by:
# kubectl get TYPE NAME -o yaml
#--filename is required
--force BOOL #Delete and re-create the specified resource. Def: false
kubectl edit RESC #Edit a resource on the server, from the default editor.
#The edit command allows you to directly edit any API resource you can retrieve via the command line tools.
#It will open the editor defined by your KUBE_EDITOR, or EDITOR environment variables, or fall back to 'vi' for Linux or 'notepad' for Windows.
#You can edit multiple objects, although changes are applied one at a time.
#The command accepts filenames as well as command line arguments, although the files you point to must be previously saved versions of resources.
#The files to edit will be output in the default API version, or a version specified by --output-version.
#The default format is YAML - if you would like to edit in JSON pass -o json.
#The flag --windows-line-endings can be used to force Windows line endings, otherwise the default for your operating system will be used.
#In the event an error occurs while updating, a temporary file will be created on disk that contains your unapplied changes.
#The most common error when updating a resource is another editor changing the resource on the server.
#When this occurs, you will have to apply your changes to the newer version of the resource,
#or update your temporary saved copy to include the latest resource version.
--windows-line-endings BOOL #Use Windows line-endings (default Unix line-endings). Def: false
kubectl expose|run ... #
--overrides JSON #An inline JSON override for the generated object.
#If this is non-empty, it is used to override the generated object. Requires that the object supply a valid apiVersion field.
kubectl run ...
--service-overrides 'JSON' #An inline JSON override for the generated service object.
#If this is non-empty, it is used to override the generated object.
#Requires that the object supply a valid apiVersion field.
#Only used if --expose is true.
PATCH /RESOURCE/NAME #Request body:
# - PATCH
# - possible types:
# - application/json-patch+json
# - application/merge-patch+json
# - application/strategic-merge-patch+json
#Response body: RESOURCE
kubectl patch RESC #Update field(s) of a resource using strategic merge patch
#JSON and YAML formats are accepted.
-p #The patch to be applied to the resource JSON file.
--patch STR #Required
--type STR #The type of patch being provided; one of: json, merge, strategic (def)
kubectl taint|label|annotate #
--overwrite BOOL #If true (def: false), allow to be overwritten, otherwise reject updates that overwrite existing ones.
kube-apiserver ... #
--repair-malformed-updates #If true, server will do its best to fix the update request to pass the validation, e.g., setting empty UID in update request to its existing value.
#This flag can be turned off after we fix all the clients that send malformed updates. (default true)
/=+===============================+=\
/ : : \
)==: REST API DELETE :==(
\ :_______________________________: /
\=+===============================+=/
DELETE /RESOURCE #Response body: STATUS
DELETE /RESOURCE/NAME #Request body: DELETEOPTS. Response body: STATUS
kubectl delete RESC... #Delete resources by filenames, stdin, resources and names, or by resources and label selector
#JSON and YAML formats are accepted.
#Only one type of the arguments may be specified: filenames, resources and names, or resources and label selector
#Note that the delete command does NOT do resource version checks, so if someone submits an update to a resource
#right when you submit a delete, their update will be lost along with the rest of the resource.
--ignore-not-found BOOL #Treat "resource not found" as a successful delete. Defaults to "true" when --all is specified., false otherwise
/=+===============================+=\
/ : : \
)==: STATUS :==(
\ :_______________________________: /
\=+===============================+=/
STATUS.status #Status of the operation, either "Success" or "Failure".
STATUS.message #STR. A human-readable description of the status of this operation.
STATUS.reason #STR. A machine-readable description of why this operation is in the "Failure" status.
#If this value is empty there is no information available.
#A Reason clarifies an HTTP status code but does not override it.
STATUS.code #HTTP_STATUS_NUM, or 0 if not set
STATUS.details #STATUSDETAILS. Extended data associated with the reason.
#Each reason may define its own extended details.
#This field is optional and the data returned is not guaranteed to conform to any schema except that defined by the reason type.
STATUSDETAILS.name|group|kind #STR
STATUSDETAILS.retryAfterSeconds #NUM. Time in seconds before the operation should be retried.
STATUSDETAILS.causes #STATUSCAUSE_ARR. Details associated with the failure.
STATUSCAUSE.reason #STR. A machine-readable description of the cause of the error.
STATUSCAUSE.message #STR. A human-readable description of the cause of the error.
STATUSCAUSE.field #The field of the resource that has caused this error, as named by its JSON serialization.
#May include dot and postfix notation for nested attributes.
#Arrays are zero-indexed.
#Fields may appear more than once in an array of causes due to fields having multiple errors.
#Examples: "name" - the field "name" on the current resource "items[0].name" - the field "name" on the first array entry in "items" false string
/=+===============================+=\
/ : : \
)==: IDENTIFIERS :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/identifiers.md
https://github.com/kubernetes/kubernetes/blob/master/docs/design/identifiers.md
METADATA.uid UID #RESOURCE_ID.
#Read-only, set by server.
METADATA.name #RESOURCE_NAME
#Read-only
METADATA.generateName #STR. GenerateName is an optional prefix, used by the server, to generate a unique name ONLY IF the Name field has not been provided.
#If this field is used, the name returned to the client will be different than the name passed.
#This value will also be combined with a unique suffix.
#The provided value has the same validation rules as the Name field,
#and may be truncated by the suffix lenfth required to make the value unique on the server.
#If this field is specified and the generated name exists, the server will NOT return a 409 -
#instead, it will either return 201 Created or 500 with Reason ServerTimeout indicating a unique name could not be found in the time allotted,
#and the client should retry (optionally after the time indicated in the Retry-After header).
#Applied only if Name is not specified.
[LIST_]METADATA.selfLink #REST URI. Read only
/=+===============================+=\
/ : : \
)==: METADATA :==(
\ :_______________________________: /
\=+===============================+=/
RESC[_LIST].metadata #[LIST_]METADATA
METADATA.creationTimestamp #DATE.
#Read-only, set by server.
/=+===============================+=\
/ : : \
)==: ANNOTATIONS :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/annotations/
METADATA.annotations #OBJ. Annotations is an unstructured key value map stored with a resource that may be set by external tools to store and retrieve arbitrary metadata.
#They are not queryable and should be preserved when modifying objects.
kubectl annotate RESC... VAR=VAL... #Update the annotations on one or more resources.
#An annotation is a key/value pair that can hold larger (compared to a label), and possibly not human-readable, data.
#It is intended to store non-identifying auxiliary data, especially data manipulated by tools and system extensions.
kubectl create|expose|run|set image|edit|scale|
autoscale|apply|patch|replace|label|annotate ... #
--record BOOL #Record current kubectl command in the resource annotation.
#If set to false (def), do not record the command.
#If set to true, record the command.
#If not set, default to updating the existing annotation value only if one already exists.
kubectl create ...|expose|run|edit|autoscale|
replace ... #
--save-config BOOL #If true, the configuration of current object will be saved in its annotation.
#This is useful when you want to perform kubectl apply on this object in the future.
#Def: false
/=+===============================+=\
/ : : \
)==: LABELS :==(
\ :_______________________________: /
\=+===============================+=/
http://kubernetes.io/docs/user-guide/labels.md
https://github.com/kubernetes/kubernetes/blob/master/docs/api-reference/labels-annotations-taints.md
METADATA.labels #OBJ. Map of string keys and values that can be used to organize and categorize (scope and select) objects.
#May match selectors of replication controllers and services.
#A label must begin with a letter or number, and may contain letters, numbers, hyphens, dots, and underscores, up to 63 characters.
kubectl label RESC... VAR=VAL ... #Update the labels on a resource
kubectl expose|run ... #
-l
--labels STR #Labels to apply
kubelet ...
--node-labels VAR=VAL,... #<Warning: alpha feature> Labels to add when registering the node in the cluster. Labels must be key=value pairs separated by ','.
LABELSELECTOR.matchLabels #{KEY: ARR, ...}, same as matchExpressions [{key: KEY, operator: "In", values: ARR}, ...]
LABELSELECTOR.matchExpressions #LABELSELECTORREQUIREMENT_ARR. The requirements are ANDed.
LABELSELECTORREQUIREMENT.key #STR. Label key that the selector applies to.
LABELSELECTORREQUIREMENT.operator #STR. Key's relationship to a set of values, among: "[Not]In" or "Exists|DoesNotExist"
LABELSELECTORREQUIREMENT.values #STR_ARR. Must be non-empty with "[Not]In", empty with "Exists|DoesNotExist"
#This array is replaced during a strategic merge patch.