CKA 高频命令速查表¶

使用方式¶

这页不是拿来系统学习原理的，而是给你在训练和考前冲刺时反复翻看的。

建议使用方式：

平时练题时，把这里当“命令肌肉记忆清单”
模拟考前 2 到 3 天，反复默写高频命令
真正考试时，脑子里优先调用这里的模板，而不是现场重新想

基础设置¶

alias k=kubectl
complete -o default -F __start_kubectl k
export do='--dry-run=client -o yaml'

Context 与 Namespace¶

k config get-contexts
k config current-context
k config use-context <context-name>

k config set-context --current --namespace=<ns>
k get pods
k get pods -n <ns>

查看类高频命令¶

k get nodes
k get pods -A
k get all -A
k get svc,endpoints,endpointslices -A
k get deploy,ds,sts,job,cronjob -A
k get pvc,pv
k get ingress -A
k get networkpolicy -A
k get sa,role,rolebinding -A
k get clusterrole,clusterrolebinding
k get events -A --sort-by=.lastTimestamp

describe / logs / top¶

k describe pod <pod> -n <ns>
k describe node <node>
k describe svc <svc> -n <ns>
k describe pvc <pvc> -n <ns>

k logs <pod> -n <ns>
k logs <pod> -n <ns> --previous
k logs <pod> -n <ns> -c <container>

k top nodes
k top pods -A

explain 与资源发现¶

k explain pod
k explain deployment.spec.template.spec
k explain networkpolicy.spec
k explain pvc.spec

k api-resources
k api-versions

快速生成 YAML¶

Pod¶

k run nginx --image=nginx --restart=Never $do
k run tmp --image=busybox:1.36 --restart=Never $do -- sh

Deployment¶

k create deployment web --image=nginx $do

Service¶

k expose deployment web --port=80 --target-port=80 --name=web-svc $do

Job¶

k create job test-job --image=busybox:1.36 -- date $do

CronJob¶

k create cronjob test-cron --image=busybox:1.36 --schedule="*/5 * * * *" -- date $do

ConfigMap / Secret¶

k create configmap app-config --from-literal=env=prod $do
k create secret generic app-secret --from-literal=password=123456 $do

Workloads 常用操作¶

Deployment¶

k create deployment web --image=nginx
k scale deployment web --replicas=3
k set image deployment/web nginx=nginx:1.26
k rollout status deployment/web
k rollout history deployment/web
k rollout undo deployment/web

DaemonSet / StatefulSet¶

考试里更多是修改现有 YAML 或已有资源，重点是：

能识别对象类型
能改镜像、副本、标签、挂载、调度策略
改完知道怎么验证

Service 与 Networking¶

暴露服务¶

k expose deployment web --port=80 --target-port=80 --name=web-svc

查看后端是否挂上¶

k get svc,endpoints,endpointslices -n <ns>

临时 Pod 测试 DNS / Service¶

k run tmp --image=busybox:1.36 -it --rm --restart=Never -- sh
nslookup kubernetes.default
wget -qO- http://web-svc

NetworkPolicy 排查重点¶

k get networkpolicy -A
k describe networkpolicy <name> -n <ns>

RBAC 高频命令¶

ServiceAccount¶

k create serviceaccount app-sa -n dev

Role¶

k create role pod-reader --verb=get,list,watch --resource=pods -n dev

RoleBinding¶

k create rolebinding read-pods \
  --role=pod-reader \
  --serviceaccount=dev:app-sa \
  -n dev

权限验证¶

k auth can-i get pods --as=system:serviceaccount:dev:app-sa -n dev
k auth can-i list deployments --as=system:serviceaccount:dev:app-sa -n dev

Storage 高频命令¶

k get pv
k get pvc -A
k describe pvc <pvc> -n <ns>
k get storageclass

Node 维护¶

k cordon <node>
k drain <node> --ignore-daemonsets --delete-emptydir-data --force
k uncordon <node>

kubeadm 高频命令¶

kubeadm token create --print-join-command
kubeadm upgrade plan
kubeadm upgrade apply <version>

故障排查速查顺序¶

Pod Pending¶

k describe pod <pod> -n <ns>

重点看：

FailedScheduling
资源不足
taint / toleration
affinity
PVC

CrashLoopBackOff¶

k logs <pod> -n <ns>
k logs <pod> -n <ns> --previous
k describe pod <pod> -n <ns>

Node NotReady¶

k get nodes
k describe node <node>

Service 不通¶

k get svc,endpoints -n <ns>
k get pod -o wide -n <ns>

考场验证模板¶

Deployment 类题目¶

k get deploy,pod -n <ns>
k rollout status deployment/<name> -n <ns>

Service 类题目¶

k get svc,endpoints -n <ns>

RBAC 类题目¶

k auth can-i <verb> <resource> --as=system:serviceaccount:<ns>:<sa> -n <ns>

Storage 类题目¶

k get pvc,pv

最后要背熟的 15 条¶

k config use-context
k config set-context --current --namespace=...
k get events -A --sort-by=.lastTimestamp
k describe pod
k logs --previous
k create deployment ... --dry-run=client -o yaml
k expose deployment ... --dry-run=client -o yaml
k create job ... --dry-run=client -o yaml
k create cronjob ... --dry-run=client -o yaml
k create serviceaccount
k create role
k create rolebinding
k auth can-i
k cordon / drain / uncordon
k get svc,endpoints