问题
When listing all the API resources in K8s you get:
$ kubectl api-resources -owide
NAME SHORTNAMES APIGROUP NAMESPACED KIND VERBS
bindings true Binding [create]
componentstatuses cs false ComponentStatus [get list]
configmaps cm true ConfigMap [create delete deletecollection get list patch update watch]
endpoints ep true Endpoints [create delete deletecollection get list patch update watch]
events ev true Event [create delete deletecollection get list patch update watch]
limitranges limits true LimitRange [create delete deletecollection get list patch update watch]
namespaces ns false Namespace [create delete get list patch update watch]
nodes no false Node [create delete deletecollection get list patch update watch]
persistentvolumeclaims pvc true PersistentVolumeClaim [create delete deletecollection get list patch update watch]
persistentvolumes pv false PersistentVolume [create delete deletecollection get list patch update watch]
pods po true Pod [create delete deletecollection get list patch update watch]
podtemplates true PodTemplate [create delete deletecollection get list patch update watch]
replicationcontrollers rc true ReplicationController [create delete deletecollection get list patch update watch]
resourcequotas quota true ResourceQuota [create delete deletecollection get list patch update watch]
secrets true Secret [create delete deletecollection get list patch update watch]
serviceaccounts sa true ServiceAccount [create delete deletecollection get list patch update watch]
services svc true Service [create delete get list patch update watch]
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration [create delete deletecollection get list patch update watch]
... etc ...
Many list the verb deletecollection
which sounds useful, but I can't run it e.g.
$ kubectl deletecollection
Error: unknown command "deletecollection" for "kubectl"
Run 'kubectl --help' for usage.
unknown command "deletecollection" for "kubectl"
Nor can I find it in the docs except where it appears in the api-resources output above or mentioned as a verb.
Is there a way to deletecollection?
It sounds like it would be better than the sequence of grep/awk/xargs that I normally end up doing if it does do what I think it should do. i.e. delete all the pods of a certain type.
回答1:
The delete
verb refers to deleting a single resource, for example a single Pod. The deletecollection
verb refers to deleting multiple resources at the same time, for example multiple Pods using a label or field selector or all Pods in a namespace.
To give some examples from the API documentation:
- To delete a single Pod:
DELETE /api/v1/namespaces/{namespace}/pods/{name}
- To delete multiple Pods (or,
deletecollection
):- All pods in a namespace
DELETE /api/v1/namespaces/{namespace}/pods
- All pods in a namespace matching a given label selector:
DELETE /api/v1/namespaces/{namespace}/pods?labelSelector=someLabel%3dsomeValue
- All pods in a namespace
Regarding kubectl: You cannot invoke deletecollection
explicitly with kubectl
.
Instead, kubectl
will infer on its own whether to use delete
or deletecollection
depending on how you invoke kubectl delete
. When deleting a single source (kubectl delete pod $POD_NAME
), kubectl will use a delete
call and when using a label selector or simply deleting all Pods (kubectl delete pods -l $LABEL=$VALUE
or kubectl delete pods --all
), it will use the deletecollection
verb.
回答2:
DeleteCollection it's not a kubectl command parameter.
When RBAC is active, it use verbs to define what type of access you have over a class of kubernetes objects.
DeleteCollection is a verb used in a RBAC Role definition to authorize or not a deletion of objects of the same kind like pods or deployments or services.
Example of a yaml Role definition using verbs .
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
namespace: default
name: pod-admin
rules:
- apiGroups: [""] # "" indicates the core API group
resources: ["pods"]
verbs: ["get", "watch", "list","delete", "deletecollection"]
来源:https://stackoverflow.com/questions/57116578/in-kubernetes-what-is-deletecollection