for table in filter nat mangle raw security; do
  sudo iptables -t $table -F
  sudo iptables -t $table -X
done
sudo iptables -P INPUT ACCEPT
sudo iptables -P FORWARD ACCEPT
sudo iptables -P OUTPUT ACCEPT

#!/bin/bash

# 检查参数
if [ $# -ne 1 ]; then
    echo "用法: sh $0 <namespace>"
    exit 1
fi

NS="$1"

# 判断命名空间是否存在
if ! kubectl get namespace "$NS" >/dev/null 2>&1; then
    echo "命名空间 $NS 不存在"
    exit 2
fi

echo "命名空间 $NS 存在，遍历所有Pod引用的镜像："

# 遍历所有Pod，输出镜像（去重）
kubectl get pods -n "$NS" -o jsonpath="{..image}" | tr ' ' '\n' | sort | uniq

#!/bin/bash

if [ $# -ne 1 ]; then
    echo "用法: sh $0 <namespace>"
    exit 1
fi

NS="$1"

# 判断命名空间是否存在
if ! kubectl get namespace "$NS" >/dev/null 2>&1; then
    echo "命名空间 $NS 不存在"
    exit 2
fi

echo "命名空间 $NS 存在，遍历所有Pod及其镜像："

# 遍历所有Pod，输出pod名+镜像名（需安装jq）
kubectl get pods -n "$NS" -o json | jq -r '
  .items[] | 
  .metadata.name as $pod |
  (
    .spec.initContainers[]? | "\($pod)\tinitContainer\t\(.image)"
  ),
  (
    .spec.containers[]? | "\($pod)\tcontainer\t\(.image)"
  ),
  (
    .spec.ephemeralContainers[]? | "\($pod)\tephemeralContainer\t\(.image)"
  )
'

#!/bin/bash
usage() {
 echo "用法: $0 <lvName>"
 exit -1
}

lvName=$1
if [ -z "$lvName" ]; then
    usage
fi

lvPath="/dev/docker/$lvName"
if [ ! -e "$lvPath" ]; then
    echo "逻辑卷 $lvPath 不存在"
    exit 2
fi

lvID=$(lvdisplay "$lvPath" | grep "Block device" | awk '{print $(NF)}')
if [ -z "$lvID" ]; then
    echo "获取设备号失败"
    exit 3
fi

lvMinor=${lvID##*:}
lvMajor=${lvID%%:*}

devMapper="/dev/mapper/docker-${lvName//-/--}"

echo "lv=$lvPath major=$lvMajor minor=$lvMinor"
echo "devMapper=$devMapper"

sudo mknod "$devMapper" b $lvMajor $lvMinor
sudo ln -sf "$devMapper" "$lvPath"