1. kubectl管理命令概要
官网链接 https://kubernetes.io/zh/docs/reference/kubectl/overview/#%e8%af%ad%e6%b3%95
概述:kubectl是一个命令行接口,用于对kubernetes集群运行命令。
官网链接 https://kubernetes.io/zh/docs/reference/kubectl/overview/#%e8%af%ad%e6%b3%95
概述:kubectl是一个命令行接口,用于对kubernetes集群运行命令。
kubect命令行
语法结构 kubetctl [command] [type] [name] [flages]
- commasnd 指对一个或者多个资源的操作,例如:create、get、name、describe、delete
- type 指定资源类型(不区分大小写)
- name 指定资源名称(区分大小写)
- 获取所有资源
kubectl get pods - 获取指定资源
kunectl get pod example-pod1 example-pod2 #结构 tpye1 name1 name2 - 用一个或多个文件
kubectl get pod -f ./pod.yaml#结构 -f file1 -f file2
- 获取所有资源
- flags 指定可选参数。
kubectl格式化输出
语法结构 kubetctl [command] [type] [name] -o=<output_format>
- -o json 输出json格式api对象
- -o name 仅输出资源名称,不显示其他信息
- -o wide 以纯文本格式输出,包含任何附加信息,对于pod包含节点名称
- -o yaml 输出以yaml格式的api对象
示例:kubectl get pod -o wide 输出pod详细信息
kubectl根据命名空间过滤
语法结构 kubetctl [command] [type] [name] -o=<output_format> -n namespace
示例:kubectl get pod -o wide -n kube-system
命令
-
基础命令
- create 通过文件名或标准输入创建资源
- expose 将一个新的资源公开为新的service
- run 在集群中运行一个特定的镜像(创建一个容器)
- set 在对象上设置特定的功能
- get 显示一个或多个资源
- exit 使用默认的编辑器编辑资源
- delete 通过文件名、标准输入、资源名称、或标签选择器来删除资源
-
部署命令
- rollout 管理资源的发布
- rolling-update 对给定的复制控制器滚动更新
- scale 扩容或缩容pod数量,Deployment、ReplicaSet、RC、或Job
- autoscale 创建一个自动选择扩容并设置pod数量
-
集群管理命令
- certficate 修改证书资源
- cluster-info 显示集群信息
- top 显示资源(cpu/memory/storage)使用。需要部署Heapster运行
- cordon 标记节点可以调度
- uncordon 标记节点不可调度 (节点维护情况下使用)
- drain 驱逐节点上的应用,准备下线(比如机器故障、更换等停机)
- taint 修改节点taint标记
-
故障诊断和调试命令
- describe 显示特性资源或资源组详细信息
- log 在一个pod中打印一个容器日志,如果pod只有一个容器日志,容器名称是可选的
- attach 附加到一个运行的容器
- exec 执行命令到容器
- port-forward 转发一个或多个本地端口到pod
- porxy 运行一个porxy到kubernetes api server
- cp 拷贝文件或目录到容器中
- auth 检查授权
-
高级命令
- apply 通过文件名或标准输入对资源应用配置
- patch 通过补丁修改、更新资源字段
- replace 通过文件名或标准输入替换一个资源
- covert 不同api版本之间转换配置文件
-
设置命令
- lable 更新资源上的标签
- annotate 更新资源上的注释
- completion 用于实现kubectl工具自动补全
-
其他命令
- api-versions 打印受支持的api版本
- config 修改kubernetes文件(用于访问api,比如配置认证信息等)
- help 所有帮助命令
- plugin 运行一个命令行插件
- version 打印客户端和服务版本信息
2. kubectl管理应用程序生命周期
- 创建
# 在集群中运行nginx1.14
[root@master1 ~]# kubectl run nginx --replicas=3 --image=nginx:1.14 --port=80 ---replicas=3指运行3个pod
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
deployment.apps/nginx created
[root@master1 ~]# kubectl get pods ---可以看到3个nginx副本创建成功(有时可能要等好久)
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 9 6d
nginx-59d795d786-5lgdb 1/1 Running 0 5h5m
nginx-59d795d786-c7xlc 1/1 Running 0 8h
nginx-59d795d786-cqdn7 1/1 Running 0 5h5m
web-d86c95cc9-kt8m2 1/1 Running 0 6d5h
[root@master1 ~]# kubectl get deploy,pods ---显示deployment,pods
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx 3/3 3 3 8h
deployment.apps/web 1/1 1 1 6d5h
NAME READY STATUS RESTARTS AGE
pod/busybox 1/1 Running 10 6d
pod/nginx-59d795d786-5lgdb 1/1 Running 0 5h21m
pod/nginx-59d795d786-c7xlc 1/1 Running 0 8h
pod/nginx-59d795d786-cqdn7 1/1 Running 0 5h21m
pod/web-d86c95cc9-kt8m2 1/1 Running 0 6d5h
- 发布
# 创建service
[root@master1 ~]# kubectl expose deployment nginx --type=NodePort --port=80 --target-port=80 --name=nginx-service
---port service的端口,用于集群内部之间访问的端口,target-port 容器的端口,type=NodePort 随机生成一个端口,用于集群外部访问
service/nginx-service exposed
# 查看service
[root@master1 ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 21h
nginx-service NodePort 10.0.0.252 <none> 80:31838/TCP 15s ---刚创建的service
web NodePort 10.0.0.29 <none> 80:32041/TCP 109m
web01 NodePort 10.0.0.38 <none> 80:30081/TCP 80m
任意node节点都访问成功。
访问成功
访问成功
---查看相关日志
[root@k8s-master1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 58m
nginx-59d795d786-dkpnq 1/1 Running 0 34m
nginx-59d795d786-qll5h 1/1 Running 0 34m
nginx-59d795d786-zhvb8 1/1 Running 0 34m
web-d86c95cc9-xb5nw 1/1 Running 0 114m
web01-69b48974d6-lm7fg 1/1 Running 0 84m
[root@k8s-master1 ~]# kubectl logs nginx-59d795d786-dkpnq
10.244.1.1 - - [26/Jul/2020:15:07:12 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" "-"
10.244.1.1 - - [26/Jul/2020:15:07:12 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" "-"
2020/07/26 15:07:12 [error] 6#6: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.244.1.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.9.65:31838"
10.244.0.0 - - [26/Jul/2020:15:07:48 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/64.0.3282.140 Safari/537.36 Edge/18.17763" "-"
10.244.1.1 - - [26/Jul/2020:15:09:13 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" "-"
2020/07/26 15:09:13 [error] 6#6: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 10.244.1.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.9.65:31838"
10.244.1.1 - - [26/Jul/2020:15:09:13 +0000] "GET /favicon.ico HTTP/1.1" 404 169 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Firefox/78.0" "-"
- 更新
[root@k8s-master1 ~]# kubectl set image deployment/nginx nginx=nginx:1.15 ---更新到nginx1.15
deployment.apps/nginx image updated
[root@k8s-master1 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 0 60m
nginx-59d795d786-dkpnq 1/1 Running 0 36m
nginx-59d795d786-qll5h 1/1 Running 0 36m
nginx-59d795d786-zhvb8 1/1 Running 0 36m
nginx-dc5dc5865-jjw9j 0/1 ContainerCreating 0 4s
web-d86c95cc9-xb5nw 1/1 Running 0 117m
web01-69b48974d6-lm7fg 1/1 Running 0 87m
[root@k8s-master1 ~]# kubectl get pods ---可以看到,不是一下子把所有容器都删掉,而是一个一个地更新,这样可以保证业务不中断的情况下更新
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 1 84m
nginx-59d795d786-dkpnq 1/1 Running 0 60m
nginx-59d795d786-qll5h 0/1 Terminating 0 60m
nginx-59d795d786-zhvb8 1/1 Running 0 60m
nginx-dc5dc5865-jjw9j 1/1 Running 0 23m
nginx-dc5dc5865-vvh2q 0/1 ContainerCreating 0 6s
web-d86c95cc9-xb5nw 1/1 Running 0 140m
web01-69b48974d6-lm7fg 1/1 Running 0 111m
[root@k8s-master1 ~]# kubectl get pods ---更新完成
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 3 3h17m
nginx-dc5dc5865-jjw9j 1/1 Running 0 136m
nginx-dc5dc5865-vvh2q 1/1 Running 0 113m
nginx-dc5dc5865-zbklt 1/1 Running 0 28m
web-d86c95cc9-xb5nw 1/1 Running 0 4h13m
web01-69b48974d6-lm7fg 1/1 Running 0 3h44m
[root@k8s-master1 ~]# kubectl describe pod nginx-dc5dc5865-jjw9j | grep Image
Image: nginx:1.15
Image ID: docker-pullable://nginx@sha256:23b4dcdf0d34d4a129755fc6f52e1c6e23bb34ea011b315d87e193033bcd1b68
- 回滚
[root@k8s-master1 ~]# kubectl rollout history deployment/nginx ---查看发布过的版本
deployment.apps/nginx
REVISION CHANGE-CAUSE
1 <none> ---1.14
2 <none> ---1.15
[root@k8s-master1 ~]# kubectl rollout undo deployment/nginx ---回滚到上一个版本
deployment.apps/nginx rolled back
- 删除
[root@k8s-master1 ~]# kubectl delete deployment/nginx
deployment.apps "nginx" deleted
[root@k8s-master1 ~]# kubectl delete svc/nginx-service
service "nginx-service" deleted
[root@k8s-master1 ~]# kubectl get pods ---发现没了,删除成功
NAME READY STATUS RESTARTS AGE
busybox 1/1 Running 19 19h
web-d86c95cc9-xb5nw 1/1 Running 0 20h
web01-69b48974d6-lm7fg 1/1 Running 0 19h
3. kubectl工具远程连接集群
在node节点上执行kubectl
[root@k8s-master1 k8s]# scp /usr/local/bin/kubectl 192.168.9.65:/usr/bin/ ---把命令拷贝一份过去
root@192.168.9.65's password:
kubectl
[root@k8s-node1 ~]# kubectl get node ---报错,因为没有apiserver
The connection to the server localhost:8080 was refused - did you specify the right host or port?
# 生成管理员证书admin-key.pem和admin.pem
[root@k8s-master1 ~]# cd TLS/k8s
[root@k8s-master1 k8s]# vim admin-csr.json
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"L": "BeiJing",
"ST": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
[root@k8s-master1 k8s]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin
2020/07/27 17:42:08 [INFO] generate received request
2020/07/27 17:42:08 [INFO] received CSR
2020/07/27 17:42:08 [INFO] generating key: rsa-2048
2020/07/27 17:42:08 [INFO] encoded CSR
2020/07/27 17:42:08 [INFO] signed certificate with serial number 370243385112739732888072353273824480375932047526
2020/07/27 17:42:08 [WARNING] This certificate lacks a "hosts" field. This makes it unsuitable for
websites. For more information see the Baseline Requirements for the Issuance and Management
of Publicly-Trusted Certificates, v.1.1.6, from the CA/Browser Forum (https://cabforum.org);
specifically, section 10.2.3 ("Information Requirements").
[root@k8s-master1 k8s]# cat kubectl远程连接k8s.sh ---上传脚本
# 设置集群参数
kubectl config set-cluster kubernetes \
--server=https://192.168.9.63:6443 \ ---master1的IP地址(如果用VIP就设置成VIP地址)
--certificate-authority=ca.pem \
--embed-certs=true \
--kubeconfig=config
# 设置客户端认证参数
kubectl config set-credentials cluster-admin \
--certificate-authority=ca.pem \
--embed-certs=true \
--client-key=admin-key.pem \
--client-certificate=admin.pem \
--kubeconfig=config
# 设置上下文参数
kubectl config set-context default \
--cluster=kubernetes \
--user=cluster-admin \
--kubeconfig=config
# 设置默认上下文
kubectl config use-context default --kubeconfig=config
[root@k8s-master1 k8s]# bash kubectl远程连接k8s.sh ---执行脚本
Cluster "kubernetes" set.
User "cluster-admin" set.
Context "default" created.
Switched to context "default".
[root@k8s-master1 k8s]# ls ---生成的config文件就是所需的文件
admin.csr admin-key.pem ca-config.json ca-csr.json ca.pem generate_k8s_cert.sh kube-proxy.csr kube-proxy-key.pem server.csr server-key.pem
admin-csr.json admin.pem ca.csr ca-key.pem config kubectl远程连接k8s.sh kube-proxy-csr.json kube-proxy.pem server-csr.json server.pem
[root@k8s-master1 k8s]# scp config 192.168.9.65:/root/ ---把config拷贝到node1节点上
root@192.168.9.65's password:
config
[root@k8s-node1 ~]# kubectl --kubeconfig=./config get node ---在node1节点上执行成功
NAME STATUS ROLES AGE VERSION
k8s-node1 Ready <none> 22h v1.16.0
k8s-node2 Ready <none> 22h v1.16.0
[root@k8s-node1 ~]# mv config .kube/ ---把config文件移动到.kube目录下就可以直接使用kubectl命令了
[root@k8s-node1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
k8s-node1 Ready <none> 22h v1.16.0
k8s-node2 Ready <none> 22h v1.16.0
