概念点
kubectl
就是apiserver
的客户端工具,通过连接到apiserver
对集群资源进行增删改查等基本操作- 资源对象:
pod service replicaset deployment job node
… …
- 资源对象:
- 在众多的
kubectl
命令中,关于创建pod
时的调度命令taint
为污点功能,可以利用这个功能给节点增加污点,增加匹配难度使得该节点不易被消耗资源。master
节点上就有众多的污点,使之只运行重要的核心组件而不会被抢占资源,使用describe
命令可以查看到详尽的节点信息
kubernetes使用
增加
-
创建应用程序,通过
run
命令创建一个deployment
或job
控制器来管理创建一个pod
-
语法与示例
# run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [--command] -- [COMMAND] [args...]
-
创建一个
nginx
实例[root@master-0 ~]# kubectl run nginx --image=nginx:1.14-alpine
-
启动
nginx
实例,暴露容器端口 80[root@master-0 ~]# kubectl run nginx --image=nginx:1.14-alpine --port=80
-
启动
nginx
实例,设置副本数5[root@master-0 ~]# kubectl run nginx --image=nginx:1.14-alpine --replicas=5
-
运行
Dry
打印相应的API
对象而不创建它们(干跑模式)[root@master-0 ~]# kubectl run nginx --image=nginx:1.14-alpine --dry-run
-
-
查看
-
查看对象
kubectl get
获取列出一个或多个资源的信息,可以使用的资源包括对象 备注 all certificatesigningrequests aka ‘csr’ clusterrolebindings clusterroles clusters valid only for federation apiservers componentstatuses aka ‘cs’ configmaps aka ‘cm’ controllerrevisions cronjobs daemonsets aka ‘ds’ deployments aka ‘deploy’ endpoints aka ‘ep’ events aka ‘ev’ horizontalpodautoscalers aka ‘hpa’ ingresses aka ‘ing’ jobs limitranges aka ‘limits’ namespaces aka ‘ns’ networkpolicies aka ‘netpol’ nodes aka ‘no’ persistentvolumeclaims aka ‘pvc’ persistentvolumes aka ‘pv’ poddisruptionbudgets aka ‘pdb’ podpreset pods aka ‘po’ podsecuritypolicies aka ‘psp’ podtemplates replicasets aka ‘rs’ replicationcontrollers aka ‘rc’ resourcequotas aka ‘quota’ rolebindings roles secrets serviceaccounts aka ‘sa’ services aka ‘svc’ statefulsets storageclasses thirdpartyresources -
语法与示例
get [(-o|--output=)json|yaml|wide|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...] (TYPE [NAME | -l label] | TYPE/NAME ...) [flags]
-
列出所有运行的
Pod
信息[root@master-0 ~]# kubectl get pods
-
列出
Pod
以及运行Pod
节点信息[root@master-0 ~]# kubectl get pods -o wide
-
列出指定
NAME
的replication controller
信息[root@master-0 ~]# kubectl get replicationcontroller web
-
以
JSON
格式输出一个pod
信息[root@master-0 ~]# kubectl get -o json pod nignx-668c45c884-lhvvd
-
以
pod.yaml
配置文件中指定资源对象和名称输出JSON
格式的Pod
信息[root@master-0 ~]# kubectl get -f pod.yaml -o json
-
返回指定
pod
的相位值[root@master-0 ~]# kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}}
-
列出所有
replication controllers
和service
信息[root@master-0 ~]# kubectl get rc,services
-
按其资源和名称列出相应信息
[root@master-0 ~]# kubectl get rc/web service/frontend pods/web-pod-13je7
-
列出所有不同的资源对象
[root@master-0 ~]# kubectl get all
-
-
-
将资源暴露为新的
Kubernetes Service
,指定deployment(deploy)、service(svc)、replica set(rs)、replication controller(rc)
或pod(po)
,并使用该资源的控制器暴露为访问该pod
的入口 ,deployment
或replica set
只有当其控制器可转换为service
支持的控制器时,即当控制器仅包含matchLabels
组件时才会作为暴露新的Service
-
语法与示例
expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]
-
暴露
deployment
控制器的nginx
的80端口至service
控制器的8000端口[root@master-0 ~]# kubectl expose deploy nginx-deploy --port=80 --target-port=8000
-
暴露
deployment
控制器的nginx
的80端口至service
控制器的8000端口,并指定其类型为ClusterIP
其中支持的类型包括ClusterIP、 NodePort、LoadBalancer
或ExternalName
如果不指定类型默认为ClusterIP
[root@master-0 ~]# kubectl expose deploy nginx-deploy --port=80 --target-port=8000 --type=ClusterIP
-
ClusterIP
:该service
只有一个serviceIP
,只能被集群内其他pod
的客户端访问,而不能突破集群边界被其他机器所访问,一旦当种类型的service
被暴露,集群内的节点则可以通过集群自身的DNS
服务解析到该service
实现访问pod
内的服务[root@master-0 ~]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 14h [root@master-0 ~]# kubectl get ns NAME STATUS AGE default Active 14h kube-node-lease Active 14h kube-public Active 14h kube-system Active 14h [root@master-0 ~]# kubectl get svc -n kube-system NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 14h [root@master-0 ~]# dig -t A nginx-deploy.default.svc.cluster.local @10.96.0.10 # 其中 .default.svc.cluster.local 为 kubernetes 集群本地 pod 资源的特定域 ; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.el7 <<>> -t A nginx-deploy.default.svc.cluster.local @10.96.0.10 ;; global options: +cmd ;; Got answer: ;; WARNING: .local is reserved for Multicast DNS ;; You are currently testing what happens when an mDNS query is leaked to DNS ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13796 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;nginx-deploy.default.svc.cluster.local. IN A ;; ANSWER SECTION: nginx-deploy.default.svc.cluster.local. 30 IN A 10.108.188.58 ;; Query time: 0 msec ;; SERVER: 10.96.0.10#53(10.96.0.10) ;; WHEN: 二 3月 03 18:38:00 EST 2020 ;; MSG SIZE rcvd: 121 [root@master-0 ~]# kubectl get svc -o wide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 15h <none> nginx-deploy ClusterIP 10.108.188.58 <none> 80/TCP 65m run=nginx-deploy
-
service
本身只不过是一个iptalbes
或lvs
规则,可以通过kubectl describe
的方法看到更多详尽的信息[root@master-0 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 19h nginx-deploy ClusterIP 10.108.188.58 <none> 80/TCP 5h57m [root@master-0 ~]# kubectl describe svc nginx-deploy Name: nginx-deploy Namespace: default Labels: run=nginx-deploy # 抓取拥有 run=nginx-deploy 标签的 pod Annotations: <none> Selector: run=nginx-deploy Type: ClusterIP IP: 10.108.188.58 Port: <unset> 80/TCP TargetPort: 8000/TCP Endpoints: 10.244.2.3:8000 Session Affinity: None Events: <none> [root@master-0 ~]# kubectl get pods --show-labels NAME READY STATUS RESTARTS AGE LABELS nginx-deploy-5df7f97d6f-t2clw 1/1 Running 0 6h5m pod-template-hash=5df7f97d6f,run=nginx-deploy
-
NodePort
控制器则可以让集群边境外的机器访问到该控制器下的pod
,暴露方法同样[root@master-0 ~]# kubectl run nginx-nodes --image=nginx [root@master-0 ~]# kubectl expose deploy nginx-nodes --port=80 --target-port=8000 --type=NodePort service/nginx-nodes exposed [root@master-0 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 24h nginx-deploy ClusterIP 10.108.188.58 <none> 80/TCP 10h nginx-nodes NodePort 10.100.31.249 <none> 80:30013/TCP 37s # 30013端口为集群内任意节点的30013端口都可以访问到该 pod [root@master-0 ~]# ss -lnt|grep 30013 LISTEN 0 128 :::30013 :::* [root@slave-0 ~]# ss -lnt|grep 30013 LISTEN 0 128 :::30013 :::* [root@slave-1 ~]# ss -lnt|grep 30013 LISTEN 0 128 :::30013 :::*
-
-
暴露
deployment
控制器的nginx
的80端口至service
控制器的8000端口,指定其类型为ClusterIP
,并指定其传输协议为TCP
[root@master-0 ~]# kubectl expose deploy nginx-deploy --port=80 --target-port=8000 --type=ClusterIP --protocol=tcp
-
修改
-
扩容或缩容
Deployment、ReplicaSet、Replication Controller
或Job
中Pod
数量,可增加可减少-
语法与示例
# scale [--resource-version=version] [--current-replicas=count] --replicas=COUNT (-f FILENAME | TYPE NAME)
-
重新构建一个
Deployment
作为演示环境[root@master-0 ~]# kubectl run myapp --image=nginx --replicas=2 kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. deployment.apps/myapp created [root@master-0 ~]# kubectl get deploy -w # wait NAME READY UP-TO-DATE AVAILABLE AGE deploy 0/1 1 0 7h42m myapp 2/2 2 2 139m nginx-deploy 1/1 1 1 8h [root@master-0 ~]# kubectl get pod -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES deploy-765c7684d4-c456p 0/1 ImagePullBackOff 0 7h43m 10.244.2.4 slave-1.shared <none> <none> myapp-564fc884f-qr4s6 1/1 Running 0 140m 10.244.1.3 slave-0.shared <none> <none> myapp-564fc884f-tdplv 1/1 Running 0 140m 10.244.2.5 slave-1.shared <none> <none> nginx-deploy-5df7f97d6f-t2clw 1/1 Running 0 8h 10.244.2.3 slave-1.shared <none> <none> nignx-668c45c884-lhvvd 1/1 Running 0 12h 10.244.1.2 slave-0.shared <none> <none> [root@master-0 ~]# kubectl expose deploy myapp --name=myapp --port=80 service/myapp exposed [root@master-0 ~]# kubectl get svc # 当后端 pod 有两个副本时,service 会自动负载均衡 NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 22h myapp ClusterIP 10.101.228.97 <none> 80/TCP 9s nginx-deploy ClusterIP 10.108.188.58 <none> 80/TCP 8h [root@master-0 ~]# kubectl scale deploy myapp --replicas=5 deployment.apps/myapp scaled [root@master-0 ~]# kubectl get pod NAME READY STATUS RESTARTS AGE myapp-564fc884f-8n5pn 1/1 Running 0 4m15s myapp-564fc884f-hwk4k 1/1 Running 0 4m15s myapp-564fc884f-qr4s6 1/1 Running 0 149m myapp-564fc884f-tdplv 1/1 Running 0 149m myapp-564fc884f-zx7cp 1/1 Running 0 4m15s nginx-deploy-5df7f97d6f-t2clw 1/1 Running 0 8h nignx-668c45c884-lhvvd 1/1 Running 0 12h
-
-
灰度滚动升级容器内
app
的版本-
语法与示例
# kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N
-
更新时需要指定控制器的哪个
pod
里的哪个容器需要升级[root@master-0 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE myapp-564fc884f-8n5pn 1/1 Running 0 48m myapp-564fc884f-hwk4k 1/1 Running 0 48m myapp-564fc884f-qr4s6 1/1 Running 0 3h13m myapp-564fc884f-tdplv 1/1 Running 0 3h13m myapp-564fc884f-zx7cp 1/1 Running 0 48m nginx-deploy-5df7f97d6f-t2clw 1/1 Running 0 9h nignx-668c45c884-lhvvd 1/1 Running 0 13h [root@master-0 ~]# kubectl describe pods myapp-564fc884f-8n5pn Name: myapp-564fc884f-8n5pn Namespace: default Priority: 0 Node: slave-1.shared/10.211.55.27 Start Time: Wed, 04 Mar 2020 02:09:23 -0500 Labels: pod-template-hash=564fc884f run=myapp Annotations: <none> Status: Running IP: 10.244.2.6 IPs: IP: 10.244.2.6 Controlled By: ReplicaSet/myapp-564fc884f Containers: # 容器信息 myapp: Container ID: docker://5e00c8a34fc997ec841ed3e90976b264899e3a27f646cd559a52305f730dde10 Image: nginx Image ID: docker-pullable://nginx@sha256:2539d4344dd18e1df02be842ffc435f8e1f699cfc55516e2cf2cb16b7a9aea0b Port: <none> Host Port: <none> State: Running Started: Wed, 04 Mar 2020 02:09:41 -0500 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-z4cjl (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-z4cjl: Type: Secret (a volume populated by a Secret) SecretName: default-token-z4cjl Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned default/myapp-564fc884f-8n5pn to slave-1.shared Normal Pulling 50m kubelet, slave-1.shared Pulling image "nginx" Normal Pulled 50m kubelet, slave-1.shared Successfully pulled image "nginx" Normal Created 50m kubelet, slave-1.shared Created container myapp Normal Started 50m kubelet, slave-1.shared Started container myapp [root@master-0 ~]# kubectl set image deployment myapp myapp=nginx:1.17.1 #升级容器 deployment.apps/myapp image updated [root@master-0 ~]# kubectl rollout status deployment myapp Waiting for deployment "myapp" rollout to finish: 3 out of 5 new replicas have been updated... ... ... deployment "myapp" successfully rolled out [root@master-0 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE myapp-6dd7847fbc-dc72w 1/1 Running 0 115s myapp-6dd7847fbc-hsdbs 1/1 Running 0 41s myapp-6dd7847fbc-jt546 1/1 Running 0 39s myapp-6dd7847fbc-p4nrw 1/1 Running 0 115s myapp-6dd7847fbc-qdlqf 1/1 Running 0 115s nginx-deploy-5df7f97d6f-t2clw 1/1 Running 0 9h nignx-668c45c884-lhvvd 1/1 Running 0 13h [root@master-0 ~]# kubectl describe pods myapp-6dd7847fbc-dc72w Name: myapp-6dd7847fbc-dc72w Namespace: default Priority: 0 Node: slave-0.shared/10.211.55.26 Start Time: Wed, 04 Mar 2020 03:00:01 -0500 Labels: pod-template-hash=6dd7847fbc run=myapp Annotations: <none> Status: Running IP: 10.244.1.6 IPs: IP: 10.244.1.6 Controlled By: ReplicaSet/myapp-6dd7847fbc Containers: myapp: Container ID: docker://f01a175923b1c20662b71700294cc3e4300d062929eae4f28d6d00535c6f5ef4 Image: nginx:1.17.1 # 查看到容器已经升级到1.17.1版本,升级完毕 Image ID: docker-pullable://nginx@sha256:b4b9b3eee194703fc2fa8afa5b7510c77ae70cfba567af1376a573a967c03dbb Port: <none> Host Port: <none> State: Running Started: Wed, 04 Mar 2020 03:01:17 -0500 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-z4cjl (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-z4cjl: Type: Secret (a volume populated by a Secret) SecretName: default-token-z4cjl Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned default/myapp-6dd7847fbc-dc72w to slave-0.shared Normal Pulling 4m41s kubelet, slave-0.shared Pulling image "nginx:1.17.1" Normal Pulled 3m27s kubelet, slave-0.shared Successfully pulled image "nginx:1.17.1" Normal Created 3m26s kubelet, slave-0.shared Created container myapp Normal Started 3m26s kubelet, slave-0.shared Started container myapp
-
-
升级回滚操作,支持的资源包括
deployments
和daemonsets
-
语法与示例
# rollout SUBCOMMAND
-
子命令包括
history
(查看历史版本)pause
(暂停资源)resume
(恢复暂停资源)status
(查看资源状态)undo
(回滚版本)[root@master-0 ~]# kubectl rollout undo deployment myapp deployment.apps/myapp rolled back [root@master-0 ~]# kubectl get pods NAME READY STATUS RESTARTS AGE deploy-765c7684d4-c456p 0/1 ImagePullBackOff 0 8h myapp-564fc884f-2czv8 1/1 Running 0 18s myapp-564fc884f-cm9qb 1/1 Running 0 25s myapp-564fc884f-jh6lf 1/1 Running 0 25s myapp-564fc884f-k7bj7 1/1 Running 0 25s myapp-564fc884f-kb57d 1/1 Running 0 21s myapp-6dd7847fbc-qdlqf 0/1 Terminating 0 11m nginx-deploy-5df7f97d6f-t2clw 1/1 Running 0 9h nignx-668c45c884-lhvvd 1/1 Running 0 13h [root@master-0 ~]# kubectl describe pods myapp-564fc884f-2czv8 Name: myapp-564fc884f-2czv8 Namespace: default Priority: 0 Node: slave-0.shared/10.211.55.26 Start Time: Wed, 04 Mar 2020 03:10:56 -0500 Labels: pod-template-hash=564fc884f run=myapp Annotations: <none> Status: Running IP: 10.244.1.11 IPs: IP: 10.244.1.11 Controlled By: ReplicaSet/myapp-564fc884f Containers: myapp: Container ID: docker://c4153ab8f6406ba8b9870908f69116a6f872fa70bd1d599288fbc1bebacaa8b6 Image: nginx Image ID: docker-pullable://nginx@sha256:2539d4344dd18e1df02be842ffc435f8e1f699cfc55516e2cf2cb16b7a9aea0b Port: <none> Host Port: <none> State: Running Started: Wed, 04 Mar 2020 03:11:09 -0500 Ready: True Restart Count: 0 Environment: <none> Mounts: /var/run/secrets/kubernetes.io/serviceaccount from default-token-z4cjl (ro) Conditions: Type Status Initialized True Ready True ContainersReady True PodScheduled True Volumes: default-token-z4cjl: Type: Secret (a volume populated by a Secret) SecretName: default-token-z4cjl Optional: false QoS Class: BestEffort Node-Selectors: <none> Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s node.kubernetes.io/unreachable:NoExecute for 300s Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal Scheduled <unknown> default-scheduler Successfully assigned default/myapp-564fc884f-2czv8 to slave-0.shared Normal Pulling 2m32s kubelet, slave-0.shared Pulling image "nginx" Normal Pulled 2m20s kubelet, slave-0.shared Successfully pulled image "nginx" Normal Created 2m20s kubelet, slave-0.shared Created container myapp Normal Started 2m20s kubelet, slave-0.shared Started container myapp
-
-
使用默认编辑器编辑服务器上定义的资源
-
语法与示例
# edit (RESOURCE/NAME | -f FILENAME)
-
使用命令行工具获取的任何资源都可以使用
edit
命令编辑,edit
命令会打开使用KUBE_EDITOR,GIT_EDITOR
或者EDITOR
环境变量定义的编辑器,可以同时编辑多个资源,但所编辑过的资源只会一次性提交,edit
除命令参数外还接受文件名形式,文件默认输出格式为YAML,要以JSON
格式编辑,请指定-o json
(也可以指定为yaml
)选项,如果在更新资源时报错,将会在磁盘上创建一个临时文件来记录,在更新资源时最常见的错误是几个用户同时使用编辑器更改服务器上资源,发生这种情况,你需要将你的更改应用到最新版本的资源上,或者更新保存的临时副本[root@master-0 ~]# kubectl get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 23h myapp ClusterIP 10.101.228.97 <none> 80/TCP 70m nginx-deploy ClusterIP 10.108.188.58 <none> 80/TCP 9h [root@master-0 ~]# kubectl edit svc myapp # Please edit the object below. Lines beginning with a '#' will be ignored, # and an empty file will abort the edit. If an error occurs while saving this file will be # reopened with the relevant failures. # apiVersion: v1 kind: Service metadata: creationTimestamp: "2020-03-04T07:08:43Z" labels: run: myapp name: myapp namespace: default resourceVersion: "207131" selfLink: /api/v1/namespaces/default/services/myapp uid: 341256f1-e35e-4a24-84c0-d496964073a0 spec: clusterIP: 10.101.228.97 externalTrafficPolicy: Cluster ports: - nodePort: 31196 port: 80 protocol: TCP targetPort: 80 selector: run: myapp sessionAffinity: None type: NodePort # 修改 type status: loadBalancer: {}
-