kubadm重新生成token(默认24小时就过期)
[root@k8s-server1 m44]# kubeadm token create
3vfu2y.0k9l3yma5a77c23e
范例:列出token
[root@k8s-server1 m44]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
3vfu2y.0k9l3yma5a77c23e 23h 2021-07-27T12:17:59Z authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
范例:添加其他任意节点,需要换新的token,其他不用修改
[root@k8s-node1 m44]# kubeadm join 172.18.8.168:6443 --token 3vfu2y.0k9l3yma5a77c23e \
--discovery-token-ca-cert-hash sha256:2da81f9ac3deb6a236c61fb3240ee86f3eadbd0e07c62e7301a9a96350e700be
重置
[root@k8s-server1 ~]# kubeadm reset
查看证书有效期
[root@k8s-server1 ~]# kubeadm certs check-expiration
[check-expiration] Reading configuration from the cluster...
[check-expiration] FYI: You can look at this config file with 'kubectl -n kube-system get cm kubeadm-config -o yaml'
CERTIFICATE EXPIRES RESIDUAL TIME CERTIFICATE AUTHORITY EXTERNALLY MANAGED
admin.conf Jul 25, 2022 03:31 UTC 363d no
apiserver Jul 25, 2022 03:31 UTC 363d ca no
apiserver-etcd-client Jul 25, 2022 03:31 UTC 363d etcd-ca no
apiserver-kubelet-client Jul 25, 2022 03:31 UTC 363d ca no
controller-manager.conf Jul 25, 2022 03:32 UTC 363d no
etcd-healthcheck-client Jul 25, 2022 03:31 UTC 363d etcd-ca no
etcd-peer Jul 25, 2022 03:31 UTC 363d etcd-ca no
etcd-server Jul 25, 2022 03:31 UTC 363d etcd-ca no
front-proxy-client Jul 25, 2022 03:31 UTC 363d front-proxy-ca no
scheduler.conf Jul 25, 2022 03:32 UTC 363d no
CERTIFICATE AUTHORITY EXPIRES RESIDUAL TIME EXTERNALLY MANAGED
ca Jul 23, 2031 03:31 UTC 9y no
etcd-ca Jul 23, 2031 03:31 UTC 9y no
front-proxy-ca Jul 23, 2031 03:31 UTC 9y no
查看更新证书有效期
[root@k8s-server1 ~]# kubeadm certs renew --help
把dashboard登录制作成配置文件登录
# 找出admin-user的token
[root@k8s-server1 m44]# kubectl get secrets -A
[root@k8s-server1 m44]# kubectl describe secrets admin-user-token-5x4ml -n kubernetes-dashboard
[root@k8s-server1 m44]# cp /root/.kube/config /opt/config
[root@k8s-server1 m44]# vim /opt/config
[root@k8s-server1 m44]# cd /opt/
[root@k8s-server1 opt]# sz config
# 把token哪行复制到/root/.kube/config文件中,注意缩进
(跟client-key-data:平级),在把config文件拷贝到电脑桌面(方便测试)或者其他地方,同时要保存好,因为拥有这个文件相当于拥有k8s的最高admin权限,可以增删改查等操作,在桌面的dashboard登录时选择config文件即可
kubectl
创建
[root@k8s-server1 m44]# kubectl create -f kube-flannel.yaml
删除
[root@k8s-server1 m44]# kubectl delete -f kube-flannel.yaml
动态配置
[root@k8s-server1 m44]# kubectl apply -f kube-flannel.yaml
编辑
[root@k8s-server1 m44]# kubectl edit pod etcd-k8s-server1 -n kube-system
查看是否有什么事件发生
[root@k8s-server1 m44]# kubectl describe pod kube-proxy-57h6k -n kube-system
查看日志
[root@k8s-server1 m44]# kubectl logs -f kube-apiserver-k8s-server1 -n kube-system
进入容器
[root@k8s-server1 m44]# kubectl get pod
NAME READY STATUS RESTARTS AGE
net-test1 1/1 Running 0 13m
net-test3 1/1 Running 1 31h
net-test4 1/1 Running 1 31h
net-test5 1/1 Running 1 31h
net-test6 1/1 Running 1 26h
net-test7 1/1 Running 1 25h
[root@k8s-server1 m44]# kubectl exec -it net-test6 sh
命令行临时调整控制器的副本数
# 先查出来有哪些控制器
[root@k8s-server1 m44]# kubectl get deployment
# 命令行执行
[root@k8s-server1 m44]# kubectl scale deployment nginx-deployment --replicas=3 -n default
控制器文件使用说明??
[root@k8s-server1 m44]# kubectl explain --help
使用方法:(小写)
# 查看deployment的api版本
[root@k8s-server1 m44]# kubectl explain deployment.apiVersion
KIND: Deployment
VERSION: apps/v1
FIELD: apiVersion <string>
DESCRIPTION:
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resource