一、前言
玩过k8s的基本没有不熟悉kubectl 的,这玩意是k8s的命令行工具。我们今天重点讲的是kubectl 的插件管理工具krew。它的功能就是提供简单的方法下载、检索、管理其他插件,类似操作系统的apt、yum、brew等工具,其命名也似乎模仿的brew工具。kubectl插件机制在Kubernetes 1.14宣布稳定,进入GA状态。kubectl的插件机制就是希望允许开发者以独立的二进制形式发布自定义的kubectl子命令。kubectl插件可以使用任意语言开发,如可以是一个bash、python的脚本,也可以是其他语言开发编译的二进制可执行文件,只要最终将脚本或二进制可执行文件以kubectl-
的前缀放到PATH
中即可。使用kubectl plugin list
可以在PATH
中查看有哪些插件。
Kubernetes提供了一个https://github.com/kubernetes/cli-runtime项目,便于我们使用Go语言编写kubectl插件。 官方也给了一个使用Go编写kubectl插件的例子https://github.com/kubernetes/sample-cli-plugin。
二、安装krew
krew是kubectl插件的管理器,使用krew可以轻松的查找、安装和管理kubectl插件。krew自己也作为一个kubectl插件存在。官网的安装文档非常的清晰,也很友善。大家可以移步:https://krew.sigs.k8s.io/docs/user-guide/setup/install/ 。我是直接下载的文件安装的,安装前确认目标机器上已经安装了git,krew在更新本地插件索引时会用到git。
在kubernetes的管理节点上,命令如下:
$ wget https://github.com/kubernetes-sigs/krew/releases/download/v0.4.1/krew.tar.gz
$ wget https://github.com/kubernetes-sigs/krew/releases/download/v0.4.1/krew.yaml
$ tar -zxvf krew.tar.gz
$ ./krew-linux_amd64 install --manifest=krew.yaml --archive=krew.tar.gz
# 添加$HOME/.krew/bin目录到PATH环境变量。可以在.bashrc或者zshr文件中添加以下内容
$ export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
1. 通过kubectl plugin list可列出当前PATH目录下所有插件:
# kubectl plugin list
The following compatible plugins are available:
/root/.krew/bin/kubectl-grep
/root/.krew/bin/kubectl-krew
/root/.krew/bin/kubectl-ns
/usr/local/bin/kubectl-hello
所以要实现自己的插件,只需要把最终的可执行文件命名为kubectl-xxxx,然后放到PATH包含任意目录即可,但注意无法覆盖kubectl已有的子命令,如果与kubectl现有的子命令相同,则会优先执行内置子命令,因此插件不会被执行。
2. 查看所有插件
$ kubectl krew search
NAME DESCRIPTION STATUS
access-matrix Show an access matrix for all resources available
bulk-action Do bulk actions on Kubernetes resources. available
ca-cert Print the PEM CA certificate of the current clu... available
change-ns View or change the current namespace via kubectl. available
cssh SSH into Kubernetes nodes available
debug-shell Create pod with interactive kube-shell. available
exec-as Like kubectl exec, but offers a `user` flag to ... available
get-all Like 'kubectl get all', but _really_ everything available
gke-credentials Fetch credentials for GKE clusters available
ingress-nginx Interact with ingress-nginx available
krew Package manager for kubectl plugins. installed
kubesec-scan Scan Kubernetes resources with kubesec.io. available
match-name Match names of pods and other API objects available
mtail Tail logs from multiple pods matching label sel... available
node-admin List nodes and run privileged pod with chroot available
oidc-login Login for OpenID Connect authentication available
open-svc Open the Kubernetes URL(s) for the specified se... available
pod-logs Display a list of pods to get logs from available
pod-shell Display a list of pods to execute a shell in available
prompt Prompts for user confirmation when executing co... available
rbac-lookup Reverse lookup for RBAC available
rbac-view A tool to visualize your RBAC permissions. available
resource-capacity Provides an overview of resource requests, limi... available
restart Restarts a pod with the given name available
rm-standalone-pods Remove all pods without owner references available
sniff easly start a remote packet capture on kubernet... available
ssh-jump A kubectl plugin to SSH into Kubernetes nodes u... available
sudo Run Kubernetes commands impersonated as group s... available
view-secret Decode secrets available
view-serviceaccount-kubeconfig Show a kubeconfig setting to access the apiserv... available
view-utilization Shows cluster cpu and memory utilization available
warp Sync and execute local files in Pod available
3. 插件安装
$ kubectl krew install xxxx
三、牛刀小试
我们今天来试验一下一个叫做edit_status的插件,这个插件的名字就已经表达了它能干的事情“编辑k8s资源的status里边的字段”
# 安装
$ wget https://github.com/ulucinar/kubectl-edit-status/releases/download/v0.2.0/kubectl-edit-status_v0.2.0_linux_amd64.tar.gz
$ tar zxvf kubectl-edit-status_v0.2.0_linux_amd64.tar.gz
$ mv ./kubectl-edit_status $HOME/.krew/bin/
# 用法
$ kubectl edit-status
Usage:
kubectl edit-status [resource] [resource-name] [flags]
Examples:
# edit the status field of the MyResource CR named "test", which uses status subresource
kubectl edit-status myresource test
Flags:
--as string Username to impersonate for the operation
--as-group stringArray Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--cache-dir string Default HTTP cache directory (default "/home/SENSETIME/tangqing2/.kube/http-cache")
--certificate-authority string Path to a cert file for the certificate authority
--client-certificate string Path to a client certificate file for TLS
--client-key string Path to a client key file for TLS
--cluster string The name of the kubeconfig cluster to use
--context string The name of the kubeconfig context to use
-e, --editor string editor to use. Either editor name in PATH or path to the editor executable. If not specified, first value of "KUBE_EDITOR" and then value of "EDITOR" environment variables are substituted and checked (default "${KUBE_EDITOR}:${EDITOR}:vi")
-h, --help help for kubectl
--insecure-skip-tls-verify If true, the server's certificate will not be checked for validity. This will make your HTTPS connections insecure
--kubeconfig string Path to the kubeconfig file to use for CLI requests.
-n, --namespace string If present, the namespace scope for this CLI request
--namespaced set to false for cluster-scoped resources (default true)
--request-timeout string The length of time to wait before giving up on a single server request. Non-zero values should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests. (default "0")
-s, --server string The address and port of the Kubernetes API server
--tls-server-name string Server name to use for server certificate validation. If it is not provided, the hostname used to contact the server is used
--token string Bearer token for authentication to the API server
--user string The name of the kubeconfig user to use
四、常用插件
1. ns 插件
ns是一个可以在kubernetes集群里面切换命名空间的插件。你是否厌烦了每次敲kubectl命令时都要加上-n <namespaces>
的参数,又不想在config里面维护大量context。那么ns插件就是来解救你的,它会在切换命名空间时修改当前config里面的context到当前命名空间,这样你就不用再加-n
参数了。
安装:
kubectl krew install ns
2. images 插件
images插件允许你查看当前命名空间(甚至整个集群)Workload中使用的镜像信息。当前支持几个功能如下:
-
列出所有命名空间workload的镜像信息
-
指定字段展示镜像的关联k8s信息
-
指定单独的命名空间展示镜像
安装:kubectl krew install images
3. view-secret 插件
大部分情况下,我们secret里面的信息会事先经过base64编码后存储。当我们需要从secret里面读取内容在做decode
kubectl get secret <secret> -o=jsonpath='{.data.password}' |base64 -d
但是我们的目标能少打命令绝不多敲一个字母。那么这个时候view-secret就可以帮助到我们。
安装:
kubectl krew install view-secret
4. view-allocations 插件
对于想快速知道当前你的kubernetes集群资源分布情况,view-allocations
这个插件它一定能够帮助。view-allocations当前能够根据resource
,node
和pod
三个维度展示集群当前的资源分配状况。值得一提的是如果你的kubernetes集群有GPU节点,采用view-allocations也可以快速查到你的GPU显卡分配状态
...
Resource Requested %Requested Limit %Limit Allocatable Free
nvidia.com/gpu 14.0 70% 14.0 70% 20.0 6.0
├─ node1 4.0 100% 4.0 100% 4.0 0.0
├─ node2 3.0 75% 3.0 75% 4.0 1.0
├─ node3 0.0 0% 0.0 0% 4.0 4.0
├─ node4 4.0 100% 4.0 100% 4.0 0.0
└─ node5 3.0 75% 3.0 75% 4.0 1.0
...