Kubectl是管理k8s集群的命令行工具,通过生成的json格式传递给apiserver进行创建、查看、管理的操作。
帮助信息
[root@localhost bin]# kubectl --help
kubectl controls the Kubernetes cluster manager.
Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/
Basic Commands (Beginner):
create Create a resource from a file or from stdin.
expose 使用 replication controller, service, deployment 或者 pod
并暴露它作为一个 新的 Kubernetes Service
run 在集群中运行一个指定的镜像
set 为 objects 设置一个指定的特征
Basic Commands (Intermediate):
explain 查看资源的文档
get 显示一个或更多 resources
edit 在服务器上编辑一个资源
delete Delete resources by filenames, stdin, resources and names, or by resources and
label selector
Deploy Commands:
rollout Manage the rollout of a resource
scale 为 Deployment, ReplicaSet, Replication Controller 或者 Job
设置一个新的副本数量
autoscale 自动调整一个 Deployment, ReplicaSet, 或者 ReplicationController
的副本数量
Cluster Management Commands:
certificate 修改 certificate 资源.
cluster-info 显示集群信息
top Display Resource (CPU/Memory/Storage) usage.
cordon 标记 node 为 unschedulable
uncordon 标记 node 为 schedulable
drain Drain node in preparation for maintenance
taint 更新一个或者多个 node 上的 taints
Troubleshooting and Debugging Commands:
describe 显示一个指定 resource 或者 group 的 resources 详情
logs 输出容器在 pod 中的日志
attach Attach 到一个运行中的 container
exec 在一个 container 中执行一个命令
port-forward Forward one or more local ports to a pod
proxy 运行一个 proxy 到 Kubernetes API server
cp 复制 files 和 directories 到 containers 和从容器中复制 files 和
directories.
auth Inspect authorization
一、项目的生命周期,创建–>发布–>更新–>回滚–>删除
1.1:创建
[root@master01 ~]# kubectl get pods
No resources found.
[root@master01 ~]# kubectl run nginx-dep --image=nginx:latest --port=80 --replicas=3
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
deployment.apps/nginx-dep created
[root@master01 ~]# kubectl get pods -w
NAME READY STATUS RESTARTS AGE
nginx-dep-57c896445d-gqkmk 1/1 Running 0 8s
nginx-dep-57c896445d-rg5gx 1/1 Running 0 8s
nginx-dep-57c896445d-tf55j 0/1 ContainerCreating 0 8s
[root@master01 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dep-57c896445d-gqkmk 1/1 Running 0 2m 172.17.53.3 192.168.100.129 <none>
nginx-dep-57c896445d-rg5gx 1/1 Running 0 2m 172.17.80.2 192.168.100.128 <none>
nginx-dep-57c896445d-tf55j 1/1 Running 0 2m 172.17.53.2 192.168.100.129 <none>
[root@master01 ~]# kubectl get all '查看更详细信息:副本资源和控制器资源'
NAME READY STATUS RESTARTS AGE
pod/nginx-dep-57c896445d-gqkmk 1/1 Running 0 5m7s
pod/nginx-dep-57c896445d-rg5gx 1/1 Running 0 5m7s
pod/nginx-dep-57c896445d-tf55j 1/1 Running 0 5m7s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 14d
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dep 3 3 3 3 5m7s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dep-57c896445d 3 3 3 5m7s
1.2:发布
发布nginx service提供负载均衡的功能
[root@master01 ~]# kubectl expose deployment nginx-dep --port=80 --target-port=80 --name=nginx-service --type=NodePort
service/nginx-service exposed
[root@master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 14d
nginx-service NodePort 10.0.0.119 <none> 80:33997/TCP 9s
服务节点访问正常
另外一个节点也可以正常访问
查看资源对象简写
[root@master ~]# kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
componentstatuses cs false ComponentStatus
configmaps cm true ConfigMap
endpoints ep true Endpoints
events ev true Event
limitranges limits true LimitRange
namespaces ns false Namespace
nodes no false Node
persistentvolumeclaims pvc true PersistentVolumeClaim
persistentvolumes pv false PersistentVolume
pods po true Pod
podtemplates true PodTemplate
replicationcontrollers rc true ReplicationController
resourcequotas quota true ResourceQuota
secrets true Secret
serviceaccounts sa true ServiceAccount
services svc true Service
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition
apiservices apiregistration.k8s.io false APIService
controllerrevisions apps true ControllerRevision
daemonsets ds apps true DaemonSet
deployments deploy apps true Deployment
replicasets rs apps true ReplicaSet
statefulsets sts apps true StatefulSet
tokenreviews authentication.k8s.io false TokenReview
localsubjectaccessreviews authorization.k8s.io true LocalSubjectAccessReview
selfsubjectaccessreviews authorization.k8s.io false SelfSubjectAccessReview
selfsubjectrulesreviews authorization.k8s.io false SelfSubjectRulesReview
subjectaccessreviews authorization.k8s.io false SubjectAccessReview
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler
cronjobs cj batch true CronJob
jobs batch true Job
certificatesigningrequests csr certificates.k8s.io false CertificateSigningRequest
leases coordination.k8s.io true Lease
events ev events.k8s.io true Event
daemonsets ds extensions true DaemonSet
deployments deploy extensions true Deployment
ingresses ing extensions true Ingress
networkpolicies netpol extensions true NetworkPolicy
podsecuritypolicies psp extensions false PodSecurityPolicy
replicasets rs extensions true ReplicaSet
kuboardaddonresources kbar kuboard.cn true KuboardAddonResource
kuboardaddons kba kuboard.cn true KuboardAddon
kuboardlayouts klt kuboard.cn false KuboardLayout
kuboardlicenses klcs kuboard.cn false KuboardLicense
networkpolicies netpol networking.k8s.io true NetworkPolicy
poddisruptionbudgets pdb policy true PodDisruptionBudget
podsecuritypolicies psp policy false PodSecurityPolicy
clusterrolebindings rbac.authorization.k8s.io false ClusterRoleBinding
clusterroles rbac.authorization.k8s.io false ClusterRole
rolebindings rbac.authorization.k8s.io true RoleBinding
roles rbac.authorization.k8s.io true Role
priorityclasses pc scheduling.k8s.io false PriorityClass
storageclasses sc storage.k8s.io false StorageClass
volumeattachments storage.k8s.io false VolumeAttachment
查看关联后端的节点
[root@master01 ~]# kubectl get ep
NAME ENDPOINTS AGE
kubernetes 192.168.100.130:6443,192.168.100.88:6443 15d
nginx-service 172.17.53.2:80,172.17.53.3:80,172.17.80.2:80 23h
网络状态详细信息
[root@master01 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-dep-57c896445d-gqkmk 1/1 Running 0 25h 172.17.53.3 192.168.100.129 <none>
nginx-dep-57c896445d-rg5gx 1/1 Running 0 25h 172.17.80.2 192.168.100.128 <none>
nginx-dep-57c896445d-tf55j 1/1 Running 0 25h 172.17.53.2 192.168.100.129 <none>
服务暴露的端口
[root@master01 demo]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 15d
nginx-service NodePort 10.0.0.119 <none> 80:33997/TCP 23h
在node01操作,查看负载均衡端口33997
kubernetes里kube-proxy支持三种模式,在v1.8之前我们使用的是iptables 以及 userspace两种模式,在kubernetes 1.8之后引入了ipvs模式
[root@node01 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 127.0.0.1:30001 rr
-> 172.17.80.5:8443 Masq 1 0 0
TCP 127.0.0.1:33997 rr
-> 172.17.53.2:80 Masq 1 0 0
-> 172.17.53.3:80 Masq 1 0 0
-> 172.17.80.2:80 Masq 1 0 0
在node02操作 同样安装ipvsadmin工具查看
[root@node02 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 127.0.0.1:30001 rr
-> 172.17.80.5:8443 Masq 1 0 0
TCP 127.0.0.1:33997 rr
-> 172.17.53.2:80 Masq 1 0 0
-> 172.17.53.3:80 Masq 1 0 0
-> 172.17.80.2:80 Masq 1 0 0
在master01操作 查看访问日志(注意:如果访问其他node无法访问检查proxy组件)
[root@master01 ~]# kubectl logs nginx-dep-57c896445d-gqkmk
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
172.17.53.1 - - [14/Oct/2020:04:00:09 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36" "-"
2020/10/14 04:00:10 [error] 28#28: *1 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 172.17.53.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.129:33997", referrer: "http://192.168.100.129:33997/"
172.17.53.1 - - [14/Oct/2020:04:00:10 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.129:33997/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.89 Safari/537.36" "-"
172.17.53.1 - - [15/Oct/2020:03:05:52 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36 Edg/86.0.622.38" "-"
2020/10/15 03:05:52 [error] 28#28: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 172.17.53.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "192.168.100.129:33997", referrer: "http://192.168.100.129:33997/"
172.17.53.1 - - [15/Oct/2020:03:05:52 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://192.168.100.129:33997/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.75 Safari/537.36 Edg/86.0.622.38" "-"
1.3:更新
更新nginx 为1.14版本
浏览器重新加载刷新页面查看nginx版本信息,目前是1.19版本的nginx
[root@master ~]# kubectl set --help
Configure application resources
These commands help you make changes to existing application resources.
Available Commands:
env Update environment variables on a pod template
image 更新一个 pod template 的镜像
resources 在对象的 pod templates 上更新资源的 requests/limits
selector 设置 resource 的 selector
serviceaccount Update ServiceAccount of a resource
subject Update User, Group or ServiceAccount in a RoleBinding/ClusterRoleBinding
Usage:
kubectl set SUBCOMMAND [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
获取修改模板
[root@master01 demo]# kubectl set image deployment/nginx-deployment nginx-deployment=nginx:1.14
deployment.extensions/nginx-deployment image updated
已经更新为1.14版本的nginx
1.4:回滚
[root@master ~]# kubectl rollout --help
Manage the rollout of a resource.
Valid resource types include:
* deployments
* daemonsets
* statefulsets
Examples:
# Rollback to the previous deployment
kubectl rollout undo deployment/abc
# Check the rollout status of a daemonset
kubectl rollout status daemonset/foo
Available Commands:
history 显示 rollout 历史
pause 标记提供的 resource 为中止状态
resume 继续一个停止的 resource
status 显示 rollout 的状态
undo 撤销上一次的 rollout
Usage:
kubectl rollout SUBCOMMAND [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
查看历史版本
[root@master01 ~]# kubectl rollout history deployment/nginx-deployment
deployment.extensions/nginx-deployment
REVISION CHANGE-CAUSE
1 <none>
2 <none>
执行回滚
[root@master01 ~]# kubectl rollout undo deployment/nginx-deployment
deployment.extensions/nginx-deployment
[root@master01 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-5477945587-m5nmp 1/1 Running 0 4m49s
nginx-deployment-5477945587-p8sx6 1/1 Running 0 2m20s
nginx-deployment-5477945587-sjklw 1/1 Running 0 3m48s
回滚成功,回到1.19版本
1.5:删除
[root@master01 ~]# kubectl get deployment
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
nginx-deployment 3 3 3 3 3d15h
[root@master01 ~]# kubectl delete deployment/nginx-deployment
deployment.extensions "nginx-deployment" deleted
[root@master01 ~]# kubectl get deployment
No resources found.
删除服务svc
[root@master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 19d
nginx-service NodePort 10.0.0.220 <none> 80:33984/TCP 3d15h
[root@master01 ~]# kubectl delete svc/nginx-service
service "nginx-service" deleted
[root@master01 ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 19d
查看具体资源的详细信息
[root@master01 ~]# kubectl run nginx --image=nginx:latest --port=80 --replicas=3
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
deployment.apps/nginx created
[root@master01 ~]# kubectl get pods -w
NAME READY STATUS RESTARTS AGE
nginx-7697996758-cxsv5 0/1 ContainerCreating 0 4s
nginx-7697996758-fh4np 0/1 ContainerCreating 0 4s
nginx-7697996758-gjkvm 0/1 ContainerCreating 0 4s
nginx-7697996758-cxsv5 1/1 Running 0 9s
nginx-7697996758-gjkvm 1/1 Running 0 11s
nginx-7697996758-fh4np 1/1 Running 0 26s
^C[root@master01 ~]# kubectget pods
NAME READY STATUS RESTARTS AGE
nginx-7697996758-cxsv5 1/1 Running 0 4m38s
nginx-7697996758-fh4np 1/1 Running 0 4m38s
nginx-7697996758-gjkvm 1/1 Running 0 4m38s
[root@master01 ~]# kubectl describe pod nginx-7697996758-cxsv5
Name: nginx-7697996758-cxsv5
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 192.168.100.128/192.168.100.128
Start Time: Mon, 19 Oct 2020 11:42:28 +0800
Labels: pod-template-hash=7697996758
run=nginx
Annotations: <none>
Status: Running
IP: 172.17.80.2
Controlled By: ReplicaSet/nginx-7697996758
Containers:
nginx:
Container ID: docker://862271181d45003369b58c0826d5e52acd98f7a33e59788c67e1e41e3eb4c9b4
Image: nginx:latest
Image ID: docker-pullable://nginx@sha256:ed7f815851b5299f616220a63edac69a4cc200e7f536a56e421988da82e44ed8
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Mon, 19 Oct 2020 11:42:37 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-qjsxv (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-qjsxv:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-qjsxv
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 5m42s default-scheduler Successfully assigned default/nginx-7697996758-cxsv5 to 192.168.100.128
Normal Pulling 5m40s kubelet, 192.168.100.128 pulling image "nginx:latest"
Normal Pulled 5m33s kubelet, 192.168.100.128 Successfully pulled image "nginx:latest"
Normal Created 5m33s kubelet, 192.168.100.128 Created container
Normal Started 5m33s kubelet, 192.168.100.128 Started container
查看deployment资源
[root@master01 ~]# kubectl describe deployment/nginx
Name: nginx
Namespace: default
CreationTimestamp: Mon, 19 Oct 2020 11:42:28 +0800
Labels: run=nginx
Annotations: deployment.kubernetes.io/revision: 1
Selector: run=nginx
Replicas: 3 desired | 3 updated | 3 total | 3 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: run=nginx
Containers:
nginx:
Image: nginx:latest
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-7697996758 (3/3 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 7m42s deployment-controller Scaled up replica set nginx-7697996758 to 3
进入pod
[root@master01 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-7697996758-cxsv5 1/1 Running 0 8m30s
nginx-7697996758-fh4np 1/1 Running 0 8m30s
nginx-7697996758-gjkvm 1/1 Running 0 8m30s
[root@master01 ~]# kubectl exec -it nginx-7697996758-cxsv5 bash
root@nginx-7697996758-cxsv5:/# ls
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
root@nginx-7697996758-cxsv5:/# exit
exit
command terminated with exit code 127
[root@master01 ~]#