03 kubectl 管理命令

发表于 | 分类于


kubectl 命令行管理工具

  1. 标记红色为常用 必须记住

kubectl 工具管理 集群应用

  1. k8s 会帮我们调度到node上
  2. k8s 镜像交付物 CI环境 打包到镜像仓库
  3. 应用程序的生命周期 - 基于镜像

创建 run

1
2
3
4
5
6
7
8
9
10
11
12
13
# --replicas=3 副本个数,一般保持在2个以上
[root@k8s-master1 ~]# kubectl run mynginx --replicas=3 --image=nginx:1.14 --port=80

# deploy = deployment 默认创建的控制器

[root@k8s-master1 ~]# kubectl get pods,deploy
NAME                           READY   STATUS    RESTARTS   AGE
pod/mynginx-559f66f86b-j4q5m   1/1     Running   0          6m
pod/mynginx-559f66f86b-q5lpf   1/1     Running   0          6m
pod/mynginx-559f66f86b-xltps   1/1     Running   0          6m

NAME                      READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/mynginx   3/3     3            3           6m

发布 expose

1
2
3
4
5
6
# 将项目暴露出去:
1. --type=NodePort          是service 的一种类型 
2. --port=80                集群内容访问端口
3. --target-port=80         容器端口
4. --name=nginx-service     service的name
5. 生产环境无法使用外网,如果有外网可以用域名接下到nodeip+端口访问
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@k8s-master1 ~]# kubectl expose deploy/mynginx --port=80 --type=NodePort --target-port=80 --name=nginx-service
service/nginx-service exposed

# 查看暴露的service
[root@k8s-master1 ~]# kubectl get pods,svc
NAME                           READY   STATUS    RESTARTS   AGE
pod/mynginx-559f66f86b-j4q5m   1/1     Running   0          10m
pod/mynginx-559f66f86b-q5lpf   1/1     Running   0          10m
pod/mynginx-559f66f86b-xltps   1/1     Running   0          10m

NAME                    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
service/kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        5d22h
service/nginx-service   NodePort    10.0.0.190   <none>        80:30540/TCP   13s


# 访问 任意一个node的ip+外部随机端口(30540)
[root@k8s-master1 ~]# curl 172.17.70.253:30540
[root@k8s-master1 ~]# curl 172.17.70.254:30540
1
2
3
4
5
6
7
8
9
# 查看日志
[root@k8s-master tmp]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
busybox                  1/1     Running   5          5h35m
nginx-59d795d786-bsfwv   1/1     Running   0          10m
nginx-59d795d786-jtrzh   1/1     Running   0          10m
nginx-59d795d786-nck54   1/1     Running   0          10m
web-866f97c649-mksh6     1/1     Running   0          6h1m
[root@k8s-master tmp]# kubectl logs nginx-59d795d786-bsfwv
1
2
3
4
5
6
7
8
9
# 查看事件
[root@k8s-master1 ~]# kubectl describe pod mynginx-559f66f86b-xltps
Events:
  Type    Reason     Age        From                Message
  ----    ------     ----       ----                -------
  Normal  Scheduled  <unknown>  default-scheduler   Successfully assigned default/mynginx-559f66f86b-xltps to k8s-node2
  Normal  Pulled     17m        kubelet, k8s-node2  Container image "nginx:1.14" already present on machine
  Normal  Created    17m        kubelet, k8s-node2  Created container mynginx
  Normal  Started    17m        kubelet, k8s-node2  Started container mynginx

更新 set

  1. ci 打包 升级
  2. 更新到最新版本,滚动更新 一个一个
  3. 回滚和更新的时候 注意pod的IP地址,每次都不一致,是因为重新创建了新的pod 但是service保持了pod的访问
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# 查看一个pod的信息 得到镜像版本
[root@k8s-master1 ~]# kubectl describe pod mynginx-559f66f86b-xltps

# 通过image 更新
# mynginx 是容器名
[root@k8s-master1 ~]# kubectl set image deployment/mynginx mynginx=nginx:1.16
deployment.apps/mynginx image updated


[root@k8s-master1 ~]# kubectl get pods
NAME                       READY   STATUS    RESTARTS   AGE
mynginx-579d45d79b-4msl2   1/1     Running   0          73s
mynginx-579d45d79b-hb9g5   1/1     Running   0          70s
mynginx-579d45d79b-j426j   1/1     Running   0          71s

# 滚动更新 其实就是创建了新的容器
[root@k8s-master1 ~]# kubectl describe pod mynginx-579d45d79b-4msl2

回滚 rollout

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
# 查看当前项目的版本
[root@k8s-master1 ~]# kubectl rollout history deployment/mynginx
deployment.apps/mynginx 
REVISION  CHANGE-CAUSE
1         <none>
2         <none>


# 回到上一个版本 感觉是把上一个版本重新部署一次
[root@k8s-master1 ~]# kubectl rollout undo deployment/mynginx
deployment.apps/mynginx rolled back

[root@k8s-master1 ~]# kubectl get pods
NAME                       READY   STATUS        RESTARTS   AGE
mynginx-559f66f86b-6vt4z   1/1     Running       0          3s
mynginx-559f66f86b-7674b   1/1     Running       0          4s
mynginx-559f66f86b-flxn5   1/1     Running       0          2s
mynginx-579d45d79b-4msl2   0/1     Terminating   0          5m25s
mynginx-579d45d79b-hb9g5   0/1     Terminating   0          5m22s
mynginx-579d45d79b-j426j   0/1     Terminating   0          5m23s

[root@k8s-master1 ~]# kubectl get pods
NAME                       READY   STATUS    RESTARTS   AGE
mynginx-559f66f86b-6vt4z   1/1     Running   0          41s
mynginx-559f66f86b-7674b   1/1     Running   0          42s
mynginx-559f66f86b-flxn5   1/1     Running   0          40s

# 查看镜像版本
[root@k8s-master1 ~]# kubectl describe pod mynginx-559f66f86b-6vt4z

删除 delete

1
2
3
4
5
6
7
8
9
[root@k8s-master1 ~]# kubectl delete deployment/mynginx
deployment.apps "mynginx" deleted

[root@k8s-master1 ~]# kubectl delete svc/nginx-service
service "nginx-service" deleted

[root@k8s-master1 ~]# kubectl get pods,svc
NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.0.0.1     <none>        443/TCP   5d22h

kubectl 工具远程连接 K8S集群

  1. 现在所有的管理都在 master 上操作 无法在别的服务器上管理 比如node
  2. 如何在其他服务器上使用kubectl 
1
2
# 先将kubectl命令发送到 node1上
[root@k8s-master1 ~]# scp /usr/local/bin/kubectl root@172.17.70.253:/usr/bin/kubectl
1
2
3
4
5
6
7
# 测试使用
# master上启动了apiserver,监听端口是 127.0.0.1:8080
# 而node上没有启动无法连接apiserver服务
[root@k8s-node1 ~]# kubectl get nodes
The connection to the server localhost:8080 was refused - did you specify the right host or port?

[root@k8s-master1 ~]# netstat -tnlp | grep 8080
1
2
3
4
# 一般情况下,在k8smaster节点上集群管理工具kubectl是连接的本地http8080端口和apiserver进行通讯的,
# 当然也可以通过https端口进行通讯前提是要生成证书。
# 所以说kubectl不一定部署在master上,只要能和apiserver进行通讯,那么你可以将kubectl部署在任何一台你想连接到集群的主机上
# 生成 kubeconfig配置文件,包含连接apiserver的配置文件

生成admin证书

1
2
3
4
5

# 生成admin证书,我之前已经生成了ca证书
[root@k8s-master1 TLS]# mkdir -p /opt/TLS/admin
[root@k8s-master1 admin]# cp ../k8s/ca*.pem .
[root@k8s-master1 admin]# cp ../k8s/ca-config.json .
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
# 证书配置
cat > admin-csr.json <<EOF
{
  "CN": "admin",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}
EOF


[root@k8s-master1 admin]# ls -l
total 16
-rw-r--r-- 1 root root  229 Nov 19 10:21 admin-csr.json
-rw-r--r-- 1 root root  294 Nov 19 10:23 ca-config.json
-rw------- 1 root root 1675 Nov 19 10:18 ca-key.pem
-rw-r--r-- 1 root root 1359 Nov 19 10:18 ca.pem
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 生成证书
[root@k8s-master1 admin]# cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

[root@k8s-master1 admin]# ls -l
total 28
-rw-r--r-- 1 root root 1009 Nov 19 10:23 admin.csr
-rw-r--r-- 1 root root  229 Nov 19 10:21 admin-csr.json
-rw------- 1 root root 1679 Nov 19 10:23 admin-key.pem
-rw-r--r-- 1 root root 1399 Nov 19 10:23 admin.pem
-rw-r--r-- 1 root root  294 Nov 19 10:23 ca-config.json
-rw------- 1 root root 1675 Nov 19 10:18 ca-key.pem
-rw-r--r-- 1 root root 1359 Nov 19 10:18 ca.pem

# 拷贝证书以及相关kubectl到目标机器
[root@k8s-master1 admin]# scp /usr/local/bin/kubectl root@172.17.70.253:/usr/bin/kubectl   
[root@k8s-master1 admin]# scp admin*.pem 172.17.70.253:/opt/kubernetes/ssl

kubectl配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
# 在node上执行
# 生成kubectl配置文件 地址可以是vip
# ca.pem	    CA根证书
# admin.pem	    kubectl的TLS认证证书,具有admin权限
# admin-key.pem	kubectl的TLS认证私钥

# 进入证书目录
[root@k8s-node1 ssl]# cd /opt/kubernetes/ssl

# 设置连接api的地址 
kubectl config set-cluster kubernetes --server=https://172.17.70.251:6443 --embed-certs=true --certificate-authority=ca.pem --kubeconfig=config

# 设置用户项中cluster-admin用户证书认证字段
kubectl config set-credentials cluster-admin --certificate-authority=ca.pem --embed-certs=true --client-key=admin-key.pem --client-certificate=admin.pem --kubeconfig=config

# 设置默认上下文
kubectl config set-context default --cluster=kubernetes --user=cluster-admin --kubeconfig=config

# 设置当前环境的default
kubectl config use-context default --kubeconfig=config
1
2
3
4
5
6
7
8
9
10
11
12
# 测试
[root@k8s-node1 ssl]# kubectl --kubeconfig=./config get nodes
NAME        STATUS   ROLES    AGE     VERSION
k8s-node1   Ready    <none>   5d18h   v1.16.0
k8s-node2   Ready    <none>   5d18h   v1.16.0

# 优化
[root@k8s-node1 ssl]# mv config /root/.kube/config
[root@k8s-node1 ssl]# kubectl get nodes
NAME        STATUS   ROLES    AGE     VERSION
k8s-node1   Ready    <none>   5d18h   v1.16.0
k8s-node2   Ready    <none>   5d18h   v1.16.0

YAML配置文件管理资源

语法格式

1
2
3
4
5
6
7
8
9
YAML 是一种简洁的非标记语言。

语法格式:
• 缩进表示层级关系
• 不支持制表符“tab”缩进,使用空格缩进
• 通常开头缩进 2 个空格
• 字符后缩进 1 个空格,如冒号、逗号等
• “---” 表示YAML格式,一个文件的开始
• “#”注释

使用yaml文件创建资源对象

  1. 通过文件描述创建的资源
  2. yaml可以留存复用,命令要写很多 
1
2
3
# 参考文档 
# 去官网搜索想要的内容 如 deployment
https://kubernetes.io/docs/concepts/workloads/controllers/deployment/

deployment

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
[root@k8s-master1 demo]# mkdir -p /opt/demo/ ;cd /opt/demo/
# 查看api的版本
[root@k8s-master1 demo]# kubectl api-versions 
 
[root@k8s-master demo]# vim nginx-deployment.yaml

apiVersion: apps/v1                     # 指定api版本
kind: Deployment                        # 资源名
metadata:                               # 元数据信息
  name: nginx-deployment                # 名称
  labels:
    app: nginx                          # 标签名
spec:   
  replicas: 3                           # 副本数
  selector:                             # 标签选择器
    matchLabels:
      app: nginx                        # 通过app:nginx 关联pod
      
  template:                             # 被管理的对象,实际的容器
    metadata:
      labels:
        app: nginx                      # 关联上面控制器的标签
    spec:                              
      containers:                       # 容器
      - name: nginx                     # name
        image: nginx:1.16               # 镜像名
        ports:                          # 端口
        - containerPort: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
# 创建
[root@k8s-master1 demo]# kubectl create -f nginx-deployment.yaml 
deployment.apps/nginx-deployment created

# 查看pod
[root@k8s-master1 demo]# kubectl get pod,deploy -o wide
NAME                                    READY   STATUS    RESTARTS   AGE    IP            NODE        NOMINATED NODE   READINESS GATES
pod/nginx-deployment-594cc45b78-2clch   1/1     Running   0          5m1s   10.244.0.24   k8s-node1   <none>           <none>
pod/nginx-deployment-594cc45b78-h9h8b   1/1     Running   0          5m1s   10.244.0.23   k8s-node1   <none>           <none>
pod/nginx-deployment-594cc45b78-rqcld   1/1     Running   0          5m1s   10.244.1.19   k8s-node2   <none>           <none>

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE    CONTAINERS   IMAGES       SELECTOR
deployment.apps/nginx-deployment   3/3     3            3           5m1s   nginx        nginx:1.16   app=nginx

service

1
2
# 官网文档
https://kubernetes.io/zh/docs/concepts/services-networking/service/
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# service 暴露
[root@k8s-master1 demo]# vim nginx-service.yaml 

apiVersion: v1
kind: Service                      # 资源对象
metadata:                          # 源数据
  name: nginx-service              # name
  labels:                          # 标签  关联 pod 
  app: nginx
spec:
  type: NodePort
  selector:                        # 选择器 指定上面的service 标签
    app: nginx
  ports:
  - port: 80
    targetPort: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
[root@k8s-master1 demo]# kubectl create -f nginx-service.yaml
service/nginx-service created

[root@k8s-master1 demo]# kubectl get pods,svc,deploy -o wide
NAME                                    READY   STATUS    RESTARTS   AGE   IP            NODE        NOMINATED NODE   READINESS GATES
pod/nginx-deployment-594cc45b78-2clch   1/1     Running   0          20m   10.244.0.24   k8s-node1   <none>           <none>
pod/nginx-deployment-594cc45b78-h9h8b   1/1     Running   0          20m   10.244.0.23   k8s-node1   <none>           <none>
pod/nginx-deployment-594cc45b78-rqcld   1/1     Running   0          20m   10.244.1.19   k8s-node2   <none>           <none>

NAME                    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE   SELECTOR
service/kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        8d    <none>
service/nginx-service   NodePort    10.0.0.146   <none>        80:31291/TCP   96s   app=nginx

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE   CONTAINERS   IMAGES       SELECTOR
deployment.apps/nginx-deployment   3/3     3            3           20m   nginx        nginx:1.16   app=nginx

http://39.106.100.108:31291/
http://39.106.168.181:31291/

整合到一起

  1. kubectl 是通过一条命令去创建资源对象
  2. yaml文件 有利于留存复用,通过描述创建资源对象
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 删除 pod和service
[root@k8s-master1 demo]# kubectl get pod,svc,deploy
NAME                                    READY   STATUS    RESTARTS   AGE
pod/nginx-deployment-594cc45b78-2clch   1/1     Running   0          26m
pod/nginx-deployment-594cc45b78-h9h8b   1/1     Running   0          26m
pod/nginx-deployment-594cc45b78-rqcld   1/1     Running   0          26m

NAME                    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
service/kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        8d
service/nginx-service   NodePort    10.0.0.146   <none>        80:31291/TCP   7m49s

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-deployment   3/3     3            3           26m
[root@k8s-master1 demo]# kubectl delete service/nginx-service 
service "nginx-service" deleted
[root@k8s-master1 demo]# kubectl delete deployment.apps/nginx-deployment
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
# 整合到一起
[root@k8s-master1 demo]# vim nginx-deployment.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
  labels:
    app: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:1.16
        ports:
        - containerPort: 80

---

apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  labels:
    app: nginx
spec:
  type: NodePort
  selector:
    app: nginx
  ports:
  - port: 80
    targetPort: 80
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
# 创建并查看
[root@k8s-master1 demo]# kubectl create -f nginx-deployment.yaml 
deployment.apps/nginx-deployment created
service/nginx-service created
[root@k8s-master1 demo]# kubectl get pod,svc,deploy
NAME                                    READY   STATUS    RESTARTS   AGE
pod/nginx-deployment-594cc45b78-2wc5c   1/1     Running   0          4s
pod/nginx-deployment-594cc45b78-mmr9p   1/1     Running   0          4s
pod/nginx-deployment-594cc45b78-vs7wh   1/1     Running   0          4s

NAME                    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
service/kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        8d
service/nginx-service   NodePort    10.0.0.199   <none>        80:30041/TCP   4s

NAME                               READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-deployment   3/3     3            3           4s

通过命令行生成 yaml文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
# --dry-run                         不会实际创建 而是生成yaml
# -o yaml  > nginx-1.14.yaml        生成配置文件

[root@k8s-master demo]# kubectl run nginx --replicas=3 --image=nginx:1.14 --port=80 --dry-run -o yaml  > nginx-1.14.yaml
kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
 
[root@k8s-master demo]# vim nginx-1.14.yaml 

apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      run: nginx
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        run: nginx
    spec:
      containers:
      - image: nginx:1.14
        name: nginx
        ports:
        - containerPort: 80
        resources: {}
status: {}

生成 yaml

  1. yaml文件不容易记住,所以大多数时候我们都生成配置文件,以方便复用

run命令 生成

1
2
3
4
5
6
7
# 查看文件 只保留熟悉的
kubectl create deployment java-demo --image 172.17.70.252/project/java-demo:latest --dry-run -o yaml > deploy.yaml
kubectl expose deployment java-demo --port=80 --target-port=8080 --type=NodePort --dry-run -o yaml > svc.yaml

kubectl run mynginx --replicas=3 --image=nginx:1.14 --port=80 --dry-run -o yaml > mynginx1.14.yaml
# 需要先创建pod 关联好 
kubectl expose deployment mynginx --port=80 --type=NodePort --target-port=80 --name=nginx-service --dry-run -o yaml > mynginx1.14.svc.yaml

get 命令生成

1
2
3
# 查看文件 只保留熟悉的
kubectl get deployment/nginx-deployment --export -o yaml > mynginx.yaml
kubectl get svc/nginx-service --export -o yaml > mynginx.svc.yaml

查看 pod 资源字段

1
2
# Pod容器的字段拼写忘记了
kubectl explain pods.spec.containers

systemctl restart kube-apiserver
systemctl restart kube-controller-manager
systemctl restart kube-scheduler