kubectl 命令行工具

k8s 常用命令

kubectl 命令分类

kubectl 的命令分为 3 类：

陈述式命令（Imperative Commands），如 run、expose、delete、get 等
陈述式对象命令（Imperative Object Commands）：create -f, delete -f, replace -f
声明式对象命令（Declarative Object Commands）：apply -f

基础命令

bash completion

# 在 bash 中设置当前 shell 的自动补全，依赖：apt install bash-completion
source <(kubectl completion bash)

# 在 bash 中设置永久自动补全
echo "source <(kubectl completion bash)" >> ~/.bashrc

version

client 和 server 的版本信息

client 端 kubectl 版本信息
server 端 k8s 版本信息

kubectl version

config

切换空间

$ kubectl config set-context $(kubectl config current-context) --namespace=<insert-namespace-name-here>
# Validate it
$ kubectl config view | grep namespace:

namespace

kubectl get ns
kubectl get namespaces
kubectl get ns/default
kubectl get ns/default -o [wide|yaml|json]

kubectl create namespace dev
kubectl describe ns/default

kubectl delete namespace dev
kubectl delete ns/dev
kubectl delete ns/dev ns/testing

# cat namespace-dev.yaml
apiVersion: v1
kind: Namespace
metadata:
name: dev

切换空间

kubectl config set-context $(kubectl config current-context) --namespace=<insert-namespace-name-here>

https://kubernetes.io/docs/concepts/overview/working-with-objects/namespaces/

components

查看scheduler/controller-manager/etcd等组件 Healthy

kubectl get cs -o wide
kubectl get componentstatus

cluster info

查看kubernetes master(apiserver)组件running

kubectl cluster-info

api-resources

kubectl api-resources

api-versions

kubectl api-versions

get

获取当前命名空间的所有资源

kubectl get all

获取指定类型的跨命名空间的所有资源

kubectl get pod -A
kubectl get ingress -A
kubectl get ingressroute -A

set

更新镜像

kubectl set image deployment/nginx-deployment nginx=nginx:1.9.1

patch

kubectl patch deployment nginx-deployment -p '{"spec":{"replicas":5}}'
kubectl patch deployment nginx-deployment -p '{"spec":{"strategy":{"roolingUpdate": {"maxSurge":1, "maxUnavailable": 0}}}}'

Nodes

get

kubectl get nodes
kubectl get nodes -o wide
kubectl get nodes --show-labels

kubectl get nodes -o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints --no-headers

-o custom-columns=NAME:.metadata.name,TAINTS:.spec.taints: 这是关键的输出格式选项，用于定义你想要显示的列以及这些列对应的数据来源。
-o 是 --output 的简写，表示你希望自定义输出格式。
custom-columns= 指定了你想要使用自定义列。
NAME:.metadata.name: 这定义了第一列。
NAME: 这是你给这一列起的标题。
.metadata.name: 这是 Kubernetes 资源路径，表示从每个节点的元数据（metadata）中获取其名称（name）。 --no-headers: 在输出结果中不显示列的标题行

describe

kubectl describe nodes

支持显示节点 Allocated resources 信息，核心是通过获取节点的 Pod 计算而出，参考 describeNode 方法

cordon

cordon 用来为节点配置警戒线：设置完后 node 节点的 STATUS 会加上 SchedulingDisabled 标记，表示此节点处于不可调度的状态。已经在此节点上运行的 Pod 不会被删除

kubectl cordon node1

# 等价于
kubectl taint nodes <你的节点名称> node.kubernetes.io/unschedulable:NoSchedule

$ kubectl get nodes
node1     Ready,SchedulingDisabled   worker   90d   v1.28.2

# 取消 cordon
kubectl uncordon node1

命令	效果	推荐场景
`kubectl cordon <node-name>`	推荐。添加 `unschedulable` 污点，阻止新 Pod 调度。	准备进行节点维护，或临时隔离节点，不希望影响现有服务。
`kubectl taint ...`	手动添加 `unschedulable` 污点，效果同 `cordon`。	当需要脚本化或精细控制污点时使用，但对于此特定场景，`cordon` 更佳。
`kubectl drain <node-name>`	标记为不可调度并驱逐现有 Pod。	需要清空节点以进行重启、升级或下线等破坏性操作。

drain

drain 用来为节点配置污点：设置完后该节点不可调度，容器会驱散

kubectl drain node1 --ignore-daemonsets

explain

kube api 文档，帮助开发人员查看yaml配置信息

kubectl explain <type>.<fieldName>[.<fieldName>]

kubectl explain pod
kubectl explain pod.kind
kubectl explain pod.spec
kubectl explain pod.spec.containers.lifecycle
...

kubectl explain pod

kubectl explain pod ↕

# kubectl explain pod
KIND:     Pod
VERSION:  v1

DESCRIPTION:
     Pod is a collection of containers that can run on a host. This resource is
     created by clients and scheduled onto hosts.

FIELDS:
   apiVersion	<string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources

   kind	<string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds

   metadata	<Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata

   spec	<Object>
     Specification of the desired behavior of the pod. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

   status	<Object>
     Most recently observed status of the pod. This data may not be up to date.
     Populated by the system. Read-only. More info:
     https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status

kubectl explain pod.spec.containers.lifecycle

kubectl explain pod lifecycle ↕

# kubectl explain pod.spec.containers.lifecycle
KIND:     Pod
VERSION:  v1

RESOURCE: lifecycle <Object>

DESCRIPTION:
     Actions that the management system should take in response to container
     lifecycle events. Cannot be updated.

     Lifecycle describes actions that the management system should take in
     response to container lifecycle events. For the PostStart and PreStop
     lifecycle handlers, management of the container blocks until the action is
     complete, unless the container process fails, in which case the handler is
     aborted.

FIELDS:
   postStart	<Object>
     PostStart is called immediately after a container is created. If the
     handler fails, the container is terminated and restarted according to its
     restart policy. Other management of the container blocks until the hook
     completes. More info:
     https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

   preStop	<Object>
     PreStop is called immediately before a container is terminated due to an
     API request or management event such as liveness/startup probe failure,
     preemption, resource contention, etc. The handler is not called if the
     container crashes or exits. The reason for termination is passed to the
     handler. The Pod's termination grace period countdown begins before the
     PreStop hooked is executed. Regardless of the outcome of the handler, the
     container will eventually terminate within the Pod's termination grace
     period. Other management of the container blocks until the hook completes
     or until the termination grace period is reached. More info:
     https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks

Pod, Pod Controller, Service

示例：

Deployment -> nginx-dp -> nginx pod
Service -> nginx-dp

下面依次创建 Pod、svc，资源如下：

kubectl get all
NAME                                          READY   STATUS    RESTARTS   AGE
pod/nginx-dp-5cc7cc95cb-ll4s4                 1/1     Running   0          71s

NAME                             TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE
service/kubernetes               ClusterIP   10.116.0.1     <none>        443/TCP   2d1h

NAME                                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-dp                 1/1     1            1           72s

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dp-5cc7cc95cb                 1         1         1       73s

Pod

查看所有集群 pod 状态

kubectl get pods
kubectl get pods -n kube-public
kubectl get pods -n kube-system
kubectl get pods --all-namespaces
kubectl get pods --all-namespaces -o wide

# 查看 pod 的 uuid，与 /var/lib/kubelet/pods/<uuid> 向对应
kubectl get pods -A -o custom-columns=NodeName:.spec.nodeName,PodName:.metadata.name,PodUID:.metadata.uid

根据标签获取 pod

kubectl get pod -l app,release
kubectl get pod -l app=demo --show-labels
kubectl get pod -l app=nginx --show-labels

kubectl get pod -l "app in (nginx, demo)"

kubectl get pod nginx -o wide

# 非默认namespace，需要指定具体namespace
kubectl -n kube-system get pods -o wide

强制删除 pod

kubectl delete pods <pod> --grace-period=0 --force

kubectl exec

进入容器执行命令：

kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...] [options]

kubectl exec <pod-name> -- pwd
kubectl exec pod/<pod-name> -it -- [/bin/sh|bash]

sidecar 容器访问

kubectl exec -n <namespace> -it <pod-name> -c <container-name> -- [/bin/sh|bash]

kubectl logs

查看容器日志：

kubectl logs -f pod/<pod-name>

sidecar 容器访问

kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]

kubect logs --tail=5 -n <namespace> <pod-name> -c <container-name>

之前崩溃容器的日志

kubectl logs --previous (POD | TYPE/NAME) [-c CONTAINER] [options]

kubectl port-forward

解决服务暴露问题

kubectl port-forward <pod-name> 8080:<pod-port>
kubectl port-forward service/<service-name> 8080:<service-port>
kubectl port-forward <ingress-pod-name> 8080:<ingress-port>

示例：

kubectl port-forward svc/kubernetes-dashboard 8443:443 -n kubernetes-dashboard

Deployment

kubectl get deployment

创建资源

kubectl create deployment nginx-dp --image=nginx

kubectl get pod -o wide
# 在master节点访问资源
curl <pod-ip>
# 删除pod
kubectl delete pod/nginx-dp-5cc7cc95cb-ll4s4

SVC

kubectl create service -h ↕

# kubectl create service -h
Create a service using specified subcommand.

Aliases:
service, svc

Available Commands:
  clusterip    Create a ClusterIP service.
  externalname Create an ExternalName service.
  loadbalancer Create a LoadBalancer service.
  nodeport     Create a NodePort service.

Usage:
  kubectl create service [flags] [options]

Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
# kubectl create service clusterip -h
Create a ClusterIP service with the specified name.

Examples:
  # Create a new ClusterIP service named my-cs
  kubectl create service clusterip my-cs --tcp=5678:8080

  # Create a new ClusterIP service named my-cs (in headless mode)
  kubectl create service clusterip my-cs --clusterip="None"

Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or
map key is missing in the template. Only applies to golang and jsonpath output formats.
      --clusterip='': Assign your own ClusterIP or set to 'None' for a 'headless' service (no
loadbalancing).
      --dry-run='none': Must be "none", "server", or "client". If client strategy, only print the
object that would be sent, without sending it. If server strategy, submit server-side request
without persisting the resource.
      --field-manager='kubectl-create': Name of the manager used to track field ownership.
  -o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
      --save-config=false: If true, the configuration of current object will be saved in its
annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to
perform kubectl apply on this object in the future.
      --tcp=[]: Port pairs can be specified as '<port>:<targetPort>'.
      --template='': Template string or path to template file to use when -o=go-template,
-o=go-template-file. The template format is golang templates
[http://golang.org/pkg/text/template/#pkg-overview].
      --validate=true: If true, use a schema to validate the input before sending it

Usage:
  kubectl create service clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run=server|client|none]
[options]

Use "kubectl options" for a list of global command-line options (applies to all commands).

查看所有集群服务状态

kubectl get svc --all-namespaces

创建 clusterip

kubectl create service clusterip nginx-dp --tcp=80:80

查看

kubectl get svc/nginx-dp -o wide
kubectl describe svc/nginx-dp

访问

通过 clusterip 可以访问到 nginx 的服务

kubectl get svc -n kube-system

通过域名访问，查看coredns/kube-dns的地址，修改/etc/resolv.conf的nameserver
访问域名nginx-dp.default.svc.cluster.local

创建 nodeport

# kubectl create service nodeport nginx-dp --tcp=80:80
service/nginx-dp created
# kubectl get svc
NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)        AGE
nginx-dp                 NodePort    10.116.14.211   <none>        80:32761/TCP   45s

通过 nodeip:32761 访问，该实现通过iptable dnat实现

Label

为指定节点设置 label

kubectl label nodes <node-name> <label-key>=<label-value>
kubectl label nodes 172.20.20.20 edgenode=true

确认节点 label 是否设置成功

kubectl get nodes -l ‘label_key=label_value’

获取 statefulset

kubectl get statefulset

删除 statefulsets

[root@xiexianbin_cn ~]# kubectl get statefulsets
NAME            DESIRED   CURRENT   AGE
mariadb   2         2         1d
[root@xiexianbin_cn ~]# kubectl delete statefulsets mariadb
statefulset "mariadb" deleted
kubectl delete statefulsets mariadb -n openstack --force

弹性伸缩

# kubectl scale --replicas=3 deployment nginx-dp
deployment.apps/nginx-dp scaled
# kubectl describe svc/nginx-dp
Name:              nginx-dp
Namespace:         default
Labels:            app=nginx-dp
Annotations:       <none>
Selector:          app=nginx-dp
Type:              ClusterIP
IP:                10.116.6.228
Port:              80-80  80/TCP
TargetPort:        80/TCP
Endpoints:         10.112.0.7:80,10.112.1.9:80,10.112.2.7:80
Session Affinity:  None
Events:            <none>

autoscale

kubectl autoscale deployment nginx-deployment --min=10 --max=15 --cpu-percent=80

rollout

# 查看 rollout 情况
kubectl rollout status deployment
kubectl rollout status deployment nginx-deployment

# 查看历史
kubectl rollout history

# 回滚
kubectl rollout undo deployment/nginx-deployment

# 暂停更新，仅创建新 pod ，不执行删除动作
kubectl rollout pause deployment/nginx-deployment
# 继续更新，执行删除动作
kubectl rollout resume deployment/nginx-deployment

YAML 文件

快速编写 YAML

kubectl run 生成模板

kubectl create deployment nginx --image=nginx:latest -o yaml --dry-run=client > nginx-deploy.yaml

kubectl get 导出已有应用模板

kubectl get my-deploy/nginx -o yaml --export  > my-deploy.yaml

create/apply

kubectl create -f a.yaml
kubectl apply -f a.yaml
kubectl replace -f a.yaml

其他工具

k9s
https://ki.xabc.io/