k8s 常用命令
kubectl 命令分类
kubectl 的命令分为3类:
- 陈述式命令(Imperative Commands),如run、expose、delete、get等
- 陈述式对象命令(Imperative Object Commands):create -f, delete -f, replace -f
- 声明式对象命令(Declarative Object Commands):apply -f
基础命令
bash completion
# 在 bash 中设置当前 shell 的自动补全,依赖:apt install bash-completion
source <(kubectl completion bash)
# 在 bash 中设置永久自动补全
echo "source <(kubectl completion bash)" >> ~/.bashrc
version
client和server的版本信息
- client端kubectl版本信息
- server端k8s版本信息
kubectl version
config
切换空间
$ kubectl config set-context $(kubectl config current-context) --namespace=<insert-namespace-name-here>
# Validate it
$ kubectl config view | grep namespace:
namespace
kubectl get ns
kubectl get namespaces
kubectl get ns/default
kubectl get ns/default -o [wide|yaml|json]
kubectl create namespace dev
kubectl describe ns/default
kubectl delete namespace dev
kubectl delete ns/dev
kubectl delete ns/dev ns/testing
# cat namespace-dev.yaml
apiVersion: v1
kind: Namespace
metadata:
name: dev
kubectl config set-context $(kubectl config current-context) --namespace=<insert-namespace-name-here>
components
查看scheduler/controller-manager/etcd等组件 Healthy
kubectl get cs -o wide
kubectl get componentstatus
cluster info
查看kubernetes master(apiserver)组件running
kubectl cluster-info
api-resources
kubectl api-resources
api-versions
kubectl api-versions
get
kubectl get all
kubectl get pod -A
kubectl get ingress -A
kubectl get ingressroute -A
set
更新镜像
kubectl set image deployment/nginx-deployment nginx=nginx:1.9.1
patch
kubectl patch deployment nginx-deployment -p '{"spec":{"replicas":5}}'
kubectl patch deployment nginx-deployment -p '{"spec":{"strategy":{"roolingUpdate": {"maxSurge":1, "maxUnavailable": 0}}}}'
Nodes
get
kubectl get nodes
kubectl get nodes -o wide
kubectl get nodes --show-labels
describe
kubectl describe nodes
cordon
cordon 用来为节点配置警戒线:设置完后 node 节点的 STATUS 会加上 SchedulingDisabled 标记,表示此节点处于不可调度的状态。已经在此节点上运行的 Pod 不会被删除
kubectl cordon node1
kubectl uncordon node1
drain
drain 用来为节点配置污点:设置完后该节点不可调度,容器会驱散
kubectl drain node1 --ignore-daemonsets
explain
kube api 文档,帮助开发人员查看yaml配置信息
kubectl explain <type>.<fieldName>[.<fieldName>]
kubectl explain pod
kubectl explain pod.kind
kubectl explain pod.spec
kubectl explain pod.spec.containers.lifecycle
...
# kubectl explain pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
- kubectl explain pod.spec.containers.lifecycle
# kubectl explain pod.spec.containers.lifecycle
KIND: Pod
VERSION: v1
RESOURCE: lifecycle <Object>
DESCRIPTION:
Actions that the management system should take in response to container
lifecycle events. Cannot be updated.
Lifecycle describes actions that the management system should take in
response to container lifecycle events. For the PostStart and PreStop
lifecycle handlers, management of the container blocks until the action is
complete, unless the container process fails, in which case the handler is
aborted.
FIELDS:
postStart <Object>
PostStart is called immediately after a container is created. If the
handler fails, the container is terminated and restarted according to its
restart policy. Other management of the container blocks until the hook
completes. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
preStop <Object>
PreStop is called immediately before a container is terminated due to an
API request or management event such as liveness/startup probe failure,
preemption, resource contention, etc. The handler is not called if the
container crashes or exits. The reason for termination is passed to the
handler. The Pod's termination grace period countdown begins before the
PreStop hooked is executed. Regardless of the outcome of the handler, the
container will eventually terminate within the Pod's termination grace
period. Other management of the container blocks until the hook completes
or until the termination grace period is reached. More info:
https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/#container-hooks
Pod, Pod Controller, Service
示例:
- Deployment -> nginx-dp -> nginx pod
- Service -> nginx-dp
下面依次创建Pod、svc,资源如下:
kubectl get all
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5cc7cc95cb-ll4s4 1/1 Running 0 71s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.116.0.1 <none> 443/TCP 2d1h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 72s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5cc7cc95cb 1 1 1 73s
Pod
查看所有集群pod状态
kubectl get pods
kubectl get pods -n kube-public
kubectl get pods -n kube-system
kubectl get pods --all-namespaces
kubectl get pods --all-namespaces -o wide
# 查看 pod 的 uuid,与 /var/lib/kubelet/pods/<uuid> 向对应
kubectl get pods -A -o custom-columns=NodeName:.spec.nodeName,PodName:.metadata.name,PodUID:.metadata.uid
根据标签获取pod
kubectl get pod -l app,release
kubectl get pod -l app=demo --show-labels
kubectl get pod -l app=nginx --show-labels
kubectl get pod -l "app in (nginx, demo)"
kubectl get pod nginx -o wide
# 非默认namespace,需要指定具体namespace
kubectl -n kube-system get pods -o wide
强制删除pod
kubectl delete pods <pod> --grace-period=0 --force
kubectl exec
进入容器执行命令:
kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...] [options]
kubectl exec <pod-name> -- pwd
kubectl exec pod/<pod-name> -it -- [/bin/sh|bash]
kubectl exec -n <namespace> -it <pod-name> -c <container-name> -- [/bin/sh|bash]
kubectl logs
查看容器日志:
kubectl logs -f pod/<pod-name>
kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]
kubect logs --tail=5 -n <namespace> <pod-name> -c <container-name>
kubectl logs --previous (POD | TYPE/NAME) [-c CONTAINER] [options]
kubectl port-forward
解决服务暴露问题
kubectl port-forward <pod-name> 8080:<pod-port>
kubectl port-forward service/<service-name> 8080:<service-port>
kubectl port-forward <ingress-pod-name> 8080:<ingress-port>
示例:
kubectl port-forward svc/kubernetes-dashboard 8443:443 -n kubernetes-dashboard
Deployment
kubectl get deployment
kubectl create deployment nginx-dp --image=nginx
kubectl get pod -o wide
# 在master节点访问资源
curl <pod-ip>
# 删除pod
kubectl delete pod/nginx-dp-5cc7cc95cb-ll4s4
SVC
# kubectl create service -h
Create a service using specified subcommand.
Aliases:
service, svc
Available Commands:
clusterip Create a ClusterIP service.
externalname Create an ExternalName service.
loadbalancer Create a LoadBalancer service.
nodeport Create a NodePort service.
Usage:
kubectl create service [flags] [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).
# kubectl create service clusterip -h
Create a ClusterIP service with the specified name.
Examples:
# Create a new ClusterIP service named my-cs
kubectl create service clusterip my-cs --tcp=5678:8080
# Create a new ClusterIP service named my-cs (in headless mode)
kubectl create service clusterip my-cs --clusterip="None"
Options:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or
map key is missing in the template. Only applies to golang and jsonpath output formats.
--clusterip='': Assign your own ClusterIP or set to 'None' for a 'headless' service (no
loadbalancing).
--dry-run='none': Must be "none", "server", or "client". If client strategy, only print the
object that would be sent, without sending it. If server strategy, submit server-side request
without persisting the resource.
--field-manager='kubectl-create': Name of the manager used to track field ownership.
-o, --output='': Output format. One of:
json|yaml|name|go-template|go-template-file|template|templatefile|jsonpath|jsonpath-as-json|jsonpath-file.
--save-config=false: If true, the configuration of current object will be saved in its
annotation. Otherwise, the annotation will be unchanged. This flag is useful when you want to
perform kubectl apply on this object in the future.
--tcp=[]: Port pairs can be specified as '<port>:<targetPort>'.
--template='': Template string or path to template file to use when -o=go-template,
-o=go-template-file. The template format is golang templates
[http://golang.org/pkg/text/template/#pkg-overview].
--validate=true: If true, use a schema to validate the input before sending it
Usage:
kubectl create service clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run=server|client|none]
[options]
Use "kubectl options" for a list of global command-line options (applies to all commands).
kubectl get svc --all-namespaces
创建clusterip
kubectl create service clusterip nginx-dp --tcp=80:80
kubectl get svc/nginx-dp -o wide
kubectl describe svc/nginx-dp
- 通过clusterip可以访问到nginx的服务
kubectl get svc -n kube-system
- 通过域名访问,查看
coredns/kube-dns的地址,修改/etc/resolv.conf的nameserver
- 访问域名
nginx-dp.default.svc.cluster.local
创建nodeport
# kubectl create service nodeport nginx-dp --tcp=80:80
service/nginx-dp created
# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-dp NodePort 10.116.14.211 <none> 80:32761/TCP 45s
通过nodeip:32761访问,该实现通过iptable dnat实现
Label
为指定节点设置label
kubectl label nodes <node-name> <label-key>=<label-value>
kubectl label nodes 172.20.20.20 edgenode=true
确认节点label是否设置成功
kubectl get nodes -l ‘label_key=label_value’
获取 statefulset
kubectl get statefulset
删除statefulsets
[root@xiexianbin_cn ~]# kubectl get statefulsets
NAME DESIRED CURRENT AGE
mariadb 2 2 1d
[root@xiexianbin_cn ~]# kubectl delete statefulsets mariadb
statefulset "mariadb" deleted
kubectl delete statefulsets mariadb -n openstack --force
弹性伸缩
# kubectl scale --replicas=3 deployment nginx-dp
deployment.apps/nginx-dp scaled
# kubectl describe svc/nginx-dp
Name: nginx-dp
Namespace: default
Labels: app=nginx-dp
Annotations: <none>
Selector: app=nginx-dp
Type: ClusterIP
IP: 10.116.6.228
Port: 80-80 80/TCP
TargetPort: 80/TCP
Endpoints: 10.112.0.7:80,10.112.1.9:80,10.112.2.7:80
Session Affinity: None
Events: <none>
autoscale
kubectl autoscale deployment nginx-deployment --min=10 --max=15 --cpu-percent=80
rollout
# 查看 rollout 情况
kubectl rollout status deployment
kubectl rollout status deployment nginx-deployment
# 查看历史
kubectl rollout history
# 回滚
kubectl rollout undo deployment/nginx-deployment
# 暂停更新,仅创建新 pod ,不执行删除动作
kubectl rollout pause deployment/nginx-deployment
# 继续更新,执行删除动作
kubectl rollout resume deployment/nginx-deployment
YAML 文件
快速编写 YAML
kubectl create deployment nginx --image=nginx:latest -o yaml --dry-run=client > nginx-deploy.yaml
kubectl get my-deploy/nginx -o yaml --export > my-deploy.yaml
create/apply
kubectl create -f a.yaml
kubectl apply -f a.yaml
kubectl replace -f a.yaml
其他工具