kubernetes陈述式常用命令

kubernetes是啥就不介绍了，搜索一下就行，这里简单罗列一下常用的一些操作。

陈述式命令

## 查看
kubectl get pods,deploy,svc

--show-labels  #显示所有标签信息
-l app=example #指定显示包含的标签信息
-o wide        #显示更为详细的信息

发布

# --dry-run模拟运行(不会创建资源对象),-o yaml打印资源清单
kubectl create deployment nginx --image=nginx --dry-run -o yaml  
# 给nginx创建svc
kubectl expose deployment nginx --port=80 --type=NodePort --target-port=80 --name=nginx-service

# 描述nginx-service详细内容
kubectl describe svc nginx-service

故障排查

kubectl describe TYPE NAME_PREFIX

kubectl logs NAME_PREFIX

kubectl exec -it NAME_PREFIX bash

更新

# 通过yaml更新nginx-deploy.yaml，--record=true(rollout history记录执行内容)
kubectl apply -f nginx-deploy.yaml --record=true

# 通过set修改容器镜像版本
kubectl set image deployment/nginx nginx=nginx:1.11

# 编辑deployment/nginx配置文件
kubectl edit deployment/nginx

# 资源发布管理
kubectl rollout status deployment/nginx
kubectl rollout history deployment/nginx
kubectl rollout history deployment/nginx --revision=3
# 暂停执行
kubectl rollout pause deployment nginx-deploy
# 恢复执行
kubectl rollout resume deployment nginx-deploy

# 修改副本数
kubectl scale deployment nginx --replicas=5

# 修改svc资源清单配置
kubectl patch svc nginx -p '{"spec":{"type":"NodePort"}}'

# Pod自动水平伸缩-HPA
# 为deployment资源web创建hpa，pod数量上限3个，最低1个，在pod平均CPU达到50%后开始扩容
kubectl autoscale deployment web --max=3 --min=1 --cpu-percent=50

回滚

# 回滚到上一个版本
kubectl rollout undo deployment/nginx-deployment
# 回滚到第3个版本
kubectl rollout undo deployment/nginx-deployment --to-revision=3

删除

# 普通删除(apiserver等待pod发送确认信息再删除)
kubectl delete deploy/nginx
kubectl delete svc/nginx-service

# 强制删除pod(etcd存储信息与apiserver立即删除)
kubectl delete pod nginx-pod --grace-period=0 --force

# 删除namespaces状态一直为terminating的问题
$ bash 1.sh 命名空间名称
#脚本内容
#------------------------------------------------------------------------------------
#!/bin/bash
set -eo pipefail
die() { echo "$*" 1>&2 ; exit 1; }
need() {
        which "$1" &>/dev/null || die "Binary '$1' is missing but required"
}
# checking pre-reqs
need "jq"
need "curl"
need "kubectl"

PROJECT="$1"
shift

test -n "$PROJECT" || die "Missing arguments: kill-ns <namespace>"

kubectl proxy &>/dev/null &
PROXY_PID=$!
killproxy () {
        kill $PROXY_PID
}
trap killproxy EXIT

sleep 1 # give the proxy a second

kubectl get namespace "$PROJECT" -o json | jq 'del(.spec.finalizers[] | select("kubernetes"))' | curl -s -k -H "Content-Type: application/json" -X PUT -o /dev/null --data-binary @- http://localhost:8001/api/v1/namespaces/$PROJECT/finalize && echo "Killed namespace: $PROJECT"
#------------------------------------------------------------------------------------

查看yaml配置参数

# 查看service中的metadata怎么写
kubectl explain service.metadata

添加删除污点

# 给node添加标签
kubectl label node node-10-110-64-49 type=wudian

# 给节点有标签type=wudian的node添加污点
kubectl taint nodes node-10-110-64-49 type=wudian:NoSchedule

# 取消标签type=wudian的node污点
kubectl taint nodes node-10-110-64-49 key:NoSchedule-

# 删除标签
kubectl label node node-10-110-64-49 type-

设置不可调度

# 设置不可调度
kubectl cordon node05

# 取消节点不可调度
kubectl uncordon node05

# 驱逐节点的pod
kubectl drain --ignore-daemonsets --delete-local-data node05

# 删除节点
kubectl delete node node05

特殊案例

# 删除ReplicationController不删除Pod
kubectl delete rc rc-name --cascade=false

查看证书有效期

$ grep -E "certificate-authority-data:" /etc/kubernetes/kubelet.kubeconfig|awk '{print $2}'|base64 -d > /tmp/1;openssl x509 -in /tmp/1 -noout -dates
notBefore=Jan 16 06:34:00 2023 GMT
notAfter=Dec 23 06:34:00 2122 GMT