kubectl 命令
###
1、创建命名空间、查看命名空间
# kubectl create namespace [命名空间名字] kubectl create namespace dev-es
# 查看当前命名空间 [root@alpha ~]# kubectl get namespace NAME STATUS AGE default Active 23h dev-es Active 21h ingress-nginx Active 21h kube-node-lease Active 23h kube-public Active 23h kube-system Active 23h kubernetes-dashboard Active 23h
2、创建k8s免密拉取镜像secret
# 创建k8s Secret kubectl create secret docker-registry pull-harbor-images --docker-server=192.168.2.139 --docker-username=admin --docker-password='123456' -n dev-es # 将secret添加到 ServiceAccount kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "pull-harbor-images"}]}' -n dev-es # 查看serviceAccount
[root@alpha ~]# kubectl get ServiceAccount -n dev-es NAME SECRETS AGE default 1 21h [root@alpha ~]# kubectl describe ServiceAccount default -n dev-es Name: default Namespace: dev-es Labels: <none> Annotations: <none> Image pull secrets: pull-harbor-images Mountable secrets: default-token-vvh8m Tokens: default-token-vvh8m Events: <none> # 查看secret [root@alpha ~]# kubectl get secret -n dev-es NAME TYPE DATA AGE default-token-vvh8m kubernetes.io/service-account-token 3 21h pull-harbor-images kubernetes.io/dockerconfigjson 1 21h
3、重启资源pod
方法一: ***Kubernetes 1.15开始才有***
# 重启资源pod【kubectl rollout restart (资源 名称 命名空间)】
kubectl rollout restart deployment dev-nginx -n dev-es
方法二:此方法服务会断(慎用)
# 重启资源pod【先将副本数置为0,在进行部署】
kubectl scale deployment XXXX --replicas=0 -n {namespace}
kubectl scale deployment XXXX --replicas=1 -n {namespace}
方法三:
kubectl get pod {podname} -n {namespace} -o yaml | kubectl replace --force -f -
4、patch 打补丁(会重启pod)
# 为资源添加描述信息(相当于kubectl edit保存退出) - 重启pod
kubectl patch deployment dev-nginx -n dev-es -p '{"spec": {"template": {"metadata": {"annotations": {"version/config": "2021-0427-154811"}}}}}'
5、创建密保字典(tls - https认证)
# 生成创建密保字典yaml kubectl create secret tls tls-https-secret -n dev-es --cert=/root/tls/https.crt --key=/root/tls/https.key --dry-run -o yaml > /tmp/tls.yaml
# 创建密保字典 kubectl apply -f /tmp/tls.yaml
# 查看生成tls.yaml模板样式 #[root@alpha ~]# cat /tmp/tls.yaml apiVersion: v1 #此处数据创建时已通过base 64进行加密过 data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tC................fjksld= tls.key: LS0tLS1CRUdJxdsklfndngdsknfkdngnfdgmf................fkdsa== kind: Secret metadata: creationTimestamp: null name: tls-https-secret namespace: dev-es type: kubernetes.io/tls
6、查看pod标签
[root@alpha ~]# kubectl get pod -n dev-es --show-labels NAME READY STATUS RESTARTS AGE LABELS dev-nginx-5b6645496b-xnrcm 1/1 Running 1 17h app=dev-nginx,appname=dev-nginx,env=dev-es,pod-template-hash=5b6645496b
7、为node节点打标签、查node节点标签、删除node标签
# 查看当前node节点标签
[root@alpha ~]# kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS alpha Ready <none> 24h v1.16.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=alpha,kubernetes.io/os=linux # 查看node名称 [root@alpha ~]# kubectl get node NAME STATUS ROLES AGE VERSION alpha Ready <none> 24h v1.16.0 # 添加新标签 kubectl label nodes alpha newLabel=new # 查看新标签添加结果 [root@alpha wx]# kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS alpha Ready <none> 24h v1.16.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=alpha,kubernetes.io/os=linux,newLabel=new
# 删除node节点标签
kubectl label node alpha newLabel-
# 查看删除标签结果
[root@alpha wx]# kubectl get node --show-labels
NAME STATUS ROLES AGE VERSION LABELS
alpha Ready <none> 24h v1.16.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=alpha,kubernetes.io/os=linux
8、删除node节点
[root@alpha ~]# kubectl get node NAME STATUS ROLES AGE VERSION alpha Ready <none> 20d v1.16.0 test02 NotReady <none> 18d v1.16.0 [root@alpha ~]# kubectl delete nodes test02 [root@alpha ~]# kubectl get node NAME STATUS ROLES AGE VERSION alpha Ready <none> 20d v1.16.0
9、修改deployment/daemonset等资源 pod副本数
[root@alpha ~]# kubectl get deployment -n dev-es NAME READY UP-TO-DATE AVAILABLE AGE dev-eureka 3/3 3 3 20d dev-nginx 1/1 1 1 20d
[root@alpha ~]# kubectl scale deployment dev-eureka -n dev-es --replicas=2 deployment.apps/dev-eureka scaled [root@alpha ~]# kubectl get deployment -n dev-es NAME READY UP-TO-DATE AVAILABLE AGE dev-eureka 2/2 2 2 20d dev-nginx 1/1 1 1 20d
10、是否允许master节点部署pod
# 允许master节点部署pod kubectl taint nodes --all node-role.kubernetes.io/master- # 如果不允许调度 kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule # 污点可选参数 NoSchedule: 一定不能被调度 PreferNoSchedule: 尽量不要调度 NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod
###