faith丶

导航

kubectl 命令

###

1、创建命名空间、查看命名空间

# kubectl create namespace [命名空间名字]
kubectl create namespace dev-es

# 查看当前命名空间 [root@alpha ~]# kubectl
get namespace NAME STATUS AGE default Active 23h dev-es Active 21h ingress-nginx Active 21h kube-node-lease Active 23h kube-public Active 23h kube-system Active 23h kubernetes-dashboard Active 23h

2、创建k8s免密拉取镜像secret

# 创建k8s Secret
kubectl create secret docker-registry pull-harbor-images --docker-server=192.168.2.139 --docker-username=admin --docker-password='123456' -n dev-es
# 将secret添加到 ServiceAccount
kubectl patch serviceaccount default -p '{"imagePullSecrets": [{"name": "pull-harbor-images"}]}' -n dev-es
# 查看serviceAccount
[root@alpha ~]# kubectl
get ServiceAccount -n dev-es NAME SECRETS AGE default 1 21h [root@alpha ~]# kubectl describe ServiceAccount default -n dev-es Name: default Namespace: dev-es Labels: <none> Annotations: <none> Image pull secrets: pull-harbor-images Mountable secrets: default-token-vvh8m Tokens: default-token-vvh8m Events: <none> # 查看secret [root@alpha ~]# kubectl get secret -n dev-es NAME TYPE DATA AGE default-token-vvh8m kubernetes.io/service-account-token 3 21h pull-harbor-images kubernetes.io/dockerconfigjson 1 21h

3、重启资源pod

方法一: ***Kubernetes 1.15开始才有***
# 重启资源pod【kubectl rollout restart (资源 名称 命名空间)】
kubectl rollout restart deployment dev-nginx -n dev-es

方法二:此方法服务会断(慎用)
# 重启资源pod【先将副本数置为0,在进行部署】
kubectl scale deployment XXXX --replicas=0 -n {namespace}
kubectl scale deployment XXXX --replicas=1 -n {namespace}

方法三:
kubectl get pod {podname} -n {namespace} -o yaml | kubectl replace --force -f -

4、patch 打补丁(会重启pod)

# 为资源添加描述信息(相当于kubectl edit保存退出) - 重启pod
kubectl patch deployment dev-nginx -n dev-es -p '{"spec": {"template": {"metadata": {"annotations": {"version/config": "2021-0427-154811"}}}}}'

5、创建密保字典(tls - https认证)

# 生成创建密保字典yaml
kubectl create secret tls  tls-https-secret -n dev-es  --cert=/root/tls/https.crt  --key=/root/tls/https.key  --dry-run -o yaml > /tmp/tls.yaml

# 创建密保字典 kubectl apply
-f /tmp/tls.yaml
# 查看生成tls.yaml模板样式 #[root@alpha
~]# cat /tmp/tls.yaml apiVersion: v1 #此处数据创建时已通过base 64进行加密过 data: tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tC................fjksld= tls.key: LS0tLS1CRUdJxdsklfndngdsknfkdngnfdgmf................fkdsa== kind: Secret metadata: creationTimestamp: null name: tls-https-secret namespace: dev-es type: kubernetes.io/tls

6、查看pod标签

[root@alpha ~]# kubectl get pod -n dev-es --show-labels
NAME                          READY   STATUS    RESTARTS   AGE   LABELS
dev-nginx-5b6645496b-xnrcm    1/1     Running   1          17h   app=dev-nginx,appname=dev-nginx,env=dev-es,pod-template-hash=5b6645496b

7、为node节点打标签、查node节点标签、删除node标签

# 查看当前node节点标签
[root@alpha ~]# kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS alpha Ready <none> 24h v1.16.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=alpha,kubernetes.io/os=linux # 查看node名称 [root@alpha ~]# kubectl get node NAME STATUS ROLES AGE VERSION alpha Ready <none> 24h v1.16.0 # 添加新标签 kubectl label nodes alpha newLabel=new # 查看新标签添加结果 [root@alpha wx]# kubectl get node --show-labels NAME STATUS ROLES AGE VERSION LABELS alpha Ready <none> 24h v1.16.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=alpha,kubernetes.io/os=linux,newLabel=new

# 删除node节点标签
kubectl label node alpha newLabel-

# 查看删除标签结果
[root@alpha wx]# kubectl get node --show-labels
NAME STATUS ROLES AGE VERSION LABELS
alpha Ready <none> 24h v1.16.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=alpha,kubernetes.io/os=linux

 8、删除node节点

[root@alpha ~]# kubectl get node
NAME     STATUS     ROLES    AGE   VERSION
alpha    Ready      <none>   20d   v1.16.0
test02   NotReady   <none>   18d   v1.16.0

[root@alpha ~]# kubectl delete nodes test02

[root@alpha ~]# kubectl get node
NAME    STATUS   ROLES    AGE   VERSION
alpha   Ready    <none>   20d   v1.16.0

9、修改deployment/daemonset等资源 pod副本数

[root@alpha ~]# kubectl get deployment -n dev-es
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
dev-eureka   3/3     3            3           20d
dev-nginx    1/1     1            1           20d
[root@alpha ~
]# kubectl scale deployment dev-eureka -n dev-es --replicas=2 deployment.apps/dev-eureka scaled [root@alpha ~]# kubectl get deployment -n dev-es NAME READY UP-TO-DATE AVAILABLE AGE dev-eureka 2/2 2 2 20d dev-nginx 1/1 1 1 20d

 10、是否允许master节点部署pod

# 允许master节点部署pod
kubectl taint nodes --all node-role.kubernetes.io/master-

# 如果不允许调度
kubectl taint nodes master1 node-role.kubernetes.io/master=:NoSchedule
# 污点可选参数 
  NoSchedule: 一定不能被调度 
  PreferNoSchedule: 尽量不要调度 
  NoExecute: 不仅不会调度, 还会驱逐Node上已有的Pod

 

###

posted on 2021-04-29 11:24  faith丶  阅读(258)  评论(0编辑  收藏  举报