kubernetes管理工具--kubectl

作者：@skyflask
转载本文请注明出处：https://www.cnblogs.com/skyflask/articles/11388088.html

---

目录

一、kubernetes集群管理工具kubectl命令
二、kubectl工具管理集群
三、kubectl远程连接k8s集群
四、kubectl补全

一、kubernetes集群管理工具kubectl命令

 

 

二、kubectl工具管理集群

1、创建

kubectl run nginx --replicas=3 --image=nginx:1.14 --port=80
kubectl get deploy,pods

部署应用时，先拉取镜像，等待片刻：

 

2、发布

把应用发布到外网：
kubectl expose deployment nginx --port=80 --type=NodePort --target-port=80 --name=nginx-service
kubectl get service

通过38757端口就可以访问应用了。

可以看到，应用部署在两台node上。

通过任意一台node的38757端口都可以访问应用。

 

3、 更新
kubectl set image deployment/nginx nginx=nginx:1.15

 

kubernetes的更新为滚动更新方式，新版本的启动1个，旧版本的杀掉一个，滚动式更新。

4、 回滚
kubectl rollout history deployment/nginx

可以看到，有2个历史版本，我们可以回滚到任意版本。

回滚到版本2

kubectl rollout undo daemonset/nginx --to-revision=2

 

回滚到上一个版本：
kubectl rollout undo deployment/nginx

 

5、 删除
kubectl delete deploy/nginx
kubectl delete svc/nginx-service

三、kubectl远程连接k8s集群

创建admin.pem和admin-key.pem

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18

cat <<EOF > admin-csr.json {   "CN": "admin",   "hosts": [],   "key": {     "algo": "rsa",     "size": 2048   },   "names": [     {       "C": "CN",       "ST": "BeiJing",       "L": "BeiJing",       "O": "system:masters",       "OU": "System"     }   ] }

后续kube-apiserver使用RBAC(Role-Based Access Control)对客户端(如kubelet、kube-proxy、Pod)请求进行授权

kube-apiserver预定义了一些RBAC使用的RoleBindings，如cluster-admin将Group system:masters与Role cluster-admin绑定，该Role授予了调用kube-apiserver所有 API的权限

OU指定该证书的Group为system:masters，kubelet使用该证书访问kube-apiserver 时 ，由于证书被CA签名，所以认证通过，同时由于证书用户组为经过预授权的 system:masters，所以被授予访问所有API的权限

生成config文件

cat kubeconfig-remote.sh 

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23

# 设置集群参数 kubectl config set-cluster kubernetes \   --server=https://10.11.97.187:6443 \   --certificate-authority=./k8s-cert/ca.pem \   --embed-certs=true \   --kubeconfig=config   # 设置客户端认证参数 kubectl config set-credentials cluster-admin \   --certificate-authority=./k8s-cert/ca.pem  \   --embed-certs=true \   --client-key=./k8s-cert/admin-key.pem \   --client-certificate=./k8s-cert/admin.pem \   --kubeconfig=config   # 设置上下文参数 kubectl config set-context default \   --cluster=kubernetes \   --user=cluster-admin  \   --kubeconfig=config   # 设置默认上下文 kubectl config use-context default --kubeconfig=config

　　

sh kubeconfig-remote.sh 

?

1 2 3 4

Cluster "kubernetes" set. User "cluster-admin" set. Context "default" created. Switched to context "default".

　　

cat config

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19

apiVersion: v1 clusters: - cluster: certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVQlFDRzk5aU5rK1VTMlFnOVUzc3g5Z0I4b3Vjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURjeU5USXpNemt3TUZvWERUSTBNRGN5TXpJek16a3dNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBOWRnTXo2d2JNMUtGQUdwS09HelAKZDRRdGdxWHFEUlQ4V0hMdGdwdzdxT0pDK0lzeXBDbXBTS0ZKZk5tZWVvcXJUV2hIZk1lR3hLVjRFTk90OTlHMQpmeThISldvSTVJZ000QkVNdjh5dlZzZ08rNzZiS1RoYnpaODFINUNyQjVjSFd1aDhXRGR3Nk5Jc1Q2L2FVWDVLCldLcXE0ZGNhb05FenFqVngxNkdPb1lma0hueTh2R2dZSVBBZ0VFME5CQzQ4VEMrTTI3eXg2cTJPOW5BY2wwcHQKaGdTaEZjeGo5aTFER3lhVVBDakhDMW5EUEtDNklpK1pGand6djEwOFBBaDJxcWlRR21mNFBTTTBDT283eXZrVgpXV3NlKzV2NGtoN3AvVmJIQWpkb0FIKzg4S1FQV0FYOHVnbGd5Zm5HTGJIRDloM0ZiQU9tb0xVdmlrYUsyRWowCnV3SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVR0I1dC9PY0pYM3lIR3dvNWtjRGpMN0p1eWhFd0h3WURWUjBqQkJnd0ZvQVVHQjV0L09jSgpYM3lIR3dvNWtjRGpMN0p1eWhFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFKOHRldlRzMDQ2TXhwbUY5ZGQ2CmZwbnJENUJIaDZjdVdjK0FHV3ZDa05yc3l3Z3lRQTVRTzdheFhvR05xeVJjN2tvMGMzbE5HeHVTN2RpTVBOczUKTjBGd0RrZS9PTGwxendCYUR2MDZjOEgyZ2dKMi9pMWFNSytPYUFGNDIvbG9EUmVGTk9nSlRIOU9vcDlBVi9RWgpvOFpHVjJYcXdTZENMdEl1bVpodEVkKzJTQ0tKOCtsQ1lVYkxXaE5xd0prdXhvWGRjU3MxYUp1RVB5TXJ5TG5KCnVpNFp3M1R1WGsraFFqQTI1NkliNEFHMmZiWVdHclpwNmIyUU0za3JqaEVxYVBqLzBRMHZ6d2ZaQlk1S0RKNXEKNEpoM0pXTVN2Rk1RZXRHY09iSEN3dGEwamFaVTNuMmFBWGtRLzRPRnZ6VE5MVXdhSVJPNDZNRktldDhlcUhTbApRK1U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K server: https://10.11.97.187:6443 name: kubernetes contexts: - context: cluster: kubernetes user: cluster-admin name: default current-context: default kind: Config preferences: {} users: - name: cluster-admin user: client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzVENDQXNXZ0F3SUJBZ0lVWWpEMmFhNnp0SXU2OEhqNnluQTIzV1l1R3Fzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURjeU5USXpNemt3TUZvWERUSTVNRGN5TWpJek16a3dNRm93YXpFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RnpBVgpCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFMRXdaVGVYTjBaVzB4RGpBTUJnTlZCQU1UCkJXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUExcUlMbkVVaUd0dlEKNjJEVkRFS1RmTW9rdmV3aEFvODZ1TUUra0pHbWF4K3BIcUVkT2NoNWdteFNVanFqWVlacDBOTkJzUFBvY25SawpHaWpIekR4alcxTUcrV2Q5bDFweUpJNTJxNkt5cDJmVHRoZmY4RTZuRnhYamM3azdVVzVMdWV1L0ZQMTN2U25ECk1jNkhmQmNmUDBNQm1IeUg0amVxZllMT2NJbFZiTGQxMXl5VHRxalRlTG40SjVSS2J4UFJpL3VvN2tBcU8wMngKL1NsaldnWmtJVjNiTThzdDA5WmoyM2taSVBIcGJaYkhqbW5ma2JDTi9zaDRMK0hBeVZyN0xQM1ZzQW9wRHREeApsTWtHWkdrYktwZG1UOGhCb1pZaG5YMForK0JMYnlvTnpFMUxMQmFjVXJRRmQ0Z0xYUitwVEw4UWRLOCtQS0lhCnUyTXltUU5NYndJREFRQUJvMzh3ZlRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUIKQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZNYnV2Z1UzSklaZwpwa2s5Vzh3Vkt4dDE1cGcwTUI4R0ExVWRJd1FZTUJhQUZCZ2ViZnpuQ1Y5OGh4c0tPWkhBNHkreWJzb1JNQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFDMkVvQi9HYWluT2Z4WHl5RmR6cCtGMy9hS0MyQUxTMGhsT3VqeGZHaDcKZlhPbnVMM3o5QU1xWjN6aG92eEU4ZFdZUnhuRk9Fc0loZzVVc3FhemdDbFJCMDV1V0NhcmdnRXVqOXcySmJBRgp2Um1FV29YeHFic3ZKMWF3dUpXeWpJVFF3NHUzMHZmeS81UG5rRVNPOFBva3NOVHpRb1loTzY1L1ltKzVtMGtBCldsUkg2cW40bTdMUXhpOUZSQlBqcGo0a3M3Q2ZlY0gwdnFBQ0ZrdUVSR3dSQjlpNnh2OHVHRjc3K1NTUkEvdmEKd0FrM0UzYU1OVkhZQTlkN1NrVjJzVTBFV2JkYVhybmZmSFIvSDhaQWVvYzVEZmFlamVNUUVZRCtTOUhtdVNUWgoySXVRTExGc1l4VmppMEtlcjM5TzZxS2VpSnk0NjR6TEpEbXdsNzJydTZsSQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg== client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMXFJTG5FVWlHdHZRNjJEVkRFS1RmTW9rdmV3aEFvODZ1TUUra0pHbWF4K3BIcUVkCk9jaDVnbXhTVWpxallZWnAwTk5Cc1BQb2NuUmtHaWpIekR4alcxTUcrV2Q5bDFweUpJNTJxNkt5cDJmVHRoZmYKOEU2bkZ4WGpjN2s3VVc1THVldS9GUDEzdlNuRE1jNkhmQmNmUDBNQm1IeUg0amVxZllMT2NJbFZiTGQxMXl5VAp0cWpUZUxuNEo1UktieFBSaS91bzdrQXFPMDJ4L1NsaldnWmtJVjNiTThzdDA5WmoyM2taSVBIcGJaYkhqbW5mCmtiQ04vc2g0TCtIQXlWcjdMUDNWc0FvcER0RHhsTWtHWkdrYktwZG1UOGhCb1pZaG5YMForK0JMYnlvTnpFMUwKTEJhY1VyUUZkNGdMWFIrcFRMOFFkSzgrUEtJYXUyTXltUU5NYndJREFRQUJBb0lCQVFEUEdwSGxlbmdNUHF0NwpWSFovWEFhQTFYVmFwZXk4VVlTeUhoWEczaVFkSGZITWtsNW5FV0RlVHJPb2tOaHlGSWNxYjQ3bHRwVkhTN1FECjRmSFl5elI4UE1Od0NVS1F0eitJc3Njam10eVUySVRiSW5KOXFRZG1LVUxPdVovWlZYcFFyb0ExT3RjOWVuelYKSkpwclRNeGorTDRqYTVhYTNHZndzRFdQTlpWdVRsdGxMeG5hUjN2dE9ReFlkOXFyQmRpbnRTdUMvRldPajkrcQpWMjNOTjB0YnZBbm1WNDc2NUJ3dngwYm1xcUdnYU5BNjNTL2JxT2dpNy84MXZ5ajJBNWpZRUpwOHhpM05MRkxLCkJkTHNPV0NtQUpsa2R2Y2FIM3JjWkpDVnc1dXJJbVdRclBrbmR0VWFsU3pjd3U2MVpodTIrak9pdjI4UVk2SWUKQ0FYNEY1VHhBb0dCQU52bUVwUlBGcXJoOFVnRXpCWG9udFpOcU9sZmFSVXdFclkyM1hacUJnUkZlWVU1TUdYeQpUcW50bGptbkRKRG1FQjJtVnJkemNaTmRnNk82U0FrS3dabG0va0sxZFhFT3gzaGUrV2l1dit5amxtMmFJTFM4Cmx4ZStkb0krRFl5Q1VGT2FrOC9aTU0yTGdxajJnb2s3WGFlSXowOUU0eW1YR0pTVkU4RVNaTXoxQW9HQkFQbmUKcWY3NlhINnF3d3Z0TzA2YnQwemhtSXpzSnRxVGZyM0hsRmprYTA4eFFUUDQ5cGF0WnJKY0RFaUU0R0dza3NnSwo2bjVod0N5UG9tWStnTU1FbjJUaVFjcldvVmExVnRHS1hnY2g4dSszejlwbWhOT2cyc2RtZVFQaVBYTlZqNW9hCmwwaUNVWDdnaXFCYUlKT2tuZG9hMWVSckcyandYby8vQ0x6VWVkVlRBb0dCQUs1b05UWXg0QzJhVkc4bGR1U3QKZ2tWQWhRYkxxS0dvWmo3bEZ4TlRGZ0NQUmNtWFNUNmlSeWZaaTN1Z2RZUDdKSzhQZmRtMGsxRXBLejVSZ2M3QwpIRGphQ2pISWtDUWliNnlWejBUcXpNZ1lHemhFdFVvRUJlWk1KdHczOFRFUExqeVE3a2s4M3NzM3FtTHVXU3dVCnpMd1M4ekhRMWtiblV4U05oSVJ1WFVwOUFvR0FjSXlyWmY2L3l3NS83TTllOTNtTWgwVFd3aU5kSFBkekQyam0KbVdQS01sR3RYUXUzaHdkMFNzTExoWjdVc3lwWXMySzNYVllLaWdmb3pzVTRtcDlxYkxhOWkvQkJuQnp5amxBVgpLb0ZRUEVvL2hkREg0OHVBd0hDWDhmZm1WaDBrSWZYNFR1RGtkSklQMzBxNWdjZVVrcm1qdnMrLytQVE1vMi90Ckw2RkZmNkVDZ1lBbC84SGFpSnpVQW1QV2M5dytUWEtONVBGcHFJcTFIeGxwU0Z5ak52LzdoSkkyZlEwZU85bkUKN0FwTG9yd3pOT2UwaEE0dXRqMzN0Qm9xNjhIaTBnaXhnL0FHdk9XcFJ6VUhnTFh2dDVrVzVYQmRRTHhBOWE0bgpINGEwN09DYUdpY2JQZTQ5VGUzZzJhRldBYytwMVREbk9VRHNrUTByd281SGhlOWhNT2o3VlE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=

　　

拷贝文件到Node

Node节点上测试

?

1 2 3 4

[root@k8s-node01 ~]# kubectl --kubeconfig=./config get node NAME           STATUS   ROLES    AGE   VERSION 10.11.97.181   Ready    <none>   26d   v1.12.1 10.11.97.71    Ready    <none>   26d   v1.12.1

　　如果不希望在命令行加kubeconfig选项，可以创建一个目录.kube，将config文件放入下面即可。

这样就可以在Node节点上使用kubectl工具了。

四、kubectl补全

1、安装bash-completion

?

1	yum install bash-completion -y

　　

2、设置kubectl自动补全

 方式一：

?

1	echo 'source <(kubectl completion bash)' >>~/.bashrc

　　

方式二：

?

1	kubectl completion bash >/etc/bash_completion.d/kubectl