第九章 kubectl命令行工具使用详解
1、管理k8s核心资源的三种基础方法
- 陈述式管理方法:主要依赖命令行CLI工具进行管理
- 声明式管理方法:主要依赖统一资源配置清单(manifest)进行管理
- GUI式管理方法:主要依赖图形化操作界面(WEB)进行管理
2、陈述式资源管理方法
陈述式管理方法说白了就是对资源进行CDUR(增删改查),在任意一台运算节点上进行操作。
2.1 管理名称空间资源
2.1.1 查看名称空间
[root@hdss7-21 ~]# kubectl get namespaces
NAME STATUS AGE
default Active 5d23h
kube-node-lease Active 5d23h
kube-public Active 5d23h
kube-system Active 5d23h
使用简写
[root@hdss7-21 ~]# kubectl get ns
NAME STATUS AGE
default Active 5d23h
kube-node-lease Active 5d23h
kube-public Active 5d23h
kube-system Active 5d23h
2.1.2 查看名称空间资源
查看default名称空间的所有资源
[root@hdss7-21 ~]# kubectl get all -n default
NAME READY STATUS RESTARTS AGE
pod/nginx-ds-qbjx6 1/1 Running 2 45h
pod/nginx-ds-w7ktl 1/1 Running 2 45h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 5d23h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/nginx-ds 2 2 2 2 2 <none> 45h
当不写名称空间时默认使用default名称空间
[root@hdss7-21 ~]# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/nginx-ds-qbjx6 1/1 Running 2 45h
pod/nginx-ds-w7ktl 1/1 Running 2 45h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 5d23h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/nginx-ds 2 2 2 2 2 <none> 45h
查看pod
[root@hdss7-21 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
nginx-ds-qbjx6 1/1 Running 2 45h
nginx-ds-w7ktl 1/1 Running 2 45h
查看service
[root@hdss7-21 ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 5d23h
2.1.3 创建名称空间
[root@hdss7-21 ~]# kubectl create namespace app
namespace/app created
[root@hdss7-21 ~]# kubectl get namespace
NAME STATUS AGE
app Active 16s
default Active 5d23h
kube-node-lease Active 5d23h
kube-public Active 5d23h
kube-system Active 5d23h
[root@hdss7-21 ~]# kubectl get all -n app
No resources found.
2.1.4 删除名称空间
[root@hdss7-21 ~]# kubectl delete ns app
namespace "app" deleted
[root@hdss7-21 ~]# kubectl get namespace
NAME STATUS AGE
default Active 5d23h
kube-node-lease Active 5d23h
kube-public Active 5d23h
kube-system Active 5d23h
2.2管理Deployment(pod控制器)资源
2.2.1 创建deployment
[root@hdss7-21 ~]# kubectl get all -n kube-public
No resources found.
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
2.2.2 查看deployment
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-86678bb55c-kt9rd 1/1 Running 0 7s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 7s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-86678bb55c 1 1 1 7s
[root@hdss7-21 ~]# kubectl get deployment -n kube-public
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dp 1/1 1 1 91s
扩展查看
[root@hdss7-21 ~]# kubectl get deployment -o wide -n kube-public
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx-dp 1/1 1 1 7m38s nginx harbor.od.com/public/nginx:v1.7.9 app=nginx-dp
详细查看
[root@hdss7-21 ~]# kubectl describe deployment -n kube-public
Name: nginx-dp
Namespace: kube-public
CreationTimestamp: Fri, 16 Jul 2021 20:41:44 +0800
Labels: app=nginx-dp
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=nginx-dp
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=nginx-dp
Containers:
nginx:
Image: harbor.od.com/public/nginx:v1.7.9
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-dp-86678bb55c (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 9m deployment-controller Scaled up replica set nginx-dp-86678bb55c to 1
2.2.3 查看pod资源
[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-86678bb55c-kt9rd 1/1 Running 0 110s 172.7.21.3 hdss7-21.host.com <none> <none>
2.2.4 进入pod资源
[root@hdss7-21 ~]# kubectl exec -it nginx-dp-86678bb55c-kt9rd bash -n kube-public
root@nginx-dp-86678bb55c-kt9rd:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:07:15:03 brd ff:ff:ff:ff:ff:ff
inet 172.7.21.3/24 brd 172.7.21.255 scope global eth0
valid_lft forever preferred_lft forever
或者使用docker也可以,不过docker无法跨主机,只有在本机的容器才行
[root@hdss7-21 ~]# docker ps |grep nginx-dp
bece873198a1 84581e99d807 "nginx -g 'daemon of…" 22 minutes ago Up 22 minutes k8s_nginx_nginx-dp-86678bb55c-kt9rd_kube-public_2daa2b8a-e633-11eb-9d00-000c29e396b1_0
8d56eb2e0e0e harbor.od.com/public/pause:latest "/pause" 22 minutes ago Up 22 minutes k8s_POD_nginx-dp-86678bb55c-kt9rd_kube-public_2daa2b8a-e633-11eb-9d00-000c29e396b1_0
[root@hdss7-21 ~]# docker exec -it bece /bin/bash
root@nginx-dp-86678bb55c-kt9rd:/#
2.2.5 删除pod资源(重启)
[root@hdss7-21 ~]# kubectl delete pod nginx-dp-86678bb55c-kt9rd -n kube-public
pod "nginx-dp-86678bb55c-kt9rd" deleted
再次查看,删除了原来容器,重新启动了一个容器在hdss7-22上,查看前面的deployment这个pod控制器的详细信息,可以知道它采用的Replicas是一个副本,所以我们的pod会按照这个预期的期望值对容器进行部署
[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-86678bb55c-zd6vr 1/1 Running 0 95s 172.7.22.3 hdss7-22.host.com <none> <none>
如果遇到无法删除时,可以加入--force --grace-period=0选项进行强制删除
[root@hdss7-21 ~]# kubectl delete pod nginx-dp-86678bb55c-zd6vr -n kube-public --force --grace-period=0
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "nginx-dp-86678bb55c-zd6vr" force deleted
[root@hdss7-21 ~]#
[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-86678bb55c-c6snd 1/1 Running 0 7s 172.7.21.3 hdss7-21.host.com <none> <none>
2.2.6 删除deployment
[root@hdss7-21 ~]# kubectl get deployment -n kube-public
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dp 1/1 1 1 36m
[root@hdss7-21 ~]# kubectl delete deployment nginx-dp -n kube-public
deployment.extensions "nginx-dp" deleted
[root@hdss7-21 ~]# kubectl get all -n kube-public
No resources found.
2.3 管理service资源
2.3.1 创建service资源
先创建一个deployment资源
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-58f74bd894-9b5f7 0/1 ImagePullBackOff 0 26s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 0/1 1 0 26s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-58f74bd894 1 1 0 26s
创建service资源(暴露一个80服务端口)
[root@hdss7-21 ~]# kubectl expose deployment nginx-dp --port=80 -n kube-public
service/nginx-dp exposed
2.3.2 查看service资源
再次查看多出来一个service资源,IP是192.168.196.123,这样无论如何重启pod,pod地址如何变更,192.168.196.1238这个人servicedeIP都不会变(其作用相当于keepalived的VIP)
[root@hdss7-21 ~]# kubectl describe svc nginx-dp -n kube-public
Name: nginx-dp
Namespace: kube-public
Labels: app=nginx-dp
Annotations: <none>
Selector: app=nginx-dp
Type: ClusterIP
IP: 192.168.196.123
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 172.7.21.3:80,172.7.22.3:80
Session Affinity: None
Events: <none>
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-58f74bd894-9b5f7 0/1 ImagePullBackOff 0 2m31s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx-dp ClusterIP 192.168.196.123 <none> 80/TCP 40s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 0/1 1 0 2m31s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-58f74bd894 1 1 0 2m31s
[root@hdss7-21 ~]# curl 192.168.196.123
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
但是注意,这个ip只是一个虚ip,且只有在deployment这个资源的集群中才有用,对外无法显示,如下,在200上就无法识别
[root@hdss7-21 ~]# ping 192.168.196.123
PING 192.168.196.123 (192.168.196.123) 56(84) bytes of data.
64 bytes from 192.168.196.123: icmp_seq=1 ttl=64 time=0.137 ms
^C
--- 192.168.196.123 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.137/0.137/0.137/0.000 ms
[root@hdss7-200 harbor]# ping 192.168.196.123
PING 192.168.196.123 (192.168.196.123) 56(84) bytes of data.
^C
--- 192.168.196.123 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1001ms
2.3.3 查看ipvs代理
[root@hdss7-21 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.196.123:80 nq
-> 172.7.21.3:80 Masq 1 0 0
扩容deployment资源,可以利用deployment资源启动的pod都是被service192.168.196.123代理
[root@hdss7-21 ~]# kubectl scale deployment nginx-dp --replicas=2 -n kube-public
deployment.extensions/nginx-dp scaled
[root@hdss7-21 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.196.123:80 nq
-> 172.7.21.3:80 Masq 1 0 0
-> 172.7.22.3:80 Masq 1 0 0
2.4 陈述式资源管理方法小结
- Kuuernetes集群管理集群资源的唯一入口是通过相应的方法调用apiserver的接口;
- Kubectl是官方的CLI命令行工具,用于与apiserver进行通信,将用户在命令行输入的命令组织并转化为apiserver能识别的信息,进而实现管理k8s集群各种资源的一种有效途径;
- Kubectl的命令详解可以参考下面两种方法:
命令:kubectl --help
中文社区:http://docs.kubernetes.org.cn/683.html - 陈述式资源管理方法可以满足90%以上的资源管理需求,但是它的缺点也很明显:
命令冗长复杂,难以记忆;
特定场景下无法满足管理需求;
对资源的增删查操作比较容易,但是对于改操作就比较复杂。
3、声明式资源管理方法
声明式资源管理方法依赖于资源配置清单(yaml/json)
3.1 查看资源配置清单
查看有哪些pod
[root@hdss7-21 ~]# kubectl get pod -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-86678bb55c-5ppcf 1/1 Running 1 19h
nginx-dp-86678bb55c-jh2k4 1/1 Running 1 19h
用yanl格式查看pod使用的资源配置清单
[root@hdss7-21 ~]# kubectl get pod nginx-dp-86678bb55c-5ppcf -o yaml -n kube-public
用Json格式查看资源配置清单
[root@hdss7-21 ~]# kubectl get pod nginx-dp-86678bb55c-5ppcf -o json -n kube-public
也可以根据查看service的资源配置清单
[root@hdss7-21 ~]# kubectl get service nginx-dp -o yaml -n kube-public
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2021-07-16T13:51:08Z"
labels:
app: nginx-dp
name: nginx-dp
namespace: kube-public
resourceVersion: "40875"
selfLink: /api/v1/namespaces/kube-public/services/nginx-dp
uid: df593257-e63c-11eb-9d00-000c29e396b1
spec:
clusterIP: 192.168.196.123
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-dp
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
3.2 解释资源配置清单
资源配置清单中基本都会有看apiVersion、kind、metadata、spec这几个配置
查看其中metadata配置的解释
[root@hdss7-21 ~]# kubectl explain service.metadata
[root@hdss7-21 ~]# kubectl explain pod.metadata
3.3 创建资源配置清单
[root@hdss7-21 ~]# vim nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ds
name: nginx-ds
namespace: default
spec:
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-ds
sessionAffinity: None
type: ClusterIP
3.4 应用资源配置清单
[root@hdss7-21 ~]# kubectl create -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl create -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl get svc -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 6d20h
nginx-ds ClusterIP 192.168.210.122 <none> 80/TCP 45s
查看详情
[root@hdss7-21 ~]# kubectl get svc nginx-ds -o yaml -n default
apiVersion: v1
kind: Service
metadata:
creationTimestamp: "2021-07-17T09:15:28Z"
labels:
app: nginx-ds
name: nginx-ds
namespace: default
resourceVersion: "46358"
selfLink: /api/v1/namespaces/default/services/nginx-ds
uid: 872412d9-e6df-11eb-a8fa-000c29e396b1
spec:
clusterIP: 192.168.210.122
ports:
- port: 80
protocol: TCP
targetPort: 80
selector:
app: nginx-ds
sessionAffinity: None
type: ClusterIP
status:
loadBalancer: {}
3.5 修改资源配置清单并应用
[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ds ClusterIP 192.168.210.122 <none> 80/TCP 13m
3.5.1 离线更改
即修改yaml资源配置清单
[root@hdss7-21 ~]# vim nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
labels:
app: nginx-ds
name: nginx-ds
namespace: default
spec:
ports:
- port: 8080
protocol: TCP
targetPort: 80
selector:
app: nginx-ds
sessionAffinity: None
type: ClusterIP
使用apply进行变更
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
The Service "nginx-ds" is invalid:
* spec.ports[0].name: Required value
* spec.ports[1].name: Required value
如果出现如上报错,就使用--force强制变更
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml --force
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
service/nginx-ds configured
再次查看service端口已经变成8080了
[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ds ClusterIP 192.168.55.169 <none> 8080/TCP 5s
3.5.2 在线更改
使用edit在线编辑资源配置清单并保存使之生效(nginx-ds为service名称)
[root@hdss7-21 ~]# kubectl edit svc nginx-ds
修改- port: 8081
保存退出(:wq)
service/nginx-ds edited
再次查看
[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
nginx-ds ClusterIP 192.168.55.169 <none> 8081/TCP 7m45s
注意,使用在线更改的其资源配置清单的yaml文件并不会改变,edit查看修改的都是资源目前的真实状态,yaml不会因此二受到改变,所以生产上一般不建议使用edit在线修改资源,因为yaml文件未同步更新,会使得下次使用yaml文件时将edit修改的内容恢复。在线修改后可以查看一下yaml文件,是没有改变的。
3.6 删除资源配置清单
陈述式删除
[root@hdss7-21 ~]# kubectl delete svc nginx-ds
service "nginx-dt" deleted
声明式删除
[root@hdss7-21 ~]# kubectl delete -f nginx-ds-svc.yaml
service "nginx-ds" deleted
3.7 声明式资源管理方法小结
- 声明式资源管理方法,依赖于统一资源配置清单文件对资源进行管理;
- 对资源的管理,是通过事先定义在同一资源配置清单内,再通过陈述式命令应用到K8s集群里
- 语法格式:kubectl create/apply/delete/ -f *.yaml/json
- 资源配置清单的学习方法
多看别人写的(官方),能读懂的;
能照着现有的文件改着用;
遇到不懂的,能用explain进行查询;
切记上来就自己写,等熟悉了之后再尝试自己写。