加载中...

第九章 kubectl命令行工具使用详解

1、管理k8s核心资源的三种基础方法

  • 陈述式管理方法:主要依赖命令行CLI工具进行管理
  • 声明式管理方法:主要依赖统一资源配置清单(manifest)进行管理
  • GUI式管理方法:主要依赖图形化操作界面(WEB)进行管理

2、陈述式资源管理方法

陈述式管理方法说白了就是对资源进行CDUR(增删改查),在任意一台运算节点上进行操作。

2.1 管理名称空间资源

2.1.1 查看名称空间

[root@hdss7-21 ~]# kubectl get namespaces
NAME              STATUS   AGE
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h
使用简写
[root@hdss7-21 ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h

2.1.2 查看名称空间资源

查看default名称空间的所有资源
[root@hdss7-21 ~]# kubectl get all -n default
NAME                 READY   STATUS    RESTARTS   AGE
pod/nginx-ds-qbjx6   1/1     Running   2          45h
pod/nginx-ds-w7ktl   1/1     Running   2          45h

NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   192.168.0.1   <none>        443/TCP   5d23h

NAME                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/nginx-ds   2         2         2       2            2           <none>          45h
当不写名称空间时默认使用default名称空间
[root@hdss7-21 ~]# kubectl get all
NAME                 READY   STATUS    RESTARTS   AGE
pod/nginx-ds-qbjx6   1/1     Running   2          45h
pod/nginx-ds-w7ktl   1/1     Running   2          45h

NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   192.168.0.1   <none>        443/TCP   5d23h

NAME                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/nginx-ds   2         2         2       2            2           <none>          45h
查看pod
[root@hdss7-21 ~]# kubectl get pod
NAME             READY   STATUS    RESTARTS   AGE
nginx-ds-qbjx6   1/1     Running   2          45h
nginx-ds-w7ktl   1/1     Running   2          45h
查看service
[root@hdss7-21 ~]# kubectl get service
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   192.168.0.1   <none>        443/TCP   5d23h

2.1.3 创建名称空间

[root@hdss7-21 ~]# kubectl create namespace app
namespace/app created
[root@hdss7-21 ~]# kubectl get namespace
NAME              STATUS   AGE
app               Active   16s
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h
[root@hdss7-21 ~]# kubectl get all -n app
No resources found.

2.1.4 删除名称空间

[root@hdss7-21 ~]# kubectl delete ns app
namespace "app" deleted
[root@hdss7-21 ~]# kubectl get namespace
NAME              STATUS   AGE
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h

2.2管理Deployment(pod控制器)资源

2.2.1 创建deployment

[root@hdss7-21 ~]# kubectl get all -n kube-public
No resources found.
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created

2.2.2 查看deployment

[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME                            READY   STATUS    RESTARTS   AGE
pod/nginx-dp-86678bb55c-kt9rd   1/1     Running   0          7s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-dp   1/1     1            1           7s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dp-86678bb55c   1         1         1       7s
[root@hdss7-21 ~]# kubectl get deployment -n kube-public
NAME       READY   UP-TO-DATE   AVAILABLE   AGE
nginx-dp   1/1     1            1           91s
扩展查看
[root@hdss7-21 ~]# kubectl get deployment -o wide -n kube-public
NAME       READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES                              SELECTOR
nginx-dp   1/1     1            1           7m38s   nginx        harbor.od.com/public/nginx:v1.7.9   app=nginx-dp
详细查看
[root@hdss7-21 ~]# kubectl  describe deployment  -n kube-public
Name:                   nginx-dp
Namespace:              kube-public
CreationTimestamp:      Fri, 16 Jul 2021 20:41:44 +0800
Labels:                 app=nginx-dp
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               app=nginx-dp
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  app=nginx-dp
  Containers:
   nginx:
    Image:        harbor.od.com/public/nginx:v1.7.9
    Port:         <none>
    Host Port:    <none>
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  <none>
NewReplicaSet:   nginx-dp-86678bb55c (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  9m    deployment-controller  Scaled up replica set nginx-dp-86678bb55c to 1

2.2.3 查看pod资源

[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE    IP           NODE                NOMINATED NODE   READINESS GATES
nginx-dp-86678bb55c-kt9rd   1/1     Running   0          110s   172.7.21.3   hdss7-21.host.com   <none>           <none>

2.2.4 进入pod资源

[root@hdss7-21 ~]# kubectl exec -it nginx-dp-86678bb55c-kt9rd bash -n kube-public
root@nginx-dp-86678bb55c-kt9rd:/# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
    link/ether 02:42:ac:07:15:03 brd ff:ff:ff:ff:ff:ff
    inet 172.7.21.3/24 brd 172.7.21.255 scope global eth0
       valid_lft forever preferred_lft forever
或者使用docker也可以,不过docker无法跨主机,只有在本机的容器才行
[root@hdss7-21 ~]# docker ps  |grep nginx-dp
bece873198a1   84581e99d807                        "nginx -g 'daemon of…"   22 minutes ago   Up 22 minutes             k8s_nginx_nginx-dp-86678bb55c-kt9rd_kube-public_2daa2b8a-e633-11eb-9d00-000c29e396b1_0
8d56eb2e0e0e   harbor.od.com/public/pause:latest   "/pause"                 22 minutes ago   Up 22 minutes             k8s_POD_nginx-dp-86678bb55c-kt9rd_kube-public_2daa2b8a-e633-11eb-9d00-000c29e396b1_0
[root@hdss7-21 ~]# docker exec -it bece /bin/bash
root@nginx-dp-86678bb55c-kt9rd:/#

2.2.5 删除pod资源(重启)

[root@hdss7-21 ~]# kubectl delete pod nginx-dp-86678bb55c-kt9rd -n kube-public
pod "nginx-dp-86678bb55c-kt9rd" deleted
再次查看,删除了原来容器,重新启动了一个容器在hdss7-22上,查看前面的deployment这个pod控制器的详细信息,可以知道它采用的Replicas是一个副本,所以我们的pod会按照这个预期的期望值对容器进行部署
[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE   IP           NODE                NOMINATED NODE   READINESS GATES
nginx-dp-86678bb55c-zd6vr   1/1     Running   0          95s   172.7.22.3   hdss7-22.host.com   <none>           <none>
如果遇到无法删除时,可以加入--force --grace-period=0选项进行强制删除
[root@hdss7-21 ~]# kubectl delete pod nginx-dp-86678bb55c-zd6vr -n kube-public --force --grace-period=0
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "nginx-dp-86678bb55c-zd6vr" force deleted
[root@hdss7-21 ~]#
[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE   IP           NODE                NOMINATED NODE   READINESS GATES
nginx-dp-86678bb55c-c6snd   1/1     Running   0          7s    172.7.21.3   hdss7-21.host.com   <none>           <none>

2.2.6 删除deployment

[root@hdss7-21 ~]# kubectl get deployment -n kube-public
NAME       READY   UP-TO-DATE   AVAILABLE   AGE
nginx-dp   1/1     1            1           36m
[root@hdss7-21 ~]# kubectl delete deployment nginx-dp -n kube-public
deployment.extensions "nginx-dp" deleted
[root@hdss7-21 ~]# kubectl get all -n kube-public
No resources found.

2.3 管理service资源

2.3.1 创建service资源

先创建一个deployment资源
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME                            READY   STATUS             RESTARTS   AGE
pod/nginx-dp-58f74bd894-9b5f7   0/1     ImagePullBackOff   0          26s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-dp   0/1     1            0           26s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dp-58f74bd894   1         1         0       26s
创建service资源(暴露一个80服务端口)
[root@hdss7-21 ~]# kubectl expose deployment nginx-dp --port=80 -n kube-public
service/nginx-dp exposed

2.3.2 查看service资源
再次查看多出来一个service资源,IP是192.168.196.123,这样无论如何重启pod,pod地址如何变更,192.168.196.1238这个人servicedeIP都不会变(其作用相当于keepalived的VIP)

[root@hdss7-21 ~]# kubectl describe svc nginx-dp -n kube-public
Name:              nginx-dp
Namespace:         kube-public
Labels:            app=nginx-dp
Annotations:       <none>
Selector:          app=nginx-dp
Type:              ClusterIP
IP:                192.168.196.123
Port:              <unset>  80/TCP
TargetPort:        80/TCP
Endpoints:         172.7.21.3:80,172.7.22.3:80
Session Affinity:  None
Events:            <none>
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME                            READY   STATUS             RESTARTS   AGE
pod/nginx-dp-58f74bd894-9b5f7   0/1     ImagePullBackOff   0          2m31s

NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/nginx-dp   ClusterIP   192.168.196.123   <none>        80/TCP    40s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-dp   0/1     1            0           2m31s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dp-58f74bd894   1         1         0       2m31s
[root@hdss7-21 ~]# curl 192.168.196.123
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
    body {
        width: 35em;
        margin: 0 auto;
        font-family: Tahoma, Verdana, Arial, sans-serif;
    }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
但是注意,这个ip只是一个虚ip,且只有在deployment这个资源的集群中才有用,对外无法显示,如下,在200上就无法识别
[root@hdss7-21 ~]# ping 192.168.196.123
PING 192.168.196.123 (192.168.196.123) 56(84) bytes of data.
64 bytes from 192.168.196.123: icmp_seq=1 ttl=64 time=0.137 ms
^C
--- 192.168.196.123 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.137/0.137/0.137/0.000 ms
[root@hdss7-200 harbor]# ping 192.168.196.123
PING 192.168.196.123 (192.168.196.123) 56(84) bytes of data.
^C
--- 192.168.196.123 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1001ms

2.3.3 查看ipvs代理

[root@hdss7-21 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.1:443 nq
  -> 10.4.7.21:6443               Masq    1      0          0
  -> 10.4.7.22:6443               Masq    1      0          0
TCP  192.168.196.123:80 nq
  -> 172.7.21.3:80                Masq    1      0          0
扩容deployment资源,可以利用deployment资源启动的pod都是被service192.168.196.123代理
[root@hdss7-21 ~]# kubectl scale deployment nginx-dp --replicas=2 -n kube-public
deployment.extensions/nginx-dp scaled
[root@hdss7-21 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.1:443 nq
  -> 10.4.7.21:6443               Masq    1      0          0
  -> 10.4.7.22:6443               Masq    1      0          0
TCP  192.168.196.123:80 nq
  -> 172.7.21.3:80                Masq    1      0          0
  -> 172.7.22.3:80                Masq    1      0          0

2.4 陈述式资源管理方法小结

  • Kuuernetes集群管理集群资源的唯一入口是通过相应的方法调用apiserver的接口;
  • Kubectl是官方的CLI命令行工具,用于与apiserver进行通信,将用户在命令行输入的命令组织并转化为apiserver能识别的信息,进而实现管理k8s集群各种资源的一种有效途径;
  • Kubectl的命令详解可以参考下面两种方法:
    命令:kubectl --help
    中文社区:http://docs.kubernetes.org.cn/683.html
  • 陈述式资源管理方法可以满足90%以上的资源管理需求,但是它的缺点也很明显:
    命令冗长复杂,难以记忆;
    特定场景下无法满足管理需求;
    对资源的增删查操作比较容易,但是对于改操作就比较复杂。

3、声明式资源管理方法

声明式资源管理方法依赖于资源配置清单(yaml/json)

3.1 查看资源配置清单

查看有哪些pod
[root@hdss7-21 ~]# kubectl get pod -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE
nginx-dp-86678bb55c-5ppcf   1/1     Running   1          19h
nginx-dp-86678bb55c-jh2k4   1/1     Running   1          19h
用yanl格式查看pod使用的资源配置清单
[root@hdss7-21 ~]# kubectl get pod nginx-dp-86678bb55c-5ppcf -o yaml -n kube-public
用Json格式查看资源配置清单
[root@hdss7-21 ~]# kubectl get pod nginx-dp-86678bb55c-5ppcf -o json -n kube-public
也可以根据查看service的资源配置清单
[root@hdss7-21 ~]# kubectl get service nginx-dp -o yaml -n kube-public
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2021-07-16T13:51:08Z"
  labels:
    app: nginx-dp
  name: nginx-dp
  namespace: kube-public
  resourceVersion: "40875"
  selfLink: /api/v1/namespaces/kube-public/services/nginx-dp
  uid: df593257-e63c-11eb-9d00-000c29e396b1
spec:
  clusterIP: 192.168.196.123
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-dp
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

3.2 解释资源配置清单

资源配置清单中基本都会有看apiVersion、kind、metadata、spec这几个配置

查看其中metadata配置的解释
[root@hdss7-21 ~]# kubectl explain service.metadata
[root@hdss7-21 ~]# kubectl explain pod.metadata

3.3 创建资源配置清单

[root@hdss7-21 ~]# vim nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx-ds
  name: nginx-ds
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-ds
  sessionAffinity: None
  type: ClusterIP

3.4 应用资源配置清单

[root@hdss7-21 ~]# kubectl create -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl create -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl get svc -n default
NAME         TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   192.168.0.1       <none>        443/TCP   6d20h
nginx-ds     ClusterIP   192.168.210.122   <none>        80/TCP    45s
查看详情
[root@hdss7-21 ~]# kubectl get svc nginx-ds -o yaml -n default
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2021-07-17T09:15:28Z"
  labels:
    app: nginx-ds
  name: nginx-ds
  namespace: default
  resourceVersion: "46358"
  selfLink: /api/v1/namespaces/default/services/nginx-ds
  uid: 872412d9-e6df-11eb-a8fa-000c29e396b1
spec:
  clusterIP: 192.168.210.122
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-ds
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

3.5 修改资源配置清单并应用

[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME       TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)   AGE
nginx-ds   ClusterIP   192.168.210.122   <none>        80/TCP    13m

3.5.1 离线更改
即修改yaml资源配置清单

[root@hdss7-21 ~]# vim nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx-ds
  name: nginx-ds
  namespace: default
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-ds
  sessionAffinity: None
  type: ClusterIP
使用apply进行变更
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
The Service "nginx-ds" is invalid:
* spec.ports[0].name: Required value
* spec.ports[1].name: Required value
如果出现如上报错,就使用--force强制变更
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml --force
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
service/nginx-ds configured
再次查看service端口已经变成8080了
[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
nginx-ds   ClusterIP   192.168.55.169   <none>        8080/TCP   5s

3.5.2 在线更改
使用edit在线编辑资源配置清单并保存使之生效(nginx-ds为service名称)

[root@hdss7-21 ~]# kubectl edit svc nginx-ds
修改- port: 8081
保存退出(:wq)
service/nginx-ds edited
再次查看
[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
nginx-ds   ClusterIP   192.168.55.169   <none>        8081/TCP   7m45s

注意,使用在线更改的其资源配置清单的yaml文件并不会改变,edit查看修改的都是资源目前的真实状态,yaml不会因此二受到改变,所以生产上一般不建议使用edit在线修改资源,因为yaml文件未同步更新,会使得下次使用yaml文件时将edit修改的内容恢复。在线修改后可以查看一下yaml文件,是没有改变的。

3.6 删除资源配置清单

陈述式删除

[root@hdss7-21 ~]# kubectl delete svc nginx-ds
service "nginx-dt" deleted

声明式删除

[root@hdss7-21 ~]# kubectl delete -f nginx-ds-svc.yaml
service "nginx-ds" deleted

3.7 声明式资源管理方法小结

  • 声明式资源管理方法,依赖于统一资源配置清单文件对资源进行管理;
  • 对资源的管理,是通过事先定义在同一资源配置清单内,再通过陈述式命令应用到K8s集群里
  • 语法格式:kubectl create/apply/delete/ -f *.yaml/json
  • 资源配置清单的学习方法
    多看别人写的(官方),能读懂的;
    能照着现有的文件改着用;
    遇到不懂的,能用explain进行查询;
    切记上来就自己写,等熟悉了之后再尝试自己写。
posted @ 2021-07-16 22:29  沾沾自喜的混子  阅读(286)  评论(0编辑  收藏  举报