k8s日常开发运维操作

前言：记录一些日常开发管理k8s用到的命令

pod命令

启动

根据yaml文件创建pod

执行命令即可启动kubectl apply -f portscan-consumer.yaml

portscan-consumer.yaml

apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
  name: portscan-image
  annotations:
    k8s.aliyun.com/eci-image-cache: "true" # 开启镜像缓存复用。
spec:
  images:
    - xxxx-registry.cn-beijing.cr.aliyuncs.com/fc/portscan-consumer:prod-${PORTSCAN_CI_TAG_NAME}
  imageCacheSize:
    25 # 镜像缓存大小，单位GiB。
  retentionDays:
    7 # 镜像缓存保留时间。
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
  name: portscan-service
  namespace: scanner
spec:
  template:
    metadata:
      annotations:
        k8s.aliyun.com/eci-with-eip: "true"
        k8s.aliyun.com/eip-bandwidth: "100"
        k8s.aliyun.com/eip-internet-charge-type: "PayByTraffic"
        autoscaling.knative.dev/class: "kpa.autoscaling.knative.dev"
        autoscaling.knative.dev/min-scale: "1"
        autoscaling.knative.dev/max-scale: "1000"
#        autoscaling.knative.dev/scale-down-delay: "3h"  # 保持Pod至少3小时, nmap 100 ip 900s*4组 每组25 最长为1个小时
        autoscaling.knative.dev/metric: "concurrency"
        autoscaling.knative.dev/target: "1"
        #        autoscaling.knative.dev/target-utilization-percentage: "50"
        serving.knative.dev/revision-timeout-seconds: "1800"
    spec:
      containerConcurrency: 1
      containers:
        - image: xxxx-registry.cn-beijing.cr.aliyuncs.com/fc/portscan-consumer:prod-${PORTSCAN_CI_TAG_NAME}
          env:
            - name: TZ
              value: Asia/Shanghai
          resources:
            requests:
              cpu: "1000m"     #容器的vCPU上限
              memory: "2000Mi"   #容器的内存上限
            limits:
              cpu: "2000m"     #容器的vCPU上限
              memory: "3000Mi"   #容器的内存上限

列表

kubectl get pods -A

重启

pod重启的话，通过delete命令删除该pod，k8s控制器会重新创建一个该pod，如下图所示

kubectl delete pod prod-x-scanner-portscan-57f768ccb-7v8nl -n scanner

deployment命令

启动

执行命令即可启动kubectl apply -f deployment.yaml

deployment.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: example-deployment
spec:
  replicas: 3
  selector:
    matchLabels:
      app: example
  template:
    metadata:
      labels:
        app: example
    spec:
      containers:
      - name: example-container
        image: nginx:latest
        ports:
        - containerPort: 80

列表

kubectl get deployments -n scanner

重启

kubectl rollout restart deployment/portscan-service-00007-deployment -n scanner

对应的该deployment中新的pod就会起来，如下图所示

logs日志命令

查看指定pod日志

kubectl logs portscan-service-00011-deployment-56b4fd9988-q7pdg -n scanner

由于自动重启多次导致日志丢失，可以加上previous参数查看历史日志信息

kubectl logs portscan-service-00011-deployment-56b4fd9988-q7pdg -n scanner --previous

config配置命令

切换context环境

用于方便管理不同的context环境

切换到k8s-prod环境中

kubectl config use-context k8s-prod

切换到k8s-hw环境中

kubectl config use-context k8s-hw

yaml文件

阿里云镜像缓存复用

当yaml中编写了该字段的时候，标注部署上传镜像的时候开启镜像缓存复用

apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
  name: portscan-image
  annotations:
    k8s.aliyun.com/eci-image-cache: "true" # 开启镜像缓存复用。
spec:
  images:
    - xxxx-registry.cn-beijing.cr.aliyuncs.com/fc/portscan-consumer:prod-${PORTSCAN_CI_TAG_NAME}
  imageCacheSize:
    25 # 镜像缓存大小，单位GiB。
  retentionDays:
    7 # 镜像缓存保留时间。

secrets命令

列表

kubectl get secrets

获取凭证信息

#!/bin/bash
 
# 设置输出目录
OUTPUT_DIR="./secrets_decoded_json"
mkdir -p "$OUTPUT_DIR"
 
# 获取所有 secrets 并导出为 JSON 文件
kubectl get secrets -o name | while read -r secret_name; do
  # 提取 secret 名称
  secret=$(basename "$secret_name")
 
  # 获取 secret 详情，解码 .data 字段并保存为 JSON 文件
  kubectl get "$secret_name" -o json | \
    jq '(del(.metadata.managedFields) | .data |= with_entries(.value |= @base64d))' > "$OUTPUT_DIR/$secret.decoded.json"
 
  echo "Exported and decoded $secret to $OUTPUT_DIR/$secret.decoded.json"
done
 
echo "All secrets have been exported and decoded to the $OUTPUT_DIR directory."