k8s日常开发运维操作
前言:记录一些日常开发管理k8s用到的命令
pod命令
启动
根据yaml文件创建pod
执行命令即可启动kubectl apply -f portscan-consumer.yaml
portscan-consumer.yaml
apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
name: portscan-image
annotations:
k8s.aliyun.com/eci-image-cache: "true" # 开启镜像缓存复用。
spec:
images:
- xxxx-registry.cn-beijing.cr.aliyuncs.com/fc/portscan-consumer:prod-${PORTSCAN_CI_TAG_NAME}
imageCacheSize:
25 # 镜像缓存大小,单位GiB。
retentionDays:
7 # 镜像缓存保留时间。
---
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
name: portscan-service
namespace: scanner
spec:
template:
metadata:
annotations:
k8s.aliyun.com/eci-with-eip: "true"
k8s.aliyun.com/eip-bandwidth: "100"
k8s.aliyun.com/eip-internet-charge-type: "PayByTraffic"
autoscaling.knative.dev/class: "kpa.autoscaling.knative.dev"
autoscaling.knative.dev/min-scale: "1"
autoscaling.knative.dev/max-scale: "1000"
# autoscaling.knative.dev/scale-down-delay: "3h" # 保持Pod至少3小时, nmap 100 ip 900s*4组 每组25 最长为1个小时
autoscaling.knative.dev/metric: "concurrency"
autoscaling.knative.dev/target: "1"
# autoscaling.knative.dev/target-utilization-percentage: "50"
serving.knative.dev/revision-timeout-seconds: "1800"
spec:
containerConcurrency: 1
containers:
- image: xxxx-registry.cn-beijing.cr.aliyuncs.com/fc/portscan-consumer:prod-${PORTSCAN_CI_TAG_NAME}
env:
- name: TZ
value: Asia/Shanghai
resources:
requests:
cpu: "1000m" #容器的vCPU上限
memory: "2000Mi" #容器的内存上限
limits:
cpu: "2000m" #容器的vCPU上限
memory: "3000Mi" #容器的内存上限
列表
kubectl get pods -A
重启
pod重启的话,通过delete命令删除该pod,k8s控制器会重新创建一个该pod,如下图所示
kubectl delete pod prod-x-scanner-portscan-57f768ccb-7v8nl -n scanner
deployment命令
启动
执行命令即可启动kubectl apply -f deployment.yaml
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: example-deployment
spec:
replicas: 3
selector:
matchLabels:
app: example
template:
metadata:
labels:
app: example
spec:
containers:
- name: example-container
image: nginx:latest
ports:
- containerPort: 80
列表
kubectl get deployments -n scanner
重启
kubectl rollout restart deployment/portscan-service-00007-deployment -n scanner
对应的该deployment中新的pod就会起来,如下图所示
logs日志命令
查看指定pod日志
kubectl logs portscan-service-00011-deployment-56b4fd9988-q7pdg -n scanner
由于自动重启多次导致日志丢失,可以加上previous参数查看历史日志信息
kubectl logs portscan-service-00011-deployment-56b4fd9988-q7pdg -n scanner --previous
config配置命令
切换context环境
用于方便管理不同的context环境
切换到k8s-prod环境中
kubectl config use-context k8s-prod
切换到k8s-hw环境中
kubectl config use-context k8s-hw
yaml文件
阿里云镜像缓存复用
当yaml中编写了该字段的时候,标注部署上传镜像的时候开启镜像缓存复用
apiVersion: eci.alibabacloud.com/v1
kind: ImageCache
metadata:
name: portscan-image
annotations:
k8s.aliyun.com/eci-image-cache: "true" # 开启镜像缓存复用。
spec:
images:
- xxxx-registry.cn-beijing.cr.aliyuncs.com/fc/portscan-consumer:prod-${PORTSCAN_CI_TAG_NAME}
imageCacheSize:
25 # 镜像缓存大小,单位GiB。
retentionDays:
7 # 镜像缓存保留时间。
secrets命令
列表
kubectl get secrets
获取凭证信息
#!/bin/bash
# 设置输出目录
OUTPUT_DIR="./secrets_decoded_json"
mkdir -p "$OUTPUT_DIR"
# 获取所有 secrets 并导出为 JSON 文件
kubectl get secrets -o name | while read -r secret_name; do
# 提取 secret 名称
secret=$(basename "$secret_name")
# 获取 secret 详情,解码 .data 字段并保存为 JSON 文件
kubectl get "$secret_name" -o json | \
jq '(del(.metadata.managedFields) | .data |= with_entries(.value |= @base64d))' > "$OUTPUT_DIR/$secret.decoded.json"
echo "Exported and decoded $secret to $OUTPUT_DIR/$secret.decoded.json"
done
echo "All secrets have been exported and decoded to the $OUTPUT_DIR directory."
浙公网安备 33010602011771号