一、kubectl命令与资源管理
1、资源管理操作概述
2、kubectl的基本用法
二、kubectl的子命令列表
[root@master ~]# kubectl -h kubectl controls the Kubernetes cluster manager. Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/ Basic Commands (Beginner): #期初命令(初级) create Create a resource from a file or from stdin. #通过文件或标准输入创建资源 expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service #基于rc svc depoy或创建svc资源 run Run a particular image on the cluster #通过创建deploy在集群中运行指定的镜像 set Set specific features on objects #设置指定资源的特定属性 Basic Commands (Intermediate): #期初命令(中级) explain Documentation of resources #打印资源文档 get Display one or many resources #显示一个或多个资源 edit Edit a resource on the server #编辑资源 delete Delete resources by filenames, stdin, resources and names, or by resources and label selector #基于文件名、stdin、资源或名字、以及资源和选择器删除资源 Deploy Commands: #部署命令 rollout Manage the rollout of a resource #管理资源的滚动更新 scale Set a new size for a Deployment, ReplicaSet or Replication Controller #伸缩deploy、rs、rc或job的规模 autoscale Auto-scale a Deployment, ReplicaSet, or ReplicationController #伸缩deploy、rs、rc进行自动伸缩 Cluster Management Commands: #集群管理命令 certificate Modify certificate resources. #配置数字证书资源 cluster-info Display cluster info #打印集群信息 top Display Resource (CPU/Memory/Storage) usage. #打印资源(cpu/mem/storage)使用率 cordon Mark node as unschedulable #将node设定为 不可用unschedulable状态 uncordon Mark node as schedulable #将node设定为 不可用schedulable状态 drain Drain node in preparation for maintenance #排干指定的node的负载以进入维护模式 taint Update the taints on one or more nodes #为node声明污点及标准行为 Troubleshooting and Debugging Commands: #排除及调试命令 describe Show details of a specific resource or group of resources #显示指定的资源或资源组的详细信息 logs Print the logs for a container in a pod #显示一个POD内某容器的日志 attach Attach to a running container #附加终端至一个运行中的容器 exec Execute a command in a container #在容器中执行指定命令 port-forward Forward one or more local ports to a pod #将本地的一个或多个端口转发至指定的pod proxy Run a proxy to the Kubernetes API server #创建能够访问Kubernetes API Server的代理 cp Copy files and directories to and from containers. #在容器间复制文件或目录 auth Inspect authorization #打印授权信息 Advanced Commands: #高级命令 diff Diff live version against would-be applied version apply Apply a configuration to a resource by filename or stdin #基于文件或stdin将配置应用于资源 patch Update field(s) of a resource using strategic merge patch #使用策略合并补丁更新资源字段 replace Replace a resource by filename or stdin #基于文件或stdin替换一个资源 wait Experimental: Wait for a specific condition on one or many resources. convert Convert config files between different API versions #为不同的API版本转换配置文件 kustomize Build a kustomization target from a directory or a remote url. Settings Commands: #设置命令 label Update the labels on a resource #更新指定资源的label annotate Update the annotations on a resource #更新资源的annotation completion Output shell completion code for the specified shell (bash or zsh) #输出指定的shell的补全代码 Other Commands: #其他命令 alpha Commands for features in alpha api-resources Print the supported API resources on the server #打印服务器上支持的API资源 api-versions Print the supported API versions on the server, in the form of "group/version" #以 group/version格式打印服务器支持的API版本信息 config Modify kubeconfig files #配置kubeconfig文件的内容 plugin Provides utilities for interacting with plugins. #运行命令行插件 version Print the client and server version information #打印服务端和客户端的版本信息 Usage: kubectl [flags] [options] Use "kubectl <command> --help" for more information about a given command. Use "kubectl options" for a list of global command-line options (applies to all commands).
三、kubectl get命令的常用输出格式
1、kubectl get命令的常用输出格式
[root@master ~]# kubectl get -h
Display one or many resources
......
Examples:
# List all pods in ps output format.
kubectl get pods
# List all pods in ps output format with more information (such as node name).
kubectl get pods -o wide #显示资源的详细信息
# List a single replication controller with specified NAME in ps output format.
kubectl get replicationcontroller web
# List deployments in JSON output format, in the "v1" version of the "apps" API group:
kubectl get deployments.v1.apps -o json #JSON格式输出API对象信息
# List a single pod in JSON output format.
kubectl get -o json pod web-pod-13je7
# List a pod identified by type and name specified in "pod.yaml" in JSON output format.
kubectl get -f pod.yaml -o json #JSON格式输出API对象信息
# List resources from a directory with kustomization.yaml - e.g. dir/kustomization.yaml.
kubectl get -k dir/
# Return only the phase value of the specified pod.
kubectl get -o template pod/web-pod-13je7 --template={{.status.phase}}
# List resource information in custom columns.
kubectl get pod test-pod -o custom-columns=CONTAINER:.spec.containers[0].name,IMAGE:.spec.containers[0].image
#以自定义的go模板格式化输出API对象信息
# List all replication controllers and services together in ps output format.
kubectl get rc,services
# List one or more resources by their type and names.
kubectl get rc/web service/frontend pods/web-pod-13je7
-o, --output='': Output format. One of:
json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...
See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template
[http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template
[http://kubernetes.io/docs/user-guide/jsonpath].
--output-watch-events=false: Output watch event objects when --watch or --watch-only is used. Existing objects are
2、kubectl 通用选项
[root@master ~]# kubectl options
The following options can be passed to any command:
--add-dir-header=false: If true, adds the file directory to the header
--alsologtostderr=false: log to standard error as well as files
--as='': Username to impersonate for the operation
--as-group=[]: Group to impersonate for the operation, this flag can be repeated to specify multiple groups.
--cache-dir='/root/.kube/http-cache': Default HTTP cache directory
--certificate-authority='': Path to a cert file for the certificate authority
--client-certificate='': Path to a client certificate file for TLS
--client-key='': Path to a client key file for TLS
--cluster='': The name of the kubeconfig cluster to use
--context='': The name of the kubeconfig context to use
--insecure-skip-tls-verify=false: If true, the server's certificate will not be checked for validity. This will
make your HTTPS connections insecure
--kubeconfig='': Path to the kubeconfig file to use for CLI requests.
--log-backtrace-at=:0: when logging hits line file:N, emit a stack trace
--log-dir='': If non-empty, write log files in this directory
--log-file='': If non-empty, use this log file
--log-file-max-size=1800: Defines the maximum size a log file can grow to. Unit is megabytes. If the value is 0,
the maximum file size is unlimited.
--log-flush-frequency=5s: Maximum number of seconds between log flushes
--logtostderr=true: log to standard error instead of files
--match-server-version=false: Require server version to match client version
-n, --namespace='': If present, the namespace scope for this CLI request
--password='': Password for basic authentication to the API server
--profile='none': Name of profile to capture. One of (none|cpu|heap|goroutine|threadcreate|block|mutex)
--profile-output='profile.pprof': Name of the file to write the profile to
--request-timeout='0': The length of time to wait before giving up on a single server request. Non-zero values
should contain a corresponding time unit (e.g. 1s, 2m, 3h). A value of zero means don't timeout requests.
-s, --server='': The address and port of the Kubernetes API server
--skip-headers=false: If true, avoid header prefixes in the log messages
--skip-log-headers=false: If true, avoid headers when opening log files
--stderrthreshold=2: logs at or above this threshold go to stderr
--tls-server-name='': Server name to use for server certificate validation. If it is not provided, the hostname
used to contact the server is used
--token='': Bearer token for authentication to the API server
--user='': The name of the kubeconfig user to use
--username='': Username for basic authentication to the API server
-v, --v=0: number for the log level verbosity
--vmodule=: comma-separated list of pattern=N settings for file-filtered logging
四、管理名称空间资源
1、查看名称空间及其资源对象
1、查看namespaces资源
[root@master ~]# kubectl get ns NAME STATUS AGE default Active 41h ingress-nginx Active 33h kube-node-lease Active 41h kube-public Active 41h kube-system Active 41h
2、查看特定名称空间信息信息
[root@master ~]# kubectl describe ns default Name: default Labels: <none> Annotations: <none> Status: Active No resource quota. No LimitRange resource.
3、查看kube-system下的所有pod资源
[root@master ~]# kubectl get pods -n kube-system NAME READY STATUS RESTARTS AGE coredns-66bff467f8-d9xjc 1/1 Running 0 41h coredns-66bff467f8-lvldb 1/1 Running 0 41h etcd-master 1/1 Running 0 41h kube-apiserver-master 1/1 Running 0 41h kube-controller-manager-master 1/1 Running 0 41h kube-flannel-ds-amd64-5zsxg 1/1 Running 0 33h kube-flannel-ds-amd64-kmsb5 1/1 Running 0 33h kube-flannel-ds-amd64-lzh2b 1/1 Running 0 33h kube-proxy-lg58q 1/1 Running 0 41h kube-proxy-qcztn 1/1 Running 0 41h kube-proxy-rf6fz 1/1 Running 0 41h kube-scheduler-master 1/1 Running 0 41h metrics-server-79c86dd576-6h2b7 1/1 Running 0 33
4、查看小结
2、管理namespace资源
1、声明式
[root@master chapter3]# kubectl apply -f namespace-example.yaml namespace/dev created
2、陈述式命令
[root@master ~]# kubectl create ns luoahong namespace/luoahong created
3、删除
4、管理小结
五、pod资源的基础管理操作:陈述式对象配置管理方式
1、创建pod资源
[root@master chapter3]# kubectl create -f pod-example.yaml pod/pod-example created
2、查看pod状态
[root@master chapter3]# kubectl get -f pod-example.yaml
NAME READY STATUS RESTARTS AGE
pod-example 1/1 Running 0 40s
[root@master chapter3]# kubectl get -f pod-example.yaml -o custom-columns=NMAE:metadata.name,STATUS:status.phase
NMAE STATUS
pod-example Running
[root@master chapter3]# kubectl describe -f pod-example.yaml
Name: pod-example
Namespace: default
Priority: 0
Node: node2/192.168.118.20
Start Time: Wed, 05 Aug 2020 17:12:48 +0800
Labels: <none>
Annotations: <none>
Status: Running
IP: 10.244.2.7
IPs:
IP: 10.244.2.7
Containers:
myapp:
Container ID: docker://fc64d4153a6a5bb315fc1669c6cdcbf4ad37ce1541eb655ba1bc62919b50f5db
Image: ikubernetes/myapp:v2
Image ID: docker-pullable://ikubernetes/myapp@sha256:85a2b81a62f09a414ea33b74fb8aa686ed9b168294b26b4c819df0be0712d358
Port: <none>
Host Port: <none>
State: Running
Started: Wed, 05 Aug 2020 17:13:06 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-pwl2t (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-pwl2t:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-pwl2t
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Pulling 3m7s kubelet, node2 Pulling image "ikubernetes/myapp:v2"
Normal Scheduled 3m6s default-scheduler Successfully assigned default/pod-example to node2
Normal Pulled 2m51s kubelet, node2 Successfully pulled image "ikubernetes/myapp:v2"
Normal Created 2m50s kubelet, node2 Created container myapp
Normal Started 2m50s kubelet, node2 Started container myapp
3、更新pod资源
[root@master chapter3]# kubectl get pods pod-example -o yaml > pod-exaple-update.yaml [root@master chapter3]# sed -i 's@(image:).*@ikubernetes/myapp:v2@' pod-exaple-update.yaml [root@master chapter3]# kubectl replace -f pod-exaple-update.yaml pod/pod-example created replaces
更新活动对象的配置时,replace命令要重构整个资源对象、故此它必须基于完整格式的配置信息才能进行活动对象的完全替换若要基于此前的配置文件进行替换
就必须使用--force选项删除此前的活动对象、而后再进行新建操作、否则命令会返回错误信息
4、删除pod资源
[root@master chapter3]# kubectl delete -f pod-example.yaml pod "pod-example" deleted [root@master chapter3]# kubectl get -f pod-example.yaml Error from server (NotFound): pods "pod-example" not found
六、pod资源的基础管理操作:声明式对象配置管理方式
1、创建pod资源
对于生产环境来说、声明式对象配置操作在管理资源对象时将配置信息保存于目标对象的注解中
并通过比较活动对象的当前配置、前一次管理操作时保存于注解中的配置,一级当前命令提供的配置生成更新补丁、从而完成活动对象的不定时更新操作
[root@master chapter3]# kubectl apply -f pod-example.yaml pod/pod-example created
命令结果显示资源重新配置完成并且已经生效,
2、更新pod资源
[root@master chapter3]# vim pod-example.yaml 把image: ikubernetes/myapp:v1修改image: ikubernetes/myapp:v2 [root@master chapter3]# kubectl apply -f pod-example.yaml pod/pod-example configured
事实上、此类操作也完全能够使用patch命令直接进行补丁操作、而资源对象的删除操作依然可以使用apply命令但要同是使用--prune选项
kubectl apply -f pod_example.yaml --prune -l <labels>
需要注意的是,此命令异常凶险,因为它将基于标签选择器过滤出所有符合条件的对象,并检查由-f指定的目录中是否存在某配置文件已经定义了相应的资源对象
那些不存在相应定义的资源对象讲被删除、因此、删除资源对象的操作依然建议使用陈述式、对象配置方式的命令:#kubectl delete 进行,这样的命令格式操作目标明确且不易出现偏差