kubernetes基本操作

kubernetes基本操作

执行两条命令，以支持kubectl命令tables补全

yum -y install bash-completion bash-completion-extras
kubectl completion bash >~/.kube/kubectl_autocompletion
echo 'source ~/.kube/kubectl_autocompletion' >>/etc/profile
source /etc/profile

kubectl命令行管理工具

用于连接kubernetes集群和管理资源的命令行工具

创建资源

kubectl run nginx --replicas=3 --image=nginx:latest --port=80
#参数
--replicas	---指定数量
--image		---指定镜像
--port		---指定端口

这个命令创建了一个控制器(deployment)，这个控制器负责更高级的功能，譬如滚动更新，管理你的副本
kubectl get deployment
NAME    READY   UP-TO-DATE   AVAILABLE   AGE
nginx   3/3     3            3           3m24s

发布服务

#服务不是创建好了就可以访问到的，需要创建一个service把你的服务暴露出去
kubectl expose deployment nginx --port=80 --type=NodePort --target-port=80 --name=nginx-serivce
#参数
deployment		---指定deployment名字，也就是刚刚创建的nginx
--port			---service内部访问的端口
--type=NodePort	 ---类型为NodePort,代表node节点IP
--target-port	---容器端口
--name			---service名字

kubectl get svc
NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        38h
nginx-serivce   NodePort    10.0.0.147   <none>        80:31493/TCP   20s

nginx已经发布出去了，随机的端口为31493，所以访问任意Node节点的31493
for i in `echo 192.168.10.{92,93,95}:31493`;do curl -I $i;done
HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 01:52:44 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 01:52:44 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 01:52:44 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

更新服务

#把nginx版本更变为1.16.1
kubectl set image deployment/nginx nginx=nginx:1.16.1

#确认是否已经更新
for i in `echo 192.168.10.{92,93,95}:31493`;do curl -I $i;done
HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Wed, 27 May 2020 01:59:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 13 Aug 2019 10:05:00 GMT
Connection: keep-alive
ETag: "5d528b4c-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Wed, 27 May 2020 01:59:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 13 Aug 2019 10:05:00 GMT
Connection: keep-alive
ETag: "5d528b4c-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.16.1
Date: Wed, 27 May 2020 01:59:27 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 13 Aug 2019 10:05:00 GMT
Connection: keep-alive
ETag: "5d528b4c-264"
Accept-Ranges: bytes

服务回滚

#查看一下发布过的历史版本
kubectl rollout history deployment nginx 
deployment.apps/nginx 
REVISION  CHANGE-CAUSE
1         <none>
2         <none>

#1就是第一次发布版本，2就是当前版本，要回滚一条命令就好了，指定回滚版本也可以
kubectl rollout undo deployment nginx 

#确认是否已经更新
for i in `echo 192.168.10.{92,93,95}:31493`;do curl -I $i;done
HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 02:10:57 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 02:10:57 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 02:10:57 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

删除服务

#在部署时部署了两套资源，一套是deployment，一套是service，所以直接把两个删掉就行了
kubectl delete deployment nginx 
kubectl delete services nginx-serivce 

kubectl远程连接K8S集群

现在所有的管理都是在Master上进行操作的，kubectl离开了Master他就不行了，因为Master跑了apiserver，而apiserver现在监听的地址是127.0.0.1:8080，kubectl默认连接的apiserver的地址就是127.0.0.1:8080
netstat -lntp | grep kube-apiserver
tcp        0      0 192.168.10.91:6443      0.0.0.0:*               LISTEN      1319/kube-apiserver 
tcp        0      0 127.0.0.1:8080          0.0.0.0:*               LISTEN      1319/kube-apiserver 

想在别的非Master节点连接K8S集群，具体的方法是生成一个名为kubectl config的配置文件，这个配置文件包含了连接apiserver的认证信息

复制文件

ansible nodes -m copy -a "src=/opt/kubernetes/bin/kubectl dest=/usr/local/bin/ mode=755"

生成配置文件

#在Master节点操作
cat kubectl_Connection.sh
#bin/bash
#生成管理员证书
cd /opt/ssl_config/kubernetes/
cat > admin-csr.json<<EOF
{
  "CN": "admin",
  "hosts": [],
  "key": {
    "algo": "rsa",
    "size": 2048
  },
  "names": [
    {
      "C": "CN",
      "L": "BeiJing",
      "ST": "BeiJing",
      "O": "system:masters",
      "OU": "System"
    }
  ]
}
EOF

cfssl gencert -ca=ca.pem -ca-key=ca-key.pem -config=ca-config.json -profile=kubernetes admin-csr.json | cfssljson -bare admin

#创建kubeconfig文件

# 设置集群参数
kubectl config set-cluster kubernetes 
  --server=https://192.168.31.61:6443 
  --certificate-authority=ca.pem 
  --embed-certs=true 
  --kubeconfig=config

# 设置客户端认证参数
kubectl config set-credentials cluster-admin 
  --certificate-authority=ca.pem 
  --embed-certs=true 
  --client-key=admin-key.pem 
  --client-certificate=admin.pem 
  --kubeconfig=config

# 设置上下文参数
kubectl config set-context default 
  --cluster=kubernetes 
  --user=cluster-admin 
  --kubeconfig=config

# 设置默认上下文
kubectl config use-context default --kubeconfig=config

执行脚本

#执行脚本
bash kubectl_Connection.sh 

测试能否正常连接

ansible nodes -m file -a "path=/root/.kube state=directory"
ansible nodes -m copy -a "src=config dest=/root/.kube/"
[root@k8s01 kubernetes]# ssh k8s02
[root@k8s02 ~]# kubectl get nodes
NAME    STATUS   ROLES    AGE   VERSION
k8s02   Ready    <none>   37h   v1.16.10
k8s03   Ready    <none>   36h   v1.16.10
k8s05   Ready    <none>   17h   v1.16.10
[root@k8s02 ~]# 
#如果你的配置文件没有传到~/.kube目录下，你需要使用--kubeconfig=指定文件位置

YAML配置文件资源管理

语法格式：
•缩进表示层级关系
•不支持制表符"tab"缩进，使用空格缩进
•通常开头缩进2 个空格
•字符后缩进1 个空格，如冒号、逗号等
•"---" 表示YAML格式，一个文件的开始
•"#"注释

使用YAML文件部署应用

[root@k8s01 yml]# cat deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 3
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

详解

#指定当前部署Deployment资源版本，在k8S中所有的资源对象都时通过api分组去实现的，这里指定的api版本
#v1表示这个资源组的稳定版本，beta为测试版，写YAML最好指定一个稳定版本。
apiVersion: apps/v1

#API版本很多的，可以通过如下命令查看
kubectl api-versions

#指定资源的名字，你要是用哪个资源
kind: Deployment

#指定控制器的一些属性，Deployment是一个控制器，是元数据信息，像是指定了Deployment的名字、标签、副本数，通过标签管理具体的pods
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 3

#被管理对象，就是pod了，定义了容器Pod标签，标记哪个控制器来控制他，标签为nginx，也定义了容器名称为nginx，镜像为nginx:latest，容器内部端口为80，控制器通过标签来匹配pod，通过这个文件描述出要创建一个怎样的资源对象
template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx:latest
        ports:
        - containerPort: 80

部署服务

[root@k8s01 yml]# kubectl create -f deployment.yaml  
[root@k8s01 yml]# kubectl get pods 
NAME                               READY   STATUS    RESTARTS   AGE
nginx-deployment-59c9f8dff-qx67z   1/1     Running   0          15s
nginx-deployment-59c9f8dff-tprf4   1/1     Running   0          15s
nginx-deployment-59c9f8dff-zrbf2   1/1     Running   0          15s

#已经创建好了，现在外部还无法访问，还需要创建一个service

发布服务

[root@k8s01 yml]# cat services.yaml
apiVersion: v1
kind: Service
metadata:
  name: nginx-service
  labels: 
    app: nginx
spec: 
  type: NodePort
  ports: 
  - port: 80
    targetPort: 80
  selector: 
    app: nginx

#这里配置的是pod的标签，也就是nginx，请确保有所标签都是能匹配的到的
[root@k8s01 yml]# kubectl create -f services.yaml 
[root@k8s01 yml]# kubectl get svc
NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        39h
nginx-service   NodePort    10.0.0.133   <none>        80:31915/TCP   13s
[root@k8s01 yml]# 

访问节点

[root@k8s01 yml]# for i in `echo 192.168.10.{92,93,95}:31915`;do curl -I $i;done
HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 03:11:07 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 03:11:07 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

HTTP/1.1 200 OK
Server: nginx/1.17.10
Date: Wed, 27 May 2020 03:11:07 GMT
Content-Type: text/html
Content-Length: 612
Last-Modified: Tue, 14 Apr 2020 14:19:26 GMT
Connection: keep-alive
ETag: "5e95c66e-264"
Accept-Ranges: bytes

#更新回滚之类的一般不会写配置文件，直接用kubectl命令去做了，其实Deployment和service的可以写到一个文件中，只需要使用---分隔就好了

生成YAML文件

其实YAML文件是可以生成的，使用kubectl就可以，现在把上面部署nginx的YAML文件转成命令

通过kubectl run

kubectl run nginx --image=nginx:latest --replicas=3 --port=80 --dry-run -o yaml > nginx.yaml
#加了--try-run只是测试命令是否能正常运行，而不会创建服务
[root@k8s01 yml]# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  creationTimestamp: null
  labels:
    run: nginx
  name: nginx
spec:
  replicas: 3
  selector:
    matchLabels:
      run: nginx
  strategy: {}
  template:
    metadata:
      creationTimestamp: null
      labels:
        run: nginx
    spec:
      containers:
      - image: nginx:latest
        name: nginx
        ports:
        - containerPort: 80
        resources: {}
status: {}

使用kubectl get

#现在有一个nginx的服务，现在把他Deployment的yaml导出来
[root@k8s01 yml]# kubectl get deployment nginx-deployment -o yaml >nginx.yaml
[root@k8s01 yml]# cat nginx.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  annotations:
    deployment.kubernetes.io/revision: "1"
  creationTimestamp: "2020-05-27T03:00:38Z"
  generation: 1
  name: nginx-deployment
  namespace: default
  resourceVersion: "69740"
  selfLink: /apis/apps/v1/namespaces/default/deployments/nginx-deployment
  uid: 863a3df1-c4d7-448b-92b8-786e38c4ecf5
spec:
  progressDeadlineSeconds: 600
  replicas: 3
  revisionHistoryLimit: 10
  selector:
    matchLabels:
      app: nginx
  strategy:
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%
    type: RollingUpdate
  template:
    metadata:
      creationTimestamp: null
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx:latest
        imagePullPolicy: Always
        name: nginx
        ports:
        - containerPort: 80
          protocol: TCP
        resources: {}
        terminationMessagePath: /dev/termination-log
        terminationMessagePolicy: File
      dnsPolicy: ClusterFirst
      restartPolicy: Always
      schedulerName: default-scheduler
      securityContext: {}
      terminationGracePeriodSeconds: 30
status:
  availableReplicas: 3
  conditions:
  - lastTransitionTime: "2020-05-27T03:00:52Z"
    lastUpdateTime: "2020-05-27T03:00:52Z"
    message: Deployment has minimum availability.
    reason: MinimumReplicasAvailable
    status: "True"
    type: Available
  - lastTransitionTime: "2020-05-27T03:00:38Z"
    lastUpdateTime: "2020-05-27T03:00:52Z"
    message: ReplicaSet "nginx-deployment-59c9f8dff" has successfully progressed.
    reason: NewReplicaSetAvailable
    status: "True"
    type: Progressing
  observedGeneration: 1
  readyReplicas: 3
  replicas: 3
  updatedReplicas: 3

Pod容器的字段拼写忘记

kubectl explain pods.spec.containers