Kubernetes 常用命令、资源配置整理
本文首发在这里
希望下个生产环境可以用上Kubernetes,整理常用命令、资源配置相关内容以备参考
将使用以下特性
- 自动化上线和回滚
- 服务发现与负载均衡
- 自我修复
- 水平扩缩
- 等
kubectl
kubectl version
通用选项
-n, --namespace=''
支持全部子命令
-l, --selector=''
支持 get、delete 等
常见资源及缩写
pods po
services svc
deployments deploy
statefulsets sts
replicasets rs
nodes no
persistentvolumeclaims pvc
persistentvolumes pv
configmaps cm
secrets
poddisruptionbudgets pdb
namespaces ns
events ev
get
kubectl get pods,services# -w, --watch=false
kubectl get pods --watch{% raw %}
# -o, --output=''
# json, yaml, go-template, jsonpath, custom-columns, wide
kubectl get pods -o wide
kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'
kubectl get services $SERVICE_NAME -o go-template='{{(index .spec.ports 0).nodePort}}'
kubectl get services $SERVICE_NAME -o jsonpath='{.spec.ports[0].nodePort}'
kubectl get pods $POD_NAME --template '{{range $i, $c := .spec.containers}}{{$c.image}}{{end}}'
kubectl get pods $POD_NAME --template {{.spec.nodeName}}
kubectl get pods $POD_NAME -o=jsonpath='{.spec.terminationGracePeriodSeconds}'
kubectl get pods -o custom-columns='POD_IP:.status.podIPs,IMAGE:.spec.containers[0].image'
kubectl get nodes -o jsonpath='{ $.items[*].status.addresses[?(@.type=="InternalIP")].address }'
{% endraw %}kubectl get pods/$POD_NAME services/$SERVICE_NAME
kubectl get pods $POD_NAME1 $POD_NAME2
describe
delete
kubectl delete statefulsets $STATEFULSET_NAME --cascade=orphan # 非级联删除,保留Pod
kubectl delete statefulsets $STATEFULSET_NAME # 级联删除# -f, --filename=[]
kubectl delete -f file# -k, --kustomize=''
kubectl delete -k .
logs
# -f, --follow=false
kubectl logs -f $POD_NAME# --tail=-1
kubectl logs --tail 10 $POD_NAME
apply
# -f, --filename=[]
kubectl apply -f file# -k, --kustomize=''
kubectl apply -k .
scale
# --replicas=0
kubectl scale statefulsets $STATEFULSET_NAME --replicas=5
patch
# -p, --patch=''
kubectl patch statefulsets $STATEFULSET_NAME -p '{"spec":{"replicas":3}}'# --type='strategic'
kubectl patch statefulsets $STATEFULSET_NAME --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/resources/requests/cpu", "value":"0.3"}]'
rollout
# statefulsets、deployments、daemonsets
kubectl rollout status deployments $DEPLOYMENT_NAME
kubectl rollout history statefulsets $STATEFULSET_NAME
kubectl rollout undo statefulsets $STATEFULSET_NAME
kubectl rollout restart deployments $DEPLOYMENT_NAME
proxy
curl http://localhost:8001/version
curl http://localhost:8001/api/v1/namespaces/default/pods/$POD_NAME/
curl http://localhost:8001/api/v1/namespaces/default/pods/$POD_NAME:8080/proxy/
其它
kubectl create deployment $DEPLOYMENT_NAME --image=$IMAGE_NAME# ClusterIP, NodePort, LoadBalancer, or ExternalName
kubectl expose deployments $DEPLOYMENT_NAME --type=LoadBalancer --port=8080 --name=$SERVICE_NAMEkubectl exec -it $POD_NAME -- bashkubectl run -it --image busybox:1.28 dns-test --restart=Never --rm # nslookupkubectl set image deployments $DEPLOYMENT_NAME $CONTAINER_NAME=$IMAGE_NAMEkubectl config viewkubectl top pods # 依赖 metrics-serverkubectl label pods $POD_NAME version=v1kubectl port-forward $POD_NAME 8080:80kubectl edit statefulsets $STATEFULSET_NAMEkubectl cordon $NODE_NAME
kubectl drain $NODE_NAME --ignore-daemonsets --force --delete-emptydir-data
kubectl uncordon $NODE_NAMEkubectl explain deployments --recursive
minikube
# --image-mirror-country='cn'
# --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers'
# --base-image='registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase:v0.0.44'
# export HTTP_PROXY=http://192.168.3.177:1087
# export HTTPS_PROXY=http://192.168.3.177:1087
# export NO_PROXY=localhost,127.0.0.1,10.96.0.0/12,192.168.59.0/24,192.168.49.0/24,192.168.39.0/24
minikube start --memory=2048 --cpus=2 --nodes=1
minikube stop
minikube deleteminikube dashboard --urlminikube service $SERVICE_NAME --urlminikube addons list
minikube addons enable metrics-serverminikube node --helpminikube ssh
代理参考链接
docker
sudo sh get-docker.sh --mirror Aliyunsudo usermod -aG docker $USER
/etc/docker/daemon.json
{"proxies": {"http-proxy": "http://192.168.3.177:1087","https-proxy": "http://192.168.3.177:1087","no-proxy": "localhost,127.0.0.0/8"}
}
代理参考链接
secrets
create
kubectl create secret generic mysql-password --from-literal=password=YOUR_PASSWORD
apply
# 创建公钥和相对应的私钥
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt -subj "/CN=my-nginx/O=my-nginx"
# 对密钥实施 base64 编码
cat nginx.crt | base64
cat nginx.key | base64
# 使用上述命令输出创建如下配置文件
kubectl apply -f nginxsecrets.yaml
# nginxsecrets.yaml
apiVersion: "v1"
kind: "Secret"
metadata:name: "nginxsecret"namespace: "default"
type: kubernetes.io/tls
data:tls.crt: "YOUR CRT BASE64"tls.key: "YOUR KEY BASE64"
generator
cat <<EOF >./kustomization.yaml
secretGenerator:
- name: mysql-passliterals:- password=YOUR_PASSWORD
# resources:# - mysql-deployment.yaml
EOF
kubectl apply -k .
configmaps
create
kubectl create configmap fruits --from-literal=fruits=apples
kubectl create configmap nginxconfigmap --from-file=default.conf
default.conf
apply
apiVersion: v1
kind: ConfigMap
metadata:name: example-redis-config
data:redis-config: "requirepass password"
persistentvolumeclaims
apiVersion: v1
kind: PersistentVolumeClaim
metadata:name: nginx-pvclabels:run: my-nginx
spec:accessModes:- ReadWriteOnceresources:requests:storage: 2Gi
deployments
apiVersion: apps/v1
kind: Deployment
metadata:labels:run: my-nginxname: my-nginx
spec:replicas: 1selector:matchLabels:run: my-nginxtemplate:metadata:labels:run: my-nginxspec:volumes:- name: persistent-storagepersistentVolumeClaim:claimName: nginx-pvc- name: secret-volumesecret:secretName: nginxsecret- name: configmap-volumeconfigMap:name: nginxconfigmapcontainers:- image: nginxname: my-nginxenv:- name: POD_IPvalueFrom:fieldRef:fieldPath: status.podIP- name: MYSQL_ROOT_PASSWORDvalueFrom:secretKeyRef:name: mysql-passwordkey: password- name: MYSQL_USERvalue: root- name: FRUITSvalueFrom:configMapKeyRef:key: fruitsname: fruitsports:- containerPort: 443- containerPort: 80volumeMounts:- name: persistent-storagemountPath: /usr/share/nginx/html- mountPath: /etc/nginx/sslname: secret-volume- mountPath: /etc/nginx/conf.dname: configmap-volume
相比直接kubectl create deployment
可设置标签、设置容器名称等等
验证如下
hostname > /usr/share/nginx/html/index.html
curl -k https://localhost
主要参考链接、补充参考链接
services
apiVersion: v1
kind: Service
metadata:name: my-nginxlabels:run: my-nginx
spec:type: NodePortports:- port: 8080targetPort: 80protocol: TCPname: http- port: 443protocol: TCPname: httpsselector:run: my-nginx
无头服务(Headless Services)clusterIP: None
statefulsets
apiVersion: v1
kind: Service
metadata:name: zk-hslabels:app: zk
spec:ports:- port: 2888name: server- port: 3888name: leader-electionclusterIP: Noneselector:app: zk
---
apiVersion: v1
kind: Service
metadata:name: zk-cslabels:app: zk
spec:ports:- port: 2181name: clientselector:app: zk
---
apiVersion: apps/v1
kind: StatefulSet
metadata:name: zk
spec:selector:matchLabels:app: zkserviceName: zk-hsreplicas: 3updateStrategy:type: RollingUpdatepodManagementPolicy: OrderedReadytemplate:metadata:labels:app: zkspec:containers:- name: kubernetes-zookeeperimagePullPolicy: Alwaysimage: "registry.k8s.io/kubernetes-zookeeper:1.0-3.4.10"resources:requests:memory: "1Gi"cpu: "0.5"ports:- containerPort: 2181name: client- containerPort: 2888name: server- containerPort: 3888name: leader-electioncommand:- sh- -c- "start-zookeeper \--servers=3 \--data_dir=/var/lib/zookeeper/data \--data_log_dir=/var/lib/zookeeper/data/log \--conf_dir=/opt/zookeeper/conf \--client_port=2181 \--election_port=3888 \--server_port=2888 \--tick_time=2000 \--init_limit=10 \--sync_limit=5 \--heap=512M \--max_client_cnxns=60 \--snap_retain_count=3 \--purge_interval=12 \--max_session_timeout=40000 \--min_session_timeout=4000 \--log_level=INFO"readinessProbe:exec:command:- sh- -c- "zookeeper-ready 2181"initialDelaySeconds: 10timeoutSeconds: 5livenessProbe:exec:command:- sh- -c- "zookeeper-ready 2181"initialDelaySeconds: 10timeoutSeconds: 5volumeMounts:- name: datadirmountPath: /var/lib/zookeepersecurityContext:runAsUser: 1000fsGroup: 1000volumeClaimTemplates:- metadata:name: datadirspec:accessModes: [ "ReadWriteOnce" ]resources:requests:storage: 10Gi
Pod 管理策略OrderedReady vs Parallel
验证如下
nslookup zk-cs
nslookup zk-hs
# <statefulset 名称>-<序号索引>.<spec.serviceName>
nslookup zk-0.zk-hskubectl exec zk-0 zkCli.sh create /hello world
kubectl exec zk-1 zkCli.sh get /hello
参考链接
PodAntiAffinity
spec:template:spec:affinity:podAntiAffinity:requiredDuringSchedulingIgnoredDuringExecution:- labelSelector:matchExpressions:- key: "app"operator: Invalues:- zktopologyKey: "kubernetes.io/hostname"
poddisruptionbudgets
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:name: zk-pdb
spec:selector:matchLabels:app: zkmaxUnavailable: 1
金丝雀发布
kubectl patch statefulset $STATEFULSET_NAME -p '{"spec":{"updateStrategy":{"type":"RollingUpdate","rollingUpdate":{"partition":3}}}}'
kubectl patch statefulset $STATEFULSET_NAME --type='json' -p='[{"op":"replace","path":"/spec/template/spec/containers/0/image","value":"IMAGE"}]'
可借助这个来测试PodAntiAffinity、poddisruptionbudgets、金丝雀发布