kubectl的命令补全

  1. yum install -y bash-completion
  2. source /usr/share/bash-completion/bash_completion  
  3. echo "source <(kubectl completion bash)" >> ~/.bashrc  
  4. source ~/.bashrc

群集命令

  1. master
  2. systemctl daemon-reload
  3. systemctl start kube-apiserver
  4. systemctl start kube-controller-manager
  5. systemctl start kube-scheduler
  7. etcd
  8. systemctl start etcd.service
  10. client
  11. systemctl start kube-proxy -l
  12. systemctl start docker -l
  13. systemctl start kubelet -l
  15. status
  16. systemctl status etcd.service
  17. systemctl status kube-apiserver -l
  18. systemctl status kube-controller-manager -l
  19. systemctl status kube-scheduler
  20. systemctl status kube-proxy -l
  21. systemctl status kubelet -l

kubectl维护环境命令

  1. 重启kubelet服务
  2. systemctl daemon-reload
  3. systemctl restart kubelet
  5. 修改启动参数
  6. vim /etc/systemd/system/kubelet.service.d/10-kubeadm.conf
  8. # 查看集群信息
  9. kubectl cluster-info
  11. # 查看各组件信息和状态
  12. kubectl get componentstatuses
  14. #查看kubelet进程启动参数
  15. ps -ef | grep kubelet

污点与标签

  1. master运行pod
  2. kubectl taint nodes master.k8s node-role.kubernetes.io/master-
  3. master不运行pod
  4. kubectl taint nodes master.k8s node-role.kubernetes.io/master=:NoSchedule
  5. 查看:
  6. kubectl describe nodes ci-k8s-master01 |grep Taints
  8. 添加节点标签
  9. kubectl label nodes <node-name> <label-key>=<label-value>
  10. 例如:
  11. kubectl label node k8s-worker-1 node-role.kubernetes.io/worker=worker
  12. 查看节点标签
  13. kubectl get node --show-labels
  14. 删除节点标签
  15. kubectl label nodes <node-name> <label-key>-

pod驱逐

kubernetes节点维护命令cordon(隔离), drain(驱除), uncordon(解锁)


1.设为不可调度状态:
kubectl cordon node1


2.将pod赶到其他节点:

当我们需要对一个节点进行维护,或者删除这个节点的时候,需要手动将布置在上面的Pod主动驱逐出来,以便不影响业务的连续性。
驱逐node节点上的Pod(先设置node为cordon不可调度状态,然后驱逐Pod)
kubectl drain <node name>


3.解除不可调度状态

维护完后需要将节点设置为可调度
kubectl uncordon <node name>

POD相关命令

kubectl get 
kubectl get pod -w 查看所有POD动态
kubectl get pod <pod_name> -o wide    //查看pod,指定pod,pod所在的节点
kubectl get replicaset   //查看副本集
kubectl get deployment net-test      //查看应用
kubectl get service    //查看服务

kubectl describe node <node-name>
kubectl describe pod net-test      //查看pod的详细信息
kubectl describe replicaset       //查看副本集详细信息
kubectl describe deployment net-test   //查看应用详细信息
kubectl describe service   //查看服务详细信息
kubectl describe ingress   //查看ingress详细信息
kubectl describe services -n kube-system ingress-service   //查看指定命名空间,默认是default

kubectl delete
kubectl delete service ingress-service   //删除服务(同样方式删除deployment,ingress)
kubectl delete -f xxx.yaml  //通过yaml文件删除,可以删除多个资源

kubectl apply
kubectl apply -f ingress-service.yaml   //创建+更新资源
kubectl set image deployment -n global-financial-test global-financial-common-service global-financial-common-service=registry.cn-shanghai.aliyuncs.com/yuanshi-hz/global-financial-common-service:sit-4   //更新镜像

kubectl exec
kubectl exec pod1 date     //指定pod执行date命令
kubectl exec -it pod1 bash    //进去pod容器

kubectl
kubectl edit deployments haitao-customs   //使用VIM在线编辑资源,保存及生效

重启

重启dep
kubectl scale deployments/$dep_name --replicas=0
kubectl scale deployments/$dep_name --replicas=1
重启pod
kubectl delete pod $pod_name

排查命令

查看事件
kubectl get events

查看资源使用率
kubectl top node
kubectl top pod

查看节点信息
kubectl describe node <node-name>

查看日志:
journalctl -u kubelet -f

导出资源yaml文件

kubectl get secrets xxx -o yaml > xxx

正确删除pod的顺序

deployment —>replicaset—> pod
强制删除
kubectl ``delete pods httpd-app-6df58645c6-cxgcm --grace-period=0 --force

拷贝容器文件(需要重命名文件,否则无法拷贝)

kubectl cp -n xm-prod weibo-king-api-686c6d486f-jgvhs:/home/deploy/king-api-1.0.0-SNAPSHOT.jar ./king-api-1.0.0-SNAPSHOT.jar

关于应用部署

1.写成 yaml 声明好相关的资源 直接kubectl apply(更新)
2.打成一个结构化的helm chart 包,维护到你自己的版本控制中(推荐)
kubectl apply -f ingress-service.yaml
远程调用:
kubectl —kubeconfig ~/.kube/config.prod apply -f ingress-service.yaml

k8s创建应用

1.命令行创建
kubectl run net-test —image=alpine —replicas=2 sleep 36000 //创建Deployment
kubectl expose nginx —port=80 —target-port=8000 //// 创建Service

2.配置文件创建
kubectl create -f nginx-deployment.yaml

关于IP

Node IP:node节点的IP地址 //真实IP,节点之间的通讯
Pod IP: pod的IP地址 //虚拟二层网络,不同节点之间的pod之间的通讯(通过NodeIp流出)
Cluster IP: server的IP地址 //虚拟IP,无法被ping,仅作用于service对象

关于网络

应用之间通过service去访问,外部访问通过ingresses,deployment,service,ingresses写在一个yaml必须用分隔符

其他外部访问方式:

NodePort类型
LoadBalancer类型

例子:
apiVersion: v1
kind: Service
metadata:
  name: tomcat-service
spec:
  selector:
    app: nginx
  type: NodePort    //使用节点Node IP和NodePort访问,如果多个pod,需要用 LoadBalancer 类型
  ports:
    - protocol: TCP
      port: 8099    
      targetPort: 80
      nodePort: 32080    //暴露到节点的真实端口

关于端口

port是你service的port //节点上访问pod_IP+端口
targetport是容器的port,你只能通过容器ip+targetport访问
service访问,就是service+port //节点上访问ClusterIP+端口,或容器内访问service_Name+端口
nodeport是节点port,如果你指定service类型是nodeport,就用你的nodeip+nodeport访问

例如:

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: nginx-deployment
spec:
  selector:
    matchLabels:
      app: nginx
  replicas: 2
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        resources:
          limits:
            memory: "128Mi"
            cpu: "500m"
        ports:
        - containerPort: 80
---    //分隔符
kind: Service
apiVersion: v1
metadata:
  name: nginx-service
spec:
  selector:
    app: nginx
  ports:
    - protocol: TCP
      port: 8099    //映射到service的端口,在节点上通过servicename+端口访问
      targetPort: 80    //容器的端口,在节点上通过pod的IP+端口访问(默认不加service,就能实现,POD_IP会一直变化)