K8S入门-常用命令
K8S常用命令整理
·
1.常用命令
1.1基础
- 执行/更新配置
kubectl apply -f <file.yml>
- 列表查看
-o wide 可以查看详细信息
kubectl get <type> [-n <namespace-name>] <name> [-o wide] [-w]
参数 | 作用 |
---|---|
n | 指定namespace,默认是default |
o | 指定展示方式,wide意思是宽表 |
w | 类似tail命令中的f参数,跟随变更 |
- 查看详情
kubectl describe <type> <name>
- 删除
注意删除控制器的时候默认删除关联的Pod,可以通过添加命令–cascade=false表示不删除
kubectl delete <type> <name> [--cascade=false] [-l label.key=label.value]
参数 | 功能说明 |
---|---|
cascade | 是否删除控制器关联的Pod,true表示删除,默认true |
l | 依据标签执行,后面跟的是标签的key和value |
- 给节点添加标签
kubectl label nodes <node-name> {key=value}
key=value,key是标签的key,value是标签的value
- 查看节点标签
kubectl label node <node-name> --list=true
1.2 Deployment控制器
- 查看deployment控制器
kubectl get deployments
- 删除deployment控制器
kubectl delete deployments <deployments-name> [--cascade=false]
- 版本升级
建议修改配置文件,使用apply命令更新 - 回滚至前一版
kubectl rollout undo deployment/<deployment-name>
- 查看历史版本
kubectl rollout history deployment/<deployment-name> [--to-revision=1]
参数 | 功能说明 |
---|---|
to-revision | 回滚到指定版本,值是版本序号 |
- 更新到指定版本
kubectl rollout history deployment/<deployment-name> [--revision=1]
参数 | 功能说明 |
---|---|
revision | 查看指定版本的详细信息,值是版本序号 |
- 扩缩容
kubectl scale deployment <deployment-name> --replicas=4
参数 | 功能说明 |
---|---|
replicas | 副本数量 |
1.3 Pod
- 查看Pod
kubectl get pod -o wide
- 删除Pod
kubectl delete pod <pod-name>
- 查看Pod版本号
kubectl get pods -o custom-columns=Name:metadata.name,Image:spec.containers[0].image
1.4 ReplicaSet控制器
- 查看ReplicaSet控制器
kubectl get rs
- 删除
kubectl delete replicasets <rs-name> [--cascade=false]
1.5 HPA控制器
- 这个需要先启动deployment控制器,再启动响应的hpa控制器。
- 查看所有
kubectl get hpa <hpa-name> -o wide
- 删除
kubectl delete hpa <hpa-name>
1.6 节点调度
- 当节点处于不可调度状态时执行
kubectl uncordon <node-name>
2. 配置举例
2.1 简单Demo
- 使用Deployment控制器
- Pod数量为2
- nginx开放端口80
- 设置调度要求,调度在标签有dev的节点上。
- 设置调度要求,调度到指定节点。
- 调度一般是对设备的物理属性有要求,比如mysql容器等等。
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2 #指定Pod数量为2
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
#nodeSelector:
#env: dev # 节点调度到开发环境
#nodeName: master #指定调度节点为master
containers:
- name: nginx
image: nginx:1.12
ports:
- containerPort: 80 #开放端口
2.2 设置版本更新策略
- 使用Deployment控制器
- 版本更新策略为滚动更新
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
spec:
replicas: 2
minReadySeconds: 2 # 这里需要估一个比较合理的值,从容器启动到应用正常提供服务
strategy: # k8s 默认的 strategy 就是 RollingUpdate, 这里写明出来可以调节细节参数
#type: Recreate
type: RollingUpdate
rollingUpdate:
maxSurge: 1 # 更新时允许最大激增的容器数,默认 replicas 的 1/4 向上取整
maxUnavailable: 0 # 更新时允许最大 unavailable 容器数,默认 replicas 的 1/4 向下取整
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.20
ports:
- containerPort: 80
2.3 简单的HPA控制器
- 控制CPU核数
- pod配置内存要求
HPA控制器
apiVersion: autoscaling/v2beta2
kind: HorizontalPodAutoscaler
metadata:
name: cpu-nginx-demo
spec:
minReplicas: 1 #最小pod数量
maxReplicas: 10 #最大pod数量
scaleTargetRef: # 指定要控制的nginx信息
apiVersion: apps/v1
kind: Deployment
name: nginx-demo
metrics: # 指定内存的一个配置
- type: Resource
resource:
name: memory
target:
type: Utilization
averageUtilization: 10 #当整体的资源利用率超过这个百分比的时候,会进行扩容
pod
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-demo
spec:
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.12
ports:
- containerPort: 80
resources:
requests:
memory: 50Mi
cpu: 50m
limits:
memory: 100Mi
cpu: 100m
2.4 emptyDir Demo
- Pod中定义一个html位置,容器匹配对应位置。
- 多容器可以读取同一位置中的文件。
- 重启Pod后数据消失。
apiVersion: apps/v1
kind: Deployment
metadata:
name: vol-emptydir-deploy
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes: #定义存储卷
- name: html #定义存储卷的名称
emptyDir: {} #定义存储卷的类型
containers:
- name: nginx
image: nginx:1.12
ports:
- containerPort: 80
volumeMounts: #在容器中定义挂载存储卷的名和路径
- name: html
mountPath: /usr/share/nginx/html
2.5 hostpath Demo
- Pod中定义一个html位置,容器匹配对应位置。
- 重启Pod后数据不会消失。
apiVersion: apps/v1
kind: Deployment
metadata:
name: vol-hostpath-deploy
spec:
replicas: 1
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
volumes: #定义存储卷
- name: html # 定义存储名称
hostPath: # 定义存储类型
path: /tmp/k8s/data/volumn # 宿主机存储路径
type: DirectoryOrCreate # 不存在路径创建路径
containers:
- name: nginx
image: nginx:1.12
ports:
- containerPort: 80
volumeMounts: #在容器中定义挂载存储卷的名和路径
- name: html
mountPath: /usr/share/nginx/html
3. 组件安装
3.1 配套HPA控制器的Metrics-server
- 下载资源清单
wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
- 变更镜像地址
image: bitnami/metrics-server:0.6.2
- 跳过证书校验
--kubelet-insecure-tls
- 最终文件
apiVersion: v1
kind: ServiceAccount
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
rbac.authorization.k8s.io/aggregate-to-admin: "true"
rbac.authorization.k8s.io/aggregate-to-edit: "true"
rbac.authorization.k8s.io/aggregate-to-view: "true"
name: system:aggregated-metrics-reader
rules:
- apiGroups:
- metrics.k8s.io
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
rules:
- apiGroups:
- ""
resources:
- nodes/metrics
verbs:
- get
- apiGroups:
- ""
resources:
- pods
- nodes
verbs:
- get
- list
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server-auth-reader
namespace: kube-system
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: extension-apiserver-authentication-reader
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: metrics-server:system:auth-delegator
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:auth-delegator
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
labels:
k8s-app: metrics-server
name: system:metrics-server
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:metrics-server
subjects:
- kind: ServiceAccount
name: metrics-server
namespace: kube-system
---
apiVersion: v1
kind: Service
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
ports:
- name: https
port: 443
protocol: TCP
targetPort: https
selector:
k8s-app: metrics-server
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
k8s-app: metrics-server
name: metrics-server
namespace: kube-system
spec:
selector:
matchLabels:
k8s-app: metrics-server
strategy:
rollingUpdate:
maxUnavailable: 0
template:
metadata:
labels:
k8s-app: metrics-server
spec:
containers:
- args:
- --cert-dir=/tmp
- --secure-port=4443
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --kubelet-insecure-tls
- --metric-resolution=15s
image: bitnami/metrics-server:0.6.2
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 3
httpGet:
path: /livez
port: https
scheme: HTTPS
periodSeconds: 10
name: metrics-server
ports:
- containerPort: 4443
name: https
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /readyz
port: https
scheme: HTTPS
initialDelaySeconds: 20
periodSeconds: 10
resources:
requests:
cpu: 100m
memory: 200Mi
securityContext:
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
runAsNonRoot: true
runAsUser: 1000
volumeMounts:
- mountPath: /tmp
name: tmp-dir
nodeSelector:
kubernetes.io/os: linux
priorityClassName: system-cluster-critical
serviceAccountName: metrics-server
volumes:
- emptyDir: {}
name: tmp-dir
---
apiVersion: apiregistration.k8s.io/v1
kind: APIService
metadata:
labels:
k8s-app: metrics-server
name: v1beta1.metrics.k8s.io
spec:
group: metrics.k8s.io
groupPriorityMinimum: 100
insecureSkipTLSVerify: true
service:
name: metrics-server
namespace: kube-system
version: v1beta1
versionPriority: 100
- 查看指标
kubectl top node
- 查看所有指标
kubectl top pod --all-namespaces
更多推荐
已为社区贡献3条内容
所有评论(0)