Kubernetes 常用命令、资源配置整理
2024-07-04 10:00:00
希望下个生产环境可以用上Kubernetes,整理常用命令、资源配置相关内容以备参考
将使用以下特性
- 自动化上线和回滚
- 服务发现与负载均衡
- 自我修复
- 水平扩缩
- 等
kubectl
kubectl version
通用选项
-n, --namespace='' 支持全部子命令
-l, --selector='' 支持 get、delete 等
常见资源及缩写
pods po
services svc
deployments deploy
statefulsets sts
replicasets rs
nodes no
persistentvolumeclaims pvc
persistentvolumes pv
configmaps cm
secrets
poddisruptionbudgets pdb
namespaces ns
events ev
get
kubectl get pods,services
# -w, --watch=false
kubectl get pods --watch
# -o, --output=''
# json, yaml, go-template, jsonpath, custom-columns, wide
kubectl get pods -o wide
kubectl get pods -o go-template --template '{{range .items}}{{.metadata.name}}{{"\n"}}{{end}}'
kubectl get services $SERVICE_NAME -o go-template='{{(index .spec.ports 0).nodePort}}'
kubectl get services $SERVICE_NAME -o jsonpath='{.spec.ports[0].nodePort}'
kubectl get pods $POD_NAME --template '{{range $i, $c := .spec.containers}}{{$c.image}}{{end}}'
kubectl get pods $POD_NAME --template {{.spec.nodeName}}
kubectl get pods $POD_NAME -o=jsonpath='{.spec.terminationGracePeriodSeconds}'
kubectl get pods -o custom-columns='POD_IP:.status.podIPs,IMAGE:.spec.containers[0].image'
kubectl get nodes -o jsonpath='{ $.items[*].status.addresses[?(@.type=="InternalIP")].address }'
kubectl get pods/$POD_NAME services/$SERVICE_NAME
kubectl get pods $POD_NAME1 $POD_NAME2
describe
delete
kubectl delete statefulsets $STATEFULSET_NAME --cascade=orphan # 非级联删除,保留Pod
kubectl delete statefulsets $STATEFULSET_NAME # 级联删除
# -f, --filename=[]
kubectl delete -f file
# -k, --kustomize=''
kubectl delete -k .
logs
# -f, --follow=false
kubectl logs -f $POD_NAME
# --tail=-1
kubectl logs --tail 10 $POD_NAME
apply
# -f, --filename=[]
kubectl apply -f file
# -k, --kustomize=''
kubectl apply -k .
scale
# --replicas=0
kubectl scale statefulsets $STATEFULSET_NAME --replicas=5
patch
# -p, --patch=''
kubectl patch statefulsets $STATEFULSET_NAME -p '{"spec":{"replicas":3}}'
# --type='strategic'
kubectl patch statefulsets $STATEFULSET_NAME --type='json' -p='[{"op": "replace", "path": "/spec/template/spec/containers/0/resources/requests/cpu", "value":"0.3"}]'
rollout
# statefulsets、deployments、daemonsets
kubectl rollout status deployments $DEPLOYMENT_NAME
kubectl rollout history statefulsets $STATEFULSET_NAME
kubectl rollout undo statefulsets $STATEFULSET_NAME
kubectl rollout restart deployments $DEPLOYMENT_NAME
proxy
curl http://localhost:8001/version
curl http://localhost:8001/api/v1/namespaces/default/pods/$POD_NAME/
curl http://localhost:8001/api/v1/namespaces/default/pods/$POD_NAME:8080/proxy/
其它
kubectl create deployment $DEPLOYMENT_NAME --image=$IMAGE_NAME
# ClusterIP, NodePort, LoadBalancer, or ExternalName
kubectl expose deployments $DEPLOYMENT_NAME --type=LoadBalancer --port=8080 --name=$SERVICE_NAME
kubectl exec -it $POD_NAME -- bash
kubectl run -it --image busybox:1.28 dns-test --restart=Never --rm # nslookup
kubectl set image deployments $DEPLOYMENT_NAME $CONTAINER_NAME=$IMAGE_NAME
kubectl config view
kubectl top pods # 依赖 metrics-server
kubectl label pods $POD_NAME version=v1
kubectl port-forward $POD_NAME 8080:80
kubectl edit statefulsets $STATEFULSET_NAME
kubectl cordon $NODE_NAME
kubectl drain $NODE_NAME --ignore-daemonsets --force --delete-emptydir-data
kubectl uncordon $NODE_NAME
kubectl explain deployments --recursive
minikube
# --image-mirror-country='cn'
# --image-repository='registry.cn-hangzhou.aliyuncs.com/google_containers'
# --base-image='registry.cn-hangzhou.aliyuncs.com/google_containers/kicbase:v0.0.44'
# export HTTP_PROXY=http://192.168.3.177:1087
# export HTTPS_PROXY=http://192.168.3.177:1087
# export NO_PROXY=localhost,127.0.0.1,10.96.0.0/12,192.168.59.0/24,192.168.49.0/24,192.168.39.0/24
minikube start --memory=2048 --cpus=2 --nodes=1
minikube stop
minikube delete
minikube dashboard --url
minikube service $SERVICE_NAME --url
minikube addons list
minikube addons enable metrics-server
minikube node --help
minikube ssh
代理参考链接
docker
sudo sh get-docker.sh --mirror Aliyun
sudo usermod -aG docker $USER
/etc/docker/daemon.json
{
"proxies": {
"http-proxy": "http://192.168.3.177:1087",
"https-proxy": "http://192.168.3.177:1087",
"no-proxy": "localhost,127.0.0.0/8"
}
}
代理参考链接
secrets
create
kubectl create secret generic mysql-password --from-literal=password=YOUR_PASSWORD
apply
# 创建公钥和相对应的私钥
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout nginx.key -out nginx.crt -subj "/CN=my-nginx/O=my-nginx"
# 对密钥实施 base64 编码
cat nginx.crt | base64
cat nginx.key | base64
# 使用上述命令输出创建如下配置文件
kubectl apply -f nginxsecrets.yaml
# nginxsecrets.yaml
apiVersion: "v1"
kind: "Secret"
metadata:
name: "nginxsecret"
namespace: "default"
type: kubernetes.io/tls
data:
tls.crt: "YOUR CRT BASE64"
tls.key: "YOUR KEY BASE64"
generator
cat <<EOF >./kustomization.yaml
secretGenerator:
- name: mysql-pass
literals:
- password=YOUR_PASSWORD
# resources:
# - mysql-deployment.yaml
EOF
kubectl apply -k .
configmaps
create
kubectl create configmap fruits --from-literal=fruits=apples
kubectl create configmap nginxconfigmap --from-file=default.conf
apply
apiVersion: v1
kind: ConfigMap
metadata:
name: example-redis-config
data:
redis-config: "requirepass password"
persistentvolumeclaims
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: nginx-pvc
labels:
run: my-nginx
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
deployments
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: my-nginx
name: my-nginx
spec:
replicas: 1
selector:
matchLabels:
run: my-nginx
template:
metadata:
labels:
run: my-nginx
spec:
volumes:
- name: persistent-storage
persistentVolumeClaim:
claimName: nginx-pvc
- name: secret-volume
secret:
secretName: nginxsecret
- name: configmap-volume
configMap:
name: nginxconfigmap
containers:
- image: nginx
name: my-nginx
env:
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: MYSQL_ROOT_PASSWORD
valueFrom:
secretKeyRef:
name: mysql-password
key: password
- name: MYSQL_USER
value: root
- name: FRUITS
valueFrom:
configMapKeyRef:
key: fruits
name: fruits
ports:
- containerPort: 443
- containerPort: 80
volumeMounts:
- name: persistent-storage
mountPath: /usr/share/nginx/html
- mountPath: /etc/nginx/ssl
name: secret-volume
- mountPath: /etc/nginx/conf.d
name: configmap-volume
相比直接kubectl create deployment可设置标签、设置容器名称等等
验证如下
hostname > /usr/share/nginx/html/index.html
curl -k https://localhost
services
apiVersion: v1
kind: Service
metadata:
name: my-nginx
labels:
run: my-nginx
spec:
type: NodePort
ports:
- port: 8080
targetPort: 80
protocol: TCP
name: http
- port: 443
protocol: TCP
name: https
selector:
run: my-nginx
无头服务(Headless Services)clusterIP: None
statefulsets
apiVersion: v1
kind: Service
metadata:
name: zk-hs
labels:
app: zk
spec:
ports:
- port: 2888
name: server
- port: 3888
name: leader-election
clusterIP: None
selector:
app: zk
---
apiVersion: v1
kind: Service
metadata:
name: zk-cs
labels:
app: zk
spec:
ports:
- port: 2181
name: client
selector:
app: zk
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: zk
spec:
selector:
matchLabels:
app: zk
serviceName: zk-hs
replicas: 3
updateStrategy:
type: RollingUpdate
podManagementPolicy: OrderedReady
template:
metadata:
labels:
app: zk
spec:
containers:
- name: kubernetes-zookeeper
imagePullPolicy: Always
image: "registry.k8s.io/kubernetes-zookeeper:1.0-3.4.10"
resources:
requests:
memory: "1Gi"
cpu: "0.5"
ports:
- containerPort: 2181
name: client
- containerPort: 2888
name: server
- containerPort: 3888
name: leader-election
command:
- sh
- -c
- "start-zookeeper \
--servers=3 \
--data_dir=/var/lib/zookeeper/data \
--data_log_dir=/var/lib/zookeeper/data/log \
--conf_dir=/opt/zookeeper/conf \
--client_port=2181 \
--election_port=3888 \
--server_port=2888 \
--tick_time=2000 \
--init_limit=10 \
--sync_limit=5 \
--heap=512M \
--max_client_cnxns=60 \
--snap_retain_count=3 \
--purge_interval=12 \
--max_session_timeout=40000 \
--min_session_timeout=4000 \
--log_level=INFO"
readinessProbe:
exec:
command:
- sh
- -c
- "zookeeper-ready 2181"
initialDelaySeconds: 10
timeoutSeconds: 5
livenessProbe:
exec:
command:
- sh
- -c
- "zookeeper-ready 2181"
initialDelaySeconds: 10
timeoutSeconds: 5
volumeMounts:
- name: datadir
mountPath: /var/lib/zookeeper
securityContext:
runAsUser: 1000
fsGroup: 1000
volumeClaimTemplates:
- metadata:
name: datadir
spec:
accessModes: [ "ReadWriteOnce" ]
resources:
requests:
storage: 10Gi
Pod 管理策略OrderedReady vs Parallel
验证如下
nslookup zk-cs
nslookup zk-hs
# <statefulset 名称>-<序号索引>.<spec.serviceName>
nslookup zk-0.zk-hs
kubectl exec zk-0 zkCli.sh create /hello world
kubectl exec zk-1 zkCli.sh get /hello
参考链接
PodAntiAffinity
spec:
template:
spec:
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: "app"
operator: In
values:
- zk
topologyKey: "kubernetes.io/hostname"
poddisruptionbudgets
apiVersion: policy/v1
kind: PodDisruptionBudget
metadata:
name: zk-pdb
spec:
selector:
matchLabels:
app: zk
maxUnavailable: 1
金丝雀发布
kubectl patch statefulset $STATEFULSET_NAME -p '{"spec":{"updateStrategy":{"type":"RollingUpdate","rollingUpdate":{"partition":3}}}}'
kubectl patch statefulset $STATEFULSET_NAME --type='json' -p='[{"op":"replace","path":"/spec/template/spec/containers/0/image","value":"IMAGE"}]'
可借助这个来测试PodAntiAffinity、poddisruptionbudgets、金丝雀发布