kubernetes对象:
pod|service|replicaset|deployment|statefulset|daemonset|job|cronjob
服务发现及均衡,service|ingress
配置与存储,volume|CSI|ComfigMap|Secret|DownwardAPI
集群级资源,namespace|node|role|ClusterRole|RoleBinding|ClusterRoleBinding
源数据型资源,HPA|PodTemplate|LimitRange
1、命令式资源清单创建资源
kubectl -h
create|expose|run|set|explain|get|edit|delete #basic commands
rollout|scale|autoscale #deploy commands
certificate|cluster-info|top|cordon|uncordon|drain|taint #cluster management,drain排干模式,taint污点,与高级调度相关,能容忍某个污点的节点任务能调度上来,否则不行,如master上有很多污点,创建的pod不会在master上,默认pod不能容忍master的污点,所以master只干controller-manager|etcd|api-server|scheduler这4个重要功能
describe|logs|attach|exec|port-forward|proxy|cp|auth #troubleshooting and debugging commands,如kubectl describe node node01.magedu.com
apply|pathch|replace|wait|convert #advanced commands
label|annotate|completion #settings commands
alpha|api-resources|api-versions|config|plugin|version #other commands
kubectl version
kubectl cluster-info
kubectl describe node node01.magedu.com
kubectl run --help #自定义参数,先--,再arg1=value1 arg2=value2
Usage:
kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool] [--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]
kubectl run nginx-deploy --image=nginx:1.14-alpine --port=80 --replicas=1 #--dry-run=true
kubectl get deployment
kubectl get pods -o wide #桥用的是cmi0,10.244.2.x网段
curl 10.244.2.2 #仅在集群内能访问到,一旦容器异常终止会重新创建并运行,该地址会变掉,所以用pod容器的ip访问不妥当,应该用service地址
kubectl get pods
kubectl delete pods nginx-deploy-5b595999-2q6j5 #当容器异常停止后,会重新创建并运行
kubectl get pod -o wide #
kubectl describe svc nginx
kubectl get pods --show-labels
kubectl edit svc nginx
kubectl expose -h
Usage:
kubectl expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP|SCTP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type] [options]
kubectl expose deployment nginx-deploy --name=nginx --port=80 --target-port=80 --protocol=TCP将deployment这个控制器的资源创建为service,service名为nginx
kubectl get svc #svc同service,仅在集群内可访问,这个地址是被pod客户端访问的,如果要用service名来访问,依赖CoreDNS
curl 10.98.39.54 #是10.96.0.0/12段的地址
kubectl get pods -n kube-system -o wide #coredns的地址为10.244.0.{2,3}
kubectl get svc -n kube-system #10.96.0.10
yum -y install bind-utils
dig -t A nginx @10.96.0.10 #未解析,可能给的A记录信息不完整
dig -t A nginx.default.svc.cluster.local @10.96.0.10 #在以下busybox运行的容器上查看/etc/resolv.conf完整域名
kubectl run client --image=busybox --replicas=1 -it --restart=Never
wget nginx #wget -O - -q http://nginx:80
wget -O - -q 10.244.1.4
wget -O - -q 10.244.1.4/hostname.html
wget -O - -q myapp
wget -O - -q myapp/hostname.html
while true; do wget -O - -q myapp/hostname.html; sleep 1; done
while true; do wget -O - -q myapp; sleep 1; done #显示v1
kubectl delete svc nginx
kubectl describe deployment nginx-deploy
kubectl run myapp --image=ikubernetes/myapp:v1 --replicas=2
kubectl get deployment -w
kubectl get pods -o wide
kubectl expose deployment myapp --name=myapp --port=80
kubectl get svc
Usage:
kubectl scale [--resource-versinotallow=version] [--current-replicas=count] --replicas=COUNT (-f FILENAME | TYPE NAME) [options]
kubectl scale --replicas=5 deployment myapp扩至5个,自动扩缩容要用到监控
kubectl get pods
kubectl scale --replicas=3 deployment myapp #缩至3个
kubectl get pods myapp-XXXXXX #查看Containers,名字为myapp
Usage:
kubectl set image (-f FILENAME | TYPE NAME) CONTAINER_NAME_1=CONTAINER_IMAGE_1 ... CONTAINER_NAME_N=CONTAINER_IMAGE_N [options]
kubectl set image deployment myapp myapp=ikubernetes/myapp:v2灰度更新
Usage:
kubectl rollout history (TYPE NAME | TYPE/NAME) [flags] [options]
Usage:
kubectl rollout status (TYPE NAME | TYPE/NAME) [flags] [options]
Usage:
kubectl rollout undo (TYPE NAME | TYPE/NAME) [flags] [options]
kubectl rollout status deployment myapp
kubectl get pods
kubectl describe pods
kubectl rollout undo deployment myapp回滚,默认至上个版本
iptables -t nat -vLn
Usage:
kubectl edit (RESOURCE/NAME | -f FILENAME) [options]
kubectl edit svc myapp改为type: NodePort
kubectl get svc #多了80:30020/TCP,30020端口
在集群外访问,172.20.0.66:30020/hostname.html
2、声明式资源清单创建资源
可随时复用;
kubectl get pod myapp-848bXXX -o yaml
apiVersion: v1 #所属群组,格式group/version,省group则表示是core组
kind: Pod #具体的资源对象
metadata:
spec: #specification规格,重要,目标状态(用户期望的状态)
containers:
tolerations:
status: #当前状态,应无限接近目标状态
apiserver仅接收json格式的资源定义;
用yaml格式提供配置清单,apiserver可自动将其转为json格式,而后再提交;
资源的配置清单,5部分组成:
apiVersion #所属群组,获取所有群组kubectl api-versions,alpha-->beta-->canary-->stable
kind #资源类别
metadata #元数据,name同一类别下资源名称必须唯一,namespace,name受限于namespace,labels,annotations资源注解,selfLink每个资源的引用PATH为/api/group/VERSION/namespaces/NAMESPACE/TYPE/NAME
spec #期望的状态,disired state
status #current state当前状态,由kubernetes集群维护
kubectl explain pods #注意类型string|object
kubectl explain pods.metadata
mkdir mainfests
cd mainfests
vim pod-demo.yaml
apiVersion: v1
kind: Pod
metadata:
name: pod-demo
namespace: default
labels:
app: myapp
tier: frontend
annotations:
magedu.com/created-by: "cluster admin"
spec:
containers:
- name: myapp
image: ikubernetes/myapp:v1
ports:
- name: http
containerPort: 80
- name: https
containerPort: 443
- name: busybox
image: busybox:latest
imagePullPolicy: IfNotPresent
或command: ["/bin/sh","-c","echo $(date) >> /usr/share/nginx/html/index.html; sleep 5"],2容器间的存储卷是自己的,不能这样测试
- "bin/sh"
- "-c"
- "sleep 3600"
nodeSelector:
只运行在指定标签的节点上
kubectl create -f pod-demo.yaml
kubectl get pods
kubectl describe pods pod-demo
kubectl get pods
kubectl logs pod-demo myapp
curl 10.244.2.10
Usage:
kubectl logs [-f] [-p] (POD | TYPE/NAME) [-c CONTAINER] [options]
kubectl logs pod-demo busybox
Usage:
kubectl exec (POD | TYPE/NAME) [-c CONTAINER] [flags] -- COMMAND [args...] [options]
kubectl exec -it pod-demo -c myapp -- /bin/sh #
kubectl delete pods pod-demo
kubectl delete -f pod-demo.yaml #通过配置清单删除资源