k8s设置

配置Tab快速补齐：

rpm -qa |grep bash
yum install bash-completion -y
kubectl --help |grep bash
    completion    Output shell completion code for the specified shell (bash or zsh)
echo 'source <(kubectl completion bash)' >> /etc/profile
source /etc/profile

 

常用命令：

1. 查看一些集群信息

   kubectl cluster-info #查看集群信息
   kubectl version #查看版本
   kubectl api-versions #查看支持api的版本
   kubectl api-resources #查看api资源类型及简写
   kubectl config view #查看当前集群的配置
   kubeadm config view #查看集群配置信息
   删除节点：
   kubectl drain vms63.example.com --delete-local-data --force --ignore-daemonsets
   kubectl delete node vms63.example.com

    

2. 配置metric server (使之能够使用像top这样的命令)

   wget https://github.com/kubernetes-sigs/metrics-server/archive/v0.3.6.tar.gz -O metric-serser-v0.3.6.tar.gz
   修改： cd /root/kubernetes-sigs-metrics-server-d1f4f6f/deploy/1.8+/
         vim metrics-server-deployment.yaml
           image: k8s.gcr.io/metrics-server-amd64:v0.3.6
           imagePullPolicy: IfNotPresent
           command:
           - /metrics-server
           - --kubelet-insecure-tls
           - --kubelet-preferred-address-types=InternalIP
         kubectl apply -f .
         kubectl top pods -n kube-system
         kubectl top modes

    

3. 了解namespace

   不同的命名空间相互隔离，同一个命名空间里的pod，可以分布在不通的节点上，一个pod必须属于一个命名空间，k8s中一些组件也是以pod的方式运行，默认属于命名空间kube-system，没有其他操作，默认是在default命名空间里。
   kubectl get ns
   kubectl create namespace ns1
   kubectl config get-contexts #查看有几个集群
   kubectl config set-context --current --namespace=kube-system #切换命名空间
   kubectl get pods -n ns1 #查看命名空间为ns1中的pod
   
   为方便切换namespace，这里有kubens文件：
   mv kubens /bin
   chmod +x /bin/kubens
   kubens
   kubens ns1
   

   #!/usr/bin/env bash
   #
   # kubenx(1) is a utility to switch between Kubernetes namespaces.
   
   # Copyright 2017 Google Inc.
   #
   # Licensed under the Apache License, Version 2.0 (the "License");
   # you may not use this file except in compliance with the License.
   # You may obtain a copy of the License at
   #
   #     http://www.apache.org/licenses/LICENSE-2.0
   #
   # Unless required by applicable law or agreed to in writing, software
   # distributed under the License is distributed on an "AS IS" BASIS,
   # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
   # See the License for the specific language governing permissions and
   # limitations under the License.
   
   [[ -n $DEBUG ]] && set -x
   
   set -eou pipefail
   IFS=$'\n\t'
   
   KUBENS_DIR="${HOME}/.kube/kubens"
   
   usage() {
     cat <<"EOF"
   USAGE:
     kubens                    : list the namespaces in the current context
     kubens <NAME>             : change the active namespace of current context
     kubens -                  : switch to the previous namespace in this context
     kubens -h,--help          : show this message
   EOF
     exit 1
   }
   
   current_namespace() {
     local cur_ctx
     cur_ctx="$(current_context)"
     ns="$(kubectl config view -o=jsonpath="{.contexts[?(@.name==\"${cur_ctx}\")].context.namespace}")"
     if [[ -z "${ns}" ]]; then
       echo "default"
     else
       echo "${ns}"
     fi
   }
   
   current_context() {
     kubectl config view -o=jsonpath='{.current-context}'
   }
   
   get_namespaces() {
     kubectl get namespaces -o=jsonpath='{range .items[*].metadata.name}{@}{"\n"}{end}'
   }
   
   escape_context_name() {
     echo "${1//\//-}"
   }
   
   namespace_file() {
     local ctx="$(escape_context_name "${1}")"
     echo "${KUBENS_DIR}/${ctx}"
   }
   
   read_namespace() {
     local f
     f="$(namespace_file "${1}")"
     [[ -f "${f}" ]] && cat "${f}"
     return 0
   }
   
   save_namespace() {
     mkdir -p "${KUBENS_DIR}"
     local f saved
     f="$(namespace_file "${1}")"
     saved="$(read_namespace "${1}")"
   
     if [[ "${saved}" != "${2}" ]]; then
       printf %s "${2}" > "${f}"
     fi
   }
   
   switch_namespace() {
     local ctx="${1}"
     kubectl config set-context "${ctx}" --namespace="${2}"
     echo "Active namespace is \"${2}\".">&2
   }
   
   set_namespace() {
     local ctx prev
     ctx="$(current_context)"
     prev="$(current_namespace)"
   
     if grep -q ^"${1}"\$ <(get_namespaces); then
       switch_namespace "${ctx}" "${1}"
   
       if [[ "${prev}" != "${1}" ]]; then
         save_namespace "${ctx}" "${prev}"
       fi
     else
       echo "error: no namespace exists with name \"${1}\".">&2
       exit 1
     fi
   }
   
   list_namespaces() {
     local yellow darkbg normal
     yellow=$(tput setaf 3)
     darkbg=$(tput setab 0)
     normal=$(tput sgr0)
   
     local cur_ctx_fg cur_ctx_bg
     cur_ctx_fg=${KUBECTX_CURRENT_FGCOLOR:-$yellow}
     cur_ctx_bg=${KUBECTX_CURRENT_BGCOLOR:-$darkbg}
   
     local cur ns_list
     cur="$(current_namespace)"
     ns_list=$(get_namespaces)
     for c in $ns_list; do
       if [[ -t 1 && -z "${NO_COLOR:-}" && "${c}" = "${cur}" ]]; then
         echo "${cur_ctx_bg}${cur_ctx_fg}${c}${normal}"
       else
         echo "${c}"
       fi
     done
   }
   
   swap_namespace() {
     local ctx ns
     ctx="$(current_context)"
     ns="$(read_namespace "${ctx}")"
     if [[ -z "${ns}" ]]; then
       echo "error: No previous namespace found for current context." >&2
       exit 1
     fi
     set_namespace "${ns}"
   }
   
   main() {
     if [[ "$#" -eq 0 ]]; then
       list_namespaces
     elif [[ "$#" -eq 1 ]]; then
       if [[ "${1}" == '-h' || "${1}" == '--help' ]]; then
         usage
       elif [[ "${1}" == "-" ]]; then
         swap_namespace
       elif [[ "${1}" =~ ^-(.*) ]]; then
         echo "error: unrecognized flag \"${1}\"" >&2
         usage
       elif [[ "${1}" =~ (.+)=(.+) ]]; then
         alias_context "${BASH_REMATCH[2]}" "${BASH_REMATCH[1]}"
       else
         set_namespace "${1}"
       fi
     else
       echo "error: too many flags" >&2
       usage
     fi
   }
   
   main "$@"

   默认所有的管理操作都是在master上进行的，worker上是不能操作的，原因是没有登录（两种方式：用户名密码、kubeconfig文件），要想在worker上操作，如下：
   [root@master ~]# scp /etc/kubernetes/admin.conf worker:~
   [root@worker ~]# kubectl get nodes --kubeconfig=admin.conf
   或者
   [root@worker ~]# export KUBECONFIG=admin.conf
   或者
   [root@worker ~]# mkdir .kube
   [root@worker ~]# cp admin.conf .kube/config
   [root@worker ~]# kubectl get nodes

    

4. 管理多集群及多集群切换
   

   第一种方法配置多集群：
   cp .kube/config .kube/config.bak
   删除证书后：
   cat .kube/config

   apiVersion: v1
   clusters:
   - cluster:
       certificate-authority-data: 
       server: https://192.168.108.61:6443
     name: kubernetes
   contexts:
   - context:
       cluster: kubernetes
       namespace: kube-system
       user: kubernetes-admin
     name: kubernetes-admin@kubernetes
   current-context: kubernetes-admin@kubernetes
   kind: Config
   preferences: {}
   users:
   - name: kubernetes-admin
     user:
       client-certificate-data: 
       client-key-data: 

    修改配置后：

    cat .kube/config

   apiVersion: v1
   clusters:
   - cluster:
       certificate-authority-data: 
       server: https://192.168.108.61:6443
     name: cluster1
   - cluster:
       certificate-authority-data: 
       server: https://192.168.108.71:6443
     name: cluster2
   contexts:
   - context:
       cluster: cluster1
       namespace: kube-system
       user: admin1
     name: context1
   - context:
       cluster: cluster2
       namespace: default
       user: admin2
     name: context2
   current-context: context1
   kind: Config
   preferences: {}
   users:
   - name: admin1
     user:
       client-certificate-data: 
       client-key-data: 
   - name: admin2
     user:
       client-certificate-data: 
       client-key-data: 

    添加上两个集群的证书就可以用了！

    kubectl config get-contexts #查看共有几个集群

    kubectl config use-context context1 #切换集群