kubernetes管理工具--kubectl
一、kubernetes集群管理工具kubectl命令
二、kubectl工具管理集群
1、创建
kubectl run nginx --replicas=3 --image=nginx:1.14 --port=80
kubectl get deploy,pods
部署应用时,先拉取镜像,等待片刻:
2、发布
把应用发布到外网:
kubectl expose deployment nginx --port=80 --type=NodePort --target-port=80 --name=nginx-service
kubectl get service
通过38757端口就可以访问应用了。
可以看到,应用部署在两台node上。
通过任意一台node的38757端口都可以访问应用。
3、 更新
kubectl set image deployment/nginx nginx=nginx:1.15
kubernetes的更新为滚动更新方式,新版本的启动1个,旧版本的杀掉一个,滚动式更新。
4、 回滚
kubectl rollout history deployment/nginx
可以看到,有2个历史版本,我们可以回滚到任意版本。
回滚到版本2
kubectl rollout undo daemonset/nginx --to-revision=2
回滚到上一个版本:
kubectl rollout undo deployment/nginx
5、 删除
kubectl delete deploy/nginx
kubectl delete svc/nginx-service
三、kubectl远程连接k8s集群
创建admin.pem和admin-key.pem
cat <<EOF > admin-csr.json
{
"CN": "admin",
"hosts": [],
"key": {
"algo": "rsa",
"size": 2048
},
"names": [
{
"C": "CN",
"ST": "BeiJing",
"L": "BeiJing",
"O": "system:masters",
"OU": "System"
}
]
}
后续kube-apiserver使用RBAC(Role-Based Access Control)对客户端(如kubelet、kube-proxy、Pod)请求进行授权
kube-apiserver预定义了一些RBAC使用的RoleBindings,如cluster-admin将Group system:masters与Role cluster-admin绑定,该Role授予了调用kube-apiserver所有 API的权限
OU指定该证书的Group为system:masters,kubelet使用该证书访问kube-apiserver 时 ,由于证书被CA签名,所以认证通过,同时由于证书用户组为经过预授权的 system:masters,所以被授予访问所有API的权限
生成config文件
cat kubeconfig-remote.sh
# 设置集群参数 kubectl config set-cluster kubernetes \ --server=https://10.11.97.187:6443 \ --certificate-authority=./k8s-cert/ca.pem \ --embed-certs=true \ --kubeconfig=config # 设置客户端认证参数 kubectl config set-credentials cluster-admin \ --certificate-authority=./k8s-cert/ca.pem \ --embed-certs=true \ --client-key=./k8s-cert/admin-key.pem \ --client-certificate=./k8s-cert/admin.pem \ --kubeconfig=config # 设置上下文参数 kubectl config set-context default \ --cluster=kubernetes \ --user=cluster-admin \ --kubeconfig=config # 设置默认上下文 kubectl config use-context default --kubeconfig=config
sh kubeconfig-remote.sh
Cluster "kubernetes" set. User "cluster-admin" set. Context "default" created. Switched to context "default".
cat config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUR2akNDQXFhZ0F3SUJBZ0lVQlFDRzk5aU5rK1VTMlFnOVUzc3g5Z0I4b3Vjd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURjeU5USXpNemt3TUZvWERUSTBNRGN5TXpJek16a3dNRm93WlRFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbGFXcHBibWN4RERBSwpCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByZFdKbGNtNWxkR1Z6Ck1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBOWRnTXo2d2JNMUtGQUdwS09HelAKZDRRdGdxWHFEUlQ4V0hMdGdwdzdxT0pDK0lzeXBDbXBTS0ZKZk5tZWVvcXJUV2hIZk1lR3hLVjRFTk90OTlHMQpmeThISldvSTVJZ000QkVNdjh5dlZzZ08rNzZiS1RoYnpaODFINUNyQjVjSFd1aDhXRGR3Nk5Jc1Q2L2FVWDVLCldLcXE0ZGNhb05FenFqVngxNkdPb1lma0hueTh2R2dZSVBBZ0VFME5CQzQ4VEMrTTI3eXg2cTJPOW5BY2wwcHQKaGdTaEZjeGo5aTFER3lhVVBDakhDMW5EUEtDNklpK1pGand6djEwOFBBaDJxcWlRR21mNFBTTTBDT283eXZrVgpXV3NlKzV2NGtoN3AvVmJIQWpkb0FIKzg4S1FQV0FYOHVnbGd5Zm5HTGJIRDloM0ZiQU9tb0xVdmlrYUsyRWowCnV3SURBUUFCbzJZd1pEQU9CZ05WSFE4QkFmOEVCQU1DQVFZd0VnWURWUjBUQVFIL0JBZ3dCZ0VCL3dJQkFqQWQKQmdOVkhRNEVGZ1FVR0I1dC9PY0pYM3lIR3dvNWtjRGpMN0p1eWhFd0h3WURWUjBqQkJnd0ZvQVVHQjV0L09jSgpYM3lIR3dvNWtjRGpMN0p1eWhFd0RRWUpLb1pJaHZjTkFRRUxCUUFEZ2dFQkFKOHRldlRzMDQ2TXhwbUY5ZGQ2CmZwbnJENUJIaDZjdVdjK0FHV3ZDa05yc3l3Z3lRQTVRTzdheFhvR05xeVJjN2tvMGMzbE5HeHVTN2RpTVBOczUKTjBGd0RrZS9PTGwxendCYUR2MDZjOEgyZ2dKMi9pMWFNSytPYUFGNDIvbG9EUmVGTk9nSlRIOU9vcDlBVi9RWgpvOFpHVjJYcXdTZENMdEl1bVpodEVkKzJTQ0tKOCtsQ1lVYkxXaE5xd0prdXhvWGRjU3MxYUp1RVB5TXJ5TG5KCnVpNFp3M1R1WGsraFFqQTI1NkliNEFHMmZiWVdHclpwNmIyUU0za3JqaEVxYVBqLzBRMHZ6d2ZaQlk1S0RKNXEKNEpoM0pXTVN2Rk1RZXRHY09iSEN3dGEwamFaVTNuMmFBWGtRLzRPRnZ6VE5MVXdhSVJPNDZNRktldDhlcUhTbApRK1U9Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
server: https://10.11.97.187:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: cluster-admin
name: default
current-context: default
kind: Config
preferences: {}
users:
- name: cluster-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUQzVENDQXNXZ0F3SUJBZ0lVWWpEMmFhNnp0SXU2OEhqNnluQTIzV1l1R3Fzd0RRWUpLb1pJaHZjTkFRRUwKQlFBd1pURUxNQWtHQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFXcHBibWN4RURBT0JnTlZCQWNUQjBKbAphV3BwYm1jeEREQUtCZ05WQkFvVEEyczRjekVQTUEwR0ExVUVDeE1HVTNsemRHVnRNUk13RVFZRFZRUURFd3ByCmRXSmxjbTVsZEdWek1CNFhEVEU1TURjeU5USXpNemt3TUZvWERUSTVNRGN5TWpJek16a3dNRm93YXpFTE1Ba0cKQTFVRUJoTUNRMDR4RURBT0JnTlZCQWdUQjBKbGFVcHBibWN4RURBT0JnTlZCQWNUQjBKbGFVcHBibWN4RnpBVgpCZ05WQkFvVERuTjVjM1JsYlRwdFlYTjBaWEp6TVE4d0RRWURWUVFMRXdaVGVYTjBaVzB4RGpBTUJnTlZCQU1UCkJXRmtiV2x1TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUExcUlMbkVVaUd0dlEKNjJEVkRFS1RmTW9rdmV3aEFvODZ1TUUra0pHbWF4K3BIcUVkT2NoNWdteFNVanFqWVlacDBOTkJzUFBvY25SawpHaWpIekR4alcxTUcrV2Q5bDFweUpJNTJxNkt5cDJmVHRoZmY4RTZuRnhYamM3azdVVzVMdWV1L0ZQMTN2U25ECk1jNkhmQmNmUDBNQm1IeUg0amVxZllMT2NJbFZiTGQxMXl5VHRxalRlTG40SjVSS2J4UFJpL3VvN2tBcU8wMngKL1NsaldnWmtJVjNiTThzdDA5WmoyM2taSVBIcGJaYkhqbW5ma2JDTi9zaDRMK0hBeVZyN0xQM1ZzQW9wRHREeApsTWtHWkdrYktwZG1UOGhCb1pZaG5YMForK0JMYnlvTnpFMUxMQmFjVXJRRmQ0Z0xYUitwVEw4UWRLOCtQS0lhCnUyTXltUU5NYndJREFRQUJvMzh3ZlRBT0JnTlZIUThCQWY4RUJBTUNCYUF3SFFZRFZSMGxCQll3RkFZSUt3WUIKQlFVSEF3RUdDQ3NHQVFVRkJ3TUNNQXdHQTFVZEV3RUIvd1FDTUFBd0hRWURWUjBPQkJZRUZNYnV2Z1UzSklaZwpwa2s5Vzh3Vkt4dDE1cGcwTUI4R0ExVWRJd1FZTUJhQUZCZ2ViZnpuQ1Y5OGh4c0tPWkhBNHkreWJzb1JNQTBHCkNTcUdTSWIzRFFFQkN3VUFBNElCQVFDMkVvQi9HYWluT2Z4WHl5RmR6cCtGMy9hS0MyQUxTMGhsT3VqeGZHaDcKZlhPbnVMM3o5QU1xWjN6aG92eEU4ZFdZUnhuRk9Fc0loZzVVc3FhemdDbFJCMDV1V0NhcmdnRXVqOXcySmJBRgp2Um1FV29YeHFic3ZKMWF3dUpXeWpJVFF3NHUzMHZmeS81UG5rRVNPOFBva3NOVHpRb1loTzY1L1ltKzVtMGtBCldsUkg2cW40bTdMUXhpOUZSQlBqcGo0a3M3Q2ZlY0gwdnFBQ0ZrdUVSR3dSQjlpNnh2OHVHRjc3K1NTUkEvdmEKd0FrM0UzYU1OVkhZQTlkN1NrVjJzVTBFV2JkYVhybmZmSFIvSDhaQWVvYzVEZmFlamVNUUVZRCtTOUhtdVNUWgoySXVRTExGc1l4VmppMEtlcjM5TzZxS2VpSnk0NjR6TEpEbXdsNzJydTZsSQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMXFJTG5FVWlHdHZRNjJEVkRFS1RmTW9rdmV3aEFvODZ1TUUra0pHbWF4K3BIcUVkCk9jaDVnbXhTVWpxallZWnAwTk5Cc1BQb2NuUmtHaWpIekR4alcxTUcrV2Q5bDFweUpJNTJxNkt5cDJmVHRoZmYKOEU2bkZ4WGpjN2s3VVc1THVldS9GUDEzdlNuRE1jNkhmQmNmUDBNQm1IeUg0amVxZllMT2NJbFZiTGQxMXl5VAp0cWpUZUxuNEo1UktieFBSaS91bzdrQXFPMDJ4L1NsaldnWmtJVjNiTThzdDA5WmoyM2taSVBIcGJaYkhqbW5mCmtiQ04vc2g0TCtIQXlWcjdMUDNWc0FvcER0RHhsTWtHWkdrYktwZG1UOGhCb1pZaG5YMForK0JMYnlvTnpFMUwKTEJhY1VyUUZkNGdMWFIrcFRMOFFkSzgrUEtJYXUyTXltUU5NYndJREFRQUJBb0lCQVFEUEdwSGxlbmdNUHF0NwpWSFovWEFhQTFYVmFwZXk4VVlTeUhoWEczaVFkSGZITWtsNW5FV0RlVHJPb2tOaHlGSWNxYjQ3bHRwVkhTN1FECjRmSFl5elI4UE1Od0NVS1F0eitJc3Njam10eVUySVRiSW5KOXFRZG1LVUxPdVovWlZYcFFyb0ExT3RjOWVuelYKSkpwclRNeGorTDRqYTVhYTNHZndzRFdQTlpWdVRsdGxMeG5hUjN2dE9ReFlkOXFyQmRpbnRTdUMvRldPajkrcQpWMjNOTjB0YnZBbm1WNDc2NUJ3dngwYm1xcUdnYU5BNjNTL2JxT2dpNy84MXZ5ajJBNWpZRUpwOHhpM05MRkxLCkJkTHNPV0NtQUpsa2R2Y2FIM3JjWkpDVnc1dXJJbVdRclBrbmR0VWFsU3pjd3U2MVpodTIrak9pdjI4UVk2SWUKQ0FYNEY1VHhBb0dCQU52bUVwUlBGcXJoOFVnRXpCWG9udFpOcU9sZmFSVXdFclkyM1hacUJnUkZlWVU1TUdYeQpUcW50bGptbkRKRG1FQjJtVnJkemNaTmRnNk82U0FrS3dabG0va0sxZFhFT3gzaGUrV2l1dit5amxtMmFJTFM4Cmx4ZStkb0krRFl5Q1VGT2FrOC9aTU0yTGdxajJnb2s3WGFlSXowOUU0eW1YR0pTVkU4RVNaTXoxQW9HQkFQbmUKcWY3NlhINnF3d3Z0TzA2YnQwemhtSXpzSnRxVGZyM0hsRmprYTA4eFFUUDQ5cGF0WnJKY0RFaUU0R0dza3NnSwo2bjVod0N5UG9tWStnTU1FbjJUaVFjcldvVmExVnRHS1hnY2g4dSszejlwbWhOT2cyc2RtZVFQaVBYTlZqNW9hCmwwaUNVWDdnaXFCYUlKT2tuZG9hMWVSckcyandYby8vQ0x6VWVkVlRBb0dCQUs1b05UWXg0QzJhVkc4bGR1U3QKZ2tWQWhRYkxxS0dvWmo3bEZ4TlRGZ0NQUmNtWFNUNmlSeWZaaTN1Z2RZUDdKSzhQZmRtMGsxRXBLejVSZ2M3QwpIRGphQ2pISWtDUWliNnlWejBUcXpNZ1lHemhFdFVvRUJlWk1KdHczOFRFUExqeVE3a2s4M3NzM3FtTHVXU3dVCnpMd1M4ekhRMWtiblV4U05oSVJ1WFVwOUFvR0FjSXlyWmY2L3l3NS83TTllOTNtTWgwVFd3aU5kSFBkekQyam0KbVdQS01sR3RYUXUzaHdkMFNzTExoWjdVc3lwWXMySzNYVllLaWdmb3pzVTRtcDlxYkxhOWkvQkJuQnp5amxBVgpLb0ZRUEVvL2hkREg0OHVBd0hDWDhmZm1WaDBrSWZYNFR1RGtkSklQMzBxNWdjZVVrcm1qdnMrLytQVE1vMi90Ckw2RkZmNkVDZ1lBbC84SGFpSnpVQW1QV2M5dytUWEtONVBGcHFJcTFIeGxwU0Z5ak52LzdoSkkyZlEwZU85bkUKN0FwTG9yd3pOT2UwaEE0dXRqMzN0Qm9xNjhIaTBnaXhnL0FHdk9XcFJ6VUhnTFh2dDVrVzVYQmRRTHhBOWE0bgpINGEwN09DYUdpY2JQZTQ5VGUzZzJhRldBYytwMVREbk9VRHNrUTByd281SGhlOWhNT2o3VlE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
拷贝文件到Node
Node节点上测试
[root@k8s-node01 ~]# kubectl --kubeconfig=./config get node NAME STATUS ROLES AGE VERSION 10.11.97.181 Ready <none> 26d v1.12.1 10.11.97.71 Ready <none> 26d v1.12.1
如果不希望在命令行加kubeconfig选项,可以创建一个目录.kube,将config文件放入下面即可。
这样就可以在Node节点上使用kubectl工具了。
四、kubectl补全
1、安装bash-completion
yum install bash-completion -y
2、设置kubectl自动补全
方式一:
echo 'source <(kubectl completion bash)' >>~/.bashrc
方式二:
kubectl completion bash >/etc/bash_completion.d/kubectl
