kubectl 命令行快速操作
1、集群安装完成后,查看集群信息
[root@k8s-master1 ~]# kubectl version # v1.14.3
[root@k8s-master1 ~]# kubectl cluster-info
[root@k8s-master1 ~]# kubectl -n devs get deploy myapptdep -oyaml # 查看生成deploy的yaml配置文件
[root@k8s-master1 ~]# kubectl create ns devs --dry-run # --dry-run 干跑,不会生成实际组件,可用来调试组件是否报错
[root@k8s-master2 ~]# kubectl explain cm # 查看cm组件字段信息
2、单个pod创建和使用
[root@k8s-master1 ~]# kubectl create ns devs
[root@k8s-master1 ~]# kubectl run myappte --image=docker.wanpeng.top/library/nginx:1.18.0-alpine --generator=run-pod/v1 -n devs
[root@k8s-master1 ~]# kubectl get pods -owide -n devs -l run=myappte -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
myappte 1/1 Running 1 19h 192.168.169.147 k8s-node2 <none> <none>
[root@k8s-master1 ~]#
[root@k8s-master1 ~]# curl 192.168.169.147
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
...
[root@k8s-master1 ~]# kubectl exec -it myappte -n devs -- /bin/sh
/ # ps
PID USER TIME COMMAND
1 root 0:00 nginx: master process nginx -g daemon off;
29 nginx 0:00 nginx: worker process
...
/ # env
KUBERNETES_SERVICE_PORT=443
KUBERNETES_PORT=tcp://10.96.0.1:443
...
/ # exit
[root@k8s-master1 ~]#
删除pod,使用delete即可,如果是yaml文件配置,加-f XXX.yaml。
还可以通过yml文件进行创建。
[root@k8s-master1 ~]# kubectl -n devs get pods myappte -oyaml >myappte1.yaml
[root@k8s-master1 ~]# cat myappte1.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: myappte
name: myappte1
namespace: devs
spec:
containers:
- image: docker.wanpeng.top/library/nginx:1.18.0-alpine
imagePullPolicy: IfNotPresent
name: myappte
[root@k8s-master1 ~]# kubectl create -f myappte1.yaml
3、暴露服务
[root@k8s-master1 ~]# kubectl expose pod/myappte --name=myapptesvc --type=NodePort --port=80 -n devs
[root@k8s-master1 ~]# kubectl get svc -n devs -owide NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR myapptesvc NodePort 10.103.85.197 <none> 80:31052/TCP 19h run=myappte [root@k8s-master1 ~]# kubectl get pods -owide -n devs -l run=myappte -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES myappte 1/1 Running 1 19h 192.168.169.147 k8s-node2 <none> <none> [root@k8s-master1 ~]# curl 192.168.169.147 <title>Welcome to nginx!</title> ... [root@k8s-master1 ~]# curl 10.103.85.197 <title>Welcome to nginx!</title> [root@k8s-master1 ~]# curl 192.168.1.135:31052 <title>Welcome to nginx!</title>
4、创建deploy
[root@k8s-master1 ~]# kubectl create deploy myapptdep --image=docker.wanpeng.top/library/nginx:1.18.0-alpine -n devs
[root@k8s-master1 ~]# kubectl create deploy myapptdep --image=docker.wanpeng.top/library/nginx:1.18.0-alpine -n devs deployment.apps/myapptdep created [root@k8s-master1 ~]# kubectl get deploy -owide -n devs -l app=myapptdep NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR myapptdep 1/1 1 1 22s nginx docker.wanpeng.top/library/nginx:1.18.0-alpine app=myapptdep [root@k8s-master1 ~]# kubectl get pods -n devs -l app=myapptdep --show-labels=true NAME READY STATUS RESTARTS AGE LABELS myapptdep-56dcd68676-mnm9q 1/1 Running 0 64s app=myapptdep,pod-template-hash=56dcd68676 [root@k8s-master1 ~]# kubectl get pods -n devs -l app=myapptdep --show-labels=true -owide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS myapptdep-56dcd68676-mnm9q 1/1 Running 0 88s 192.168.36.87 k8s-node1 <none> <none> app=myapptdep,pod-template-hash=56dcd68676 [root@k8s-master1 ~]# curl 192.168.36.87 <title>Welcome to nginx!</title> ...
yaml方式生成
[root@k8s-master1 ~]# kubectl -n devs get deploy myapptdep -oyaml >myapptdep1.yaml
[root@k8s-master1 ~]# vi myapptdep1.yaml
[root@k8s-master1 ~]# cat myappte1.yaml
apiVersion: v1
kind: Pod
metadata:
labels:
run: myappte
name: myappte1
namespace: devs
spec:
containers:
- image: docker.wanpeng.top/library/nginx:1.18.0-alpine
imagePullPolicy: IfNotPresent
name: myappte
[root@k8s-master1 ~]# kubectl create -f myapptdep1.yaml
5、 调整pod数量(扩容和删除)
[root@k8s-master1 ~]# kubectl scale --replicas=3 deploy myapptdep -n devs
[root@k8s-master1 ~]# kubectl get pods -n devs -l app=myapptdep --show-labels=true
NAME READY STATUS RESTARTS AGE LABELS
myapptdep-56dcd68676-mnm9q 1/1 Running 0 4m37s app=myapptdep,pod-template-hash=56dcd68676
[root@k8s-master1 ~]# kubectl scale --replicas=3 deploy myapptdep -n devs
deployment.extensions/myapptdep scaled
[root@k8s-master1 ~]# kubectl get pods -n devs -l app=myapptdep --show-labels=true
NAME READY STATUS RESTARTS AGE LABELS
myapptdep-56dcd68676-ll4rt 1/1 Running 0 2s app=myapptdep,pod-template-hash=56dcd68676
myapptdep-56dcd68676-mnm9q 1/1 Running 0 4m44s app=myapptdep,pod-template-hash=56dcd68676
myapptdep-56dcd68676-q5kft 1/1 Running 0 2s app=myapptdep,pod-template-hash=56dcd68676
6、场景模拟一:nginx配置文件
参考:K8s ConfigMap 存储 Nginx 配置文件【转】 - paul_hch - 博客园
6.1 创建nginx服务
[root@k8s-master1 ~]# cat myapptdep1.yaml # 上面已经有配置,这里直接使用了
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: myapptdep1
name: myapptdep1
namespace: devs
spec:
replicas: 2
selector:
matchLabels:
app: myapppod
template:
metadata:
labels:
app: myapppod
spec:
containers:
- image: docker.wanpeng.top/library/nginx:1.18.0-alpine
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 80
[root@k8s-master1 ~]# kubectl apply -f myapptdep1.yaml
保证上面都能正常运行,且curl也是可以正常输出的。 下面开始配置cm信息。
6.2 创建configmap服务
[root@k8s-master1 ng-conf]# cat nginx_cm_8080.yaml
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
namespace: devs
data:
default.conf: |-
server {
listen 8080;
listen [::]:8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
[root@k8s-master1 ng-conf]# kubectl apply -f nginx_cm_8080.yaml
[root@k8s-master1 ng-conf]# kubectl -n devs get cm nginx-conf
[root@k8s-master1 ng-conf]# kubectl -n devs describe cm nginx-conf # 正常输出,配置文件里面将80调整为8080
6.3 把cm引入到pod
[root@k8s-master1 ng-conf]# vi nginx-8080.yaml # 注意标黄是新增的cm挂载信息。
[root@k8s-master1 ~]# cat myapptdep1.yaml
...
name: nginx
ports:
- containerPort: 80
volumeMounts:
- name: conf-vol
mountPath: /etc/nginx/conf.d
volumes:
- name: conf-vol
configMap:
name: nginx-con
[root@k8s-master1 ng-conf]# kubectl apply -f nginx-8080.yaml
[root@k8s-master1 ng-conf]# kubectl describe cm nginx-conf
[root@k8s-master1 ~]# curl 192.168.36.70
curl: (7) Failed connect to 192.168.36.70:80; 拒绝连接
[root@k8s-master1 ~]# curl 192.168.36.70:8080
...
<title>Welcome to nginx!</title>
这里可以看到8080端口已经生效,自此cm配置生效。
可以调整cm里面的端口号
这里发现改了端口号,pod并不会重新加载cm配置,只有pod重建后才会获取最新的cm配置信息。
[root@k8s-master1 ng-conf]# sed -i 's/8090/8080/g' nginx_cm_8080.yaml
[root@k8s-master1 ng-conf]# kubectl apply -f nginx_cm_8080.yaml
[root@k8s-master1 ng-conf]# kubectl -n devs get pods -owide
[root@k8s-master1 ~]# kubectl -n devs exec -it myapptdep1-b88d8b45f-bx4rt -- sh 进入新生成的pod查看配置,并不是最新的cm配置
/ # more etc/nginx/conf.d/default.conf
[root@k8s-master1 ng-conf]# kubectl -n devs delete pod myapptdep1-b88d8b45f-v8chr # 依次删除pod,也可以一致性删除deploy,不过这个生产上有一定的风险。
[root@k8s-master1 ng-conf]# curl 192.168.36.71:8080
curl: (7) Failed connect to 192.168.36.71:8080; 拒绝连接
[root@k8s-master1 ng-conf]# curl 192.168.36.71:8090
...
<title>Welcome to nginx!</title>
6.4 把主机静态文件引入pod
这里可以尝试挂载一个index文件,将nginx首页改变下。
[root@k8s-master1 ng-conf]# echo "Test k8s nginx volume index.html">/tmp/index.html
[root@k8s-master1 ~]# scp /tmp/index.html k8s-node1:/tmp # 提前将文件拷贝到(所有)node节点上面。
[root@k8s-master1 ng-conf]# tail -15 myapptdep1_cm_vol.yaml 注意标红位置
[root@k8s-master1 ng-conf]# tail -15 myapptdep1_cm_vol.yaml
ports:
- containerPort: 80
volumeMounts:
- name: conf-vol
mountPath: /etc/nginx/conf.d
- name: conf-file
mountPath: /usr/share/nginx/html/index.html
volumes:
- name: conf-vol
configMap:
name: nginx-conf
- name: conf-file
hostPath:
path: /tmp/index.html
type: File
[root@k8s-master1 ng-conf]# kubectl apply -f myapptdep1_cm_vol.yaml
[root@k8s-master1 ng-conf]# curl 192.168.36.72:8080
Test k8s nginx volume index.html
挂载在主机上面的文件,修改文件会实时生效
[root@k8s-node2 images]# echo "name is bug.">>/tmp/index.html # 修改文件
[root@k8s-master1 ng-conf]# curl 192.168.169.137:8090
Test k8s nginx volume index.html
name is bug.
7、引入环境变量
参考:在k8S中,如何向Pod中指定容器传递环境变量?有哪些方式?-阿里云开发者社区
在 Kubernetes (k8S) 中,向 Pod 中指定容器传递环境变量可以通过以下几种方式
7.1 直接在 Pod 定义的 YAML 文件中声明环境变量
[root@k8s-master1 ng-conf]# vi myapptdep1_cm_vol.yaml # 新增标红位置,引入环境变量
[root@k8s-master1 ng-conf]# vi myapptdep1_cm_vol.yaml
...
mountPath: /usr/share/nginx/html/index.html
env:
- name: NGINX_TEST01
value: "nginx_test01"
- name: NGINX_TEST02
value: "nginx_test02"
volumes:
...
[root@k8s-master1 ng-conf]# kubectl apply -f myapptdep1_cm_vol.yaml # 会重新生成pods
[root@k8s-master2 ~]# kubectl -n devs exec -it myapptdep1-7c9454cb4b-qh6z2 -- 'env' |grep NGINX_TEST0 # 进入pod,查看引入的环境变量
NGINX_TEST01=nginx_test01
NGINX_TEST02=nginx_test02
7.2 从 ConfigMap 中注入环境变量
可以创建一个 ConfigMap,并通过环境变量的方式引用其中的数据。首先创建 ConfigMap,然后在 Pod 容器配置中引用:
整体配置如上,就最后一行添加一条环境变量信息。
[root@k8s-master1 ng-conf]# tail -2 nginx_cm_8080.yaml
}
NGINX_TEST03: nginx_test03
[root@k8s-master1 ng-conf]# kubectl apply -f nginx_cm_8080.yaml # 前面引入的是配置文件,这个引入的是环境变量,所以需要新的引入方式。
...
- name: NGINX_TEST02
value: "nginx_test02"
envFrom:
- configMapRef:
name: nginx-conf
[root@k8s-master1 ng-conf]# kubectl apply -f myapptdep1_cm_vol.yaml
[root@k8s-master2 ~]# kubectl -n devs exec -it myapptdep1-69b5499f46-d5s4r -- 'env' |grep NGINX_TEST0 # 如下生效了。
NGINX_TEST01=nginx_test01
NGINX_TEST02=nginx_test02
NGINX_TEST03=nginx_test03
3、从 Secret 中注入环境变量:
填写配置文件,
[root@k8s-master1 ng-conf]# cat nginx_secret.yaml apiVersion: v1 kind: Secret metadata: name: secret-conf namespace: devs type: Opaque data: NGINX_TEST04: dmFsdWU0 [root@k8s-master1 ng-conf]# grep -B 4 -A 1 secret-conf myapptdep1_cm_vol.yaml envFrom: - configMapRef: name: nginx-conf - secretRef: name: secret-conf volumes:
先了解下加密,因secret里面需要这些信息。
[root@k8s-master2 ~]# echo 'value4' | base64
dmFsdWU0Cg==
[root@k8s-master2 ~]# echo 'value3' | base64
dmFsdWUzCg==
[root@k8s-master2 ~]# echo 'dmFsdWUzCg==' | base64 --decode
value3
[root@k8s-master2 ~]# echo 'dmFsdWU0' | base64 --decode
value4[root@k8s-master2 ~]#
[root@k8s-master1 ng-conf]# kubectl apply -f nginx_secret.yaml
[root@k8s-master1 ng-conf]# kubectl apply -f myapptdep1_cm_vol.yaml
[root@k8s-master2 ~]# kubectl -n devs exec -it myapptdep1-86d8ffc4f9-6vfhc -- 'env' |grep NGINX_TEST0 (如下,熟悉了加解密后才会理解,为什么NGINX_TEST04=value4)
...
NGINX_TEST03=nginx_test03
NGINX_TEST04=value4
这里附带学习下动态获取 Pod 或集群信息,如下动态获取pod ip信息
[root@k8s-master2 ~]# kubectl -n devs exec -it myapptdep1-c84fc886f-vpkf8 -- 'ifconfig' |grep 192.168
inet addr:192.168.169.142 Bcast:0.0.0.0 Mask:255.255.255.255
[root@k8s-master2 ~]# kubectl -n devs exec -it myapptdep1-c84fc886f-vpkf8 -- 'env' |grep MY_POD_IP # 确实是获取了真实的pod ip地址。
MY_POD_IP=192.168.169.142
8、Limits、requests资源参数限制
K8s 中requests、limits这 2 个参数的合理设置对整个集群的稳定性至关重要。 如下对nginx pod配置限制。
[root@k8s-master1 ng-conf]# grep -A 7 resources myapptdep1_cm_vol.yaml
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: 100m
memory: 100Mi
volumes:
[root@k8s-master1 ng-conf]# kubectl apply -f myapptdep1_cm_vol.yaml
[root@k8s-master1 ng-conf]# kubectl -n devs describe pods myapptdep1-65d97dddd9-6k6wj |grep -A 5 Limits # 新生成的pod信息查看,验证ok
[root@k8s-master1 ~]# kubectl -n devs describe pods myapptdep1-7f7fd59d87-ffr8z |grep -A 5 Limits
Limits:
cpu: 100m
memory: 100Mi
Requests:
cpu: 10m
memory: 10Mi
9、引入三种探针服务
容器配置存活(Liveness)、就绪(Readiness)和启动(Startup)探针。
使用存活探测器来知道什么时候要重启容器。 例如,存活探测器可以捕捉到死锁(应用程序在运行,但是无法继续执行后面的步骤)。
使用就绪探测器可以知道容器什么时候准备好了并可以开始接受请求流量。
使用启动探测器可以知道应用程序容器什么时候启动了。(1.16之后版本新增的)
结合前面的案例,这里使用http探测实现。
[root@k8s-master1 ng-conf]# grep -A 6 livenessProbe myapptdep1_cm_vol.yaml
[root@k8s-master1 ng-conf]# grep -A 6 livenessProbe myapptdep1_cm_vol.yaml
livenessProbe:
httpGet:
path: /index.html
port: 8080
initialDelaySeconds: 3
periodSeconds: 5
volumes:
pod上面验证配置,正常输出。
[root@k8s-master1 ~]# kubectl -n devs describe pods myapptdep1-7f7fd59d87-ffr8z |grep -A1 -B1 Liveness
memory: 10Mi
Liveness: http-get http://:8080/index.html delay=3s timeout=1s period=5s #success=1 #failure=3
Environment Variables from:
自此完成了单个pod,deployment创建,pod扩缩容,文件挂载,3种环境变量配置,requests和limits资源限制,3中探针配置。
相关配置附件如下,
[root@k8s-master1 ng-conf]# cat myapptdep1_cm_vol.yaml
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
labels:
app: myapptdep1
name: myapptdep1
namespace: devs
spec:
replicas: 2
selector:
matchLabels:
app: myapppod
template:
metadata:
labels:
app: myapppod
spec:
containers:
- image: docker.wanpeng.top/library/nginx:1.18.0-alpine
imagePullPolicy: IfNotPresent
name: nginx
ports:
- containerPort: 80
volumeMounts:
- name: conf-vol
mountPath: /etc/nginx/conf.d
- name: conf-file
mountPath: /usr/share/nginx/html/index.html
env:
- name: NGINX_TEST01
value: "nginx_test01"
- name: NGINX_TEST02
value: "nginx_test02"
- name: MY_POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
envFrom:
- configMapRef:
name: nginx-conf
- secretRef:
name: secret-conf
resources:
requests:
cpu: 10m
memory: 10Mi
limits:
cpu: 100m
memory: 100Mi
livenessProbe:
httpGet:
path: /index.html
port: 8080
initialDelaySeconds: 3
periodSeconds: 5
volumes:
- name: conf-vol
configMap:
name: nginx-conf
- name: conf-file
hostPath:
path: /tmp/index.html
type: File
apiVersion: v1
kind: ConfigMap
metadata:
name: nginx-conf
namespace: devs
data:
default.conf: |-
server {
listen 8080;
listen [::]:8080;
server_name localhost;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
NGINX_TEST03: nginx_test03
[root@k8s-master1 ng-conf]# cat nginx_secret.yaml apiVersion: v1 kind: Secret metadata: name: secret-conf namespace: devs type: Opaque data: NGINX_TEST04: dmFsdWU0
浙公网安备 33010602011771号