kubectl使用详解
管理k8s核心资源,说白了就是管理k8s集群的各种资源,四组核心概念
-
pod和pod控制器
-
name和namespace
-
label和label***ker
-
ingress和service,service和ingress
管理k8s核心资源的三种基本办法:
- 陈述式管理方法: 主要依赖命令行CLI工具进行管理
- 声明式管理方法:主要依赖同意资源配置清单(manifest)进行管理
- GUI式管理方法:主要依赖图形化操作界面(web页面)进行管理
这三种办法互相依托,协同工作,所以这三种办法都要掌握
陈述式管理办法
查找名称空间
```bash
[root@hdss7-22 ~]# kubectl get namespace
NAME STATUS AGE
default Active 14d
kube-node-lease Active 14d
kube-public Active 14d
kube-system Active 14d
还可以简写
[root@hdss7-22 ~]# kubectl get ns
NAME STATUS AGE
default Active 14d
kube-node-lease Active 14d
kube-public Active 14d
kube-system Active 14d
[root@hdss7-22 ~]# kubectl get all -n default
NAME READY STATUS RESTARTS AGE
pod/nginx-ds-nmgjn 1/1 Running 1 6d22h
pod/nginx-ds-v7hrn 1/1 Running 1 6d22h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 14d
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/nginx-ds 2 2 2 2 2 <none> 6d22h
-n default可以默认不写,除非显式指定名称空间,-n 名称空间
创建名称空间
[root@hdss7-22 ~]# kubectl create ns app
namespace/app created
[root@hdss7-22 ~]# kubectl get ns
NAME STATUS AGE
app Active 12s
删除
[root@hdss7-22 ~]# kubectl delete ns app
namespace "app" deleted
管理deployment资源
创建deployment
image是指定仓库里面的镜像
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 ~]# kubectl get deploy -n kube-public
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dp 1/1 1 1 26s
[root@hdss7-21 ~]# kubectl get pods -n kube-public -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-5dfc689474-lt7xp 1/1 Running 0 105s 172.7.22.3 hdss7-22.host.com <none> <none>
-o wide使用扩展的方式显示资源
看到这个pod IP,瞬间就反应到宿主机上,10.4.7.22,这就是为什么要规范我们的pod网络,它实际上是和我们的node网络有关联的。
[root@hdss7-22 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
50900aac89d3 84581e99d807 "nginx -g 'daemon of…" 36 minutes ago Up 36 minutes k8s_my-nginx_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_1
7072a0744000 harbor.od.com/public/pause:latest "/pause" 36 minutes ago Up 36 minutes k8s_POD_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_1
6177adeadd5e harbor.od.com/public/nginx "nginx -g 'daemon of…" 6 days ago Exited (255) 36 minutes ago k8s_my-nginx_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_0
780d1a240090 harbor.od.com/public/pause:latest "/pause" 6 days ago Exited (255) 36 minutes ago k8s_POD_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_0
这个"/pause"就是先行的把网络空间,ipc空间等占了
详细查看
[root@hdss7-21 ~]# kubectl describe deployment nginx-dp -n kube-public
Name: nginx-dp
Namespace: kube-public
CreationTimestamp: Mon, 17 Aug 2020 21:58:01 +0800
Labels: app=nginx-dp
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=nginx-dp
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=nginx-dp
Containers:
nginx:
Image: harbor.od.com/public/nginx:v1.7.9
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-dp-5dfc689474 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 7m52s deployment-controller Scaled up replica set nginx-dp-5dfc689474 to 1
Annotations:注解
Selector:标签选择器
StrategyType:更新策略:四种概念:蓝绿发布?滚动发布,灰度发布,金丝雀发布
k8s默认策略是滚动发布
Events:先找谁,谁干活,kubectl一条命令下去,先找ApiServer,通过ApiServer进行通信,ApiServer找scheduler,然后scheduler在最恰当的节点去起容器,比如有7-21节点是ready,7-22节点ready,它就有一些优选策略,预选策略是提前有一些要求,满足则选择。就算要调度也是通知kubelet去干活,不会通过apiserver
可以看到kubelet的server是https://10.4.7.10:7443,而这,正好就是vip的IP和端口
[root@hdss7-21 ~]# cat /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig
apiVersion: v1
clusters:
- cluster:
.......
server: https://10.4.7.10:7443
.......
进入pod资源
[root@hdss7-21 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-ds-nmgjn 1/1 Running 1 6d23h
nginx-ds-v7hrn 1/1 Running 1 6d23h
[root@hdss7-21 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-lt7xp 1/1 Running 0 29m
[root@hdss7-21 ~]# kubectl exec -it nginx-dp-5dfc689474-lt7xp /bin/bash -n kube-public
root@nginx-dp-5dfc689474-lt7xp:/# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:07:16:03 brd ff:ff:ff:ff:ff:ff
inet 172.7.22.3/24 brd 172.7.22.255 scope global eth0
valid_lft forever preferred_lft forever
使用docker exec也同样可以进入pod资源,而kubectl可以跨主机执行,就是说,可以在某个pod节点上查看其他pod的节点的pod资源
root@nginx-dp-5dfc689474-lt7xp:/# hostname
nginx-dp-5dfc689474-lt7xp
删除pod资源
[root@hdss7-21 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-lt7xp 1/1 Running 0 39m
使用watch观察pod重建状态变化
[root@hdss7-21 ~]# watch -n 1 'kubectl describe deployment nginx-dp -n kube-public | grep -C 5 Event'
Every 1.0s: kubectl describe deployment nginx-dp -n kube-public | grep -C 5 Event Mon Aug 17 22:40:48 2020
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-dp-5dfc689474 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 42m deployment-controller Scaled up replica set nginx-dp-5dfc689474 to 1
删除pod资源其实就是重启pod的方法
[root@hdss7-21 ~]# kubectl delete pod nginx-dp-5dfc689474-lt7xp -n kube-public
pod "nginx-dp-5dfc689474-lt7xp" deleted
[root@hdss7-22 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-n98tp 1/1 Running 0 46s
看到这里nginx的名字已经变了
nginx-dp-5dfc689474-lt7xp
nginx-dp-5dfc689474-n98tp
再扩展查看
[root@hdss7-22 ~]# kubectl get pods -n kube-public -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-5dfc689474-n98tp 1/1 Running 0 2m31s 172.7.21.3 hdss7-21.host.com <none> <none>
可以看到现在已经running在172.7.21.3节点上,已经调度到172.7.21.3节点上。
为什么这样子?
因为scheduler发现7.21和7.22一样闲,就开始启动优选策略,然后如果两个忙闲都一样,网络带宽等都一样,就随机选择一个。
使用强制删除,需要加参数:--force--grace-period=0
kubectl delete pod nginx-dp-5dfc689474-lt7xp -n kube-public --force--grace-period=0
删除deployment
kubectl delete deployment nginx-dp -n kube-public
管理service资源
创建service
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-k2k8j 1/1 Running 0 64s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 64s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 64s
当pod资源被删除之后(不是强制删除),就会发现pod从这个节点漂移到另外一个节点上,它虽然接受一个pod控制器控制,它属于一种漂移的状态,因此IP变了,所以需要抽象出一种稳定的service,来提供稳定的服务。
[root@hdss7-21 ~]# kubectl expose deployment nginx-dp --port=80 -n kube-public
service/nginx-dp exposed
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-k2k8j 1/1 Running 0 5m28s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx-dp ClusterIP 192.168.222.251 <none> 80/TCP 26s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 5m28s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 5m28s
可以看到NAME那里多出了service资源被列出来,这个service资源还有一个clusterIP,clusterIP就是service固定的pod点,现在在另外一个节点,22节点上查看
[root@hdss7-22 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-k2k8j 1/1 Running 0 9m20s
[root@hdss7-22 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-k2k8j 1/1 Running 0 9m46s
[root@hdss7-22 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-k2k8j 1/1 Running 0 9m56s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx-dp ClusterIP 192.168.222.251 <none> 80/TCP 4m54s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 9m56s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 9m56s
curl一下
[root@hdss7-22 ~]# curl 192.168.222.251
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
使用ipvsadm -Ln查看
[root@hdss7-22 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.222.251:80 nq
-> 172.7.22.3:80 Masq 1 0 0
扩容
[root@hdss7-22 ~]# kubectl scale deployment nginx-dp --replicas=2 -n kube-public
deployment.extensions/nginx-dp scaled
[root@hdss7-22 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.222.251:80 nq
-> 172.7.21.3:80 Masq 1 0 0
-> 172.7.22.3:80 Masq 1 0 0
可以看到在最下面,多了172.7.22.3:80,看到无论下面的pod怎么变,前面的endpoint192.168.222.251:80 nq不会变。
service就是抽象出来一个相对稳定的点,让服务能够有一个稳定的点接入进去。
把deployment改回来。
[root@hdss7-22 ~]# kubectl scale deployment nginx-dp --replicas=1 -n kube-public
deployment.extensions/nginx-dp scaled
查看service
[root@hdss7-21 ~]# kubectl describe svc nginx-dp -n kube-public
Name: nginx-dp
Namespace: kube-public
Labels: app=nginx-dp
Annotations: <none>
Selector: app=nginx-dp
Type: ClusterIP
IP: 192.168.222.251
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 172.7.22.3:80
Session Affinity: None
Events: <none>
service是怎么找到这个pod的?
因为它依赖于k8s的特色管理功能,叫做Label Selector。就是凡是有app=nginx-dp,又在同一个命名空间(kube-public)内的,service都能匹配到这个pod,因此service就通过这个标签选择器将这个关联起来了。
可以通过运算节点能够ping到IP,而其他节点都不能,所以只有在k8s集群里,这个IP才有意义,这是一个虚的IP,它并没有占用整个全网空间,只有在k8s这个192.168网段内才生效。
[root@hdss7-21 ~]# ping 192.168.222.251
PING 192.168.222.251 (192.168.222.251) 56(84) bytes of data.
64 bytes from 192.168.222.251: icmp_seq=1 ttl=64 time=0.051 ms
64 bytes from 192.168.222.251: icmp_seq=2 ttl=64 time=0.053 ms
集群的网络不会主动暴露到集群的外面的,这个ClusterIP只对集群内部有用,对集群外部没用,让人一看这个IP就是虚的,没人用,提醒这就是一个虚的IP。
[root@hdss7-22 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.222.251:80 nq
-> 172.7.22.3:80 Masq 1 0 0
192.168.222.251:80 nq
nq:永不排队
陈述式资源管理方法小结
- kubernetes集群管理资源的唯一入口是通过相应的方法调用apiserver的接口
- kubectl是官方CLI命令行工具,用于与apiserver进行通信,将用户在命令行输入的命令,组织并转化为apiserver能识别的信息,进而实现管理k8s各种资源的一种有效途径
- 陈述式资源管理方法可以满足90%以上的资源管理需求,但它的缺点也很明显:
- 命令冗长、复杂、难以记忆
- 特定场景下,无法实现管理需求
- 对资源的增删查操作比较容易,改就很痛苦