目录
一.系统环境
| 服务器版本 | docker软件版本 | CPU架构 |
|---|---|---|
| CentOS Linux release 7.4.1708 (Core) | Docker version 20.10.12 | x86_64 |
二.前言
kubectl是Kubernetes提供的命令行工具,kubectl 使用 Kubernetes API 与 Kubernetes 集群的控制面进行通信。
针对配置信息,kubectl 在 $HOME/.kube 目录中查找一个名为 config 的配置文件来连接Kubernetes 集群。 你可以通过设置 KUBECONFIG 环境变量或设置 --kubeconfig 参数来指定其它 kubeconfig 文件。
使用kubectl命令行工具的前提是已经有一套可以正常运行的Kubernetes集群,关于Kubernetes(k8s)集群的安装部署,可以查看博客《Centos7 安装部署Kubernetes(k8s)集群》https://www.cnblogs.com/renshengdezheli/p/16686769.html
三.kubectl
3.1 kubectl语法
kubectl的语法为:kubectl [command] [TYPE] [NAME] [flags],其中 command、TYPE、NAME 和 flags 分别是:
-
command:指定要对一个或多个资源执行的操作,例如 create、get、describe、delete。
-
TYPE:指定资源类型。资源类型不区分大小写, 可以指定单数、复数或缩写形式。例如,以下命令输出相同的结果:
kubectl get pod pod1 kubectl get pods pod1 kubectl get po pod1 -
NAME:指定资源的名称。名称区分大小写。 如果省略名称,则显示所有资源的详细信息。例如:kubectl get pods。
-
flags: 指定可选的参数。例如,可以使用 -s 或 --server 参数指定 Kubernetes API 服务器的地址和端口。
要对所有类型相同的资源进行分组,请执行以下操作:TYPE1 name1 name2 name<#>。
例子:kubectl get pod example-pod1 example-pod2
分别指定多个资源类型:TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#>。
例子:kubectl get pod/example-pod1 replicationcontroller/example-rc1
3.2 kubectl格式化输出
kubectl格式化输出语法:kubectl [command] [TYPE] [NAME] -o <output_format>
| 输出格式 | 描述 |
|---|---|
| -o custom-columns=spec | 使用逗号分隔的自定义列列表打印表。 |
| -o custom-columns-file=filename | 使用 filename文件中的自定义列模板打印表。 |
| -o json | 输出 JSON 格式的 API 对象 |
| -o jsonpath=template | 打印 jsonpath 表达式定义的字段 |
| -o jsonpath-file=filename | 打印 filename>文件中 jsonpath 表达式定义的字段。 |
| -o name | 仅打印资源名称而不打印任何其他内容。 |
| -o wide | 以纯文本格式输出,包含所有附加信息。对于 Pod 包含节点名。 |
| -o yaml | 输出 YAML 格式的 API 对象。 |
四.kubectl常用命令
查看从什么地址能访问k8s API,会显示k8s集群的master节点的地址
[root@k8scloude1 ~]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.110.130:6443
CoreDNS is running at https://192.168.110.130:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
查看kubectl版本
[root@k8scloude1 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:31:21Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:25:06Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"linux/amd64"}
[root@k8scloude1 ~]# kubectl version --short
Client Version: v1.21.0
Server Version: v1.21.0
查看k8s的pod网段,可以看到pod网段为10.244.0.0/16
#查看初始化时候的k8s集群配置:kubeadm config view
[root@k8scloude1 ~]# kubeadm config view
Command "view" is deprecated, This command is deprecated and will be removed in a future release, please use 'kubectl get cm -o yaml -n kube-system kubeadm-config' to get the kubeadm config directly.
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.21.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
查看kubeconfig文件的结构
[root@k8scloude1 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.110.130:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
五.查看kubernetes集群node节点和pod负载
5.1 安装metric-server
查看node节点和pod的负载,发现看不了node和pod的负载,是因为没有安装metric-server
[root@k8scloude1 ~]# kubectl top nodes
W0109 16:45:38.197980 75467 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
error: Metrics API not available
[root@k8scloude1 ~]# kubectl top pods
W0109 16:45:58.436117 75718 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
error: Metrics API not available
为了查看节点和pod的负载,下面开始安装metric-server
创建目录,用来存放metric-server
[root@k8scloude1 ~]# mkdir metric-server
[root@k8scloude1 ~]# cd metric-server/
下载metrics-server并解压
[root@k8scloude1 metric-server]# wget https://github.com/kubernetes-sigs/metrics-server/archive/v0.3.6.tar.gz
[root@k8scloude1 metric-server]# ls
v0.3.6.tar.gz
[root@k8scloude1 metric-server]# tar xf v0.3.6.tar.gz
[root@k8scloude1 metric-server]# ls
metrics-server-0.3.6 v0.3.6.tar.gz
[root@k8scloude1 metric-server]# cd metrics-server-0.3.6/
[root@k8scloude1 metrics-server-0.3.6]# ls
cmd code-of-conduct.md CONTRIBUTING.md deploy Gopkg.lock Gopkg.toml hack LICENSE Makefile OWNERS OWNERS_ALIASES pkg README.md SECURITY_CONTACTS vendor version
[root@k8scloude1 metrics-server-0.3.6]# cd deploy/
[root@k8scloude1 deploy]# ls
1.7 1.8+ docker minikube
[root@k8scloude1 deploy]# cd 1.8+
[root@k8scloude1 1.8+]# ls
aggregated-metrics-reader.yaml auth-delegator.yaml auth-reader.yaml metrics-apiservice.yaml metrics-server-deployment.yaml metrics-server-service.yaml resource-reader.yaml
查看需要下载的镜像,image: k8s.gcr.io/metrics-server-amd64:v0.3.6这个镜像国内访问不了,我们手动下载一个国内镜像
[root@k8scloude1 1.8+]# grep image metrics-server-deployment.yaml
# mount in tmp so we can safely use from-scratch images and/or read-only containers
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: Always
在k8s集群master节点和worker节点都需要下载metrics-server-amd64:v0.3.6镜像
[root@k8scloude1 1.8+]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker images | grep mirrorgooglecontainers
REPOSITORY TAG IMAGE ID CREATED SIZE
mirrorgooglecontainers/metrics-server-amd64 v0.3.6 9dd718864ce6 2 years ago 39.9MB
镜像已经下好了,现在进行docker tag重命名,并删除原镜像mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
worker节点也进行相同操作
[root@k8scloude2 ~]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude2 ~]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude2 ~]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
修改配置文件,镜像下载策略imagePullPolicy改为IfNotPresent,IfNotPresent表示只有当镜像在本地不存在时才会拉取
[root@k8scloude1 1.8+]# pwd
/root/metric-server/metrics-server-0.3.6/deploy/1.8+
#修改内容如下: imagePullPolicy: IfNotPresent
# command:
# - /metrics-server
# - --metric-resolution=30s
# - --kubelet-insecure-tls
# - --kubelet-preferred-address-types=InternalIP
[root@k8scloude1 1.8+]# tail -20 metrics-server-deployment.yaml
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
command:
- /metrics-server
- --metric-resolution=30s
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
volumeMounts:
- name: tmp-dir
mountPath: /tmp
安装metrics-server
#kubectl apply -f . .表示安装当前目录下的所有文件
[root@k8scloude1 1.8+]# kubectl apply -f .
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19+, unavailable in v1.22+; use apiregistration.k8s.io/v1 APIService
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
查看所有的命名空间
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 18h
kube-node-lease Active 18h
kube-public Active 18h
kube-system Active 18h
当观察到metrics-server-bcfb98c76-k5dmj状态为Running,metrics-server服务就正常启动了
[root@k8scloude1 1.8+]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6b9fbfff44-4jzkj 1/1 Running 2 19h 10.244.251.194 k8scloude3 <none> <none>
calico-node-bdlgm 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
calico-node-hx8bk 1/1 Running 1 19h 192.168.110.128 k8scloude3 <none> <none>
calico-node-nsbfs 1/1 Running 1 19h 192.168.110.129 k8scloude2 <none> <none>
coredns-545d6fc579-7wm95 1/1 Running 1 19h 10.244.158.68 k8scloude1 <none> <none>
coredns-545d6fc579-87q8j 1/1 Running 1 19h 10.244.158.67 k8scloude1 <none> <none>
etcd-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-apiserver-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-controller-manager-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-proxy-599xh 1/1 Running 1 19h 192.168.110.128 k8scloude3 <none> <none>
kube-proxy-lpj8z 1/1 Running 1 19h 192.168.110.129 k8scloude2 <none> <none>
kube-proxy-zxlk9 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-scheduler-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
metrics-server-bcfb98c76-k5dmj 1/1 Running 0 70s 10.244.112.131 k8scloude2 <none> <none>
5.2 查看node负载
查看node的负载
[root@k8scloude1 1.8+]# kubectl top node
W0110 11:37:47.025099 75026 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8scloude1 257m 12% 1487Mi 45%
k8scloude2 104m 5% 698Mi 36%
k8scloude3 102m 5% 701Mi 36%
5.3 查看pod负载
查看pod的负载
注释:一核心分成1000个微核心m 1核=1000m
[root@k8scloude1 1.8+]# kubectl top pods
W0110 11:38:40.576780 75696 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
No resources found in default namespace.
#-A表示所有命名空间
[root@k8scloude1 1.8+]# kubectl top pods -A
W0110 11:38:47.276962 75784 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
NAMESPACE NAME CPU(cores) MEMORY(bytes)
kube-system calico-kube-controllers-6b9fbfff44-4jzkj 2m 25Mi
kube-system calico-node-bdlgm 37m 170Mi
kube-system calico-node-hx8bk 43m 157Mi
kube-system calico-node-nsbfs 56m 164Mi
kube-system coredns-545d6fc579-7wm95 3m 18Mi
kube-system coredns-545d6fc579-87q8j 3m 18Mi
kube-system etcd-k8scloude1 14m 91Mi
kube-system kube-apiserver-k8scloude1 60m 351Mi
kube-system kube-controller-manager-k8scloude1 21m 56Mi
kube-system kube-proxy-599xh 1m 24Mi
kube-system kube-proxy-lpj8z 1m 24Mi
kube-system kube-proxy-zxlk9 1m 24Mi
kube-system kube-scheduler-k8scloude1 3m 23Mi
kube-system metrics-server-bcfb98c76-k5dmj 1m 13Mi
六.命名空间namespace的管理
6.1 何为命名空间namespace
在 Kubernetes 中,命名空间(Namespace) 提供一种机制,将同一集群中的资源划分为相互隔离的组。 同一命名空间内的资源名称要唯一,但跨命名空间时没有这个要求。 命名空间作用域仅针对带有命名空间的对象,例如 Deployment、Service 等, 这种作用域对集群访问的对象不适用,例如 StorageClass、Node、PersistentVolume 等。
6.2 管理命名空间namespace
查看所有的命名空间
[root@k8scloude1 1.8+]# kubectl get namespaces
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
创建命名空间,注意:不同的namespace之间相互隔离
[root@k8scloude1 1.8+]# kubectl create ns ns1
namespace/ns1 created
[root@k8scloude1 1.8+]# kubectl create ns ns2
namespace/ns2 created
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
ns1 Active 6s
ns2 Active 4s
获取全局上下文,可以看到当前命名空间为default
[root@k8scloude1 ~]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes-admin@kubernetes kubernetes kubernetes-admin default
切换命名空间
#切换命名空间
[root@k8scloude1 ~]# kubectl config set-context --current --namespace=kube-system
Context "kubernetes-admin@kubernetes" modified.
[root@k8scloude1 ~]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes-admin@kubernetes kubernetes kubernetes-admin kube-system
#获取当前K8S上下文
[root@k8scloude1 ~]# kubectl config current-context
kubernetes-admin@kubernetes
6.2 使用kubens管理命名空间namespace
默认的切换命名空间的命令不好用,可以使用第三方的命名空间切换工具:kubens,kubens命令所在的网站为:https://github.com/ahmetb/kubectx/releases/
下载kubens,并授予可执行权限
[root@k8scloude1 ~]# wget https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens
[root@k8scloude1 ~]# ll -h kubens
-rw-r--r-- 1 root root 5.5K 12月 8 15:46 kubens
[root@k8scloude1 ~]# chmod +x kubens
[root@k8scloude1 ~]# mv kubens /bin/
[root@k8scloude1 ~]# ls /bin/kubens
/bin/kubens
查看所有的命名空间
[root@k8scloude1 ~]# kubens
default
kube-node-lease
kube-public
kube-system
ns1
ns2
切换namespace
#切换namespace到kube-system
[root@k8scloude1 ~]# kubens kube-system
Context "kubernetes-admin@kubernetes" modified.
Active namespace is "kube-system".
#此时,默认查询的就是kube-system命名空间下的pod
[root@k8scloude1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6b9fbfff44-4jzkj 1/1 Running 2 20h 10.244.251.194 k8scloude3 <none> <none>
calico-node-bdlgm 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
calico-node-hx8bk 1/1 Running 1 20h 192.168.110.128 k8scloude3 <none> <none>
calico-node-nsbfs 1/1 Running 1 20h 192.168.110.129 k8scloude2 <none> <none>
coredns-545d6fc579-7wm95 1/1 Running 1 20h 10.244.158.68 k8scloude1 <none> <none>
coredns-545d6fc579-87q8j 1/1 Running 1 20h 10.244.158.67 k8scloude1 <none> <none>
etcd-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-apiserver-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-controller-manager-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-proxy-599xh 1/1 Running 1 20h 192.168.110.128 k8scloude3 <none> <none>
kube-proxy-lpj8z 1/1 Running 1 20h 192.168.110.129 k8scloude2 <none> <none>
kube-proxy-zxlk9 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-scheduler-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
metrics-server-bcfb98c76-k5dmj 1/1 Running 0 56m 10.244.112.131 k8scloude2 <none> <none>
切换namespace到default
#切换namespace到default
[root@k8scloude1 ~]# kubens default
Context "kubernetes-admin@kubernetes" modified.
Active namespace is "default".
#此时,默认查询的就是default命名空间下的pod
[root@k8scloude1 ~]# kubectl get pods -o wide
No resources found in default namespace.
#要查询kube-public命名空间下的pod,使用-n kube-public指定
[root@k8scloude1 ~]# kubectl get pods -n kube-public
No resources found in kube-public namespace.