当前位置 : 首页 » 文章分类 :  开发  »  Kubernetes/K8S-kubectl

Kubernetes/K8S-kubectl

Kubernetes/K8S kubectl 命令行工具使用笔记

kubectl reference docs (页面下面有所有 kubectl 子命令的 doc 链接)
https://kubernetes.io/docs/reference/kubectl/kubectl/


kubectl 概览

Overview of kubectl
https://kubernetes.io/docs/reference/kubectl/overview/

kubectl 命令行工具用于管理 Kubernetes 集群。
kubectl 会在 $HOME/.kube 目录中查找并加载名为 config 的配置文件,也可以通过 KUBECONFIG 环境变量或 --kubeconfig 参数来指定 kubeconfig 文件。

kubectl 命令的语法格式:kubectl [command] [TYPE] [NAME] [flags]
其中:

  • command 指定在一个或多个资源上要进行的操作,例如 create, get, describe, delete

  • TYPE 指定资源类型,资源类型不区分大小写,可以指定单数、复数或缩写形式。
    例如 kubectl get nodeskubectl get nodekubectl get no 都可以查看 k8s 集群中的节点信息。kubectl get podskubectl get podkubectl get po 都可以查看 pod

  • NAME 指定资源名,资源名不区分大小写。如果忽略资源名,会显示全部此类资源,例如 kubectl get pods 查看默认命名空间的全部 pod
    在对多个资源执行操作时,你可以按类型和名称指定每个资源,或指定一个或多个文件,例如:
    1、TYPE1 name1 name2 name<#> 同一类型的多个资源,例如 kubectl get pod example-pod1 example-pod2
    2、TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#> 不同类型的资源,例如 kubectl get pod/example-pod1 replicationcontroller/example-rc1
    3、-f file1 -f file2 -f file<#> 用一个或多个文件指定资源,例如 kubectl get -f ./pod.yaml

  • flags 可选的参数,例如可以使用 -s 或 -server 参数指定 Kubernetes API 服务器的地址和端口。

通用选项

kubectl
https://kubernetes.io/docs/reference/kubectl/kubectl/

-n, --namespace string 在指定的名字空间中操作。默认使用 default 名字空间。


kubectl api-resources 列出支持的资源类型

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#api-resources

列出k8s支持的所欲api资源

kubectl api-resources -o wide 可以多打印出 VERBS 列,说明此资源支持的动词(create delete deletecollection get list patch update watch)

# kubectl api-resources
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
bindings                                                                      true         Binding
componentstatuses                 cs                                          false        ComponentStatus
configmaps                        cm                                          true         ConfigMap
endpoints                         ep                                          true         Endpoints
events                            ev                                          true         Event
limitranges                       limits                                      true         LimitRange
namespaces                        ns                                          false        Namespace
nodes                             no                                          false        Node
persistentvolumeclaims            pvc                                         true         PersistentVolumeClaim
persistentvolumes                 pv                                          false        PersistentVolume
pods                              po                                          true         Pod
podtemplates                                                                  true         PodTemplate
replicationcontrollers            rc                                          true         ReplicationController
resourcequotas                    quota                                       true         ResourceQuota
secrets                                                                       true         Secret
serviceaccounts                   sa                                          true         ServiceAccount
services                          svc                                         true         Service
mutatingwebhookconfigurations                  admissionregistration.k8s.io   false        MutatingWebhookConfiguration
validatingwebhookconfigurations                admissionregistration.k8s.io   false        ValidatingWebhookConfiguration
customresourcedefinitions         crd,crds     apiextensions.k8s.io           false        CustomResourceDefinition
apiservices                                    apiregistration.k8s.io         false        APIService
controllerrevisions                            apps                           true         ControllerRevision
daemonsets                        ds           apps                           true         DaemonSet
deployments                       deploy       apps                           true         Deployment
replicasets                       rs           apps                           true         ReplicaSet
statefulsets                      sts          apps                           true         StatefulSet
tokenreviews                                   authentication.k8s.io          false        TokenReview
localsubjectaccessreviews                      authorization.k8s.io           true         LocalSubjectAccessReview
selfsubjectaccessreviews                       authorization.k8s.io           false        SelfSubjectAccessReview
selfsubjectrulesreviews                        authorization.k8s.io           false        SelfSubjectRulesReview
subjectaccessreviews                           authorization.k8s.io           false        SubjectAccessReview
horizontalpodautoscalers          hpa          autoscaling                    true         HorizontalPodAutoscaler
cronjobs                          cj           batch                          true         CronJob
jobs                                           batch                          true         Job
certificatesigningrequests        csr          certificates.k8s.io            false        CertificateSigningRequest
leases                                         coordination.k8s.io            true         Lease
events                            ev           events.k8s.io                  true         Event
ingresses                         ing          extensions                     true         Ingress
nodes                                          metrics.k8s.io                 false        NodeMetrics
pods                                           metrics.k8s.io                 true         PodMetrics
alertmanagers                                  monitoring.coreos.com          true         Alertmanager
podmonitors                                    monitoring.coreos.com          true         PodMonitor
prometheuses                                   monitoring.coreos.com          true         Prometheus
prometheusrules                                monitoring.coreos.com          true         PrometheusRule
servicemonitors                                monitoring.coreos.com          true         ServiceMonitor
thanosrulers                                   monitoring.coreos.com          true         ThanosRuler
ingresses                         ing          networking.k8s.io              true         Ingress
networkpolicies                   netpol       networking.k8s.io              true         NetworkPolicy
runtimeclasses                                 node.k8s.io                    false        RuntimeClass
poddisruptionbudgets              pdb          policy                         true         PodDisruptionBudget
podsecuritypolicies               psp          policy                         false        PodSecurityPolicy
clusterrolebindings                            rbac.authorization.k8s.io      false        ClusterRoleBinding
clusterroles                                   rbac.authorization.k8s.io      false        ClusterRole
rolebindings                                   rbac.authorization.k8s.io      true         RoleBinding
roles                                          rbac.authorization.k8s.io      true         Role
priorityclasses                   pc           scheduling.k8s.io              false        PriorityClass
podpresets                                     settings.k8s.io                true         PodPreset
apimonitors                       am           stable.example.com             false        apiMonitor
csidrivers                                     storage.k8s.io                 false        CSIDriver
csinodes                                       storage.k8s.io                 false        CSINode
storageclasses                    sc           storage.k8s.io                 false        StorageClass
volumeattachments                              storage.k8s.io                 false        VolumeAttachment

kubectl get 查看资源

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#get

kubectl api-resources 可以查看 k8s 支持的所有资源类型。
常用的:

# kubectl api-resources -o wide
NAME                      SHORTNAMES   APIGROUP   NAMESPACED   KIND                   VERBS
configmaps                cm                      true         ConfigMap              [create delete deletecollection get list patch update watch]
namespaces                ns                      false        Namespace              [create delete get list patch update watch]
nodes                     no                      false        Node                   [create delete deletecollection get list patch update watch]
persistentvolumeclaims    pvc                     true         PersistentVolumeClaim  [create delete deletecollection get list patch update watch]
persistentvolumes         pv                      false        PersistentVolume       [create delete deletecollection get list patch update watch]
pods                      po                      true         Pod                    [create delete deletecollection get list patch update watch]
services                  svc                     true         Service                [create delete get list patch update watch]
deployments               deploy       apps       true         Deployment             [create delete deletecollection get list patch update watch]
replicasets               rs           apps       true         ReplicaSet             [create delete deletecollection get list patch update watch]
statefulsets              sts          apps       true         StatefulSet            [create delete deletecollection get list patch update watch]
serviceaccounts           sa                      true         ServiceAccount         [create delete deletecollection get list patch update watch]
secrets                                           true         Secret                 [create delete deletecollection get list patch update watch]
jobs                                   batch      true         Job                    [create delete deletecollection get list patch update watch]
ingresses                 ing          extensions true         Ingress                [create delete deletecollection get list patch update watch]

-o, --output='' 输出格式,常用的有:
-o wide 带额外信息的纯文本输出。
-o yaml 输出为 yaml 格式的 api 对象。
-o json 输出为 json 格式的 api 对象。


kubectl get all 查看全部资源

例如查看全部 mysql 相关资源

# kubectl get all|grep mysql
pod/mysql-ha-0                                                  3/3     Running            0          67d
pod/mysql-init-job-zcdxx                                        0/1     Completed          0          75d
service/mysql-ha                                         ClusterIP   None            <none>        3306/TCP                                    75d
service/mysql-service                                    NodePort    127.0,0,1   <none>        3306:3306/TCP                               75d
deployment.apps/mysql-ha-controller                        1/1     1            1           75d
replicaset.apps/mysql-ha-controller-677456846d                        0         0         0       75d
statefulset.apps/mysql-ha                                          3/3     75d
job.batch/mysql-init-job          1/1           3m35s      75d

kubectl get -w/–watch 查看并监控资源变化

比如 mysql pod 启动过程中可以 kubectl get pod -o wide -w|grep mysql 监控 mysql pod 的状态变化。


kubectl get pod,svc 同时查看Pod和Service

# kubectl get pod,svc -o wide|grep mysql
pod/mysql-0                                     1/1     Running            2          6d19h   10.200.12.123   centos   <none>           <none>
service/mysql-service            ClusterIP   10.200.10.111   <none>        8306/TCP                      20d     app=mysql-my

kubectl get cs 查看组件状态(v1.19后废弃)

kubectl get componentstatuskubectl get cs 查看 k8s 组件状态。

$ kubectl get cs
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE             ERROR
scheduler            Healthy   ok
controller-manager   Healthy   ok
etcd-0               Healthy   {"health":"true"}

从 v1.19 开始, componentstatus API 被废弃。
componentstatus API 提供 etcd, kube-scheduler 和 kube-controller-manager 的状态信息,但只有在这些组件和 api-server 位于同一节点上时数据才是正确的。
https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.19.md#deprecation


kubectl get node/no 查看节点信息

kubectl get nodeskubectl get nodekubectl get no 查看 k8s 集群中的节点信息

$ kubectl get nodes
NAME     STATUS     ROLES    AGE   VERSION
linode   NotReady   master   11d   v1.19.0

kubectl get node -o wide 查看node及IP

# kubectl get nodes -o wide
NAME    STATUS   ROLES    AGE   VERSION   INTERNAL-IP      EXTERNAL-IP   OS-IMAGE                KERNEL-VERSION                CONTAINER-RUNTIME
node1   Ready    master   38d   v1.16.3   127.0.0.1        <none>        CentOS Linux 7 (Core)   4.17.11-1.el7.elrepo.x86_64   docker://19.3.12
node2   Ready    master   38d   v1.16.3   127.0.0.2        <none>        CentOS Linux 7 (Core)   4.17.11-1.el7.elrepo.x86_64   docker://19.3.12
node3   Ready    master   38d   v1.16.3   127.0.0.3        <none>        CentOS Linux 7 (Core)   4.17.11-1.el7.elrepo.x86_64   docker://19.3.12

kubectl get node –show-labels=true 查看节点的标签

kubectl get node –show-labels=true 或 kubectl get node –show-labels

# kubectl get node --show-labels=true
NAME      STATUS   ROLES         AGE   VERSION   LABELS
linode    Ready    master,node   22d   v1.12.3   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/hostname=linode,node-role.kubernetes.io/master=,node-role.kubernetes.io/node=

kubectl get namespace/ns 查看命名空间

kubectl get namespaceskubectl get namespacekubectl get ns 查看命名空间

# kubectl get ns
NAME                 STATUS   AGE
default              Active   202d
ingress-nginx        Active   202d
kube-node-lease      Active   202d
kube-public          Active   202d
kube-system          Active   202d
local-path-storage   Active   202d

kubectl get service/svc 查看service

# kubectl get svc
NAME                     TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)                       AGE
kafka-alone-headless     ClusterIP   None            <none>        8092/TCP                      36d
kafka-service            ClusterIP   10.123.12.123   <none>        8092/TCP                      36d
kubernetes               ClusterIP   10.123.0.1      <none>        443/TCP                       38d
mongo-service            ClusterIP   10.123.12.123   <none>        8017/TCP                      2d13h
mysql-service            ClusterIP   10.123.12.12    <none>        8306/TCP                      21d
redis-service            ClusterIP   10.123.12.123   <none>        8179/TCP                      36d
zk-service               ClusterIP   10.123.12.123   <none>        8121/TCP                      2d13h
zookeeper-headless       ClusterIP   None            <none>        2181/TCP,3888/TCP,2888/TCP    2d13h
gateway-service          NodePort    10.123.123.12   <none>        8081:9081/TCP                 42h
rest-service             NodePort    10.233.13.131   <none>        8102:9102/TCP,8488:9488/TCP   15d

可以看到
NodePort 8081:9081/TCP 的意思是:这是个 NodePort 类型的 service,将容器内部的 8081 端口映射为集群外可访问的 9081 端口
NodePort 8102:9102/TCP,8488:9488/TCP 的意思是:这是个 NodePort 类型的 service,向外暴露了两个端口,容器内的 8102 映射为 9102,容器内的 8488 映射为 9488

kubectl get service -o wide 查看service及selector

# kubectl get svc -o wide
NAME                  type        cluster-ip      external-ip   port(s)        age     selector
da-service            nodeport    10.233.53.253   <none>        8768:8768/tcp  4m18s   app=da
kafka-alone-headless  clusterip   none            <none>        8092/tcp       36d     app.kubernetes.io/component=kafka-broker,app.kubernetes.io/instance=kafka-alone,app.kubernetes.io/name=kafka
kafka-service         clusterip   10.233.58.186   <none>        8092/tcp       36d     app.kubernetes.io/component=kafka-broker,app.kubernetes.io/instance=kafka-alone,app.kubernetes.io/name=kafka
kubernetes            clusterip   10.233.0.1      <none>        443/tcp        38d     <none>
mongo-service         clusterip   10.233.37.193   <none>        8017/tcp       2d15h   app=mongodb-ist
mysql-service         clusterip   10.233.58.99    <none>        8306/tcp       21d     app=mysql-alone-ist-ist
redis-service         clusterip   10.233.44.137   <none>        8179/tcp       36d     app=redis-ist
zk-service            clusterip   10.233.16.246   <none>        8121/tcp       2d15h   app=zookeeper-ist

kubectl get svc xx -o yaml 查看Service的yaml

# kubectl get svc myapp-service -o yaml
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2021-07-14T03:02:07Z"
  name: myapp-service
  namespace: default
  resourceVersion: "39037191"
  selfLink: /api/v1/namespaces/default/services/myapp-service
  uid: e958ddd5-396d-4be9-926c-df05b50d8d5a
spec:
  clusterIP: 127.0.0.1
  externalTrafficPolicy: Cluster
  ports:
  - name: myapp
    nodePort: 9652
    port: 8652
    protocol: TCP
    targetPort: 8652
  selector:
    app: myapp
  sessionAffinity: None
  type: NodePort
status:
  loadBalancer: {}

kubectl get pod/po 查看pod

kubectl get podskubectl get podkubectl get po 查看 pod

输出结果中 READY 1/2 表示 已就绪容器个数/pod中总容器个数

kubectl get pods 查看默认namespace的pod

kubectl get pods 查看当前 namespace 下的所有 pod

kubectl get pod -A 查看所有namespace的pod

kubectl get pods -A -A 表示列出所有 namespace 的 pod

kubectl get pod -n kube-system 查看系统命名空间的pod

# kubectl get pod -n kube-system
NAME                                                     READY   STATUS    RESTARTS   AGE
cgpu-exporter-daemonset-wcfj6                            1/1     Running   4          8d
coredns-5879b9c8f9-vlr27                                 1/1     Running   0          15d
dashboard-metrics-scraper-68746c59c9-pmfmh               1/1     Running   0          15d
dns-autoscaler-56547c6f84-l2rls                          1/1     Running   0          15d
gpushare-scheduler-extender-dfcbw                        1/1     Running   0          15d
kube-apiserver-centos-hostname                           1/1     Running   0          6d3h
kube-controller-manager-centos-hostname                  1/1     Running   0          15d
kube-flannel-ds-8rvqg                                    1/1     Running   0          13d
kube-flannel-ds-dd226                                    1/1     Running   0          15d
kube-proxy-l4m7r                                         1/1     Running   0          13d
kube-proxy-nw97h                                         1/1     Running   0          15d
kube-scheduler-centos-hostname                           1/1     Running   0          15d
kubernetes-dashboard-c949889c5-74ztk                     1/1     Running   0          15d
nodelocaldns-6p469                                       1/1     Running   0          15d
nodelocaldns-n9g7g                                       1/1     Running   0          13d
nvidia-device-plugin-daemonset-wchw4                     1/1     Running   0          15d
nvidia-device-plugin-daemonset-x85dg                     1/1     Running   0          13d

kubectl get pod -o wide 查看pod及ip

# kubectl get pod -o wide
NAME                 READY   STATUS             RESTARTS   AGE     IP               NODE         NOMINATED NODE   READINESS GATES
prometheus-mm27q     1/1     Running            0          27d     127.0.0.1       linode         <none>           <none>

kubectl get pods name 查看指定pod

kubectl get pods pod-name 查看指定pod

$ kubectl get pods
NAMESPACE     NAME                             READY   STATUS    RESTARTS   AGE
kube-system   coredns-f9fd979d6-8l6f2          0/1     Pending   0          11d
kube-system   coredns-f9fd979d6-bmbnt          0/1     Pending   0          11d
kube-system   etcd-linode                      1/1     Running   0          11d
kube-system   kube-apiserver-linode            1/1     Running   0          11d
kube-system   kube-controller-manager-linode   1/1     Running   0          10d
kube-system   kube-proxy-mlls6                 1/1     Running   0          11d
kube-system   kube-scheduler-linode            1/1     Running   0          10d

kubectl get pod name -o yaml 看pod原始yaml

kubectl get pods pod-name -o yaml 查看指定 pod 的原始 yaml
pod-name 来自 kubectl get pods 的第一列

kubectl get pod -owide -w 持续监控资源变化

kubectl get pod -owide -w |egrep "mysql|kafka" 查看并持续监控 mysql 和 kafka 的 pod


kubectl get configmap/cm 查看配置映射

kubectl get cm myapp-configmap -o yaml 查看某个 configmap 的具体内容

kubectl get cm -A coredns -o yaml 查看CoreDNS


kubectl get pvc 查看持久卷申领

# kubectl get pvc -o wide
NAME            STATUS   VOLUME                                     CAPACITY   ACCESS MODES   STORAGECLASS   AGE   VOLUMEMODE
es-7-master-0   Bound    pvc-44b8897d-506f-46ee-aed0-d259c0b7dded   100Gi      RWO            local-path     74d   Filesystem
es-7-master-1   Bound    pvc-6426963e-1896-4722-99ba-221034530331   100Gi      RWO            local-path     74d   Filesystem
es-7-master-2   Bound    pvc-51188068-0635-4f15-b1d1-d88b538690fa   100Gi      RWO            local-path     74d   Filesystem

kubectl get pv 查看持久卷

# kubectl get pv -o wide
NAME                                       CAPACITY   ACCESS MODES   RECLAIM POLICY   STATUS   CLAIM                      STORAGECLASS   REASON   AGE   VOLUMEMODE
pvc-44b8897d-506f-46ee-aed0-d259c0b7dded   100Gi      RWO            Delete           Bound    default/es-7-master-0      local-path              74d   Filesystem
pvc-51188068-0635-4f15-b1d1-d88b538690fa   100Gi      RWO            Delete           Bound    default/es-7-master-2      local-path              74d   Filesystem
pvc-6426963e-1896-4722-99ba-221034530331   100Gi      RWO            Delete           Bound    default/es-7-master-1      local-path              74d   Filesystem

kubectl get storageclass/sc 查看存储类

kubectl get storageclasseskubectl get storageclasskubectl get sc 查看存储类

# kubectl get sc
NAME             PROVISIONER                                AGE
local-path       rancher.io/local-path                      48d
local-path-ssd   cluster.local/local-path-provisioner-ssd   91m

kubectl get secret 查看密钥

kubectl get secret 查看全部密钥

查看 namespace 下的 secret 密钥

# kubectl get secret
NAME                                                       TYPE                                  DATA   AGE
apimonitor-reader-token-d7bkh                              kubernetes.io/service-account-token   3      2d
kubeapps-operator-token-k7v8w                              kubernetes.io/service-account-token   3      2d
mysql-alone-ist                                            Opaque                                2      4h35m
prometheus-prometheus-operator-prometheus-tls-assets       Opaque                                0      2d
sh.helm.release.v1.mysql-alone.v1                          helm.sh/release.v1                    1      4h35m
vitess-operator-token-nn4m5                                kubernetes.io/service-account-token   3      9h

kubectl get secret xx -o yaml 查看密钥原始yaml

# kubectl get secret mysql-alone -o yaml
apiVersion: v1
data:
  mysql-password: NDxxxxxxxx0tYOQ==
  mysql-root-password: xxxxxxxxxxxx
kind: Secret
metadata:
  creationTimestamp: "2021-06-30T23:49:17Z"
  labels:
    app: mysql-alone
    chart: mysql-1.1.1
    heritage: Helm
    release: mysql-alone
  name: mysql-alone
  namespace: default
  resourceVersion: "374990"
  selfLink: /api/v1/namespaces/default/secrets/mysql-alone
  uid: fc66f625-3fb6-4957-99ee-9786af38d6b0
type: Opaque

kubectl get serviceaccount/sa 查看服务账号

kubectl get serviceaccountskubectl get serviceaccountkubectl get sa 查看服务账号

kubectl get serviceaccount/sa 查看全部服务账号

查看 namespace 下的服务账号

# kubectl get serviceAccounts
NAME                                           SECRETS   AGE
apimonitor-reader                              1         2d
default                                        1         2d
kubeapps-operator                              1         2d
prometheus-operator-alertmanager               1         2d
prometheus-operator-grafana                    1         2d
prometheus-operator-grafana-test               1         2d
prometheus-operator-kube-state-metrics         1         2d
prometheus-operator-operator                   1         2d
prometheus-operator-prometheus                 1         2d
prometheus-operator-prometheus-adapter         1         2d
prometheus-operator-prometheus-node-exporter   1         2d
tianniu-default                                1         32h
vitess-operator                                1         9h

kubectl get serviceaccounts xx -o yaml 查看服务账号原始yaml

# kubectl get serviceaccounts vitess-operator -o yaml
apiVersion: v1
kind: ServiceAccount
metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"v1","kind":"ServiceAccount","metadata":{"annotations":{},"name":"vitess-operator","namespace":"default"}}
  creationTimestamp: "2021-06-30T18:50:26Z"
  name: vitess-operator
  namespace: default
  resourceVersion: "332313"
  selfLink: /api/v1/namespaces/default/serviceaccounts/vitess-operator
  uid: 2868977f-cd8d-4a79-be2e-1cc77c248a23
secrets:
- name: vitess-operator-token-nn4m5

kubectl describe 查看资源详情

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#describe
kubectl describe 查看资源或资源组详情。

kubectl describe pod name 看pod配置和事件

pod-name 来自 kubectl get pods 的第一列

# kubectl describe pod my-app-deployment-5bf87ff7f9-gnsdb
Name:               my-app-deployment-5bf87ff7f9-gnsdb
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               linode/127.0.0.1
Start Time:         Sat, 20 Feb 2021 11:06:26 +0800
Labels:             app=my-app
                    pod-template-hash=5bf87ff7f9
Annotations:        podpreset.admission.kubernetes.io/podpreset-allow-tz-env: 1137
Status:             Running
IP:                 127.0.0.1
Controlled By:      ReplicaSet/my-app-deployment-5bf87ff7f9
Containers:
  my-app:
    Container ID:  docker://6ea436028db8d732523b395effad18efb2a1c0414de59d796c6f3dc06d9ee0cc
    Image:         masikkk.com/ist/my-app:20210220_1613789493178
    Image ID:      docker-pullable://docker.masikkk.com/my-app@sha256:6035a91620701696ecdb5e7dc638782c16c52be35540dac7db077a5fe9fadb53
    Port:          <none>
    Host Port:     <none>
    Command:
      python
    Args:
      /root/apps/start.py
      --cluster_configFilesParams="[{ \"key\": \"db.datasource.url\", \"value\": \"jdbc:mysql://localhost:3306/mydb?useUnicode=true&characterEncoding=utf-8&autoReconnect=true&useSSL=false\" }, { \"key\": \"db.datasource.username\", \"value\": \"haha\" }]"
    State:          Running
      Started:      Sat, 20 Feb 2021 11:06:45 +0800
    Ready:          True
    Restart Count:  0
    Limits:
      cpu:     24
      memory:  16Gi
    Requests:
      cpu:     100m
      memory:  1Gi
    Liveness:  http-get http://localhost:8080/ delay=30s timeout=60s period=15s #success=1 #failure=8
    Environment:
      TZ:  Asia/Shanghai
    Mounts:
      /etc/localtime:ro from ro (rw)
      /home/centos/logs/my-app from log (rw)
      /root/data from data (rw)
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-tj2ln (ro)
Conditions:
  Type              Status
  Initialized       True
  Ready             True
  ContainersReady   True
  PodScheduled      True
Volumes:
  data:
    Type:          HostPath (bare host directory volume)
    Path:          /home/centos/data
    HostPathType:
  log:
    Type:          HostPath (bare host directory volume)
    Path:          /home/centos/logs/my-app
    HostPathType:
  ro:
    Type:          HostPath (bare host directory volume)
    Path:          /etc/localtime
    HostPathType:
  default-token-tj2ln:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-tj2ln
    Optional:    false
QoS Class:       Burstable
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:          <none>

kubectl describe svc 看service的后端地址

Endpoints (该资源类别为复数)定义了网络端点的列表,通常由 Service 引用,以定义可以将流量发送到哪些 Pod。

# kubectl describe svc mysql-service
Name:                     mysql-service
Namespace:                default
Labels:                   app=mysql-ha
                          chart=mysql-ha-5.7.34-v1.2.3.1
                          heritage=Helm
                          release=mysql-ha
Annotations:              <none>
Selector:                 app=mysql-ha,release=mysql-ha,role=leader
Type:                     NodePort
IP:                       192.168.1.101
Port:                     mysql  3306/TCP
TargetPort:               mysql/TCP
NodePort:                 mysql  3306/TCP
Endpoints:                192.168.66.4:3306
Session Affinity:         None
External Traffic Policy:  Cluster
Events:                   <none>

kubectl describe node name 查看node详情

# kubectl describe node gpu-node1
Name:               gpu-node1
Roles:              <none>
Labels:             beta.kubernetes.io/arch=amd64
                    beta.kubernetes.io/os=linux
                    gpu=nvidia
                    kubernetes.io/arch=amd64
                    kubernetes.io/hostname=gpu-node1
                    kubernetes.io/os=linux
Annotations:        kubeadm.alpha.kubernetes.io/cri-socket: /var/run/dockershim.sock
                    node.alpha.kubernetes.io/ttl: 0
                    volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp:  Thu, 23 Sep 2021 18:08:31 +0800
Taints:             node.kubernetes.io/unreachable:NoExecute
                    node.kubernetes.io/unreachable:NoSchedule
Unschedulable:      false
Conditions:
  Type                 Status    LastHeartbeatTime                 LastTransitionTime                Reason              Message
  ----                 ------    -----------------                 ------------------                ------              -------
  NetworkUnavailable   False     Tue, 04 Jan 2022 14:17:27 +0800   Tue, 04 Jan 2022 14:17:27 +0800   CalicoIsUp          Calico is running on this node
  MemoryPressure       Unknown   Tue, 04 Jan 2022 14:22:31 +0800   Tue, 04 Jan 2022 14:23:20 +0800   NodeStatusUnknown   Kubelet stopped posting node status.
  DiskPressure         Unknown   Tue, 04 Jan 2022 14:22:31 +0800   Tue, 04 Jan 2022 14:23:20 +0800   NodeStatusUnknown   Kubelet stopped posting node status.
  PIDPressure          Unknown   Tue, 04 Jan 2022 14:22:31 +0800   Tue, 04 Jan 2022 14:23:20 +0800   NodeStatusUnknown   Kubelet stopped posting node status.
  Ready                Unknown   Tue, 04 Jan 2022 14:22:31 +0800   Tue, 04 Jan 2022 14:23:20 +0800   NodeStatusUnknown   Kubelet stopped posting node status.
Addresses:
  InternalIP:  127.0.0.1
  Hostname:    gpu-node1
Capacity:
 cpu:                     40
 ephemeral-storage:       102350Mi
 hugepages-1Gi:           0
 hugepages-2Mi:           0
 memory:                  196702560Ki
 pods:                    110
 tpu.bitmain.com/bm1682:  16
Allocatable:
 cpu:                     39900m
 ephemeral-storage:       96589578081
 hugepages-1Gi:           0
 hugepages-2Mi:           0
 memory:                  196350160Ki
 pods:                    110
 tpu.bitmain.com/bm1682:  16
System Info:
 Machine ID:                 e1ecfb37865b4e58b3064bb7dcc4e27a
 System UUID:                f7bf926c-f30b-03e4-b211-d21d600e2d1b
 Boot ID:                    05e536f6-e42e-4b07-ab2f-917cf7b7cef5
 Kernel Version:             4.17.11-1.el7.elrepo.x86_64
 OS Image:                   CentOS Linux 7 (Core)
 Operating System:           linux
 Architecture:               amd64
 Container Runtime Version:  docker://18.9.7
 Kubelet Version:            v1.16.3
 Kube-Proxy Version:         v1.16.3
PodCIDR:                     10.233.90.0/24
PodCIDRs:                    10.233.90.0/24
Non-terminated Pods:         (18 in total)
  Namespace                  Name                                                  CPU Requests  CPU Limits  Memory Requests  Memory Limits  AGE
  ---------                  ----                                                  ------------  ----------  ---------------  -------------  ---
  default                    nvidia-deviceplugin-qqvjb                             0 (0%)        0 (0%)      0 (0%)           0 (0%)         98d
  default                    nvidia-exporter-5v9bm                                 0 (0%)        0 (0%)      0 (0%)           0 (0%)         98d
  default                    nvidia-my-app-gpu-0-deployment-868f79d77d-glpwn       100m (0%)     0 (0%)      1Gi (0%)         0 (0%)         3h34m
  default                    nvidia-my-app-gpu-1-deployment-5bdbbdf774-kz849       100m (0%)     0 (0%)      1Gi (0%)         0 (0%)         3h33m
  default                    nvidia-my-app-gpu-2-deployment-6cc4d9598b-pmftc       100m (0%)     0 (0%)      1Gi (0%)         0 (0%)         3h33m
  default                    bvs-algo-video-server-deployment-5469d4c44b-879qg     100m (0%)     0 (0%)      1Gi (0%)         0 (0%)         3h33m
  default                    consul-cluster-slave-26                               0 (0%)        0 (0%)      0 (0%)           0 (0%)         3h36m
  default                    ipmi-exporter-9tsbw                                   0 (0%)        0 (0%)      0 (0%)           0 (0%)         101d
  default                    loki-stack-0                                          0 (0%)        0 (0%)      0 (0%)           0 (0%)         3h36m
  default                    loki-stack-promtail-ffqbt                             100m (0%)     1 (2%)      128Mi (0%)       1Gi (0%)       13d
  default                    memory-storage-deployment-5d44c9b6f9-wt5np            100m (0%)     0 (0%)      1Gi (0%)         0 (0%)         3h33m
  default                    prometheus-operator-prometheus-node-exporter-xk666    0 (0%)        0 (0%)      0 (0%)           0 (0%)         98d
  ingress-nginx              ingress-nginx-controller-mmz9b                        0 (0%)        0 (0%)      0 (0%)           0 (0%)         102d
  kube-system                bml-filebeat-7l7rm                                    1 (2%)        2 (5%)      1Gi (0%)         2Gi (1%)       102d
  kube-system                calico-node-j7s76                                     150m (0%)     300m (0%)   64M (0%)         500M (0%)      102d
  kube-system                kube-proxy-wcvm8                                      0 (0%)        0 (0%)      0 (0%)           0 (0%)         102d
  kube-system                nginx-proxy-gpu-node1                                 25m (0%)      0 (0%)      32M (0%)         0 (0%)         102d
  kube-system                nodelocaldns-fn4dl                                    100m (0%)     0 (0%)      70Mi (0%)        170Mi (0%)     45d
Allocated resources:
  (Total limits may be over 100 percent, i.e., overcommitted.)
  Resource                Requests        Limits
  --------                --------        ------
  cpu                     1875m (4%)      3300m (8%)
  memory                  6587958Ki (3%)  3899483392 (1%)
  ephemeral-storage       0 (0%)          0 (0%)
  tpu.bitmain.com/bm1682  0               0
Events:
  Type    Reason                   Age                From                      Message
  ----    ------                   ----               ----                      -------
  Normal  Starting                 20m                kubelet, gpu-node1     Starting kubelet.
  Normal  NodeAllocatableEnforced  20m                kubelet, gpu-node1     Updated Node Allocatable limit across pods
  Normal  NodeHasSufficientMemory  20m (x8 over 20m)  kubelet, gpu-node1     Node gpu-node1 status is now: NodeHasSufficientMemory
  Normal  NodeHasNoDiskPressure    20m (x8 over 20m)  kubelet, gpu-node1     Node gpu-node1 status is now: NodeHasNoDiskPressure
  Normal  NodeHasSufficientPID     20m (x7 over 20m)  kubelet, gpu-node1     Node gpu-node1 status is now: NodeHasSufficientPID
  Normal  Starting                 19m                kube-proxy, gpu-node1  Starting kube-proxy.
  Normal  Starting                 12m                kubelet, gpu-node1     Starting kubelet.
  Normal  NodeHasSufficientMemory  12m (x8 over 12m)  kubelet, gpu-node1     Node gpu-node1 status is now: NodeHasSufficientMemory
  Normal  NodeHasNoDiskPressure    12m (x8 over 12m)  kubelet, gpu-node1     Node gpu-node1 status is now: NodeHasNoDiskPressure
  Normal  NodeHasSufficientPID     12m (x7 over 12m)  kubelet, gpu-node1     Node gpu-node1 status is now: NodeHasSufficientPID
  Normal  NodeAllocatableEnforced  12m                kubelet, gpu-node1     Updated Node Allocatable limit across pods
  Normal  Starting                 12m                kube-proxy, gpu-node1  Starting kube-proxy.

kubectl describe ingress name 查看Ingress详情

kubectl describe ingress ingress-resource-backend

Name:             ingress-resource-backend
Namespace:        default
Address:
Default backend:  APIGroup: k8s.example.com, Kind: StorageBucket, Name: static-assets
Rules:
  Host        Path  Backends
  ----        ----  --------
  *
              /icons   APIGroup: k8s.example.com, Kind: StorageBucket, Name: icon-assets
Annotations:  <none>
Events:       <none>

kubectl describe pvc name 查看PVC详情

# kubectl describe pvc es-7-master-0
Name:          es-7-master-0
Namespace:     default
StorageClass:  local-path
Status:        Bound
Volume:        pvc-44b8897d-506f-46ee-aed0-d259c0b7dded
Labels:        app=es-7-master
Annotations:   pv.kubernetes.io/bind-completed: yes
               pv.kubernetes.io/bound-by-controller: yes
               volume.beta.kubernetes.io/storage-provisioner: rancher.io/local-path
               volume.kubernetes.io/selected-node: centos-node1
Finalizers:    [kubernetes.io/pvc-protection]
Capacity:      100Gi
Access Modes:  RWO
VolumeMode:    Filesystem
Mounted By:    es-7-master-0
Events:        <none>

Mounted By 指明了挂载此 PVC 的 pod

kubectl describe pv name 查看PV详情

# kubectl describe pv pvc-44b8897d-506f-46ee-aed0-d259c0b7dded
Name:              pvc-44b8897d-506f-46ee-aed0-d259c0b7dded
Labels:            <none>
Annotations:       pv.kubernetes.io/provisioned-by: rancher.io/local-path
Finalizers:        [kubernetes.io/pv-protection]
StorageClass:      local-path
Status:            Bound
Claim:             default/es-7-master-0
Reclaim Policy:    Delete
Access Modes:      RWO
VolumeMode:        Filesystem
Capacity:          100Gi
Node Affinity:
  Required Terms:
    Term 0:        kubernetes.io/hostname in [centos-node1]
Message:
Source:
    Type:          HostPath (bare host directory volume)
    Path:          /data/local-path-provisioner/pvc-44b8897d-506f-46ee-aed0-d259c0b7dded_default_es-7-master-0
    HostPathType:  DirectoryOrCreate
Events:            <none>

kubectl describe prometheusrule 查看全部规则

如果不知道某个告警项来自哪个 prometheusrule,可以直接 kubectl describe prometheusrule 查看全部 prometheus 规则详情,从中 grep 想找的告警项,然后顺着往上就能找到对应的 prometheusrule 名字。


kubectl create 创建资源

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#create
从文件或标准输入创建资源,这里的资源可以是 Service, Pod, ConfigMap 等等。
kubectl create -f FILENAME

例如
kubectl create -f helm-rbac.yaml 根据配置文件 helm-rbac.yaml 创建资源。


kubectl apply 应用配置文件

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#apply
应用指定的配置文件,如果指定的资源不存在会自动创建,相当于 kubectl create
kubectl apply (-f FILENAME | -k DIRECTORY)

--record 记录这条 kubectl 命令到资源注解中,默认是 false 不记录。

例1、根据配置文件创建资源
kubectl apply -f helm-rbac.yaml

例2、利用 <<EOF 多行输入重定向,直接在命令行中输入文件内容,创建一个 consul 的 Service

kubectl apply -f -<<EOF
apiVersion: v1
kind: Service
metadata:
  name: consul-service
  namespace: default
spec:
  ports:
  - name: consul-ui
    port: 8500
    protocol: TCP
    targetPort: 8500
  selector:
    app: consul
  sessionAffinity: ClientIP
  type: ClusterIP
EOF

last-applied-configuration 资源的初始json

kubectl apply -f 操作会在每个对象上设置 kubectl.kubernetes.io/last-applied-configuration: '{...}' 注解。注解值中包含了用来创建对象的配置文件的内容。
kubectl.kubernetes.io/last-applied-configuration 是资源的原始 JSON 表示,在对象创建时由 kubectl apply 命令写入,后续 edit 修改对象时此部分不会变。

metadata:
  annotations:
    kubectl.kubernetes.io/last-applied-configuration: |
      {"apiVersion":"apps/v1","kind":"Deployment",
      "metadata":{"annotations":{},"name":"nginx-deployment","namespace":"default"},
      "spec":{"minReadySeconds":5,"selector":{"matchLabels":{"app":nginx}},"template":{"metadata":{"labels":{"app":"nginx"}},
      "spec":{"containers":[{"image":"nginx:1.14.2","name":"nginx",
      "ports":[{"containerPort":80}]}]}}}}    

Declarative Management of Kubernetes Objects Using Configuration Files
https://kubernetes.io/docs/tasks/manage-kubernetes-objects/declarative-config/


kubectl run 运行容器

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#run
在 pod 中运行指定的镜像,类似 docker run


kubectl exec 在容器中执行命令

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#exec
在容器中执行命令,类似 docker exec

进入容器 kubectl exec -it pod-name sh
-c, --container='' 指定容器名,如果忽略此参数,自动选择 pod 中的第一个容器

1、查找consul的pod名

# kubectl get pods |grep consul
consul-alone-0                                                   1/1     Running   0          22d

2、进入consul容器 kubectl exec -it consul-alone-0 sh
输入完pod名前缀后按tab键可以动补全完整的pod名,很方便

kubectl exec -c 在pod中的指定容器中执行命令

对于包含多个容器的 pod, 可以通过 -c 容器名 参数指定目标容器。

1、kubectl describe pod xxx 可以看到 pod 中的容器列表,在 Containers 属性中列出。

2、kubectl exec -it pod-name -c container-name sh 在pod的指定容器中执行命令


kubectl scale 扩缩容

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#scale
扩容或缩容 Deployment, ReplicaSet, Replication Controller 或 StatefulSet 中的 Pod 数量。

scale 也可以指定多个前提条件,如:当前副本数量 --current-replicas 或 版本号 --resource-version 进行伸缩比例设置前,系统会先验证前提条件是否成立。

1、将 deployment myapp-deployment 中的 pod 个数设置为 3 个
kubectl scale --replicas=3 deployment/myapp-deployment
这也是一种 声明式配置 ,可能从小于 3 的 pod 数增加到 3 个,也可能是从大于 3 的个数减少到 3 个。

2、如果 mysql 当前副本数为 2 则将其扩展至 3
kubectl scale --current-replicas=2 --replicas=3 deployment/mysql

3、同时将 deployment app1 和 app2 的副本数设置为 2
kubectl scale --replicas=2 deploy/app1-deployment deploy/app2-deployment

4、将由 foo.yaml 配置文件中指定的资源对象和名称标识的 Pod 资源副本设为 3
kubectl scale --replicas=3 -f foo.yaml

Kubernetes kubectl scale 命令详解
http://docs.kubernetes.org.cn/664.html


kubectl label 给资源打标签

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#label
更新资源的标签。

kubectl label node master node-role.kubernetes.io/edge= 给 master node 打上 edge label

kubectl label nodes gpu-nvidia-t4 node=nvidia-t4 给节点 gpu-nvidia-t4 打上 nvidia-t4 标签

kubectl label pods foo bar- 删除 foo 上的标签 bar


kubectl drain 从节点上驱逐pod

https://kubernetes.io/docs/reference/kubectl/generated/kubectl_drain/
https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#drain

kubectl drain 命令用于将节点上的工作负载(例如Pods)逐渐迁移到其他节点,以便可以对该节点进行维护或升级。
这个命令通常用于在维护或升级节点之前,确保节点上的所有 Pods 都已经被迁移到集群的其他地方。

在一个节点上执行 kubectl drain 命令时,它会:

  1. 标记该节点为不可调度(unschedulable),这意味着 Kubernetes 调度器不会将新的 Pods 调度到这个节点上。
  2. 尝试驱逐该节点上所有的 Pods。驱逐过程会尊重 Pods 的优先级和 PDB(Pod Disruption Budgets)设置。

使用 kubectl drain 时,你可以指定一些选项来控制驱逐行为,例如:

  • --ignore-daemonsets:忽略 DaemonSet 管理的 Pods。DaemonSet 通常用于运行每个节点上都需要运行的 Pods,如日志收集器或网络插件。
  • --delete-local-data:允许驱逐带有本地存储的 Pods。这可能会导致数据丢失,因此应谨慎使用。
  • --force:强制驱逐 Pods,即使它们没有违反 PDB 或其他驱逐策略。
  • --grace-period:设置 Pod 终止的宽限期。

kubectl cordon/uncordon 将节点标为不可调度

https://kubernetes.io/docs/reference/kubectl/generated/kubectl_cordon/

kubectl cordon NODE 将节点标记为不可调度(SchedulingDisabled)
kubectl uncordon NODE 将节点重新标记为可调度

当一个节点被 cordon 后,Kubernetes 将不会在该节点上调度新的 Pod。这对于需要对节点进行维护、升级或者修复等操作非常有用,因为它可以确保在维护期间不会有新的工作负载被调度到该节点上。
执行 kubectl cordon 后,已存在的 Pod 仍然会在该节点上继续运行,但不会有新的 Pod 被调度到这个节点上。

例如
kubectl cordon node1 将 node1 节点标为不可调度


kubectl delete 删除资源

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#delete

根据文件名、标签等删除资源

kubectl delete pod 删除pod

kubectl delete pod myapp-deployment-64f855cd65-7dhc4 删除指定pod,输入 myapp 后按 tab 键可自动补全 pod 名

kubectl delete pod foo –force

kubectl delete pod foo –force –grace-period=0 强制删除 pod

kubectl delete -f xx.yaml 根据描述文件删除资源

kubectl delete -f 101_initial_cluster.yaml 根据描述文件 101_initial_cluster.yaml 删除资源,这是一个 CRD 自定义资源,是通过 kubectl apply -f 101_initial_cluster.yaml 命令安装的。


kubectl taint 给node加污点标记

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#taint

更新一个或多个 node 上的污点。
kubectl taint NODE NAME KEY_1=VAL_1:TAINT_EFFECT_1 ... KEY_N=VAL_N:TAINT_EFFECT_N

一个污点(Taints) 包括 key, value 和 effect(效果),形式为 key=value:effect
注意:
1、effect 目前只能是 NoSchedule, PreferNoSchedule, NoExecute 三者之一,不能是别的值。
2、目前污点只能应用于 node
3、value 是可选的,没有value也可以。

例如
kubectl taint nodes foo dedicated=special-user:NoSchedule 给节点 foo 增加一个污点,它的键名是 dedicated, 键值是 special-user, 效果是 NoSchedule。 这表示只有拥有和这个污点相匹配的容忍度的 Pod 才能够被分配到 foo 这个节点。
如果在节点 foo 上键是 dedicated, 效果是 NoSchedule 的污点已经存在,则其 value 被替换为 special-user

kubectl taint nodes foo dedicated:NoSchedule- 删除节点 foo 上键是 dedicated, 效果是 NoSchedule 的污点(如果有的话)。

kubectl taint nodes foo bar:NoSchedule 给节点 foo 加上一个键是 bar, 效果是 NoSchedule 的污点,此污点没有value。


kubectl logs 查看日志

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#logs
打印 pod 的日志

kubectl get pods 列出所有 pods
然后 kubectl logs --tail=20 pod-name 显示 pod-name 的最近 20 行日志。

kubectl logs -c 查看pod中指定容器的日志

-c, --container='' 指定容器名
例如
kubectl logs -f example-vttablet-zone1-2469782763-bfadd780 -c mysqld

对于包含多个容器的 pod, kubectl logs 命令必须用 -c 参数指定要查看的具体容器名,否则报如下错误:

# kubectl logs -f example-vttablet-zone1-2469782763-bfadd780
Error from server (BadRequest): a container name must be specified for pod example-vttablet-zone1-2469782763-bfadd780, choose one of: [vttablet mysqld mysqld-exporter] or one of the init containers: [init-vt-root init-mysql-socket]

可以看到错误提示中还会给列出各个容器的名字。

kubectl logs -p 查看pod中前一个容器的日志

-p, --previous=false 增加 -p 参数后可以打印 pod 中前一个容器的日志(如果有的话),当 pod 中容器有重启时,用此方法很容易排查前一个容器重启的原因


kubectl cp 拷贝文件

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#cp

kubectl cp <file-spec-src> <file-spec-dest>

拷贝 mysql-alone pod 中的 /usr/lib/mysql/plugin/libcompare.so 到当前目录的 libcompare.so

kubectl cp mysql-alone:usr/lib/mysql/plugin/libcompare.so libcompare.so

Cannot open: Permission denied

拷贝文件到 pod 内,报错:
tar: a: Cannot open: Permission denied

解决:
先拷贝到容器内的 /tmp/ 目录,再 exec 进入容器移动到指定目录。

https://stackoverflow.com/questions/57734514/kubectl-cp-to-a-pod-is-failing-because-of-permission-denied


kubectl edit 编辑资源

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#edit

kubectl edit cm mc-configmap 修改 configmap
kubectl edit deployment/mydeployment 编辑 deployment,可直接在这里修改副本数


kubectl proxy 创建代理

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#proxy

在宿主机 localhost 和 Kubernetes API Server 之间创建一个代理服务或应用级网关。
还可以在指定的 path 上做静态资源服务器。

kubectl proxy --port=8001 在端口 8001 上创建代理。

例2、创建代理,以后可通过 8888 端口访问 k8s api server kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' --port=8888 &

# kubectl proxy --address='0.0.0.0' --accept-hosts='^*$' --port=8888 &
[1] 60505
]# Starting to serve on [::]:8888

kubectl port-forward 端口转发

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#port-forward

kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N]

将一个或多个本地端口转发到 pod, 这个命令需要 node 节点上安装了 socat 工具。

通过 资源类型/资源名 来选择 pod, 例如 deployment/mydeployment, 也可只指定资源名,默认资源类型是 pod.

如果有多个 pod 匹配筛选条件,会自动选择一个 pod, 如果选中的 pod 结束,转发 session 也会自动终止。

kubectl port-forward service/vtctld 15000 15999 & 监听本地 15000 和 15999 端口转发到指定 service 的相同端口。
kubectl port-forward pod/mypod 8888:5000 监听本地 8888 端口转发到指定 pod 的 5000 端口。


kubectl version 查看版本

https://kubernetes.io/docs/reference/generated/kubectl/kubectl-commands#version

kubectl version 可以看客户端及服务端的版本,其中 GitVersion 即为 k8s 的版本号。

kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.2", GitCommit:"092fbfbf53427de67cac1e9fa54aaa09a28371d7", GitTreeState:"clean", BuildDate:"2021-06-16T12:59:11Z", GoVersion:"go1.16.5", Compiler:"gc", Platform:"darwin/amd64"}
Server Version: version.Info{Major:"1", Minor:"20", GitVersion:"v1.20.7", GitCommit:"132a687512d7fb058d0f5890f07d4121b3f0a2e2", GitTreeState:"clean", BuildDate:"2021-05-12T12:32:49Z", GoVersion:"go1.15.12", Compiler:"gc", Platform:"linux/amd64"}

上一篇 Linux-YUM

下一篇 Kubernetes/K8S-安装部署

阅读
评论
7.8k
阅读预计41分钟
创建日期 2021-07-04
修改日期 2024-06-13
类别
目录
  1. kubectl 概览
    1. 通用选项
  2. kubectl api-resources 列出支持的资源类型
  3. kubectl get 查看资源
    1. kubectl get all 查看全部资源
    2. kubectl get -w/–watch 查看并监控资源变化
    3. kubectl get pod,svc 同时查看Pod和Service
    4. kubectl get cs 查看组件状态(v1.19后废弃)
    5. kubectl get node/no 查看节点信息
      1. kubectl get node -o wide 查看node及IP
      2. kubectl get node –show-labels=true 查看节点的标签
    6. kubectl get namespace/ns 查看命名空间
    7. kubectl get service/svc 查看service
      1. kubectl get service -o wide 查看service及selector
      2. kubectl get svc xx -o yaml 查看Service的yaml
    8. kubectl get pod/po 查看pod
      1. kubectl get pods 查看默认namespace的pod
      2. kubectl get pod -A 查看所有namespace的pod
      3. kubectl get pod -n kube-system 查看系统命名空间的pod
      4. kubectl get pod -o wide 查看pod及ip
      5. kubectl get pods name 查看指定pod
      6. kubectl get pod name -o yaml 看pod原始yaml
      7. kubectl get pod -owide -w 持续监控资源变化
    9. kubectl get configmap/cm 查看配置映射
      1. kubectl get cm -A coredns -o yaml 查看CoreDNS
    10. kubectl get pvc 查看持久卷申领
    11. kubectl get pv 查看持久卷
    12. kubectl get storageclass/sc 查看存储类
    13. kubectl get secret 查看密钥
      1. kubectl get secret 查看全部密钥
      2. kubectl get secret xx -o yaml 查看密钥原始yaml
    14. kubectl get serviceaccount/sa 查看服务账号
      1. kubectl get serviceaccount/sa 查看全部服务账号
      2. kubectl get serviceaccounts xx -o yaml 查看服务账号原始yaml
  4. kubectl describe 查看资源详情
    1. kubectl describe pod name 看pod配置和事件
    2. kubectl describe svc 看service的后端地址
    3. kubectl describe node name 查看node详情
    4. kubectl describe ingress name 查看Ingress详情
    5. kubectl describe pvc name 查看PVC详情
    6. kubectl describe pv name 查看PV详情
    7. kubectl describe prometheusrule 查看全部规则
  5. kubectl create 创建资源
  6. kubectl apply 应用配置文件
    1. last-applied-configuration 资源的初始json
  7. kubectl run 运行容器
  8. kubectl exec 在容器中执行命令
    1. kubectl exec -c 在pod中的指定容器中执行命令
  9. kubectl scale 扩缩容
  10. kubectl label 给资源打标签
  11. kubectl drain 从节点上驱逐pod
  12. kubectl cordon/uncordon 将节点标为不可调度
  13. kubectl delete 删除资源
    1. kubectl delete pod 删除pod
    2. kubectl delete pod foo –force
    3. kubectl delete -f xx.yaml 根据描述文件删除资源
  14. kubectl taint 给node加污点标记
  15. kubectl logs 查看日志
    1. kubectl logs -c 查看pod中指定容器的日志
    2. kubectl logs -p 查看pod中前一个容器的日志
  16. kubectl cp 拷贝文件
    1. Cannot open: Permission denied
  17. kubectl edit 编辑资源
  18. kubectl proxy 创建代理
  19. kubectl port-forward 端口转发
  20. kubectl version 查看版本

页面信息

location:
protocol:
host:
hostname:
origin:
pathname:
href:
document:
referrer:
navigator:
platform:
userAgent:

评论