k8s常用命令和配置
目录
简介
记录 k8s 的常用命令
命令
资源简写
kubectl api-resources 可以查看资源简写。常用如下:
| name | alias | apiversion | namespace | lkind |
|---|---|---|---|---|
| namespaces | ns | v1 | false | Namespace |
| deployments | deploy | apps/v1 | true | Deployment |
| ingresses | ing | networking.k8s.io/v1 | true | Ingress |
| configmaps | cm | v1 | true | ConfigMap |
| services | svc | v1 | true | Service |
| serviceaccounts | sa | v1 | true | ServiceAccount |
| nodes | no | v1 | false | Node |
| persistentvolumeclaims | pvc | v1 | true | PersistentVolumeClaim |
| persistentvolumes | pv | v1 | false | PersistentVolume |
如果你安装了 lstio 这样有自定义资源的组件,一样也会出现在这里
查询信息
# 获取实时deployment信息
kubectl get --watch deployments
# 查询所有ingressClassName
kubectl get ingressclasses
# 查询具体权限
kubectl describe ClusterRole tzedu:developer日志查询
kubectl logs <pod-name> -c <container-name>
# 容器名 9-787df6fcc-c42x9 单容器可以省略-c
# --previous 查看上一个
kubectl logs 9-787df6fcc-c42x9
# 通过label查询多个容器的日志
kubectl logs -f -n kube-system -l k8s-app=calico-node清理
清理 containerd 磁盘空间
# 发现这个文件夹很大
# /var/lib/containerd/io.containerd.snapshotter.v1.overlayfs
crictl rmi --prune清理残存容器
强制删除 pod, 其他资源同参数也可以删除.
kubectl delete pod pod名称 -n 命名空间 --force --grace-period=0创建用户和 token
创建这个 yaml
- 创建用户 admin-user
- 创建 clusterrolebindding,绑定权限到 cluster-admin(权限很高)
apiVersion: v1
kind: ServiceAccount
metadata:
name: admin-user
namespace: kubernetes-dashboard
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: admin-user
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: admin-user
namespace: kubernetes-dashboard临时 token:
kubectl -n kubernetes-dashboard create token admin-user长期 token:
apiVersion: v1
kind: Secret
metadata:
name: admin-user
namespace: kubernetes-dashboard
annotations:
kubernetes.io/service-account.name: "admin-user"
type: kubernetes.io/service-account-token获取长期 token
kubectl get secret admin-user -n kubernetes-dashboard -o jsonpath={".data.token"} | base64 -d文档地址在 这里,来自/适用于 kubernetes/dashboard
更换镜像 statefulSet
用于替换 statefulSet 的镜像
./kubectl set image statefulset/apinto-gateway-stateful apinto-gateway-stateful=shini-uat-cn-shanghai.cr.volces.com/shini-dev/apinto-dev:18b097e-10 -n apinto --kubeconfig qs-dev-kube.conf.shishi --v=6
配置
命令补全
加入到 ~/.bashrc 中,然后 source 生效
source <(kubectl completion bash)
source <(kubeadm completion bash)应用示例
有的时候程序总是自动退出, 无法查看到 stdout, 也无法进入容器. 这时候需要挂起程序不退出
command: ["/bin/sh", "-c", "/app/myApp start; tail -f /dev/null"]containers.image同级
deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
name: nginx-deployment
type: demo
spec:
# 发布策略
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 0
maxSurge: 34%
# 亲和性
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: name
operator: In
values:
- nginx-pod
namespaces:
- default
topologyKey: topology.kubernetes.io/zone
- weight: 1
podAffinityTerm:
labelSelector:
matchExpressions:
- key: name
operator: In
values:
- nginx-pod
namespaces:
- default
topologyKey: kubernetes.io/hostname
# 分片数
replicas: 1
selector:
matchLabels:
app: nginx-pod
template:
metadata:
# annotations:
# 火山发布到VCI
# vke.volcengine.com/burst-to-vci: enforce
labels:
app: nginx-pod
spec:
# 拉取镜像仓库凭证
# imagePullSecrets:
# - name: image-pull-secrets
# 挂载configmap
# volumes:
# - configMap:
# defaultMode: 420
# name: nginx-configmap
# name: config
containers:
- name: nginx-pod
image: nginx:latest
ports:
- name: port
containerPort: 80
protocol: TCP
# 资源限制
resources:
limits:
cpu: 500m
memory: 1000Mi
requests:
cpu: 10m
memory: 100Mi
# 挂载到容器路径
# volumeMounts:
# - mountPath: /tmp/config.yaml
# name: config
# readOnly: true
# subPath: config.yaml
# 健康检查
startupProbe:
initialDelaySeconds: 5
exec:
command:
- ls
readinessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 1
failureThreshold: 30
periodSeconds: 5
timeoutSeconds: 2
livenessProbe:
httpGet:
path: /
port: 80
initialDelaySeconds: 1
failureThreshold: 30
periodSeconds: 5
timeoutSeconds: 2service
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 80
targetPort: 80ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: nginx-ingress
spec:
ingressClassName: nginx
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: nginx-service
port:
number: 80configmap
apiVersion: v1
data:
config.yaml: |
version: v1
kk:
a: b
kind: ConfigMap
metadata:
name: nginx-configmap
namespace: default自定义开发者权限
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
name: 'msb_developer'
rules:
- apiGroups:
- ''
resources:
- pods
- pods/portforward
- pods/proxy
verbs:
- get
- list
- watch
- create
- delete
- apiGroups:
- ''
resources:
- pods/attach
- pods/exec
verbs:
- create
- get
- list
- watch
- apiGroups:
- ''
resources:
- configmaps
- endpoints
- persistentvolumeclaims
- replicationcontrollers
- replicationcontrollers/scale
- secrets
- serviceaccounts
- services
- services/proxy
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- events
- namespaces/status
- replicationcontrollers/status
- pods/log
- pods/status
- componentstatuses
verbs:
- get
- list
- watch
- apiGroups:
- ''
resources:
- namespaces
verbs:
- get
- list
- watch
- apiGroups:
- apps
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- replicasets
- replicasets/scale
- statefulsets
verbs:
- get
- list
- watch
- patch
- apiGroups:
- autoscaling
resources:
- horizontalpodautoscalers
verbs:
- get
- list
- watch
- apiGroups:
- batch
resources:
- cronjobs
- jobs
verbs:
- get
- list
- watch
- apiGroups:
- extensions
resources:
- daemonsets
- deployments
- deployments/rollback
- deployments/scale
- ingresses
- replicasets
- replicasets/scale
- replicationcontrollers/scale
verbs:
- get
- list
- watch
- apiGroups:
- networking.k8s.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- servicecatalog.k8s.io
resources:
- clusterserviceclasses
- clusterserviceplans
- clusterservicebrokers
- serviceinstances
- servicebindings
verbs:
- get
- list
- watch
- apiGroups:
- alicloud.com
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- policy
resources:
- poddisruptionbudgets
verbs:
- get
- list
- watch
- apiGroups:
- networking.istio.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- config.istio.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- rbac.istio.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- istio.alibabacloud.com
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- authentication.istio.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- log.alibabacloud.com
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- monitoring.kiali.io
resources:
- '*'
verbs:
- get
- list
- watch
- apiGroups:
- eventing.knative.dev
resources:
- '*'
verbs:
- get
- list
- watch