1. 检查Kubernetes服务运行状态
kubectl get cs
2. Node管理
Node查看
查看所有node
kubectl get nodes
节点状态
NAME STATUS ROLES AGE VERSION master Ready master 46h v1.17.0 slave1 Ready45h v1.17.0 slave2 Ready 42h v1.17.0
查看指定node详情
kubectl describe node/master
查看指定node的yaml信息
kubectl get node/master -o yaml | more
Node扩容
添加新node节点,新建集群时,直接将master初始化时打印出来的命令在Node节点提交就可以了
kubeadm join 192.168.xx.xxx:6443 --token ryotic.bt5ms3fx0tku0gxd --discovery-token-ca-cert-hash sha256:94014c7543fd0ff86a847959e3f8e149691d4665b7dbc1abdf3d28c9c0ebf75d
由于kubernetes生成的密钥有时间限制,24小时内有效,过期后需要手动生成新的token
创建新token(添加--ttl 0 参数,让token永不过期)
kubeadm token create
查看新生成的token
kubeadm token list
新token
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS qqnsmk.8jysd08hr6dslvv9 23h 2019-12-28T09:15:59+08:00 authentication,signingsystem:bootstrappers:kubeadm:default-node-token
获取ca证书,生成sha256编码hash值
openssl x509 -pubkey -in /etc/kubernetes/pki/ca.crt | openssl rsa -pubin -outform der 2>/dev/null | openssl dgst -sha256 -hex | sed 's/^.* //'
ca证书的hash值
0be8a03df1f7c40385c5e4b647354808cb13ca56261d7f7f05d4d732a69f791c
组合成kubeadm join命令,将Node节点加入集群
kubeadm join 192.168.xx.xxx:6443 --token qqnsmk.8jysd08hr6dslvv9 --discovery-token-ca-cert-hash sha256:0be8a03df1f7c40385c5e4b647354808cb13ca56261d7f7f05d4d732a69f791c --skip-preflight-checks
Node收缩
移除Node前,需要先对节点进行隔离,让节点变成不可调用状态
kubectl drain node/slave2
显示状态
NAME STATUS ROLES AGE VERSION master Ready master 2d v1.17.0 slave1 Ready46h v1.17.0 slave2 Ready,SchedulingDisabled 44h v1.17.0
然后再对节点进行删除操作
kubectl delete node/slave2
删除后需要登录节点服务器,并做以下清除操作,删除所有数据,以保证节点服务器干净,以便后续重新加载使用时不会引发冲突而出现异常
kubeadm reset ifconfig cni0 down ifconfig flannel.1 down ifconfig weave down ip link delete cni0 ip link delete flannel.1 ip link delete weave rm -rf $HOME/.kube/config rm -rf /var/lib/cni/ rm -rf /var/lib/kubelet/* rm -rf /etc/kubernetes/ rm -rf /etc/cni/
当需要对节点服务器进行升级、维护时,进行临时隔间操作
kubectl cordon node/slave2
状态显示
NAME STATUS ROLES AGE VERSION master Ready master 2d v1.17.0 slave1 Ready46h v1.17.0 slave2 Ready,SchedulingDisabled 44h v1.17.0
节点服务器维护完成后,将节点恢复操作
kubectl uncordon node/slave2
3. Label管理
查看label
1.查看节点标签
kubectl get nodes --show-labels
节点标签内容
NAME STATUS ROLES AGE VERSION LABELS master Ready master 2d v1.17.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master,kubernetes.io/os=linux,node-role.kubernetes.io/master= slave1 Ready47h v1.17.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=slave1,kubernetes.io/os=linux slave2 Ready 44h v1.17.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=slave2,kubernetes.io/os=linux
2.查看pods标签
kubectl get pods --all-namespaces --show-labels
pods标签
NAMESPACE NAME READY STATUS RESTARTS AGE LABELS kube-system coredns-9d85f5447-v9qld 1/1 Running 2 2d k8s-app=kube-dns,pod-template-hash=9d85f5447 kube-system coredns-9d85f5447-z22vf 1/1 Running 2 2d k8s-app=kube-dns,pod-template-hash=9d85f5447 kube-system etcd-master 1/1 Running 1 2d component=etcd,tier=control-plane kube-system kube-apiserver-master 1/1 Running 1 2d component=kube-apiserver,tier=control-plane kube-system kube-controller-manager-master 1/1 Running 1 2d component=kube-controller-manager,tier=control-plane
3.查看service标签
kubectl get services --show-labels
service标签
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE LABELS kubernetes ClusterIP 10.96.0.1443/TCP 2d component=apiserver,provider=kubernetes
添加label
在pod节点中添加标签
kubectl label pod/etcd-master key1=abc -n kube-system
kubectl get pod/etcd-master -n kube-system --show-labels
pod标签
NAME READY STATUS RESTARTS AGE LABELS etcd-master 1/1 Running 1 2d component=etcd,key1=abc,tier=control-plane
还有可直接打开yaml文件,在里面的label中直接添加一条新的标签,然后再执行kubectl apply -f xxx.yaml来添加标签信息
node与service的标签添加方式与pod一样
修改label
修改pod节点标签(需要添加--overwrite参数执行覆盖操作)
kubectl label pod/etcd-master key1=123 --overwrite -n kube-system kubectl get pod/etcd-master -n kube-system --show-labels
pod节点标签显示
NAME READY STATUS RESTARTS AGE LABELS etcd-master 1/1 Running 1 2d component=etcd,key1=123,tier=control-plane
其他修改方式与添加方式一样
删除label
删除pod节点标签(删除操作只需要在标签名称后面添加-)
kubectl label pod/etcd-master key1- -n kube-system
kubectl get pod/etcd-master -n kube-system --show-labels
pod节点标签显示
NAME READY STATUS RESTARTS AGE LABELS etcd-master 1/1 Running 1 2d component=etcd,tier=control-plane
4. Namespace管理
添加namespace
kubectl create namespace test
查看namespace
kubectl get namespace
命名空间显示
NAME STATUS AGE default Active 2d kube-node-lease Active 2d kube-public Active 2d kube-system Active 2d kubernetes-dashboard Active 17h test Active 35s
在namespace下添加pod
创建一个nginx的yaml文件
vi nginx-deployment.yaml
添加下面内容
apiVersion: apps/v1 kind: Deployment metadata: name: nginx-deployment labels: web: nginx spec: replicas: 1 selector: matchLabels: app: nginx template: metadata: labels: app: nginx spec: containers: - name: nginx image: nginx:1.10.3 ports: - containerPort: 80
添加pod
kubectl create -f nginx-deployment.yaml -n test
查看该pod信息
kubectl get pods -n test
pod信息
NAME READY STATUS RESTARTS AGE nginx-deployment-6d65d9697f-s9cxx 1/1 Running 0 105s
删除namespace
删除namespace时,会同步将该命名空间下的所有pod全部删除,使用这个操作时需要谨慎
kubectl delete namespace test
通过context简化不同namespace下的运维操作
查看context
kubectl config get-contexts
可以查看到当前操作的kubernetes上下文信息
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes-admin@kubernetes kubernetes kubernetes-admin
创建一个context config
创建一个名称为test-ctx的context,并指定它的命名空间为test,绑定集群为kubernetes,绑定用户权限为kubernetes-admin管理员权限
kubectl config set-context test-ctx --namespace=test --cluster=kubernetes --user=kubernetes-admin
kubectl config get-contexts
显示信息
CURRENT NAME CLUSTER AUTHINFO NAMESPACE * kubernetes-admin@kubernetes kubernetes kubernetes-admin test-ctx kubernetes kubernetes-admin test
切换context
kubectl config use-context test-ctx
kubectl config get-contexts
显示信息
CURRENT NAME CLUSTER AUTHINFO NAMESPACE kubernetes-admin@kubernetes kubernetes kubernetes-admin * test-ctx kubernetes kubernetes-admin test
查看当前context管理下的相关信息
kubectl get pods
pods信息
NAME READY STATUS RESTARTS AGE nginx-deployment-6d65d9697f-s9cxx 1/1 Running 0 13m
切换后,直接输入命令,就只能直接查看到当前context下namespace的pod信息了,这样就实现简单的隔离,由于当前是管理员权限,所以添加参数--all-namespaces参数可以查看到所有命名空间下的信息
5. pod管理
添加pod
kubectl create -f nginx-deployment.yaml
查看pod
想要查看哪个命令空间下的pod,需要用-n参数进行指定,如果查看全部,则需要添加--all-namespaces参数
kubectl get pods -n test
pod信息
NAME READY STATUS RESTARTS AGE nginx-deployment-6d65d9697f-s9cxx 1/1 Running 0 23m
查看pod详细信息
kubectl describe pod/nginx-deployment-6d65d9697f-s9cxx -n test
查看pod的yaml信息
kubectl get pod/nginx-deployment-6d65d9697f-s9cxx -o yaml -n test
更新pod
1.方法一,直接修改yaml文件
vi nginx-deployment.yaml
将nginx-deployment.yaml文件中的replicas副本数由1改为2
执行更新命令
kubectl apply -f nginx-deployment.yaml -n test
查看该pod的变化,可以看到变成两个副本在运行了
kubectl get pods -n test
pod信息
NAME READY STATUS RESTARTS AGE nginx-deployment-6d65d9697f-kh7n9 1/1 Running 0 34s nginx-deployment-6d65d9697f-s9cxx 1/1 Running 0 28m
2.方法二,使用edit进行修改,修改保存后,配置马上生效
kubectl edit pod/nginx-deployment-6d65d9697f-s9cxx -n test
删除pod
kubectl delete -f nginx-deployment.yaml
kubectl delete -f pod/nginx-deployment-6d65d9697f-s9cxx
6. Service管理
新增service
kubectl create -f xxx.yaml
查看service
service可以用svc这个简码替换
kubectl get service
service信息
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1443/TCP 2d1h
查看service详情
kubectl describe service/kubernetes
更新service
kubectl apply -f xxx.yaml
kubectl edit service/xxx
删除service
kubectl delete service/xxx
7. 用户管理
创建kube-system namespace下的serviceaccount账号
kubectl create serviceaccount admin-user -n kube-system
将admin-user绑定到clusterrole角色
kubectl create clusterrolebinding admin-user --clusterrole=cluster-admin --serviceaccount=kube-system
查看账号列表
kubectl get secret -n kube-system
账号信息
NAME TYPE DATA AGE admin-user-token-fdvh6 kubernetes.io/service-account-token 3 69s
查看账号详情
可以看到账号的token信息,用来登陆dashboard
kubectl describe secret admin-user-token-fdvh6 -n kube-system
删除账号
kubectl delete serviceaccount admin-user -n kube-system
kubectl delete clusterrolebinding admin-user -n kube-system