k8s--kubectl 常用命令总结

本文主要介绍kubernetes排查问题时经常用到的命令。这里主要借助kubectl命令来实现。以下列出常用命令，后面会对每个命令进行详细解释，并举例

一：使用kubectl命令管理项目的生命周期

项目的生命周期，创建、发布、更新、回滚、删除

1.1：创建kubectl run命令

replicas:副本数量

[root@master ~]# kubectl run nginx-test --image=nginx:latest --port=80 --replicas=3

'//-w 动态查看'
[root@master2 ~]# kubectl get pods -w

'//查看创建的资源'
[root@master ~]# kubectl get pods
NAME                                READY   STATUS              RESTARTS   AGE
nginx-deployment-5477945587-2dmhp   1/1     Running             0          17s
nginx-deployment-5477945587-kjlgv   1/1     Running             0          17s
nginx-deployment-5477945587-w9zvf   0/1     ContainerCreating   0          17s

'//查看资源创建在哪个节点上'
[root@master ~]# kubectl get pods -o wide
NAME                                READY   STATUS    RESTARTS   AGE     IP            NODE        NOMINATED NODE
nginx-deployment-5477945587-2dmhp   1/1     Running   0          3m19s   172.17.93.3   20.0.0.42   <none>
nginx-deployment-5477945587-kjlgv   1/1     Running   0          3m19s   172.17.5.2    20.0.0.43   <none>
nginx-deployment-5477945587-w9zvf   1/1     Running   0          3m19s   172.17.5.3    20.0.0.43   <none>

'//查看更详细信息，副本资源和控制器资源'
[root@master ~]# kubectl get all
NAME                                    READY   STATUS    RESTARTS   AGE
pod/nginx-deployment-5477945587-2dmhp   1/1     Running   0          5m5s
pod/nginx-deployment-5477945587-kjlgv   1/1     Running   0          5m5s
pod/nginx-deployment-5477945587-w9zvf   1/1     Running   0          5m5s

NAME                 TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   10.0.0.1     <none>        443/TCP   9d

NAME                               DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-deployment   3         3         3            3           5m5s

NAME                                          DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-deployment-5477945587   3         3         3       5m5s

'//仅查询pod资源的两个项'
[root@master ~]# kubectl get deployment,replicaset
NAME                                     DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
deployment.extensions/nginx-deployment   3         3         3            3           6m38s

NAME                                                DESIRED   CURRENT   READY   AGE
replicaset.extensions/nginx-deployment-5477945587   3         3         3       6m38s

1.2：我们从新创建一个nginx资源

'//运行一个指定的镜像'
[root@master ~]# kubectl run nginx --image=nginx:latest --port=80 --replicas=3
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
deployment.apps/nginx created

'//查看所有pod列表'
[root@master ~]# kubectl get pods
NAME                     READY   STATUS              RESTARTS   AGE
nginx-7697996758-9m4j5   0/1     ContainerCreating   0          12s
nginx-7697996758-fvlwf   0/1     ContainerCreating   0          12s
nginx-7697996758-nk6fn   1/1     Running             0          12s

'//查看pods在哪个节点 网络状态详细信息'
[root@master ~]# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE     IP            NODE        NOMINATED NODE
nginx-7697996758-9m4j5   1/1     Running   0          3m13s   172.17.93.3   20.0.0.42   <none>
nginx-7697996758-fvlwf   1/1     Running   0          3m13s   172.17.5.2    20.0.0.43   <none>
nginx-7697996758-nk6fn   1/1     Running   0          3m13s   172.17.5.3    20.0.0.43   <none>

1.3：发布nginx service提供负载均衡的功能

kubectl expose

将资源暴露为新的Kubernetes Service。

指定deployment、service、replica
set、replication
controller或pod
，并使用该资源的选择器作为指定端口上新服务的选择器。deployment 或 replica
set只有当其选择器可转换为service支持的选择器时，即当选择器仅包含matchLabels组件时才会作为暴露新的Service。

资源包括(不区分大小写)：

pod（po），service（svc），replication
controller（rc），deployment（deploy），replica set（rs）

语法

$ expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]

示例

• 为deployment的nginx创建service，并通过service的80端口转发至容器的80端口上，最后提供给外部访问k8集群的service入口

[root@master ~]# kubectl expose deployment nginx --port=80 --target-port=80 --name=nginx-service --type=NodePort

'//查看pods在哪个节点上'
[root@master ~]# kubectl get pods -o wide
NAME                     READY   STATUS    RESTARTS   AGE   IP            NODE        NOMINATED NODE
nginx-7697996758-9m4j5   1/1     Running   0          55m   172.17.93.3   20.0.0.42   <none>
nginx-7697996758-fvlwf   1/1     Running   0          55m   172.17.5.2    20.0.0.43   <none>
nginx-7697996758-nk6fn   1/1     Running   0          55m   172.17.5.3    20.0.0.43   <none>

'//查看资源对象简写'
[root@master ~]# kubectl api-resources

'//查看关联后端的节点'
[root@master ~]# kubectl get endpoints
NAME            ENDPOINTS                                    AGE
kubernetes      20.0.0.41:6443,20.0.0.44:6443                10d
nginx-service   172.17.5.2:80,172.17.5.3:80,172.17.93.3:80   36m

'//查看服务暴露端口'
[root@master ~]# kubectl get service
NAME            TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        10d
nginx-service   NodePort    10.0.0.212   <none>        80:37288/TCP   18m

1.4：pods资源调度

当我们创建多个pod、service资源时，kube-proxy会做负载均衡，此时我们通过访问任意node节点ip可以访问所有的资源

kubernetes中kube-proxy支持三种模式，在v1.8之前我们使用的是iptables以及userspace两种模式，在kubernetes1.8之后加入了ipvs

'//节点服务器下载ipvs'
[root@node1 ~]# yum -y install ipvsadm

'//查看负载均衡调度'
[root@node1 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.17.93.0:30001 rr
  -> 172.17.93.2:8443             Masq    1      0          0         
TCP  172.17.93.0:37288 rr     '//发现可以访问本地地址可以自动轮询给三个pod资源'
  -> 172.17.5.2:80                Masq    1      0          0         
  -> 172.17.5.3:80                Masq    1      0          0         
  -> 172.17.93.3:80               Masq    1      0          0     
  
'//查看node2节点'
[root@node2 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  172.17.5.0:30001 rr
  -> 172.17.93.2:8443             Masq    1      0          0         
TCP  172.17.5.0:37288 rr
  -> 172.17.5.2:80                Masq    1      0          0         
  -> 172.17.5.3:80                Masq    1      0          0         
  -> 172.17.93.3:80               Masq    1      0          0         

• 在node1操作，查看负载负载均衡端口37288

• 在maste节点操作，查看访问日志

• 注意：如果访问其他node无法访问检查proxy组件

[root@master ~]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-7697996758-9m4j5   1/1     Running   0          19h
nginx-7697996758-fvlwf   1/1     Running   0          19h
nginx-7697996758-nk6fn   1/1     Running   0          19h

'//查看访问日志'
[root@master ~]# kubectl logs nginx-7697996758-9m4j5   '这边我们随便查看一个'

2020/10/10 10:17:36 [error] 28#28: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 172.17.93.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "20.0.0.42:37288", referrer: "http://20.0.0.42:37288/"
172.17.93.1 - - [10/Oct/2020:10:17:36 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://20.0.0.42:37288/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 Edg/84.0.522.52" "-"


'//可以看到是node1节点的docker0代为访问'

1.5：更新nginx版本

这边我们用的谷歌的浏览器，查看一下nginx的版本信息

'//查看配置应用资源帮助'
[root@master ~]# kubectl set --help
Configure application resources 

These commands help you make changes to existing application resources.

Available Commands:
  env            Update environment variables on a pod template
  image          更新一个 pod template 的镜像
  resources      在对象的 pod templates 上更新资源的 requests/limits
  selector       设置 resource 的 selector
  serviceaccount Update ServiceAccount of a resource
  subject        Update User, Group or ServiceAccount in a RoleBinding/ClusterRoleBinding

Usage:
  kubectl set SUBCOMMAND [options]

'//获取修改模板'
Configure application resources 

These commands help you make changes to existing application resources.

Available Commands:
  env            Update environment variables on a pod template
  image          更新一个 pod template 的镜像
  resources      在对象的 pod templates 上更新资源的 requests/limits
  selector       设置 resource 的 selector
  serviceaccount Update ServiceAccount of a resource
  subject        Update User, Group or ServiceAccount in a RoleBinding/ClusterRoleBinding

Usage:
  kubectl set SUBCOMMAND [options]

'//获取修改模板'
[root@master ~]# kubectl set image --help

'//更新版本为1.14'
[root@master ~]# kubectl set image deployment/nginx nginx=nginx:1.14

'//查看资源动态，处于监听状态'
[root@master ~]# kubectl get pods -w

'//容器的更新是滚动更新，只有删除和创建，要一直保持副本数量'


[root@master ~]# kubectl get pods
NAME                     READY   STATUS    RESTARTS   AGE
nginx-6ff7c89c7c-28ntp   1/1     Running   0          3m14s
nginx-6ff7c89c7c-6zhdd   1/1     Running   0          2m41s
nginx-6ff7c89c7c-w2j8k   1/1     Running   0          2m58s

• 再次访问网页，查看一下nginx版本

假如我们想恢复到原来的状态该怎么操作，对了就是接下来的回滚操作

1.6：回滚nginx资源

[root@master ~]# kubectl rollout --help
......省略消息......
Available Commands:
  history     显示 rollout 历史
  pause       标记提供的 resource 为中止状态
  resume      继续一个停止的 resource
  status      显示 rollout 的状态
  undo        撤销上一次的 rollout
  ......省略消息.......
  
'//查看历史版本'
[root@master ~]# kubectl rollout history deploy/nginx
deployment.extensions/nginx 
REVISION  CHANGE-CAUSE
1         <none>
2         <none>

'//执行回滚'
[root@master ~]# kubectl rollout undo deploy/nginx
deployment.extensions/nginx

'//再次检查回滚汉状态'
[root@master ~]# kubectl rollout status deploy/nginx
deployment "nginx" successfully rolled out

• 再次查看nginx的网页版本信息

如果不需要pods资源我们可以进行删除

1.7：删除资源

[root@master ~]# kubectl delete deploy/nginx
deployment.extensions "nginx" deleted

'//查看pods资源已经删除了'
[root@master ~]# kubectl get pods
No resources found.

'查看所有的资源 删除不仅仅是pod'
[root@master ~]# kubectl get all
NAME                    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)        AGE
service/kubernetes      ClusterIP   10.0.0.1     <none>        443/TCP        11d
service/nginx-service   NodePort    10.0.0.212   <none>        80:37288/TCP   19h

'删除service'
[root@master ~]# kubectl delete svc/nginx-service
service "nginx-service" deleted

[root@master ~]# kubectl get svc
NAME         TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   10.0.0.1     <none>        443/TCP   11d

1.71：查看具体资源的详细信息

[root@master ~]# kubectl run nginx --image=nginx --port=80 --replicas=3

[root@master ~]# kubectl get pods
NAME                    READY   STATUS              RESTARTS   AGE
nginx-cdb6b5b95-98zhp   1/1     Running             0          17s
nginx-cdb6b5b95-klmm4   0/1     ContainerCreating   0          17s
nginx-cdb6b5b95-znv76   0/1     ContainerCreating   0          17s

输出指定的一个/多个资源的详细信息

[root@master ~]# kubectl describe pod nginx-cdb6b5b95-98zhp
Name:               nginx-cdb6b5b95-98zhp
Namespace:          default
Priority:           0
PriorityClassName:  <none>
Node:               20.0.0.42/20.0.0.42
Start Time:         Sat, 10 Oct 2020 19:48:35 +0800
Labels:             pod-template-hash=cdb6b5b95
                    run=nginx
Annotations:        <none>
Status:             Running
IP:                 172.17.93.3
Controlled By:      ReplicaSet/nginx-cdb6b5b95
Containers:
  nginx:
    Container ID:   docker://cf7643869f1cd52a5a7c8d1549515f9ad825dd5c8b39c28fec62d40c53f33941
    Image:          nginx
    Image ID:       docker-pullable://nginx@sha256:fc66cdef5ca33809823182c9c5d72ea86fd2cef7713cf3363e1a0b12a5d77500
    Port:           80/TCP
    Host Port:      0/TCP
    State:          Running
      Started:      Sat, 10 Oct 2020 19:48:37 +0800
    Ready:          True
    Restart Count:  0
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from default-token-cfdcs (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  default-token-cfdcs:
    Type:        Secret (a volume populated by a Secret)
    SecretName:  default-token-cfdcs
    Optional:    false
QoS Class:       BestEffort
Node-Selectors:  <none>
Tolerations:     node.kubernetes.io/not-ready:NoExecute for 300s
                 node.kubernetes.io/unreachable:NoExecute for 300s
Events:
  Type    Reason     Age   From                Message
  ----    ------     ----  ----                -------
  Normal  Scheduled  8m3s  default-scheduler   Successfully assigned default/nginx-cdb6b5b95-98zhp to 20.0.0.42
  Normal  Pulling    8m2s  kubelet, 20.0.0.42  pulling image "nginx"
  Normal  Pulled     8m1s  kubelet, 20.0.0.42  Successfully pulled image "nginx"
  Normal  Created    8m1s  kubelet, 20.0.0.42  Created container
  Normal  Started    8m1s  kubelet, 20.0.0.42  Started container

1.72：进入pod

[root@master ~]# kubectl exec -it nginx-cdb6b5b95-98zhp bash
'//查看列表'
root@nginx-cdb6b5b95-98zhp:/# ls
bin   dev		   docker-entrypoint.sh  home  lib64  mnt  proc  run   srv  tmp  var
boot  docker-entrypoint.d  etc			 lib   media  opt  root  sbin  sys  usr
'//退出'
root@nginx-cdb6b5b95-98zhp:/# exit
exit

今天小结结束！感谢观看。