k8s常用命令和功能

Z技术 2021年11月20日 941次浏览

---常用UI,推荐使用Kuboard

  1. Kubernetes Dashborad: Kubernetes 官方提供的图形化工具
  2. Rancher: 目前比较主流的企业级kubernetes可视化管理工具
  3. Kuboard: 国产开源Kubernetes可视化管理工具

---安装 Kubernetes Dashboard

https://kuboard.cn/install/install-k8s-dashboard.html#%E5%AE%89%E8%A3%85

1.安装

kubectl apply -f https://raw.githubusercontent.com/kubernetes/dashboard/v2.0.0-beta5/aio/deploy/recommended.yaml

如果访问不了该 yaml 文件,请使用下面的命令,效果是等价的

kubectl apply -f https://kuboard.cn/install-script/k8s-dashboard/v2.0.0-beta5.yaml

2.创建 Service Account 和 ClusterRoleBinding
使用 kubeadm 安装集群时,默认创建了 ClusterRole cluster-admin。此时我们可以直接为刚才的 ServiceAccount 创建 ClusterRoleBinding

kubectl apply -f https://kuboard.cn/install-script/k8s-dashboard/auth.yaml

*上面的有问题,使用下面的方式绑定 删除上面的绑定

kubectl create clusterrolebinding kubernetes-dashboard --clusterrole=cluster-admin --serviceaccount=kubernetes-dashboard:kubernetes-dashboard

3获取Bearer Token

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

4.打开页面登录
http://localhost:8001/api/v1/namespaces/kubernetes-dashboard/services/https:kubernetes-dashboard:/proxy/#/login

---安装kuboard 有SSO配置,可设置gitlab登录

1.安装

kubectl apply -f https://kuboard.cn/install-script/kuboard.yaml

kuboard.yaml内容

apiVersion: apps/v1
kind: Deployment
metadata:
  name: kuboard
  namespace: kube-system
  annotations:
    k8s.kuboard.cn/displayName: kuboard
    k8s.kuboard.cn/ingress: "true"
    k8s.kuboard.cn/service: NodePort
    k8s.kuboard.cn/workload: kuboard
  labels:
    k8s.kuboard.cn/layer: monitor
    k8s.kuboard.cn/name: kuboard
spec:
  replicas: 1
  selector:
    matchLabels:
      k8s.kuboard.cn/layer: monitor
      k8s.kuboard.cn/name: kuboard
  template:
    metadata:
      labels:
        k8s.kuboard.cn/layer: monitor
        k8s.kuboard.cn/name: kuboard
    spec:
      containers:
      - name: kuboard
        image: eipwork/kuboard:latest
        imagePullPolicy: Always
      tolerations:
      - key: node-role.kubernetes.io/master
        effect: NoSchedule
        operator: Exists

---
apiVersion: v1
kind: Service
metadata:
  name: kuboard
  namespace: kube-system
spec:
  type: NodePort
  ports:
  - name: http
    port: 80
    targetPort: 80
    nodePort: 32567
  selector:
    k8s.kuboard.cn/layer: monitor
    k8s.kuboard.cn/name: kuboard

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kuboard-user
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-user
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: cluster-admin
subjects:
- kind: ServiceAccount
  name: kuboard-user
  namespace: kube-system

---
apiVersion: v1
kind: ServiceAccount
metadata:
  name: kuboard-viewer
  namespace: kube-system

---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
  name: kuboard-viewer
roleRef:
  apiGroup: rbac.authorization.k8s.io
  kind: ClusterRole
  name: view
subjects:
- kind: ServiceAccount
  name: kuboard-viewer
  namespace: kube-system

# ---
# apiVersion: extensions/v1beta1
# kind: Ingress
# metadata:
#   name: kuboard
#   namespace: kube-system
#   annotations:
#     k8s.kuboard.cn/displayName: kuboard
#     k8s.kuboard.cn/workload: kuboard
#     nginx.org/websocket-services: "kuboard"
#     nginx.com/sticky-cookie-services: "serviceName=kuboard srv_id expires=1h path=/"
# spec:
#   rules:
#   - host: kuboard.yourdomain.com
#     http:
#       paths:
#       - path: /
#         backend:
#           serviceName: kuboard
#           servicePort: http

2.获取登录token
方式一,同上

kubectl -n kubernetes-dashboard describe secret $(kubectl -n kubernetes-dashboard get secret | grep admin-user | awk '{print $1}')

方式二

echo $(kubectl -n kube-system get secret $(kubectl -n kube-system get secret | grep kuboard-user | awk '{print $1}') -o go-template='{{.data.token}}' | base64 -d)

3.登录
http://localhost:32567/

--------------使用-------------------

---系统信息
#查看集群信息

kubectl cluster-info

#查看集群版本

kubectl version

#查看集群api版本

kubectl api-versions

---命名空间 namespaces
1,查看所有

kubectl get namespace

2,获取某一个namespace下的pod

kubectl get pods -n kube-system

使用k8s过程中, 一般要新建命名空间作为工作空间, 如此执行kubectl命令时都要加-n参数指定命名空间, 这有点麻烦而且容易忘记,
切换当前ns

kubectl config set-context --current --namespace=kube-develop

---测试安装nginx 参考:https://blog.csdn.net/cojn52/article/details/110873822
1,命令方式

kubectl create  deployment  nginx-app   --image=nginx   -
-replicas=2

指定ns创建

kubectl create  deployment -n kube-develop  nginx-app-dev   --image=nginx   --replicas=1

*还可以通过yaml文件形式创建

2,查看信息

kubectl get pod -o wide

指定ns查看pod

kubectl get pod -o wide -n kube-develop

3,暴露服务 此方法暴露的服务类型是LoadBalancer,有可能一直处于pending状态,外部无法访问,具体原因https://blog.csdn.net/qq_38900565/article/details/100565206
**自建的 Kubernetes 集群暴露让外网访问,目前只能使用 NodePort 或 Ingress 等的方法进行服务暴露,或者使用MetalLB。https://zhuanlan.zhihu.com/p/146085109
现在我们使用3.1方法

kubectl expose deployment nginx-app --port=80 --type=LoadBalancer

3.1暴露一个pod

kubectl expose pods podName --type=NodePort --name diyName

非default空间需要指定port

kubectl expose pods podName --type=NodePort --name diyName --port 80

4,查看服务状态(查看对外的端口)

kubectl get services

---deployment操作
1,设置pod副本数 指定default的namespace

kubectl scale deployment nginx-app -n default --replicas=1

2,滚动更新和回滚
2.1更新新版本的image

kubectl set image deployment/<deployment_name> <container_name>=<new_image_name>

kubectl set image deployment/test-deployment mynginx=mynginx:v2

2.2回滚到原来的image

kubectl rollout undo deployment/<deployment_name>

kubectl rollout undo deployment/test-deployment

查看一下滚动更新的历史纪录

kubectl rollout history deployment/test-deployment

---k8s发布应用一般流程
1,创建pod

kubectl apply -f xxx.yaml 或者 kubectl create deployment  applicationName --image=ImageName  --replicas=2

2,创建控制器 类型有
ReplicationController(RC)/ReplicaSet(RS)/Deployment
*系统会自动创建deployment类型的控制器,该控制器会自动保证副本数等于replicas的值

3,对外暴露服务 类型有 ClusterIP/NodePort/LoadBalancer/ExternalName

kubectl expose pods podName --type=NodePort --name serviceName --port Port --target-port=8082

*此步骤会自动创建服务,并绑定metadata.labels.pod-template-hash: 7f4fc68488 会导致pod版本更新后service无法访问,因为hash值变了。解决方法删掉这个字段。或者用下面的expose deployment方式
eg:

kubectl expose deployment countgame --port=80 --target-port=80 --type=NodePort -o yaml --dry-run > svc.yaml

1.countgame 为指定的service对象名称
2.--port指定集群内部访问的端口
3.--target-port指定容器内跑服务的端口
4.--type=NodePort 指定类型 集群外部访问
5.–dry-run表示测试不在k8s运行(不会具体执行该命令)
6.-o yaml 生成yaml格式
7.> deploy.yaml 表示将生成yaml内容输出到deploy.yaml

4,公网访问 Ingress通过serviceName代理服务

---自动扩容
主要逻辑:
安装metrics-server(命名空间kube-system下一个pod) 参考:https://www.jianshu.com/p/bfe780ce14ce
然后创建hpa类型控制器监控目标服务pod的cpu和mem使用情况。设置maxReplicas、minReplicas targetCPUUtilizationPercentage
https://cloud.tencent.com/developer/article/1819183

1,手动扩容
指定副本数replicas=3

kubectl scale -n ns-test --current-replicas=2 --replicas=3 deployment/nginx-deployment

2,自动扩容

kubectl create -f hpa-web.yaml 

apiVersion: autoscaling/v1
kind: HorizontalPodAutoscaler
metadata:
  creationTimestamp: null
  name: web
spec:
  maxReplicas: 10
  minReplicas: 2
  scaleTargetRef:
	apiVersion: apps/v1
	kind: Deployment
	name: web
  targetCPUUtilizationPercentage: 40
status:
  currentReplicas: 0
  desiredReplicas: 0

更多信息请关注公众号:
20220401152838

上一篇: ubuntu18安装k8s单节点版