kubectl使用詳解
管理k8s核心資源,說白了就是管理k8s集群的各種資源,四組核心概念
-
pod和pod控制器
-
name和namespace
-
label和label***ker
-
ingress和service,service和ingress
管理k8s核心資源的三種基本辦法:
- 陳述式管理方法: 主要依賴命令行CLI工具進行管理
- 聲明式管理方法:主要依賴同意資源配置清單(manifest)進行管理
- GUI式管理方法:主要依賴圖形化操作界面(web頁面)進行管理
這三種辦法互相依托,協同工作,所以這三種辦法都要掌握
陳述式管理辦法
查找名稱空間
```bash
[root@hdss7-22 ~]# kubectl get namespace
NAME STATUS AGE
default Active 14d
kube-node-lease Active 14d
kube-public Active 14d
kube-system Active 14d
還可以簡寫
[root@hdss7-22 ~]# kubectl get ns
NAME STATUS AGE
default Active 14d
kube-node-lease Active 14d
kube-public Active 14d
kube-system Active 14d
[root@hdss7-22 ~]# kubectl get all -n default
NAME READY STATUS RESTARTS AGE
pod/nginx-ds-nmgjn 1/1 Running 1 6d22h
pod/nginx-ds-v7hrn 1/1 Running 1 6d22h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 192.168.0.1 <none> 443/TCP 14d
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/nginx-ds 2 2 2 2 2 <none> 6d22h
-n default可以默認不寫,除非顯式指定名稱空間,-n 名稱空間
創建名稱空間
[root@hdss7-22 ~]# kubectl create ns app
namespace/app created
[root@hdss7-22 ~]# kubectl get ns
NAME STATUS AGE
app Active 12s
刪除
[root@hdss7-22 ~]# kubectl delete ns app
namespace "app" deleted
管理deployment資源
創建deployment
image是指定倉庫里面的鏡像
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 ~]# kubectl get deploy -n kube-public
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-dp 1/1 1 1 26s
[root@hdss7-21 ~]# kubectl get pods -n kube-public -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-5dfc689474-lt7xp 1/1 Running 0 105s 172.7.22.3 hdss7-22.host.com <none> <none>
-o wide使用擴展的方式顯示資源
看到這個pod IP,瞬間就反應到宿主機上,10.4.7.22,這就是為什么要規范我們的pod網絡,它實際上是和我們的node網絡有關聯的。
[root@hdss7-22 ~]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
50900aac89d3 84581e99d807 "nginx -g 'daemon of…" 36 minutes ago Up 36 minutes k8s_my-nginx_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_1
7072a0744000 harbor.od.com/public/pause:latest "/pause" 36 minutes ago Up 36 minutes k8s_POD_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_1
6177adeadd5e harbor.od.com/public/nginx "nginx -g 'daemon of…" 6 days ago Exited (255) 36 minutes ago k8s_my-nginx_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_0
780d1a240090 harbor.od.com/public/pause:latest "/pause" 6 days ago Exited (255) 36 minutes ago k8s_POD_nginx-ds-nmgjn_default_835d2419-769a-4d9c-b6a1-85967ad5989c_0
這個"/pause"就是先行的把網絡空間,ipc空間等占了
詳細查看
[root@hdss7-21 ~]# kubectl describe deployment nginx-dp -n kube-public
Name: nginx-dp
Namespace: kube-public
CreationTimestamp: Mon, 17 Aug 2020 21:58:01 +0800
Labels: app=nginx-dp
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=nginx-dp
Replicas: 1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=nginx-dp
Containers:
nginx:
Image: harbor.od.com/public/nginx:v1.7.9
Port: <none>
Host Port: <none>
Environment: <none>
Mounts: <none>
Volumes: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-dp-5dfc689474 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 7m52s deployment-controller Scaled up replica set nginx-dp-5dfc689474 to 1
Annotations:注解
Selector:標簽選擇器
StrategyType:更新策略:四種概念:藍綠發布?滾動發布,灰度發布,金絲雀發布
k8s默認策略是滾動發布
Events:先找誰,誰干活,kubectl一條命令下去,先找ApiServer,通過ApiServer進行通信,ApiServer找scheduler,然后scheduler在最恰當的節點去起容器,比如有7-21節點是ready,7-22節點ready,它就有一些優選策略,預選策略是提前有一些要求,滿足則選擇。就算要調度也是通知kubelet去干活,不會通過apiserver
可以看到kubelet的server是https://10.4.7.10:7443,而這,正好就是vip的IP和端口
[root@hdss7-21 ~]# cat /opt/kubernetes/server/bin/conf/kube-proxy.kubeconfig
apiVersion: v1
clusters:
- cluster:
.......
server: https://10.4.7.10:7443
.......
進入pod資源
[root@hdss7-21 ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-ds-nmgjn 1/1 Running 1 6d23h
nginx-ds-v7hrn 1/1 Running 1 6d23h
[root@hdss7-21 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-lt7xp 1/1 Running 0 29m
[root@hdss7-21 ~]# kubectl exec -it nginx-dp-5dfc689474-lt7xp /bin/bash -n kube-public
root@nginx-dp-5dfc689474-lt7xp:/# ip add
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
8: eth0@if9: <BROADCAST,MULTICAST,UP,LOWER_UP,M-DOWN> mtu 1500 qdisc noqueue state UP
link/ether 02:42:ac:07:16:03 brd ff:ff:ff:ff:ff:ff
inet 172.7.22.3/24 brd 172.7.22.255 scope global eth0
valid_lft forever preferred_lft forever
使用docker exec也同樣可以進入pod資源,而kubectl可以跨主機執行,就是說,可以在某個pod節點上查看其他pod的節點的pod資源
root@nginx-dp-5dfc689474-lt7xp:/# hostname
nginx-dp-5dfc689474-lt7xp
刪除pod資源
[root@hdss7-21 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-lt7xp 1/1 Running 0 39m
使用watch觀察pod重建狀態變化
[root@hdss7-21 ~]# watch -n 1 'kubectl describe deployment nginx-dp -n kube-public | grep -C 5 Event'
Every 1.0s: kubectl describe deployment nginx-dp -n kube-public | grep -C 5 Event Mon Aug 17 22:40:48 2020
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-dp-5dfc689474 (1/1 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 42m deployment-controller Scaled up replica set nginx-dp-5dfc689474 to 1
刪除pod資源其實就是重啟pod的方法
[root@hdss7-21 ~]# kubectl delete pod nginx-dp-5dfc689474-lt7xp -n kube-public
pod "nginx-dp-5dfc689474-lt7xp" deleted
[root@hdss7-22 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-n98tp 1/1 Running 0 46s
看到這里nginx的名字已經變了
nginx-dp-5dfc689474-lt7xp
nginx-dp-5dfc689474-n98tp
再擴展查看
[root@hdss7-22 ~]# kubectl get pods -n kube-public -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx-dp-5dfc689474-n98tp 1/1 Running 0 2m31s 172.7.21.3 hdss7-21.host.com <none> <none>
可以看到現在已經running在172.7.21.3節點上,已經調度到172.7.21.3節點上。
為什么這樣子?
因為scheduler發現7.21和7.22一樣閑,就開始啟動優選策略,然后如果兩個忙閑都一樣,網絡帶寬等都一樣,就隨機選擇一個。
使用強制刪除,需要加參數:--force--grace-period=0
kubectl delete pod nginx-dp-5dfc689474-lt7xp -n kube-public --force--grace-period=0
刪除deployment
kubectl delete deployment nginx-dp -n kube-public
管理service資源
創建service
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-k2k8j 1/1 Running 0 64s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 64s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 64s
當pod資源被刪除之后(不是強制刪除),就會發現pod從這個節點漂移到另外一個節點上,它雖然接受一個pod控制器控制,它屬於一種漂移的狀態,因此IP變了,所以需要抽象出一種穩定的service,來提供穩定的服務。
[root@hdss7-21 ~]# kubectl expose deployment nginx-dp --port=80 -n kube-public
service/nginx-dp exposed
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-k2k8j 1/1 Running 0 5m28s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx-dp ClusterIP 192.168.222.251 <none> 80/TCP 26s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 5m28s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 5m28s
可以看到NAME那里多出了service資源被列出來,這個service資源還有一個clusterIP,clusterIP就是service固定的pod點,現在在另外一個節點,22節點上查看
[root@hdss7-22 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-k2k8j 1/1 Running 0 9m20s
[root@hdss7-22 ~]# kubectl get pods -n kube-public
NAME READY STATUS RESTARTS AGE
nginx-dp-5dfc689474-k2k8j 1/1 Running 0 9m46s
[root@hdss7-22 ~]# kubectl get all -n kube-public
NAME READY STATUS RESTARTS AGE
pod/nginx-dp-5dfc689474-k2k8j 1/1 Running 0 9m56s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/nginx-dp ClusterIP 192.168.222.251 <none> 80/TCP 4m54s
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-dp 1/1 1 1 9m56s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-dp-5dfc689474 1 1 1 9m56s
curl一下
[root@hdss7-22 ~]# curl 192.168.222.251
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
body {
width: 35em;
margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif;
}
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>
使用ipvsadm -Ln查看
[root@hdss7-22 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.222.251:80 nq
-> 172.7.22.3:80 Masq 1 0 0
擴容
[root@hdss7-22 ~]# kubectl scale deployment nginx-dp --replicas=2 -n kube-public
deployment.extensions/nginx-dp scaled
[root@hdss7-22 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.222.251:80 nq
-> 172.7.21.3:80 Masq 1 0 0
-> 172.7.22.3:80 Masq 1 0 0
可以看到在最下面,多了172.7.22.3:80,看到無論下面的pod怎么變,前面的endpoint192.168.222.251:80 nq不會變。
service就是抽象出來一個相對穩定的點,讓服務能夠有一個穩定的點接入進去。
把deployment改回來。
[root@hdss7-22 ~]# kubectl scale deployment nginx-dp --replicas=1 -n kube-public
deployment.extensions/nginx-dp scaled
查看service
[root@hdss7-21 ~]# kubectl describe svc nginx-dp -n kube-public
Name: nginx-dp
Namespace: kube-public
Labels: app=nginx-dp
Annotations: <none>
Selector: app=nginx-dp
Type: ClusterIP
IP: 192.168.222.251
Port: <unset> 80/TCP
TargetPort: 80/TCP
Endpoints: 172.7.22.3:80
Session Affinity: None
Events: <none>
service是怎么找到這個pod的?
因為它依賴於k8s的特色管理功能,叫做Label Selector。就是凡是有app=nginx-dp,又在同一個命名空間(kube-public)內的,service都能匹配到這個pod,因此service就通過這個標簽選擇器將這個關聯起來了。
可以通過運算節點能夠ping到IP,而其他節點都不能,所以只有在k8s集群里,這個IP才有意義,這是一個虛的IP,它並沒有占用整個全網空間,只有在k8s這個192.168網段內才生效。
[root@hdss7-21 ~]# ping 192.168.222.251
PING 192.168.222.251 (192.168.222.251) 56(84) bytes of data.
64 bytes from 192.168.222.251: icmp_seq=1 ttl=64 time=0.051 ms
64 bytes from 192.168.222.251: icmp_seq=2 ttl=64 time=0.053 ms
集群的網絡不會主動暴露到集群的外面的,這個ClusterIP只對集群內部有用,對集群外部沒用,讓人一看這個IP就是虛的,沒人用,提醒這就是一個虛的IP。
[root@hdss7-22 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 192.168.0.1:443 nq
-> 10.4.7.21:6443 Masq 1 0 0
-> 10.4.7.22:6443 Masq 1 0 0
TCP 192.168.222.251:80 nq
-> 172.7.22.3:80 Masq 1 0 0
192.168.222.251:80 nq
nq:永不排隊
陳述式資源管理方法小結
- kubernetes集群管理資源的唯一入口是通過相應的方法調用apiserver的接口
- kubectl是官方CLI命令行工具,用於與apiserver進行通信,將用戶在命令行輸入的命令,組織並轉化為apiserver能識別的信息,進而實現管理k8s各種資源的一種有效途徑
- 陳述式資源管理方法可以滿足90%以上的資源管理需求,但它的缺點也很明顯:
- 命令冗長、復雜、難以記憶
- 特定場景下,無法實現管理需求
- 對資源的增刪查操作比較容易,改就很痛苦