使用kubectl管理Kubernetes(k8s)集群:常用命令,查看负载,命名空间namespace管理 -...
source link: https://www.cnblogs.com/renshengdezheli/p/16693557.html
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
一.系统环境
服务器版本 | docker软件版本 | CPU架构 |
---|---|---|
CentOS Linux release 7.4.1708 (Core) | Docker version 20.10.12 | x86_64 |
kubectl是Kubernetes提供的命令行工具,kubectl 使用 Kubernetes API 与 Kubernetes 集群的控制面进行通信。
针对配置信息,kubectl 在 $HOME/.kube 目录中查找一个名为 config 的配置文件来连接Kubernetes 集群。 你可以通过设置 KUBECONFIG 环境变量或设置 --kubeconfig 参数来指定其它 kubeconfig 文件。
使用kubectl命令行工具的前提是已经有一套可以正常运行的Kubernetes集群,关于Kubernetes(k8s)集群的安装部署,可以查看博客《Centos7 安装部署Kubernetes(k8s)集群》https://www.cnblogs.com/renshengdezheli/p/16686769.html
三.kubectl
3.1 kubectl语法
kubectl的语法为:kubectl [command] [TYPE] [NAME] [flags],其中 command、TYPE、NAME 和 flags 分别是:
-
command:指定要对一个或多个资源执行的操作,例如 create、get、describe、delete。
-
TYPE:指定资源类型。资源类型不区分大小写, 可以指定单数、复数或缩写形式。例如,以下命令输出相同的结果:
kubectl get pod pod1 kubectl get pods pod1 kubectl get po pod1
-
NAME:指定资源的名称。名称区分大小写。 如果省略名称,则显示所有资源的详细信息。例如:kubectl get pods。
-
flags: 指定可选的参数。例如,可以使用 -s 或 --server 参数指定 Kubernetes API 服务器的地址和端口。
要对所有类型相同的资源进行分组,请执行以下操作:TYPE1 name1 name2 name<#>。
例子:kubectl get pod example-pod1 example-pod2
分别指定多个资源类型:TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#>。
例子:kubectl get pod/example-pod1 replicationcontroller/example-rc1
3.2 kubectl格式化输出
kubectl格式化输出语法:kubectl [command] [TYPE] [NAME] -o <output_format>
输出格式 | 描述 |
---|---|
-o custom-columns=spec | 使用逗号分隔的自定义列列表打印表。 |
-o custom-columns-file=filename | 使用 filename文件中的自定义列模板打印表。 |
-o json | 输出 JSON 格式的 API 对象 |
-o jsonpath=template | 打印 jsonpath 表达式定义的字段 |
-o jsonpath-file=filename | 打印 filename>文件中 jsonpath 表达式定义的字段。 |
-o name | 仅打印资源名称而不打印任何其他内容。 |
-o wide | 以纯文本格式输出,包含所有附加信息。对于 Pod 包含节点名。 |
-o yaml | 输出 YAML 格式的 API 对象。 |
四.kubectl常用命令
查看从什么地址能访问k8s API,会显示k8s集群的master节点的地址
[root@k8scloude1 ~]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.110.130:6443
CoreDNS is running at https://192.168.110.130:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
查看kubectl版本
[root@k8scloude1 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:31:21Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:25:06Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"linux/amd64"}
[root@k8scloude1 ~]# kubectl version --short
Client Version: v1.21.0
Server Version: v1.21.0
查看k8s的pod网段,可以看到pod网段为10.244.0.0/16
#查看初始化时候的k8s集群配置:kubeadm config view
[root@k8scloude1 ~]# kubeadm config view
Command "view" is deprecated, This command is deprecated and will be removed in a future release, please use 'kubectl get cm -o yaml -n kube-system kubeadm-config' to get the kubeadm config directly.
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.21.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
查看kubeconfig文件的结构
[root@k8scloude1 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.110.130:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
五.查看kubernetes集群node节点和pod负载
5.1 安装metric-server
查看node节点和pod的负载,发现看不了node和pod的负载,是因为没有安装metric-server
[root@k8scloude1 ~]# kubectl top nodes
W0109 16:45:38.197980 75467 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
error: Metrics API not available
[root@k8scloude1 ~]# kubectl top pods
W0109 16:45:58.436117 75718 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
error: Metrics API not available
为了查看节点和pod的负载,下面开始安装metric-server
创建目录,用来存放metric-server
[root@k8scloude1 ~]# mkdir metric-server
[root@k8scloude1 ~]# cd metric-server/
下载metrics-server并解压
[root@k8scloude1 metric-server]# wget https://github.com/kubernetes-sigs/metrics-server/archive/v0.3.6.tar.gz
[root@k8scloude1 metric-server]# ls
v0.3.6.tar.gz
[root@k8scloude1 metric-server]# tar xf v0.3.6.tar.gz
[root@k8scloude1 metric-server]# ls
metrics-server-0.3.6 v0.3.6.tar.gz
[root@k8scloude1 metric-server]# cd metrics-server-0.3.6/
[root@k8scloude1 metrics-server-0.3.6]# ls
cmd code-of-conduct.md CONTRIBUTING.md deploy Gopkg.lock Gopkg.toml hack LICENSE Makefile OWNERS OWNERS_ALIASES pkg README.md SECURITY_CONTACTS vendor version
[root@k8scloude1 metrics-server-0.3.6]# cd deploy/
[root@k8scloude1 deploy]# ls
1.7 1.8+ docker minikube
[root@k8scloude1 deploy]# cd 1.8+
[root@k8scloude1 1.8+]# ls
aggregated-metrics-reader.yaml auth-delegator.yaml auth-reader.yaml metrics-apiservice.yaml metrics-server-deployment.yaml metrics-server-service.yaml resource-reader.yaml
查看需要下载的镜像,image: k8s.gcr.io/metrics-server-amd64:v0.3.6这个镜像国内访问不了,我们手动下载一个国内镜像
[root@k8scloude1 1.8+]# grep image metrics-server-deployment.yaml
# mount in tmp so we can safely use from-scratch images and/or read-only containers
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: Always
在k8s集群master节点和worker节点都需要下载metrics-server-amd64:v0.3.6镜像
[root@k8scloude1 1.8+]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker images | grep mirrorgooglecontainers
REPOSITORY TAG IMAGE ID CREATED SIZE
mirrorgooglecontainers/metrics-server-amd64 v0.3.6 9dd718864ce6 2 years ago 39.9MB
镜像已经下好了,现在进行docker tag重命名,并删除原镜像mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
worker节点也进行相同操作
[root@k8scloude2 ~]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude2 ~]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude2 ~]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
修改配置文件,镜像下载策略imagePullPolicy改为IfNotPresent,IfNotPresent表示只有当镜像在本地不存在时才会拉取
[root@k8scloude1 1.8+]# pwd
/root/metric-server/metrics-server-0.3.6/deploy/1.8+
#修改内容如下: imagePullPolicy: IfNotPresent
# command:
# - /metrics-server
# - --metric-resolution=30s
# - --kubelet-insecure-tls
# - --kubelet-preferred-address-types=InternalIP
[root@k8scloude1 1.8+]# tail -20 metrics-server-deployment.yaml
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
command:
- /metrics-server
- --metric-resolution=30s
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
volumeMounts:
- name: tmp-dir
mountPath: /tmp
安装metrics-server
#kubectl apply -f . .表示安装当前目录下的所有文件
[root@k8scloude1 1.8+]# kubectl apply -f .
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19+, unavailable in v1.22+; use apiregistration.k8s.io/v1 APIService
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
查看所有的命名空间
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 18h
kube-node-lease Active 18h
kube-public Active 18h
kube-system Active 18h
当观察到metrics-server-bcfb98c76-k5dmj状态为Running,metrics-server服务就正常启动了
[root@k8scloude1 1.8+]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6b9fbfff44-4jzkj 1/1 Running 2 19h 10.244.251.194 k8scloude3 <none> <none>
calico-node-bdlgm 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
calico-node-hx8bk 1/1 Running 1 19h 192.168.110.128 k8scloude3 <none> <none>
calico-node-nsbfs 1/1 Running 1 19h 192.168.110.129 k8scloude2 <none> <none>
coredns-545d6fc579-7wm95 1/1 Running 1 19h 10.244.158.68 k8scloude1 <none> <none>
coredns-545d6fc579-87q8j 1/1 Running 1 19h 10.244.158.67 k8scloude1 <none> <none>
etcd-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-apiserver-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-controller-manager-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-proxy-599xh 1/1 Running 1 19h 192.168.110.128 k8scloude3 <none> <none>
kube-proxy-lpj8z 1/1 Running 1 19h 192.168.110.129 k8scloude2 <none> <none>
kube-proxy-zxlk9 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-scheduler-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
metrics-server-bcfb98c76-k5dmj 1/1 Running 0 70s 10.244.112.131 k8scloude2 <none> <none>
5.2 查看node负载
查看node的负载
[root@k8scloude1 1.8+]# kubectl top node
W0110 11:37:47.025099 75026 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8scloude1 257m 12% 1487Mi 45%
k8scloude2 104m 5% 698Mi 36%
k8scloude3 102m 5% 701Mi 36%
5.3 查看pod负载
查看pod的负载
注释:一核心分成1000个微核心m 1核=1000m
[root@k8scloude1 1.8+]# kubectl top pods
W0110 11:38:40.576780 75696 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
No resources found in default namespace.
#-A表示所有命名空间
[root@k8scloude1 1.8+]# kubectl top pods -A
W0110 11:38:47.276962 75784 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
NAMESPACE NAME CPU(cores) MEMORY(bytes)
kube-system calico-kube-controllers-6b9fbfff44-4jzkj 2m 25Mi
kube-system calico-node-bdlgm 37m 170Mi
kube-system calico-node-hx8bk 43m 157Mi
kube-system calico-node-nsbfs 56m 164Mi
kube-system coredns-545d6fc579-7wm95 3m 18Mi
kube-system coredns-545d6fc579-87q8j 3m 18Mi
kube-system etcd-k8scloude1 14m 91Mi
kube-system kube-apiserver-k8scloude1 60m 351Mi
kube-system kube-controller-manager-k8scloude1 21m 56Mi
kube-system kube-proxy-599xh 1m 24Mi
kube-system kube-proxy-lpj8z 1m 24Mi
kube-system kube-proxy-zxlk9 1m 24Mi
kube-system kube-scheduler-k8scloude1 3m 23Mi
kube-system metrics-server-bcfb98c76-k5dmj 1m 13Mi
六.命名空间namespace的管理
6.1 何为命名空间namespace
在 Kubernetes 中,命名空间(Namespace) 提供一种机制,将同一集群中的资源划分为相互隔离的组。 同一命名空间内的资源名称要唯一,但跨命名空间时没有这个要求。 命名空间作用域仅针对带有命名空间的对象,例如 Deployment、Service 等, 这种作用域对集群访问的对象不适用,例如 StorageClass、Node、PersistentVolume 等。
6.2 管理命名空间namespace
查看所有的命名空间
[root@k8scloude1 1.8+]# kubectl get namespaces
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
创建命名空间,注意:不同的namespace之间相互隔离
[root@k8scloude1 1.8+]# kubectl create ns ns1
namespace/ns1 created
[root@k8scloude1 1.8+]# kubectl create ns ns2
namespace/ns2 created
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
ns1 Active 6s
ns2 Active 4s
获取全局上下文,可以看到当前命名空间为default
[root@k8scloude1 ~]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes-admin@kubernetes kubernetes kubernetes-admin default
切换命名空间
#切换命名空间
[root@k8scloude1 ~]# kubectl config set-context --current --namespace=kube-system
Context "kubernetes-admin@kubernetes" modified.
[root@k8scloude1 ~]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes-admin@kubernetes kubernetes kubernetes-admin kube-system
#获取当前K8S上下文
[root@k8scloude1 ~]# kubectl config current-context
kubernetes-admin@kubernetes
6.2 使用kubens管理命名空间namespace
默认的切换命名空间的命令不好用,可以使用第三方的命名空间切换工具:kubens,kubens命令所在的网站为:https://github.com/ahmetb/kubectx/releases/
下载kubens,并授予可执行权限
[root@k8scloude1 ~]# wget https://github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens
[root@k8scloude1 ~]# ll -h kubens
-rw-r--r-- 1 root root 5.5K 12月 8 15:46 kubens
[root@k8scloude1 ~]# chmod +x kubens
[root@k8scloude1 ~]# mv kubens /bin/
[root@k8scloude1 ~]# ls /bin/kubens
/bin/kubens
查看所有的命名空间
[root@k8scloude1 ~]# kubens
default
kube-node-lease
kube-public
kube-system
ns1
ns2
切换namespace
#切换namespace到kube-system
[root@k8scloude1 ~]# kubens kube-system
Context "kubernetes-admin@kubernetes" modified.
Active namespace is "kube-system".
#此时,默认查询的就是kube-system命名空间下的pod
[root@k8scloude1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6b9fbfff44-4jzkj 1/1 Running 2 20h 10.244.251.194 k8scloude3 <none> <none>
calico-node-bdlgm 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
calico-node-hx8bk 1/1 Running 1 20h 192.168.110.128 k8scloude3 <none> <none>
calico-node-nsbfs 1/1 Running 1 20h 192.168.110.129 k8scloude2 <none> <none>
coredns-545d6fc579-7wm95 1/1 Running 1 20h 10.244.158.68 k8scloude1 <none> <none>
coredns-545d6fc579-87q8j 1/1 Running 1 20h 10.244.158.67 k8scloude1 <none> <none>
etcd-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-apiserver-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-controller-manager-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-proxy-599xh 1/1 Running 1 20h 192.168.110.128 k8scloude3 <none> <none>
kube-proxy-lpj8z 1/1 Running 1 20h 192.168.110.129 k8scloude2 <none> <none>
kube-proxy-zxlk9 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-scheduler-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
metrics-server-bcfb98c76-k5dmj 1/1 Running 0 56m 10.244.112.131 k8scloude2 <none> <none>
切换namespace到default
#切换namespace到default
[root@k8scloude1 ~]# kubens default
Context "kubernetes-admin@kubernetes" modified.
Active namespace is "default".
#此时,默认查询的就是default命名空间下的pod
[root@k8scloude1 ~]# kubectl get pods -o wide
No resources found in default namespace.
#要查询kube-public命名空间下的pod,使用-n kube-public指定
[root@k8scloude1 ~]# kubectl get pods -n kube-public
No resources found in kube-public namespace.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK