使用kubectl管理Kubernetes(k8s)集群:常用命令,查看負載,命名空間namespace管理
- 2022 年 9 月 14 日
- 筆記
- Docker容器, Kubernetes(k8s)管理
一.系統環境
伺服器版本 | docker軟體版本 | CPU架構 |
---|---|---|
CentOS Linux release 7.4.1708 (Core) | Docker version 20.10.12 | x86_64 |
二.前言
kubectl是Kubernetes提供的命令行工具,kubectl 使用 Kubernetes API 與 Kubernetes 集群的控制面進行通訊。
針對配置資訊,kubectl 在 $HOME/.kube 目錄中查找一個名為 config 的配置文件來連接Kubernetes 集群。 你可以通過設置 KUBECONFIG 環境變數或設置 –kubeconfig 參數來指定其它 kubeconfig 文件。
使用kubectl命令行工具的前提是已經有一套可以正常運行的Kubernetes集群,關於Kubernetes(k8s)集群的安裝部署,可以查看部落格《Centos7 安裝部署Kubernetes(k8s)集群》//www.cnblogs.com/renshengdezheli/p/16686769.html
三.kubectl
3.1 kubectl語法
kubectl的語法為:kubectl [command] [TYPE] [NAME] [flags],其中 command、TYPE、NAME 和 flags 分別是:
-
command:指定要對一個或多個資源執行的操作,例如 create、get、describe、delete。
-
TYPE:指定資源類型。資源類型不區分大小寫, 可以指定單數、複數或縮寫形式。例如,以下命令輸出相同的結果:
kubectl get pod pod1 kubectl get pods pod1 kubectl get po pod1
-
NAME:指定資源的名稱。名稱區分大小寫。 如果省略名稱,則顯示所有資源的詳細資訊。例如:kubectl get pods。
-
flags: 指定可選的參數。例如,可以使用 -s 或 –server 參數指定 Kubernetes API 伺服器的地址和埠。
要對所有類型相同的資源進行分組,請執行以下操作:TYPE1 name1 name2 name<#>。
例子:kubectl get pod example-pod1 example-pod2
分別指定多個資源類型:TYPE1/name1 TYPE1/name2 TYPE2/name3 TYPE<#>/name<#>。
例子:kubectl get pod/example-pod1 replicationcontroller/example-rc1
3.2 kubectl格式化輸出
kubectl格式化輸出語法:kubectl [command] [TYPE] [NAME] -o <output_format>
輸出格式 | 描述 |
---|---|
-o custom-columns=spec | 使用逗號分隔的自定義列列表列印表。 |
-o custom-columns-file=filename | 使用 filename文件中的自定義列模板列印表。 |
-o json | 輸出 JSON 格式的 API 對象 |
-o jsonpath=template | 列印 jsonpath 表達式定義的欄位 |
-o jsonpath-file=filename | 列印 filename>文件中 jsonpath 表達式定義的欄位。 |
-o name | 僅列印資源名稱而不列印任何其他內容。 |
-o wide | 以純文本格式輸出,包含所有附加資訊。對於 Pod 包含節點名。 |
-o yaml | 輸出 YAML 格式的 API 對象。 |
四.kubectl常用命令
查看從什麼地址能訪問k8s API,會顯示k8s集群的master節點的地址
[root@k8scloude1 ~]# kubectl cluster-info
Kubernetes control plane is running at //192.168.110.130:6443
CoreDNS is running at //192.168.110.130:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
查看kubectl版本
[root@k8scloude1 ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:31:21Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21", GitVersion:"v1.21.0", GitCommit:"cb303e613a121a29364f75cc67d3d580833a7479", GitTreeState:"clean", BuildDate:"2021-04-08T16:25:06Z", GoVersion:"go1.16.1", Compiler:"gc", Platform:"linux/amd64"}
[root@k8scloude1 ~]# kubectl version --short
Client Version: v1.21.0
Server Version: v1.21.0
查看k8s的pod網段,可以看到pod網段為10.244.0.0/16
#查看初始化時候的k8s集群配置:kubeadm config view
[root@k8scloude1 ~]# kubeadm config view
Command "view" is deprecated, This command is deprecated and will be removed in a future release, please use 'kubectl get cm -o yaml -n kube-system kubeadm-config' to get the kubeadm config directly.
apiServer:
extraArgs:
authorization-mode: Node,RBAC
timeoutForControlPlane: 4m0s
apiVersion: kubeadm.k8s.io/v1beta2
certificatesDir: /etc/kubernetes/pki
clusterName: kubernetes
controllerManager: {}
dns:
type: CoreDNS
etcd:
local:
dataDir: /var/lib/etcd
imageRepository: registry.aliyuncs.com/google_containers
kind: ClusterConfiguration
kubernetesVersion: v1.21.0
networking:
dnsDomain: cluster.local
podSubnet: 10.244.0.0/16
serviceSubnet: 10.96.0.0/12
scheduler: {}
查看kubeconfig文件的結構
[root@k8scloude1 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: //192.168.110.130:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
五.查看kubernetes集群node節點和pod負載
5.1 安裝metric-server
查看node節點和pod的負載,發現看不了node和pod的負載,是因為沒有安裝metric-server
[root@k8scloude1 ~]# kubectl top nodes
W0109 16:45:38.197980 75467 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
error: Metrics API not available
[root@k8scloude1 ~]# kubectl top pods
W0109 16:45:58.436117 75718 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
error: Metrics API not available
為了查看節點和pod的負載,下面開始安裝metric-server
創建目錄,用來存放metric-server
[root@k8scloude1 ~]# mkdir metric-server
[root@k8scloude1 ~]# cd metric-server/
下載metrics-server並解壓
[root@k8scloude1 metric-server]# wget //github.com/kubernetes-sigs/metrics-server/archive/v0.3.6.tar.gz
[root@k8scloude1 metric-server]# ls
v0.3.6.tar.gz
[root@k8scloude1 metric-server]# tar xf v0.3.6.tar.gz
[root@k8scloude1 metric-server]# ls
metrics-server-0.3.6 v0.3.6.tar.gz
[root@k8scloude1 metric-server]# cd metrics-server-0.3.6/
[root@k8scloude1 metrics-server-0.3.6]# ls
cmd code-of-conduct.md CONTRIBUTING.md deploy Gopkg.lock Gopkg.toml hack LICENSE Makefile OWNERS OWNERS_ALIASES pkg README.md SECURITY_CONTACTS vendor version
[root@k8scloude1 metrics-server-0.3.6]# cd deploy/
[root@k8scloude1 deploy]# ls
1.7 1.8+ docker minikube
[root@k8scloude1 deploy]# cd 1.8+
[root@k8scloude1 1.8+]# ls
aggregated-metrics-reader.yaml auth-delegator.yaml auth-reader.yaml metrics-apiservice.yaml metrics-server-deployment.yaml metrics-server-service.yaml resource-reader.yaml
查看需要下載的鏡像,image: k8s.gcr.io/metrics-server-amd64:v0.3.6這個鏡像中國訪問不了,我們手動下載一個中國鏡像
[root@k8scloude1 1.8+]# grep image metrics-server-deployment.yaml
# mount in tmp so we can safely use from-scratch images and/or read-only containers
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: Always
在k8s集群master節點和worker節點都需要下載metrics-server-amd64:v0.3.6鏡像
[root@k8scloude1 1.8+]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker images | grep mirrorgooglecontainers
REPOSITORY TAG IMAGE ID CREATED SIZE
mirrorgooglecontainers/metrics-server-amd64 v0.3.6 9dd718864ce6 2 years ago 39.9MB
鏡像已經下好了,現在進行docker tag重命名,並刪除原鏡像mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude1 1.8+]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
worker節點也進行相同操作
[root@k8scloude2 ~]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude2 ~]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude2 ~]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker pull mirrorgooglecontainers/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker tag mirrorgooglecontainers/metrics-server-amd64:v0.3.6 k8s.gcr.io/metrics-server-amd64:v0.3.6
[root@k8scloude3 ~]# docker rmi mirrorgooglecontainers/metrics-server-amd64:v0.3.6
修改配置文件,鏡像下載策略imagePullPolicy改為IfNotPresent,IfNotPresent表示只有當鏡像在本地不存在時才會拉取
[root@k8scloude1 1.8+]# pwd
/root/metric-server/metrics-server-0.3.6/deploy/1.8+
#修改內容如下: imagePullPolicy: IfNotPresent
# command:
# - /metrics-server
# - --metric-resolution=30s
# - --kubelet-insecure-tls
# - --kubelet-preferred-address-types=InternalIP
[root@k8scloude1 1.8+]# tail -20 metrics-server-deployment.yaml
k8s-app: metrics-server
spec:
serviceAccountName: metrics-server
volumes:
# mount in tmp so we can safely use from-scratch images and/or read-only containers
- name: tmp-dir
emptyDir: {}
containers:
- name: metrics-server
image: k8s.gcr.io/metrics-server-amd64:v0.3.6
imagePullPolicy: IfNotPresent
command:
- /metrics-server
- --metric-resolution=30s
- --kubelet-insecure-tls
- --kubelet-preferred-address-types=InternalIP
volumeMounts:
- name: tmp-dir
mountPath: /tmp
安裝metrics-server
#kubectl apply -f . .表示安裝當前目錄下的所有文件
[root@k8scloude1 1.8+]# kubectl apply -f .
clusterrole.rbac.authorization.k8s.io/system:aggregated-metrics-reader created
Warning: rbac.authorization.k8s.io/v1beta1 ClusterRoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 ClusterRoleBinding
clusterrolebinding.rbac.authorization.k8s.io/metrics-server:system:auth-delegator created
Warning: rbac.authorization.k8s.io/v1beta1 RoleBinding is deprecated in v1.17+, unavailable in v1.22+; use rbac.authorization.k8s.io/v1 RoleBinding
rolebinding.rbac.authorization.k8s.io/metrics-server-auth-reader created
Warning: apiregistration.k8s.io/v1beta1 APIService is deprecated in v1.19+, unavailable in v1.22+; use apiregistration.k8s.io/v1 APIService
apiservice.apiregistration.k8s.io/v1beta1.metrics.k8s.io created
serviceaccount/metrics-server created
deployment.apps/metrics-server created
service/metrics-server created
clusterrole.rbac.authorization.k8s.io/system:metrics-server created
clusterrolebinding.rbac.authorization.k8s.io/system:metrics-server created
查看所有的命名空間
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 18h
kube-node-lease Active 18h
kube-public Active 18h
kube-system Active 18h
當觀察到metrics-server-bcfb98c76-k5dmj狀態為Running,metrics-server服務就正常啟動了
[root@k8scloude1 1.8+]# kubectl get pod -n kube-system -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6b9fbfff44-4jzkj 1/1 Running 2 19h 10.244.251.194 k8scloude3 <none> <none>
calico-node-bdlgm 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
calico-node-hx8bk 1/1 Running 1 19h 192.168.110.128 k8scloude3 <none> <none>
calico-node-nsbfs 1/1 Running 1 19h 192.168.110.129 k8scloude2 <none> <none>
coredns-545d6fc579-7wm95 1/1 Running 1 19h 10.244.158.68 k8scloude1 <none> <none>
coredns-545d6fc579-87q8j 1/1 Running 1 19h 10.244.158.67 k8scloude1 <none> <none>
etcd-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-apiserver-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-controller-manager-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-proxy-599xh 1/1 Running 1 19h 192.168.110.128 k8scloude3 <none> <none>
kube-proxy-lpj8z 1/1 Running 1 19h 192.168.110.129 k8scloude2 <none> <none>
kube-proxy-zxlk9 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
kube-scheduler-k8scloude1 1/1 Running 1 19h 192.168.110.130 k8scloude1 <none> <none>
metrics-server-bcfb98c76-k5dmj 1/1 Running 0 70s 10.244.112.131 k8scloude2 <none> <none>
5.2 查看node負載
查看node的負載
[root@k8scloude1 1.8+]# kubectl top node
W0110 11:37:47.025099 75026 top_node.go:119] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8scloude1 257m 12% 1487Mi 45%
k8scloude2 104m 5% 698Mi 36%
k8scloude3 102m 5% 701Mi 36%
5.3 查看pod負載
查看pod的負載
注釋:一核心分成1000個微核心m 1核=1000m
[root@k8scloude1 1.8+]# kubectl top pods
W0110 11:38:40.576780 75696 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
No resources found in default namespace.
#-A表示所有命名空間
[root@k8scloude1 1.8+]# kubectl top pods -A
W0110 11:38:47.276962 75784 top_pod.go:140] Using json format to get metrics. Next release will switch to protocol-buffers, switch early by passing --use-protocol-buffers flag
NAMESPACE NAME CPU(cores) MEMORY(bytes)
kube-system calico-kube-controllers-6b9fbfff44-4jzkj 2m 25Mi
kube-system calico-node-bdlgm 37m 170Mi
kube-system calico-node-hx8bk 43m 157Mi
kube-system calico-node-nsbfs 56m 164Mi
kube-system coredns-545d6fc579-7wm95 3m 18Mi
kube-system coredns-545d6fc579-87q8j 3m 18Mi
kube-system etcd-k8scloude1 14m 91Mi
kube-system kube-apiserver-k8scloude1 60m 351Mi
kube-system kube-controller-manager-k8scloude1 21m 56Mi
kube-system kube-proxy-599xh 1m 24Mi
kube-system kube-proxy-lpj8z 1m 24Mi
kube-system kube-proxy-zxlk9 1m 24Mi
kube-system kube-scheduler-k8scloude1 3m 23Mi
kube-system metrics-server-bcfb98c76-k5dmj 1m 13Mi
六.命名空間namespace的管理
6.1 何為命名空間namespace
在 Kubernetes 中,命名空間(Namespace) 提供一種機制,將同一集群中的資源劃分為相互隔離的組。 同一命名空間內的資源名稱要唯一,但跨命名空間時沒有這個要求。 命名空間作用域僅針對帶有命名空間的對象,例如 Deployment、Service 等, 這種作用域對集群訪問的對象不適用,例如 StorageClass、Node、PersistentVolume 等。
6.2 管理命名空間namespace
查看所有的命名空間
[root@k8scloude1 1.8+]# kubectl get namespaces
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
創建命名空間,注意:不同的namespace之間相互隔離
[root@k8scloude1 1.8+]# kubectl create ns ns1
namespace/ns1 created
[root@k8scloude1 1.8+]# kubectl create ns ns2
namespace/ns2 created
[root@k8scloude1 1.8+]# kubectl get ns
NAME STATUS AGE
default Active 19h
kube-node-lease Active 19h
kube-public Active 19h
kube-system Active 19h
ns1 Active 6s
ns2 Active 4s
獲取全局上下文,可以看到當前命名空間為default
[root@k8scloude1 ~]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes-admin@kubernetes kubernetes kubernetes-admin default
切換命名空間
#切換命名空間
[root@k8scloude1 ~]# kubectl config set-context --current --namespace=kube-system
Context "kubernetes-admin@kubernetes" modified.
[root@k8scloude1 ~]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO NAMESPACE
* kubernetes-admin@kubernetes kubernetes kubernetes-admin kube-system
#獲取當前K8S上下文
[root@k8scloude1 ~]# kubectl config current-context
kubernetes-admin@kubernetes
6.2 使用kubens管理命名空間namespace
默認的切換命名空間的命令不好用,可以使用第三方的命名空間切換工具:kubens,kubens命令所在的網站為://github.com/ahmetb/kubectx/releases/
下載kubens,並授予可執行許可權
[root@k8scloude1 ~]# wget //github.com/ahmetb/kubectx/releases/download/v0.9.4/kubens
[root@k8scloude1 ~]# ll -h kubens
-rw-r--r-- 1 root root 5.5K 12月 8 15:46 kubens
[root@k8scloude1 ~]# chmod +x kubens
[root@k8scloude1 ~]# mv kubens /bin/
[root@k8scloude1 ~]# ls /bin/kubens
/bin/kubens
查看所有的命名空間
[root@k8scloude1 ~]# kubens
default
kube-node-lease
kube-public
kube-system
ns1
ns2
切換namespace
#切換namespace到kube-system
[root@k8scloude1 ~]# kubens kube-system
Context "kubernetes-admin@kubernetes" modified.
Active namespace is "kube-system".
#此時,默認查詢的就是kube-system命名空間下的pod
[root@k8scloude1 ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6b9fbfff44-4jzkj 1/1 Running 2 20h 10.244.251.194 k8scloude3 <none> <none>
calico-node-bdlgm 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
calico-node-hx8bk 1/1 Running 1 20h 192.168.110.128 k8scloude3 <none> <none>
calico-node-nsbfs 1/1 Running 1 20h 192.168.110.129 k8scloude2 <none> <none>
coredns-545d6fc579-7wm95 1/1 Running 1 20h 10.244.158.68 k8scloude1 <none> <none>
coredns-545d6fc579-87q8j 1/1 Running 1 20h 10.244.158.67 k8scloude1 <none> <none>
etcd-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-apiserver-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-controller-manager-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-proxy-599xh 1/1 Running 1 20h 192.168.110.128 k8scloude3 <none> <none>
kube-proxy-lpj8z 1/1 Running 1 20h 192.168.110.129 k8scloude2 <none> <none>
kube-proxy-zxlk9 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
kube-scheduler-k8scloude1 1/1 Running 1 20h 192.168.110.130 k8scloude1 <none> <none>
metrics-server-bcfb98c76-k5dmj 1/1 Running 0 56m 10.244.112.131 k8scloude2 <none> <none>
切換namespace到default
#切換namespace到default
[root@k8scloude1 ~]# kubens default
Context "kubernetes-admin@kubernetes" modified.
Active namespace is "default".
#此時,默認查詢的就是default命名空間下的pod
[root@k8scloude1 ~]# kubectl get pods -o wide
No resources found in default namespace.
#要查詢kube-public命名空間下的pod,使用-n kube-public指定
[root@k8scloude1 ~]# kubectl get pods -n kube-public
No resources found in kube-public namespace.