0%

kubectl常用命令

kubectl简介

Kubectl is a command line interface for running commands against Kubernetes clusters.

没错,kubectl是一个命令行工具,用来控制K8S集群。kubectl该怎么读?可以参考HowToPronounce-kubectl,小编喜欢读作kubecontrol。

kubectl命令格式为:

1
kubectl [command] [TYPE] [NAME] [flags]

更多内容,参考Overview of kubectl

《K8S入门篇》一文中,已经学习了kubectl的安装方法,并且使用了一些简单命令。本文整理一下kubectl的常用命令,方便记忆和复习。

常用命令

指定配置文件

1
2
3
4
5
6
7
8
9
# 指定默认配置文件
export KUBECONFIG=~/.kube/config

# 查看kubectl配置
kubectl config view

# 指定单次运行配置文件
kubectl get deployments --kubeconfig=/root/.kube/config
kubectl get deployments --kubeconfig /root/.kube/config

命令自动补全

1
2
3
4
5
yum install -y bash-completion
source /usr/share/bash-completion/bash_completion
source <(kubectl completion bash)
echo "source /usr/share/bash-completion/bash_completion" >> ~/.bashrc
echo "source <(kubectl completion bash)" >> ~/.bashrc

查看资源缩写

1
2
kubectl describe
kubectl api-resources

输出结果为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
NAME                              SHORTNAMES   APIGROUP                       NAMESPACED   KIND
bindings true Binding
componentstatuses cs false ComponentStatus
configmaps cm true ConfigMap
endpoints ep true Endpoints
events ev true Event
limitranges limits true LimitRange
namespaces ns false Namespace
nodes no false Node
persistentvolumeclaims pvc true PersistentVolumeClaim
persistentvolumes pv false PersistentVolume
pods po true Pod
podtemplates true PodTemplate
replicationcontrollers rc true ReplicationController
resourcequotas quota true ResourceQuota
secrets true Secret
serviceaccounts sa true ServiceAccount
services svc true Service
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io false ValidatingWebhookConfiguration
batchreleases alicloud.com true BatchRelease
customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition
apiservices apiregistration.k8s.io false APIService
controllerrevisions apps true ControllerRevision
daemonsets ds apps true DaemonSet
deployments deploy apps true Deployment
replicasets rs apps true ReplicaSet
statefulsets sts apps true StatefulSet
tokenreviews authentication.k8s.io false TokenReview
localsubjectaccessreviews authorization.k8s.io true LocalSubjectAccessReview
selfsubjectaccessreviews authorization.k8s.io false SelfSubjectAccessReview
selfsubjectrulesreviews authorization.k8s.io false SelfSubjectRulesReview
subjectaccessreviews authorization.k8s.io false SubjectAccessReview
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler
cronjobs cj batch true CronJob
jobs batch true Job
certificatesigningrequests csr certificates.k8s.io false CertificateSigningRequest
leases coordination.k8s.io true Lease
events ev events.k8s.io true Event
daemonsets ds extensions true DaemonSet
deployments deploy extensions true Deployment
ingresses ing extensions true Ingress
networkpolicies netpol extensions true NetworkPolicy
podsecuritypolicies psp extensions false PodSecurityPolicy
replicasets rs extensions true ReplicaSet
globaljobs globaljob jobs.aliyun.com true GlobalJob
nodes metrics.k8s.io false NodeMetrics
pods metrics.k8s.io true PodMetrics
ingresses ing networking.k8s.io true Ingress
networkpolicies netpol networking.k8s.io true NetworkPolicy
runtimeclasses node.k8s.io false RuntimeClass
poddisruptionbudgets pdb policy true PodDisruptionBudget
podsecuritypolicies psp policy false PodSecurityPolicy
clusterrolebindings rbac.authorization.k8s.io false ClusterRoleBinding
clusterroles rbac.authorization.k8s.io false ClusterRole
rolebindings rbac.authorization.k8s.io true RoleBinding
roles rbac.authorization.k8s.io true Role
priorityclasses pc scheduling.k8s.io false PriorityClass
csidrivers storage.k8s.io false CSIDriver
csinodes storage.k8s.io false CSINode
storageclasses sc storage.k8s.io false StorageClass
volumeattachments storage.k8s.io false VolumeAttachment

查看资源

1、查看集群的所有资源

1
2
kubectl get all
kubectl get all -o wide

2、查看deployment

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 查看deployment
kubectl get deploy
kubectl get deploy -n ratel -o wide

# 查看deployment实时变化
kubectl get deploy --watch

# 查看指定deployment
kubectl get deploy/deployment-name
kubectl get deploy deployment-name

# 指定namespace
kubectl get deploy -n voidking

# 根据label选择deployment
kubectl get deploy --selector="name=nginx,type=frontend"

# 查看deployment详细信息
kubectl describe deploy

pod、service、node的查看方法和deployment相同。

导出yaml或json文件

1
2
3
4
5
6
7
8
9
10
11
# 导出deployment的yaml文件
kubectl get deploy -o yaml > deploy.yaml

# 导出deployment的json文件
kubectl get deploy -o json > deploy.json

# 导出指定deployment的yaml文件
kubectl get deploy/deployment-name -o yaml > deploy-name.yaml

# 导出指定deployment的json文件
kubectl get deploy/deployment-name -o json > deploy-name.json

pod、service、node的yaml/json文件的导出方法和deployment相同。

node封锁

1
2
3
4
5
6
7
8
# 封锁node,不允许分配pod
kubectl cordon nodename

# 从指定node驱除pod
kubectl drain nodename --ignore-daemonsets

# 解除node的封锁,允许分配pod
kubectl uncordon nodename

事件相关

1
2
# 查看集群事件
kubectl get ev

故障排查

故障排查的第一步是先给问题分下类。这个问题是什么?Pods,Replication Controller或者Service?
1、Pods排查

1
2
3
4
5
6
7
8
9
10
11
12
13
14
# 查看pod详细信息
kubectl describe pods ${POD_NAME}

# 查看容器日志
kubectl logs ${POD_NAME} ${CONTAINER_NAME}

# 查看crashed容器日志
kubectl logs --previous ${POD_NAME} ${CONTAINER_NAME}

# 查看运行的容器内部日志
kubectl exec ${POD_NAME} -c ${CONTAINER_NAME} -- cat /var/log/cassandra/system.log

# 查看运行的容器内部日志(pod只有一个容器)
# kubectl exec ${POD_NAME} -- cat /var/log/cassandra/system.log

2、Replication Controllers排查

1
2
# 监控rc相关事件
kubectl describe rc ${CONTROLLER_NAME}

3、Services排查

1
2
# 查看endpoints资源,service选择到了哪些pod和端口
kubectl get endpoints ${SERVICE_NAME}

更多内容参考应用故障排查

自动生成yaml

pod yaml

生成pod的yaml文件模板:

1
kubectl run vk-pod --image=nginx --generator=run-pod/v1 --dry-run -o yaml

生成内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: vk-pod
name: vk-pod
spec:
containers:
- image: nginx
name: vk-pod
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}

更多内容,参考Kubernetes kubectl run 命令详解

deployment yaml

1、生成deployment的yaml文件模板(历史方法):

1
kubectl run vk-deploy --image=nginx --dry-run -o yaml

会出现提示:
kubectl run –generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run –generator=run-pod/v1 or kubectl create instead.
因为官方不推荐使用 run-pod/v1 以外的其他生成器,其他生成器不久后就会弃用。更多内容参考kubectl run

2、从已有K8S集群中已有资源中导出yaml模板文件(历史方法):

1
kubectl get deploy/deployment-name -o yaml --export > deploy-name.yaml

也会出现提示:
Flag –export has been deprecated, This flag is deprecated and will be removed in future.
很尴尬,–export 也要弃用了,且用且珍惜吧。

3、生成deployment的yaml文件模板(推荐方法):

1
kubectl create deployment vk-deploy --image=nginx --dry-run -o yaml

生成内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: vk-deploy
name: vk-deploy
spec:
replicas: 1
selector:
matchLabels:
app: vk-deploy
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: vk-deploy
spec:
containers:
- image: nginx
name: nginx
resources: {}
status: {}

更多内容,参考Kubernetes kubectl create deployment 命令详解

service yaml

生成service的yaml文件模板(推荐方法):

1
kubectl create service clusterip vk-svc --tcp="5678:8080" --dry-run -o yaml

生成内容为:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
apiVersion: v1
kind: Service
metadata:
creationTimestamp: null
labels:
app: vk-svc
name: vk-svc
spec:
ports:
- name: 5678-8080
port: 5678
protocol: TCP
targetPort: 8080
selector:
app: vk-svc
type: ClusterIP
status:
loadBalancer: {}

更多内容,参考Kubernetes kubectl create service 命令详解Service

编辑yaml

生成了模板,很多字段依然不记得怎么办?比如要添加节点亲和性,那么可以查看相关解释:

1
2
3
4
kubectl explain deployment.spec.template.spec.affinity
kubectl explain deployment.spec.template.spec.affinity.nodeAffinity
...
kubectl explain deployment.spec.template.spec.affinity.nodeAffinity.requiredDuringSchedulingIgnoredDuringExecution.nodeSelectorTerms.matchExpressions

然后,根据层级关系和解释编辑yaml文件模板。

yaml验证

1
kubectl create --validate -f deployment.yaml

徒手写yaml

首先把yaml文件分成四部分,typeMeta、objectMeta、spec和status,其中status部分可以不写。
typeMeta包括apiVersion和kind;
metadata必填name、namespace、labels;
pod.spec主要填containers的name和image,deployment.spec主要填replicas、selector的matchLabels、template,service.spec主要填selector、ports和type。

拷贝文件

1
2
# 拷贝pod内容到宿主机
kubectl cp podname-564949c96c-m986n:/path/filename .