k8s - 2
--------------- 在 master 签发证书 -------------------#--------------- 在所有计算节点配置证书 -----------------# 查看资源对象详细信息,Yaml/Json 格式。# 查看 work 名称空间的配置信息。# 查看名称空间中的 Pod 信息。# 查看资源对象运行节点的信息。# 使用资源对象文件创建服务。# 创建 Pod 资
k8s集群管理
信息查询命令
| 子命令 | 说明 |
|---|---|
| help | 用于查看命令及子命令的帮助信息 |
| cluster-info | 显示集群的相关配置信息 |
| api-resources | 查看当前服务器上所有的资源对象 |
| api-versions | 查看当前服务器上所有资源对象的版本 |
| config | 管理当前节点上的认证信息 |
命令示例
help
# 查看帮助命令信息
[root@master ~]# kubectl help version
Print the client and server version information for the current context.
Examples:
# Print the client and server versions for the current context
kubectl version
... ...
cluster-info
# 查看集群状态信息
[root@master ~]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.88.50:6443
CoreDNS is running at https://192.168.88.50:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
... ...
api-resources
# 查看资源对象类型
[root@master ~]# kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
bindings v1 true Binding
endpoints ep v1 true Endpoints
events ev v1 true Event
... ...
api-versions
# 查看资源对象版本
[root@master ~]# kubectl api-versions
admissionregistration.k8s.io/v1
apiextensions.k8s.io/v1
apiregistration.k8s.io/v1
apps/v1
... ...
config
# 查看当前认证使用的用户及证书
[root@master ~]# kubectl config get-contexts
CURRENT NAME CLUSTER AUTHINFO
* kubernetes-admin@kubernetes kubernetes kubernetes-admin
# 使用 view 查看详细配置
[root@master ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.88.50:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
集群管理授权
[root@harbor ~]# vim /etc/hosts
192.168.88.240 harbor
192.168.88.50 master
192.168.88.51 node-0001
192.168.88.52 node-0002
192.168.88.53 node-0003
[root@harbor ~]# dnf makecache
[root@harbor ~]# dnf install -y kubectl
[root@harbor ~]# mkdir -p $HOME/.kube
[root@harbor ~]# rsync -av master:/etc/kubernetes/admin.conf $HOME/.kube/config
[root@harbor ~]# chown $(id -u):$(id -g) $HOME/.kube/config
[root@harbor ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
master Ready control-plane 24h v1.29.2
node-0001 Ready <none> 22h v1.29.2
node-0002 Ready <none> 22h v1.29.2
node-0003 Ready <none> 22h v1.29.2
Pod 管理
创建 Pod
- 上传镜像到 harbor 仓库
rsync -av public/myos.tar.xz 192.168.88.50:/root/
# 导入镜像
[root@master ~]# docker load -i myos.tar.xz
# 上传镜像到 library 项目
[root@master ~]# docker images|while read i t _;do
[[ "${t}" == "TAG" ]] && continue
[[ "${i}" =~ ^"harbor:443/".+ ]] && continue
docker tag ${i}:${t} harbor:443/library/${i##*/}:${t}
docker push harbor:443/library/${i##*/}:${t}
docker rmi ${i}:${t} harbor:443/library/${i##*/}:${t}
done
- 创建 Pod
# 创建 Pod 资源对象
[root@master ~]# kubectl run myweb --image=myos:httpd
pod/myweb created
# 查询资源对象
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
myweb 1/1 Running 0 3s 10.244.1.3 node-0001
# 访问验证
[root@master ~]# curl http://10.244.1.3
Welcome to The Apache.
Pod 创建过程
Pod 管理命令(1)
| 子命令 | 说明 | 备注 |
|---|---|---|
| run | 创建 Pod 资源对象 | 创建即运行,没有停止概念 |
| get | 查看资源对象的状态信息 | 常用参数: -o 显示格式 |
| create | 创建资源对象 | 不能创建 Pod |
| describe | 查询资源对象的属性信息 | |
| logs | 查看容器的报错信息 | 常用参数: -c 容器名称 |
命令示例
get
# 查看 Pod 资源对象
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
myweb 1/1 Running 0 10m
# 只查看资源对象的名字
[root@master ~]# kubectl get pods -o name
pod/myweb
# 查看资源对象运行节点的信息
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
myweb 1/1 Running 0 10m 10.244.1.3 node-0001
# 查看资源对象详细信息,Yaml/Json 格式
[root@master ~]# kubectl get pod myweb -o yaml
apiVersion: v1
kind: Pod
metadata:
name: myweb
... ...
# 查看名称空间
[root@master ~]# kubectl get namespaces
NAME STATUS AGE
default Active 39h
kube-node-lease Active 39h
kube-public Active 39h
kube-system Active 39h
# 查看名称空间中的 Pod 信息
[root@master ~]# kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
etcd-master 1/1 Running 0 39h
kube-apiserver-master 1/1 Running 0 39h
kube-controller-manager-master 1/1 Running 0 39h
kube-scheduler-master 1/1 Running 0 39h
... ...
create
# 创建名称空间资源对象
[root@master ~]# kubectl create namespace work
namespace/work created
# 查看名称空间
[root@master ~]# kubectl get namespaces
NAME STATUS AGE
default Active 39h
kube-node-lease Active 39h
kube-public Active 39h
kube-system Active 39h
work Active 11s
run
# 在 work 名称空间创建 Pod
[root@master ~]# kubectl -n work run myhttp --image=myos:httpd
pod/myhttp created
# 查询资源对象
[root@master ~]# kubectl -n work get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE
myhttp 1/1 Running 0 3s 10.244.2.2 node-0002
# 访问验证
[root@master ~]# curl http://10.244.2.2
Welcome to The Apache.
describe
# 查看资源对象的配置信息
[root@master ~]# kubectl -n work describe pod myhttp
Name: myhttp
Namespace: work
Priority: 0
Service Account: default
Node: node-0002/192.168.88.52
... ...
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 7s default-scheduler Successfully assigned work/myhttp to node-0002
Normal Pulling 6s kubelet Pulling image "myos:httpd"
Normal Pulled 2s kubelet Successfully pulled image "myos:httpd" in 4.495s (4.495s including waiting)
Normal Created 2s kubelet Created container myhttp
Normal Started 2s kubelet Started container myhttp
# 查看 work 名称空间的配置信息
[root@master ~]# kubectl describe namespaces work
Name: work
Labels: kubernetes.io/metadata.name=work
Annotations: <none>
Status: Active
No resource quota.
No LimitRange resource.
logs
# 查看容器日志
[root@master ~]# kubectl -n work logs myhttp
[root@master ~]#
[root@master ~]# kubectl -n default logs myweb
2022/11/12 18:28:54 [error] 7#0: *2 open() "... ..." failed (2: No such file or directory), ......
Pod 管理命令(2)
| 子命令 | 说明 | 备注 |
|---|---|---|
| exec | 在某一个容器内执行特定的命令 | 可选参数: -c 容器名称 |
| cp | 在容器和宿主机之间拷贝文件或目录 | 可选参数: -c 容器名称 |
| delete | 删除资源对象 | 可选参数: -l 标签 |
命令示例
exec
# 在容器内执行命令
[root@master ~]# kubectl exec -it myweb -- ls
index.html info.php
[root@master ~]# kubectl exec -it myweb -- bash
[root@myweb html]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
inet 10.244.1.3 netmask 255.255.255.0 broadcast 10.244.2.255
ether 3a:32:78:59:ed:25 txqueuelen 0 (Ethernet)
... ...
cp
# 与容器进行文件或目录传输
[root@master ~]# kubectl cp myweb:/etc/yum.repos.d /root/aaa
tar: Removing leading `/' from member names
[root@master ~]# tree /root/aaa
/root/aaa
├── local.repo
├── Rocky-AppStream.repo
├── Rocky-BaseOS.repo
└── Rocky-Extras.repo
0 directories, 4 files
[root@master ~]# kubectl -n work cp /etc/passwd myhttp:/root/mima
[root@master ~]# kubectl -n work exec -it myhttp -- ls /root/
mima
delete
# 删除资源对象
[root@master ~]# kubectl delete pods myweb
pod "myweb" deleted
# 删除 work 名称空间下所有 Pod 对象
[root@master ~]# kubectl -n work delete pods --all
pod "myhttp" deleted
# 删除名称空间
[root@master ~]# kubectl delete namespaces work
namespace "work" deleted
资源监控组件
配置授权令牌
[root@master ~]# echo 'serverTLSBootstrap: true' >>/var/lib/kubelet/config.yaml
[root@master ~]# systemctl restart kubelet
[root@master ~]# kubectl get certificatesigningrequests
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-2hg42 14s kubernetes.io/kubelet-serving system:node:master <none> Pending
[root@master ~]# kubectl certificate approve csr-2hg42
certificatesigningrequest.certificates.k8s.io/csr-2hg42 approved
[root@master ~]# kubectl get certificatesigningrequests
NAME AGE SIGNERNAME REQUESTOR REQUESTEDDURATION CONDITION
csr-2hg42 28s kubernetes.io/kubelet-serving system:node:master <none> Approved,Issued
安装插件 metrics
# 上传镜像到私有仓库
[root@master ~]# cd plugins/metrics
[root@master metrics]# docker load -i metrics-server.tar.xz
[root@master metrics]# docker images|while read i t _;do
[[ "${t}" == "TAG" ]] && continue
[[ "${i}" =~ ^"harbor:443/".+ ]] && continue
docker tag ${i}:${t} harbor:443/plugins/${i##*/}:${t}
docker push harbor:443/plugins/${i##*/}:${t}
docker rmi ${i}:${t} harbor:443/plugins/${i##*/}:${t}
done
# 使用资源对象文件创建服务
[root@master metrics]# sed -ri 's,^(\s*image: )(.*/)?(.+),\1harbor:443/plugins/\3,' components.yaml
140: image: registry.k8s.io/metrics-server/metrics-server:v0.6.4
[root@master metrics]# kubectl apply -f components.yaml
# 验证插件 Pod 状态
[root@master metrics]# kubectl -n kube-system get pods
NAME READY STATUS RESTARTS AGE
metrics-server-ddb449849-c6lkc 1/1 Running 0 64s
证书签发
# 查看节点资源指标
[root@master metrics]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 99m 4% 1005Mi 27%
node-0001 <unknown> <unknown> <unknown> <unknown>
node-0002 <unknown> <unknown> <unknown> <unknown>
node-0003 <unknown> <unknown> <unknown> <unknown>
#--------------- 在所有计算节点配置证书 -----------------
[root@node ~]# echo 'serverTLSBootstrap: true' >>/var/lib/kubelet/config.yaml
[root@node ~]# systemctl restart kubelet
#--------------- 在 master 签发证书 -------------------
[root@master ~]# kubectl certificate approve $(kubectl get csr -o name)
certificatesigningrequest.certificates.k8s.io/csr-t8799 approved
certificatesigningrequest.certificates.k8s.io/csr-69qhz approved
... ...
[root@master ~]# kubectl get certificatesigningrequests
NAME AGE SIGNERNAME REQUESTOR CONDITION
csr-2hg42 14m kubernetes.io/kubelet-serving master Approved,Issued
csr-9gu29 28s kubernetes.io/kubelet-serving node-0001 Approved,Issued
... ...
资源指标监控
# 获取资源指标有延时,等待 15s 即可查看
[root@master ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
master 83m 4% 1789Mi 50%
node-0001 34m 1% 747Mi 20%
node-0002 30m 1% 894Mi 24%
node-0003 39m 1% 930Mi 25%
资源清单文件
资源清单文件
[root@master ~]# vim myweb.yaml
--- #Yaml文件起始标志
kind: Pod #当前创建资源的类型
apiVersion: v1 #当前资源对应的版本
metadata: #属性信息,元数据
name: myweb #属性信息,资源的名称
spec: #资源的特性描述(规约)
containers: #容器资源特征描述
- name: nginx #容器的名称
image: myos:nginx #启动容器使用的镜像
status: {} #资源状态,运行后自动生成
管理命令
| 子命令 | 说明 | 备注 |
|---|---|---|
| create | 创建文件中定义的资源 | 支持指令式和资源清单文件配置 |
| apply | 创建(更新)文件中定义的资源 | 只支持资源清单文件(声明式) |
| delete | 删除文件中定义的资源 | 支持指令式和资源清单文件配置 |
| replace | 更改/替换资源对象 | 强制重建 --force |
命令示例
create
# 创建资源对象
[root@master ~]# kubectl create -f myweb.yaml
pod/myweb created
# 不能更新,重复执行会报错
[root@master ~]# kubectl create -f myweb.yaml
Error from server (AlreadyExists): error when creating "myweb.yaml": pods "myweb" already exists
delete
# 使用资源清单文件删除
[root@master ~]# kubectl delete -f myweb.yaml
pod "myweb" deleted
[root@master ~]# kubectl get pods
No resources found in default namespace.
apply
# 创建资源对象
[root@master ~]# kubectl apply -f myweb.yaml
pod/myweb created
# 更新资源对象
[root@master ~]# kubectl apply -f myweb.yaml
pod/myweb configured
# 强制重建资源对象
[root@master ~]# kubectl replace --force -f myweb.yaml
pod "myweb" deleted
pod/myweb created
delete
# 删除资源对象
[root@master ~]# kubectl delete -f myweb.yaml
pod "myweb" deleted
# 拓展提高
# 与 kubectl apply -f myweb.yaml 功能相同
[root@master ~]# cat myweb.yaml |kubectl apply -f -
开源鸿蒙跨平台开发社区汇聚开发者与厂商,共建“一次开发,多端部署”的开源生态,致力于降低跨端开发门槛,推动万物智联创新。
更多推荐
21
0- 0
已为社区贡献3条内容
所有评论(0)