kubectl命令常用操作示例

kubectl命令常用操作示例

获取集群相关信息

# 显示的是当前使用的客户端及服务端程序版本信息
[root@centos01 ~]# kubectl version --short=true
Client Version: v1.18.6
Server Version: v1.18.0

# 显示集群信息
[root@centos01 ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.43.25:6443
KubeDNS is running at https://192.168.43.25:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy

To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

[root@centos01 ~]# kubectl cluster-info dump > ./k8s.log

##
查看 api 信息

[root@k8s01 ~]# kubectl api-resources
NAME                              SHORTNAMES   APIVERSION                             NAMESPACED   KIND
bindings                                       v1                                     true         Binding
componentstatuses                 cs           v1                                     false        ComponentStatus
configmaps                        cm           v1                                     true         ConfigMap
endpoints                         ep           v1                                     true         Endpoints
events                            ev           v1                                     true         Event
limitranges                       limits       v1                                     true         LimitRange
namespaces                        ns           v1                                     false        Namespace
nodes                             no           v1                                     false        Node
persistentvolumeclaims            pvc          v1                                     true         PersistentVolumeClaim
persistentvolumes                 pv           v1                                     false        PersistentVolume
pods                              po           v1                                     true         Pod
podtemplates                                   v1                                     true         PodTemplate
replicationcontrollers            rc           v1                                     true         ReplicationController
resourcequotas                    quota        v1                                     true         ResourceQuota
secrets                                        v1                                     true         Secret
serviceaccounts                   sa           v1                                     true         ServiceAccount
services                          svc          v1                                     true         Service
mutatingwebhookconfigurations                  admissionregistration.k8s.io/v1        false        MutatingWebhookConfiguration
validatingwebhookconfigurations                admissionregistration.k8s.io/v1        false        ValidatingWebhookConfiguration
customresourcedefinitions         crd,crds     apiextensions.k8s.io/v1                false        CustomResourceDefinition
apiservices                                    apiregistration.k8s.io/v1              false        APIService
controllerrevisions                            apps/v1                                true         ControllerRevision
daemonsets                        ds           apps/v1                                true         DaemonSet
deployments                       deploy       apps/v1                                true         Deployment
replicasets                       rs           apps/v1                                true         ReplicaSet
statefulsets                      sts          apps/v1                                true         StatefulSet
tokenreviews                                   authentication.k8s.io/v1               false        TokenReview
localsubjectaccessreviews                      authorization.k8s.io/v1                true         LocalSubjectAccessReview
selfsubjectaccessreviews                       authorization.k8s.io/v1                false        SelfSubjectAccessReview
selfsubjectrulesreviews                        authorization.k8s.io/v1                false        SelfSubjectRulesReview
subjectaccessreviews                           authorization.k8s.io/v1                false        SubjectAccessReview
horizontalpodautoscalers          hpa          autoscaling/v1                         true         HorizontalPodAutoscaler
cronjobs                          cj           batch/v1beta1                          true         CronJob
jobs                                           batch/v1                               true         Job
certificatesigningrequests        csr          certificates.k8s.io/v1                 false        CertificateSigningRequest
leases                                         coordination.k8s.io/v1                 true         Lease
bgpconfigurations                              crd.projectcalico.org/v1               false        BGPConfiguration
bgppeers                                       crd.projectcalico.org/v1               false        BGPPeer
blockaffinities                                crd.projectcalico.org/v1               false        BlockAffinity
clusterinformations                            crd.projectcalico.org/v1               false        ClusterInformation
felixconfigurations                            crd.projectcalico.org/v1               false        FelixConfiguration
globalnetworkpolicies             gnp          crd.projectcalico.org/v1               false        GlobalNetworkPolicy
globalnetworksets                              crd.projectcalico.org/v1               false        GlobalNetworkSet
hostendpoints                                  crd.projectcalico.org/v1               false        HostEndpoint
ipamblocks                                     crd.projectcalico.org/v1               false        IPAMBlock
ipamconfigs                                    crd.projectcalico.org/v1               false        IPAMConfig
ipamhandles                                    crd.projectcalico.org/v1               false        IPAMHandle
ippools                                        crd.projectcalico.org/v1               false        IPPool
kubecontrollersconfigurations                  crd.projectcalico.org/v1               false        KubeControllersConfiguration
networkpolicies                                crd.projectcalico.org/v1               true         NetworkPolicy
networksets                                    crd.projectcalico.org/v1               true         NetworkSet
endpointslices                                 discovery.k8s.io/v1beta1               true         EndpointSlice
events                            ev           events.k8s.io/v1                       true         Event
ingresses                         ing          extensions/v1beta1                     true         Ingress
flowschemas                                    flowcontrol.apiserver.k8s.io/v1beta1   false        FlowSchema
prioritylevelconfigurations                    flowcontrol.apiserver.k8s.io/v1beta1   false        PriorityLevelConfiguration
nodes                                          metrics.k8s.io/v1beta1                 false        NodeMetrics
pods                                           metrics.k8s.io/v1beta1                 true         PodMetrics
alertmanagerconfigs                            monitoring.coreos.com/v1alpha1         true         AlertmanagerConfig
alertmanagers                                  monitoring.coreos.com/v1               true         Alertmanager
podmonitors                                    monitoring.coreos.com/v1               true         PodMonitor
probes                                         monitoring.coreos.com/v1               true         Probe
prometheuses                                   monitoring.coreos.com/v1               true         Prometheus
prometheusrules                                monitoring.coreos.com/v1               true         PrometheusRule
servicemonitors                                monitoring.coreos.com/v1               true         ServiceMonitor
thanosrulers                                   monitoring.coreos.com/v1               true         ThanosRuler
ingressclasses                                 networking.k8s.io/v1                   false        IngressClass
ingresses                         ing          networking.k8s.io/v1                   true         Ingress
networkpolicies                   netpol       networking.k8s.io/v1                   true         NetworkPolicy
runtimeclasses                                 node.k8s.io/v1                         false        RuntimeClass
poddisruptionbudgets              pdb          policy/v1beta1                         true         PodDisruptionBudget
podsecuritypolicies               psp          policy/v1beta1                         false        PodSecurityPolicy
clusterrolebindings                            rbac.authorization.k8s.io/v1           false        ClusterRoleBinding
clusterroles                                   rbac.authorization.k8s.io/v1           false        ClusterRole
rolebindings                                   rbac.authorization.k8s.io/v1           true         RoleBinding
roles                                          rbac.authorization.k8s.io/v1           true         Role
priorityclasses                   pc           scheduling.k8s.io/v1                   false        PriorityClass
csidrivers                                     storage.k8s.io/v1                      false        CSIDriver
csinodes                                       storage.k8s.io/v1                      false        CSINode
storageclasses                    sc           storage.k8s.io/v1                      false        StorageClass
volumeattachments                              storage.k8s.io/v1                      false        VolumeAttachment


[root@k8s01 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
admissionregistration.k8s.io/v1beta1
apiextensions.k8s.io/v1
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1
apiregistration.k8s.io/v1beta1
apps/v1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1
certificates.k8s.io/v1beta1
coordination.k8s.io/v1
coordination.k8s.io/v1beta1
crd.projectcalico.org/v1
discovery.k8s.io/v1beta1
events.k8s.io/v1
events.k8s.io/v1beta1
extensions/v1beta1
flowcontrol.apiserver.k8s.io/v1beta1
metrics.k8s.io/v1beta1
monitoring.coreos.com/v1
monitoring.coreos.com/v1alpha1
networking.k8s.io/v1
networking.k8s.io/v1beta1
node.k8s.io/v1
node.k8s.io/v1beta1
policy/v1beta1
rbac.authorization.k8s.io/v1
rbac.authorization.k8s.io/v1beta1
scheduling.k8s.io/v1
scheduling.k8s.io/v1beta1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

创建资源对象

kubectl run

kubectl expose

kubectl create

kubectl apply

# 创建名为nginx-deploy的Deployment控制器资源对象
[root@k8s01 ~]# kubectl run nginx-deploy --image=nginx:1.12 --replicas=2
Flag --replicas has been deprecated, has no effect and will be removed in the future.
# --replicas 已不支持直接命令式操作  

# 创建名为nginx-svc的Service资源对象
kubectl expose pod nginx-deploy --name=nginx-svc --port=80

查看资源对象

kubectl get : 可分类列出资源对象及其相关的状态信息

# 列出系统上所有的Namespace资源对象
[root@k8s01 ~]# kubectl get namespaces
NAME              STATUS   AGE
default           Active   20m
kube-node-lease   Active   20m
kube-public       Active   20m
kube-system       Active   20m


# 列出默认名称空间内的所有Pod和Service对象，并输出额外信息
[root@k8s01 ~]# kubectl get pods,services -o wide
NAME               READY   STATUS    RESTARTS   AGE     IP               NODE    NOMINATED NODE   READINESS GATES
pod/nginx-deploy   1/1     Running   0          8m49s   172.18.236.129   k8s02   <none>           <none>

NAME                 TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)   AGE     SELECTOR
service/kubernetes   ClusterIP   10.96.0.1      <none>        443/TCP   30m     <none>
service/nginx-svc    ClusterIP   10.100.63.22   <none>        80/TCP    2m11s   run=nginx-deploy

# 获取含有标签 app=nginx 的 pod name 
kubectl get pod -l app=nginx -o jsonpath={.items..metadata.name}

# k8s集群上任一节点  均可访问
curl 172.18.236.129 && curl  10.100.63.22

### kubectl expose pod httpd-app --type='NodePort' --port 80

打印资源对象的详细信息

每个资源对象都包含着用户期望的状态（Spec）和现有的实际状态 (Status）两种状态息，kubectl get -o{yaml|josn} 或 kubectl describe 命令都能够打印出指定资源对象的详细描述信息。

# 查看kube-system名称空间中拥有标签component=kube-apiserver的Pod对象的资源配置清单（期望的状态）及当前的状态信息，并输出为yaml格式
kubectl get pods -l component=kube-apiserver -o yaml -n kube-system

# 查看kube-system名称空间中拥有标签component=kube-apiserver的Pod对象的详细描述信息
kubectl describe pods -l component=kube-apiserver -n kube-system

打印容器中的日志信息

通常一个容器中仅会运行一个进程（及其子进程），此进程作为PID为1的进程接收并处理管理信息，同时将日志直接输出至终端中，而无须再像传统的多进程系统环境那样将日志保存于文件中，因此容器日志信息的获取一般要到其控制上进行。

kubectl logs 命令可打印Pod对象内指定容器的日志信息，命令格式为 kubectl logs[-f][-p]（POD|TYPE/NAME）[-c CONTAINER][options]”kubectl logs -f kubectl logs –tail=100 -f `

输出最后 100 行日志到文件

kubectl logs --tail=100 -n rook-ceph rook-ceph-operator-6f7f6b96d-vqx5c  > /tmp/rook-ceph-operator.log

# 查看名称空间kube-system中仅有一个容器的Pod对象kube-apiserver-master.ilinux.io的日志

kubectl logs kube-apiserver-k8s01  -n kube-system

在容器中执行命令

kubectl exec 命令便是用于在指定的容器内运行其他应用程序的命令.

# ，在kube-system名称空间中的Pod对象kube-apiserver-master.ilinux.io上的唯一容器中运行ps命令
kubectl exec  kube-apiserver-k8s01 -n kube-system -- ps

若 Pod 对象中存在多个容器，则需要以 -c 选项指定容器后再运行。

删除资源对象

kubectl delete

对于受控于控制器的对象来说，删除之后其控制器可能会重建出类似的对象

# 删除默认名称空间中名为nginx-svc的Service资源对象
kubectl delete services nginx-svc

# 删除kube-system名称空间中拥有标签“app=kube-proxy”的所有Pod对象：
kubectl delete pods -l app=monitor -n kube-system

# 删除 所有名称空间中拥有标签“app=monitor”和"ver=3.1.1"的所有Pod,service对象：
kubectl delete pods services -l ver=3.1.1,app=monitor  --all-namespaces

# kubectl delete TYPE--all-n NS
# 删除kube-public名称空间中的所有Pod对象：
kubectl delete pods --all -n default

有些资源类型（如 Pod ），支持优雅删除的机制，它们有着默认的删除宽限期，不过，用户可以在命令中使用 --grace-period 选项或 --now 选项来覆盖默认的宽限期。

kubectl get deployments
kubectl get svc
kubectl get rs
kubectl get pod
kubectl get node
kubectl get cm
kubectl get secret

[root@k8s01 storage]#  kubectl run myapp --image=nginx:1.7.9 --port=80 --dry-run=client  # 并未真正执行
pod/myapp created (dry run)

[root@k8s01 test]# kubectl create ns demo --dry-run=client -o yaml > demo-ns.yaml  # 生成模板文件
[root@k8s01 test]# cat tomcat.yaml
apiVersion: v1
kind: Namespace
metadata:
  creationTimestamp: null
  name: demo
spec: {}
status: {}

查看资源占用资源情况

需要安装 metrics-server

[root@test-173 ~]# kubectl top pod -n kube-system
NAME                                             CPU(cores)   MEMORY(bytes)
calico-kube-controllers-d8d4d9587-cbsn6          7m           17Mi
calico-node-dt2bh                                46m          35Mi
calico-node-fgwkj                                43m          23Mi
calico-node-fj8gp                                58m          22Mi
calico-node-tth8k                                30m          22Mi
coredns-59c8bd8884-pcnbt                         9m           16Mi
coredns-59c8bd8884-xqnnj                         10m          14Mi
heapster-7d7fc6648b-kkd9q                        1m           17Mi
kubernetes-dashboard-96f697bc5-w942c             0m           8Mi
metrics-server-67cb878c78-8q7jq                  3m           20Mi
nginx-ingress-controller-kfht8                   14m          77Mi
nginx-ingress-controller-rr7tn                   9m           80Mi
nginx-ingress-controller-wfnmx                   10m          77Mi
nginx-ingress-controller-whcqg                   6m           84Mi
nginx-ingress-default-backend-58c5c69f7c-mhr2m   0m           3Mi
tiller-deploy-7bb9858659-w84j9                   0m           19Mi


[root@test-173 ~]#  kubectl top node
NAME            CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
172.20.40.107   513m         3%     5713Mi          40%
172.20.40.173   915m         2%     13955Mi         46%
172.20.40.196   571m         3%     4313Mi          30%
172.20.40.249   282m         1%     5512Mi          38%

pod 排序

按时间排序

kubectl get pod --sort-by=.status.startTime
kubectl get pod --sort-by=.metadata.creationTimestamp