kubectl run 类似于 docker run,可以很方便的创建一个pod以运行一个容器
kubectl get 类似于 docker ps,查询资源列表,除了pods之外还可以查看其他资源
root@a109-26:~ kubectl run --image=nginx:alpine nginx-app --port=80
pod/nginx-app created
root@a109-26:~ kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-app 0/1 ContainerCreating 0 15s
kubectl describe - 类似于 docker inspect,获取资源的详细信息
root@a109-26:~ kubectl describe pod nginx-app
Name: nginx-app
Namespace: default
Priority: 0
Service Account: default
Node: minikube/192.168.49.2
Start Time: Sun, 23 Apr 2023 03:18:24 +0000
Labels: run=nginx-app
Annotations: <none>
Status: Running
IP: 10.244.0.3
IPs:
IP: 10.244.0.3
Containers:
nginx-app:
Container ID: docker://6748b5f78f270f05e89e14cc053d0ef9a961e1ef4bd66a0bedcddd251e368f7d
Image: nginx:alpine
Image ID: docker-pullable://nginx@sha256:dd2a9179765849767b10e2adde7e10c4ad6b7e4d4846e6b77ec93f080cd2db27
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Sun, 23 Apr 2023 03:18:38 +0000
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-l2lhp (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-l2lhp:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 15m default-scheduler Successfully assigned default/nginx-app to minikube
Normal Pulling 15m kubelet Pulling image "nginx:alpine"
Normal Pulled 15m kubelet Successfully pulled image "nginx:alpine" in 11.038408006s (11.038429666s including waiting)
Normal Created 15m kubelet Created container nginx-app
Normal Started 15m kubelet Started container nginx-app
kubectl exec - 类似于 docker exec,在容器内执行一个命令
root@a109-26:~ kubectl exec nginx-app -- ps aux
PID USER TIME COMMAND
1 root 0:00 nginx: master process nginx -g daemon off;
30 nginx 0:00 nginx: worker process
31 nginx 0:00 nginx: worker process
32 nginx 0:00 nginx: worker process
33 nginx 0:00 nginx: worker process
34 root 0:00 ps aux
kubectl logs - 类似于 docker logs,获取容器的日志
root@a109-26:~ kubectl logs nginx-app
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2023/04/23 03:18:38 [notice] 1#1: using the "epoll" event method
2023/04/23 03:18:38 [notice] 1#1: nginx/1.23.4
2023/04/23 03:18:38 [notice] 1#1: built by gcc 12.2.1 20220924 (Alpine 12.2.1_git20220924-r4)
2023/04/23 03:18:38 [notice] 1#1: OS: Linux 5.15.0-60-generic
2023/04/23 03:18:38 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2023/04/23 03:18:38 [notice] 1#1: start worker processes
2023/04/23 03:18:38 [notice] 1#1: start worker process 30
2023/04/23 03:18:38 [notice] 1#1: start worker process 31
2023/04/23 03:18:38 [notice] 1#1: start worker process 32
2023/04/23 03:18:38 [notice] 1#1: start worker process 33
在 Kubernetes 中,更经常使用 yaml 文件来定义资源,并通过 kubectl create -f file.yaml 来创建资源。比如,一个简单的 nginx Pod 可以定义为:
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx
ports:
- containerPort: 80
前面提到,kubectl run 并不是直接创建一个 Pod,而是先创建一个 Deployment 资源(replicas=1),再由与 Deployment 关联的 ReplicaSet 来自动创建 Pod,这等价于这样一个配置:
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
run: nginx-app
name: nginx-app
namespace: default
spec:
replicas: 1
selector:
matchLabels:
run: nginx-app
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
labels:
run: nginx-app
spec:
containers:
- image: nginx
name: nginx-app
ports:
- containerPort: 80
protocol: TCP
dnsPolicy: ClusterFirst
restartPolicy: Always
前面虽然创建了 Pod,但是在 kubernetes 中,Pod 的 IP 地址会随着 Pod 的重启而变化,并不建议直接拿 Pod 的 IP 来交互。那如何来访问这些 Pod 提供的服务呢?使用 Service。Service 为一组 Pod(通过 labels 来选择)提供一个统一的入口,并为它们提供负载均衡和自动服务发现。比如,可以为前面的 nginx-app 创建一个 service:
root@a109-26:~/k8s kubectl expose deployment nginx-app --port=80 --target-port=80 --type=NodePort
service/nginx-app exposed
root@a109-26:~/k8s# kubectl describe service nginx-app
Name: nginx-app
Namespace: default
Labels: run=nginx-app
Annotations: <none>
Selector: run=nginx-app
Type: NodePort
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.108.159.5
IPs: 10.108.159.5
Port: <unset> 80/TCP
TargetPort: 80/TCP
NodePort: <unset> 31345/TCP
Endpoints: 10.244.0.7:80
Session Affinity: None
External Traffic Policy: Cluster
Events: <none>
通过修改 Deployment 中副本的数量(replicas),可以动态扩展或收缩应用:通过修改 Deployment 中副本的数量(replicas),可以动态扩展或收缩应用, 这些自动扩展的容器会自动加入到 service 中,而收缩回收的容器也会自动从 service 中删除。这些自动扩展的容器会自动加入到 service 中,而收缩回收的容器也会自动从 service 中删除。
root@a109-26:~ kubectl scale --replicas=3 deployment/nginx-app
deployment.apps/nginx-app scaled
root@a109-26:~ kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-app 1/3 3 1 16m
root@a109-26:~ kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-app 2/3 3 2 16m
root@a109-26:~ kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
nginx-app 3/3 3 3 16m
Kubernetes 通过 cgroups 提供容器资源管理的功能,可以限制每个容器的 CPU 和内存使用,比如对于刚才创建的 deployment,可以通过下面的命令限制 nginx 容器最多只用 50% 的 CPU 和 128MB 的内存:Kubernetes 通过 cgroups 提供容器资源管理的功能,可以限制每个容器的 CPU 和内存使用,比如对于刚才创建的 deployment,可以通过下面的命令限制 nginx 容器最多只用 50% 的 CPU 和 128MB 的内存:
root@a109-26:~ kubectl set resources deployment nginx-app -c=nginx-app --limits=cpu=500m,memory=128Mi
deployment.apps/nginx-app resource requirements updated
这等同于在每个Pod中设置resouces limits:
apiVersion: v1
kind: Pod
metadata:
labels:
app: nginx
name: nginx
spec:
containers:
- image: nginx
name: nginx
resources:
limits:
cpu: "500m"
memory: "128Mi"
Kubectl Rollout
kubectl rollout status deployment/nginx-deployment可以实时查看Deployment对象的状态变化
kubectl rollout history可以查看每次变更对应的版本(同时需要在创建Deployment的同时加上--record参数,加上--revision=x参数可以查看该版本对应的Deployment的API对象的细节
kubectl rollout undo可以回滚已经执行的滚动更新,加上--revision=x参数可以回滚到指定的版本
让对Deployment的多次更新操作最后只剩成一个ReplicaSet
- 在更新前先执行一条
kubectl rollout pause指令 - 对deployment执行修改,因为Deployment处于暂停状态,所有的变更都不会出发滚动更新
- 所有的修改操作都完成之后,执行一条
kubectl rollout resume指令,可以把整个Deployment恢复,暂停到恢复的这段时间里,对Deployment的所有更新都只会触发一次滚动更新。
Kubectl Edit
kubectl set image deployment/nginx-deployment nginx=nginx:1.91可以修改Deployment容器的image
kubectl edit deployment/nginx-deployment可以直接编辑etcd中的API对象的yaml,从而实现更新