架构containerk8s

k8s usage

[toc]

节点管理

删除节点

1
$ sudo kubeadm reset cleanup-node  # master 节点也可以清除

标签

1
2
3
4
5
# 查看 node 标签
$ kubectl get nodes --show-labels

# 打标签
$ kubectl label nodes <your-node-name> disktype=ssd

设置 pod 的 node 标签选择(nodeSelector)

1
2
3
4
5
6
7
8
9
10
11
12
13
apiVersion: v1
kind: Pod
metadata:
  name: nginx
  labels:
    env: test
spec:
  containers:
  - name: nginx
    image: nginx
    imagePullPolicy: IfNotPresent
  nodeSelector:
    disktype: ssd

设置 deployment node 标签选择

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
spec:
	template:
    # 按标签选择机器
    nodeSelector:
      <label-name>: <label-value>
    # 设置机器亲和性
    affinity:
      # 设置 node 亲和性
      nodeAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          nodeSelectorTerms:
            - matchExpressions:
                - key: <label-name>
                  operator: In
                  values:
                    - <label-value>
      # 设置 pod 亲和性
      podAntiAffinity:
        requiredDuringSchedulingIgnoredDuringExecution:
          - labelSelector:
              matchExpressions:
                - key: app.kubernetes.io/name
                  operator: In
                  values:
                    - <pod-name>
                    - <pod-name>
            topologyKey: kubernetes.io/hostname

Deployment 管理

1
kubectl delete --all deployments d-n=<ns>

Pod 管理

1
2
3
4
5
6
7
8
9
10
# 查看 pod  信息
$ kubectl get pods -A  # A = all-namespaces

# 删除 pod
$ kubectl delete pod <name> --namespace=<ns>
# 批量删除
kubectl delete pod --all -n=<ns>

# 查看 pod 详情; ip 等
$ kubectl describe pod <name> --namespace=<ns>

Service

1
2
3
4
5
# 列出所有 service
k get services -o wide -A --sort-by=.metadata.name 

# 获取 service 详情; nodeport 等
k describe service kubernetes-dashboard -n kube-system

Token

1
microk8s kubectl create token -n kube-system default --duration=8544h

私有仓库

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
# docker login
docker login hub.company.com

# 不指定 namespace, 设置 default
kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=~/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson

# 每个 namespace 需要单独设置
kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=~/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson \
    --namespace=ace

# 修改 deployment
apiVersion: v1
kind: Pod
metadata:
  name: private-reg
spec:
  containers:
  - name: private-reg-container
    image: <your-private-image>
  # 添加 imagePullSecrets
  imagePullSecrets:
  - name: regcred

Secret

1
2
3
4
5
6
7
8
9
10
11
12
# 创建
kubectl create secret generic regcred \
    --from-file=.dockerconfigjson=$HOME/.docker/config.json \
    --type=kubernetes.io/dockerconfigjson \
    --namespace=default

# 查看
kubectl get secrets
kubectl get secretss <secret> --output=yaml

# 删除
kubectl delete secret <secret>

Namespace

1
2
3
4
5
# 列出所有的 namespace
$ kubectl get namespaces

# 创建命名空间
$ kubectl create namespace <space-name>

登录容器

1
kubectl exec --stdin --tty <pod-instance> -- /bin/bash

工具

  • k9s,基于 SHELL 的 K8S 客户端工具
  • k8s Lens,桌面端 K8S 客户端工具