本文已参与「新人创作礼」活动,一起开启掘金创作之路
kubectl是一个命令行工具,通过访问apiserver的接口,对集群进行操作管理
k8s-demo集群有3个master节点和3个node节点,为了方便操作,kubectl部署在3个master节点上
可以只部署在master1上,也可以部署在所有节点上,根据实际需要部署
下载页面 kubernetes.io/docs/tasks/…
或者 www.downloadkubernetes.com
命令行参数参考 kubernetes.io/docs/refere…
一、下载kubectl
[root@master1 ~]# cd /opt/install/soft
[root@master1 sfot]# curl -LO https://dl.k8s.io/release/v1.23.5/bin/linux/amd64/kubectl
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 154 100 154 0 0 43 0 0:00:03 0:00:03 --:--:-- 43
100 44.4M 100 44.4M 0 0 4953k 0 0:00:09 0:00:09 --:--:-- 10.8M
[root@master1 soft]# chmod +x kubectl
[root@master1 soft]# ll kubectl
-rwxr-xr-x 1 root root 46596096 4月 9 10:52 kubectl
[root@master1 soft]# mv kubectl /opt/k8s/bin/
[root@master1 soft]# kubectl version --client
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:58:47Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}
[root@master1 soft]# wget https://dl.k8s.io/v1.23.5/bin/linux/amd64/mounter
[root@master1 soft]# chmod +x mounter
[root@master1 soft]# mv mounter /opt/k8s/bin/
[root@master1 soft]# wget https://dl.k8s.io/v1.23.5/bin/linux/amd64/kubeadm
[root@master1 soft]# chmod +x kubeadm
[root@master1 soft]# mv kubeadm /opt/k8s/bin
[root@master1 cert]# kubectl version
Client Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:58:47Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.5", GitCommit:"c285e781331a3785a7f436042c65c5641ce8a9e9", GitTreeState:"clean", BuildDate:"2022-03-16T15:52:18Z", GoVersion:"go1.17.8", Compiler:"gc", Platform:"linux/amd64"}
二、把kubectl分发到3个master节点
[root@master1 ~]# cd /opt/k8s/bin/
[root@master1 bin]# for node_ip in ${MASTER_IPS[@]}
do
echo ">>> ${node_ip}"
scp /opt/k8s/bin/{kubeadm,mounter,kubectl} root@${node_ip}:/opt/k8s/bin/
ssh root@${node_ip} "chmod +x /opt/k8s/bin/*"
done
>>> 192.168.66.131
kubeadm 100% 43MB 228.5MB/s 00:00
mounter 100% 1404KB 217.9MB/s 00:00
kubectl 100% 44MB 225.5MB/s 00:00
>>> 192.168.66.132
kubeadm 100% 43MB 139.9MB/s 00:00
mounter 100% 1404KB 81.9MB/s 00:00
kubectl 100% 44MB 147.8MB/s 00:00
>>> 192.168.66.133
kubeadm 100% 43MB 126.6MB/s 00:00
mounter 100% 1404KB 92.4MB/s 00:00
kubectl 100% 44MB 156.1MB/s 00:00
[root@master1 bin]#
三、配置集群管理员账户 kubeconfig
[root@master1 ~]# mkdir -p /opt/install/kubeconfig
[root@master1 ~]# cd /opt/install/kubeconfig
## 设置集群参数
[root@master1 kubeconfig]# kubectl config set-cluster k8s-demo \
--certificate-authority=/opt/k8s/etc/cert/ca.pem \
--embed-certs=true \
--server=${KUBE_APISERVER} \
--kubeconfig=kubectl.kubeconfig
## 设置客户端认证参数
[root@master1 kubeconfig]# kubectl config set-credentials k8s-demo-admin \
--client-certificate=/opt/k8s/etc/cert/kubectl-admin.pem \
--client-key=/opt/k8s/etc/cert/kubectl-admin-key.pem \
--embed-certs=true \
--kubeconfig=kubectl.kubeconfig
## 设置上下文参数 用户名 k8s-demo-admin
[root@master1 kubeconfig]# kubectl config set-context k8s-demo-admin-ctx \
--cluster=k8s-demo --user=k8s-demo-admin \
--kubeconfig=kubectl.kubeconfig
## 设置默认上下文
[root@master1 kubeconfig]# kubectl config use-context k8s-demo-admin-ctx \
--kubeconfig=kubectl.kubeconfig
[root@master1 kubeconfig]# ll
总用量 8
-rw------- 1 root root 6427 4月 9 10:26 kubectl.kubeconfig
[root@master1 kubeconfig]#
- /opt/install/kubeconfig 是临时存放目录
- --embed-certs=true:将 ca.pem 和 admin.pem 证书内容嵌入到生成的 kubectl.kubeconfig 文件中,否则写入的是证书文件路径后续拷贝 kubeconfig 到其它机器时,还需要单独拷贝证书文件,有点不方便
四、把kubeconfig分发到3个master节点
[root@master1 ~]# cd /opt/install/kubeconfig
[root@master1 kubeconfig]# for node_ip in ${MASTER_IPS[@]}
do
echo ">>> ${node_ip}"
ssh root@${node_ip} "mkdir -p ~/.kube"
scp kubectl.kubeconfig root@${node_ip}:~/.kube/config
done
>>> 192.168.66.131
kubectl.kubeconfig 100% 6427 6.5MB/s 00:00
>>> 192.168.66.132
kubectl.kubeconfig 100% 6427 3.9MB/s 00:00
>>> 192.168.66.133
kubectl.kubeconfig 100% 6427 5.0MB/s 00:00
[root@master1 kubeconfig]#
五、kubectl命令行简介(这一步暂时可以跳过,等集群其他组件都安装完成后再来试试)
1、查看资源缩写
[root@master1 ~]# kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
componentstatuses cs false ComponentStatus
configmaps cm true ConfigMap
endpoints ep true Endpoints
events ev true Event
limitranges limits true LimitRange
namespaces ns false Namespace
nodes no false Node
persistentvolumeclaims pvc true PersistentVolumeClaim
persistentvolumes pv false PersistentVolume
pods po true Pod
podtemplates true PodTemplate
replicationcontrollers rc true ReplicationController
resourcequotas quota true ResourceQuota
secrets true Secret
serviceaccounts sa true ServiceAccount
services svc true Service
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition
apiservices apiregistration.k8s.io false APIService
controllerrevisions apps true ControllerRevision
daemonsets ds apps true DaemonSet
deployments deploy apps true Deployment
replicasets rs apps true ReplicaSet
statefulsets sts apps true StatefulSet
auditsinks auditregistration.k8s.io false AuditSink
tokenreviews authentication.k8s.io false TokenReview
localsubjectaccessreviews authorization.k8s.io true LocalSubjectAccessReview
selfsubjectaccessreviews authorization.k8s.io false SelfSubjectAccessReview
selfsubjectrulesreviews authorization.k8s.io false SelfSubjectRulesReview
subjectaccessreviews authorization.k8s.io false SubjectAccessReview
horizontalpodautoscalers hpa autoscaling true HorizontalPodAutoscaler
cronjobs cj batch true CronJob
jobs batch true Job
certificatesigningrequests csr certificates.k8s.io false CertificateSigningRequest
leases coordination.k8s.io true Lease
bgpconfigurations crd.projectcalico.org false BGPConfiguration
bgppeers crd.projectcalico.org false BGPPeer
blockaffinities crd.projectcalico.org false BlockAffinity
clusterinformations crd.projectcalico.org false ClusterInformation
felixconfigurations crd.projectcalico.org false FelixConfiguration
globalnetworkpolicies crd.projectcalico.org false GlobalNetworkPolicy
globalnetworksets crd.projectcalico.org false GlobalNetworkSet
hostendpoints crd.projectcalico.org false HostEndpoint
ipamblocks crd.projectcalico.org false IPAMBlock
ipamconfigs crd.projectcalico.org false IPAMConfig
ipamhandles crd.projectcalico.org false IPAMHandle
ippools crd.projectcalico.org false IPPool
kubecontrollersconfigurations crd.projectcalico.org false KubeControllersConfiguration
networkpolicies crd.projectcalico.org true NetworkPolicy
networksets crd.projectcalico.org true NetworkSet
endpointslices discovery.k8s.io true EndpointSlice
events ev events.k8s.io true Event
ingresses ing extensions true Ingress
flowschemas flowcontrol.apiserver.k8s.io false FlowSchema
prioritylevelconfigurations flowcontrol.apiserver.k8s.io false PriorityLevelConfiguration
nodes metrics.k8s.io false NodeMetrics
pods metrics.k8s.io true PodMetrics
alertmanagerconfigs monitoring.coreos.com true AlertmanagerConfig
alertmanagers monitoring.coreos.com true Alertmanager
podmonitors monitoring.coreos.com true PodMonitor
probes monitoring.coreos.com true Probe
prometheuses monitoring.coreos.com true Prometheus
prometheusrules monitoring.coreos.com true PrometheusRule
servicemonitors monitoring.coreos.com true ServiceMonitor
thanosrulers monitoring.coreos.com true ThanosRuler
ingressclasses networking.k8s.io false IngressClass
ingresses ing networking.k8s.io true Ingress
networkpolicies netpol networking.k8s.io true NetworkPolicy
runtimeclasses node.k8s.io false RuntimeClass
poddisruptionbudgets pdb policy true PodDisruptionBudget
podsecuritypolicies psp policy false PodSecurityPolicy
clusterrolebindings rbac.authorization.k8s.io false ClusterRoleBinding
clusterroles rbac.authorization.k8s.io false ClusterRole
rolebindings rbac.authorization.k8s.io true RoleBinding
roles rbac.authorization.k8s.io true Role
priorityclasses pc scheduling.k8s.io false PriorityClass
podpresets settings.k8s.io true PodPreset
csidrivers storage.k8s.io false CSIDriver
csinodes storage.k8s.io false CSINode
storageclasses sc storage.k8s.io false StorageClass
volumeattachments storage.k8s.io false VolumeAttachment
[root@master1 ~]# kubectl api-versions
admissionregistration.k8s.io/v1
apiextensions.k8s.io/v1
apiregistration.k8s.io/v1
apps/v1
authentication.k8s.io/v1
authorization.k8s.io/v1
autoscaling/v1
autoscaling/v2
autoscaling/v2beta1
autoscaling/v2beta2
batch/v1
batch/v1beta1
certificates.k8s.io/v1
coordination.k8s.io/v1
discovery.k8s.io/v1
discovery.k8s.io/v1beta1
events.k8s.io/v1
events.k8s.io/v1beta1
flowcontrol.apiserver.k8s.io/v1beta1
flowcontrol.apiserver.k8s.io/v1beta2
internal.apiserver.k8s.io/v1alpha1
networking.k8s.io/v1
node.k8s.io/v1
node.k8s.io/v1alpha1
node.k8s.io/v1beta1
policy/v1
policy/v1beta1
rbac.authorization.k8s.io/v1
scheduling.k8s.io/v1
storage.k8s.io/v1
storage.k8s.io/v1alpha1
storage.k8s.io/v1beta1
v1
[root@master1 ~]#
2、配置kubectl命令行自动补全
[root@master1 ~]# yum install bash-completion -y
在 ~/.bashrc 中添加一行 source <(kubectl completion bash)
3、探索更多的kubectl命令功能
试着输入下面的命令看看能得到什么
[root@master1 ~]# kubectl explain pod
[root@master1 ~]# kubectl explain pod.spec
六、k8s日志级别
在后续安装过程中,如果遇到问题,想查看具体的错误信息,或者查看API调用的参数详细数据,可以添加命令行参数 --v=9
后续在 kube-apiserver.service 等服务启动脚本中设定为“--v=2”,请留意
| 日志级别 | 含义 |
|---|---|
| --v=0 | 通常对集群操作员可见的有用信息 Generally useful for this to ALWAYS be visible to an operator. |
| --v=1 | 合理简化的默认日志级别 A reasonable default log level if you don’t want verbosity. |
| --v=2 | 有关服务的有用稳态信息和可能与系统中的重大变化相关的重要日志消息。这是大多数系统推荐的默认日志级别。 Useful steady state information about the service and important log messages that may correlate to significant changes in the system. This is the recommended default log level for most systems. |
| --v=3 | 有关更改的扩展信息 Extended information about changes. |
| --v=4 | 调试级别 Debug level verbosity. |
| --v=5 | 跟踪级别 Trace level verbosity. |
| --v=6 | 显示请求的资源 Display requested resources. |
| --v=7 | 显示 HTTP 请求标头 Display HTTP request headers. |
| --v=8 | 显示 HTTP 请求内容 Display HTTP request contents |
| --v=9 | 显示 HTTP 请求完整内容,即不截断参数内容 Display HTTP request contents without truncation of contents. |
例如:
[root@master1 install]# kubectl get nodes --v=6
I0425 22:52:54.364543 18327 loader.go:372] Config loaded from file: /root/.kube/config
I0425 22:52:54.378667 18327 round_trippers.go:553] GET https://127.0.0.1:8443/api/v1/nodes?limit=500 200 OK in 8 milliseconds
NAME STATUS ROLES AGE VERSION
master1 Ready master 21h v1.23.5
master2 Ready master 21h v1.23.5
master3 Ready master 21h v1.23.5
node1 Ready node 21h v1.23.5
node2 Ready node 21h v1.23.5
node3 Ready node 21h v1.23.5
[root@master1 install]#
参考
- 先用起来,通过操作实践认识kubernetes(k8s),积累多了自然就理解了
- 把理解的知识分享出来,自造福田,自得福缘
- 追求简单,容易使人理解,知识的上下文也是知识的一部分,例如版本,时间等
- 欢迎留言交流,也可以提出问题,一般在周末回复和完善文档
- Jason@vip.qq.com 2022-4-9
