Kubernetes 速查表
本页面汇总了 Kubernetes 最常用的命令和资源定义,作为快速参考。
常用命令
集群管理
# 查看集群信息
kubectl cluster-info
# 查看节点
kubectl get nodes
# 查看组件状态
kubectl get componentstatuses
# 查看 API 资源
kubectl api-resources
# 查看 API 版本
kubectl api-versions
Pod 管理
# 创建 Pod
kubectl apply -f pod.yaml
# 查看 Pod
kubectl get pods
kubectl get pods -o wide
kubectl get pods -n <namespace>
# 查看 Pod 详情
kubectl describe pod <pod-name>
# 查看 Pod 日志
kubectl logs <pod-name>
kubectl logs -f <pod-name>
kubectl logs --previous <pod-name>
# 进入 Pod
kubectl exec -it <pod-name> -- /bin/sh
# 端口转发
kubectl port-forward <pod-name> 8080:80
# 删除 Pod
kubectl delete pod <pod-name>
Deployment 管理
# 创建 Deployment
kubectl apply -f deployment.yaml
kubectl create deployment nginx --image=nginx
# 查看 Deployment
kubectl get deployments
kubectl describe deployment <name>
# 扩缩容
kubectl scale deployment <name> --replicas=5
# 更新
kubectl set image deployment/<name> <container>=<image>
kubectl rollout status deployment/<name>
# 回滚
kubectl rollout undo deployment/<name>
kubectl rollout undo deployment/<name> --to-revision=2
# 查看历史
kubectl rollout history deployment/<name>
Service 管理
# 创建 Service
kubectl expose deployment <name> --port=80 --type=NodePort
kubectl apply -f service.yaml
# 查看 Service
kubectl get svc
kubectl describe svc <name>
# 删除 Service
kubectl delete svc <name>
Ingress 管理
# 查看 Ingress
kubectl get ingress
kubectl describe ingress <name>
# 创建 Ingress
kubectl apply -f ingress.yaml
ConfigMap 和 Secret
# 创建 ConfigMap
kubectl create configmap <name> --from-literal=key=value
kubectl create configmap <name> --from-file=<file>
# 创建 Secret
kubectl create secret generic <name> --from-literal=key=value
kubectl create secret tls <name> --cert=<cert> --key=<key>
# 查看
kubectl get configmap
kubectl get secret
# 描述
kubectl describe configmap <name>
kubectl describe secret <name>
PV 和 PVC
# 查看
kubectl get pv
kubectl get pvc
# 描述
kubectl describe pv <name>
kubectl describe pvc <name>
RBAC
# 查看角色
kubectl get roles -n <namespace>
kubectl get clusterroles
# 查看角色绑定
kubectl get rolebindings -n <namespace>
kubectl get clusterrolebindings
# 检查权限
kubectl auth can-i <verb> <resource> --as=<user>
调试命令
# 查看资源事件
kubectl get events
kubectl get events --sort-by='.lastTimestamp'
# 查看节点详情
kubectl describe node <node-name>
# 资源使用情况
kubectl top nodes
kubectl top pods -n <namespace>
# JSONPath 查询
kubectl get pods -o jsonpath='{.items[*].spec.containers[*].image}'
kubectl 技巧
# 快速生成 YAML
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml
# 标签选择器
kubectl get pods -l app=nginx
kubectl get pods -l 'app in (nginx, redis)'
# 字段选择器
kubectl get pods --field-selector=status.phase=Running
# 格式化输出
kubectl get pods -o wide
kubectl get pods -o yaml
kubectl get pods -o json
# 别名
alias k='kubectl'
alias kgp='kubectl get pods'
alias kdp='kubectl describe pod'
alias klf='kubectl logs -f'
资源清单示例
Pod
apiVersion: v1
kind: Pod
metadata:
name: my-pod
spec:
containers:
- name: app
image: nginx
ports:
- containerPort: 80
Deployment
apiVersion: apps/v1
kind: Deployment
metadata:
name: my-app
spec:
replicas: 3
selector:
matchLabels:
app: my-app
template:
metadata:
labels:
app: my-app
spec:
containers:
- name: app
image: nginx
ports:
- containerPort: 80
Service
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: my-app
ports:
- port: 80
targetPort: 80
type: ClusterIP
Ingress
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: my-ingress
spec:
rules:
- host: example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: my-service
port:
number: 80
ConfigMap
apiVersion: v1
kind: ConfigMap
metadata:
name: my-config
data:
key1: value1
key2: value2
Secret
apiVersion: v1
kind: Secret
metadata:
name: my-secret
type: Opaque
stringData:
key: value
PVC
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: my-pvc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
NetworkPolicy
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
spec:
podSelector: {}
policyTypes:
- Ingress
- Egress
常用标签和注解
常用标签
metadata:
labels:
app: my-app # 应用名称
tier: frontend # 层级
environment: prod # 环境
version: v1.0.0 # 版本
常用注解
metadata:
annotations:
kubernetes.io/description: "描述"
kubernetes.io/limit-ranger: "LimitRanger 配置"
资源缩写
| 资源类型 | 缩写 |
|---|---|
| pods | po |
| services | svc |
| deployments | deploy |
| replicasets | rs |
| statefulsets | sts |
| daemonsets | ds |
| configmaps | cm |
| secrets | secret |
| persistentvolumes | pv |
| persistentvolumeclaims | pvc |
| namespaces | ns |
| nodes | no |
| ingresses | ing |
网络端口
| 组件 | 端口 |
|---|---|
| API Server | 6443 |
| etcd | 2379-2380 |
| Kubelet | 10250 |
| NodePort | 30000-32767 |
| kube-proxy | 10256 |
常用工具
kubectl 插件
# 安装 krew
curl -fsSL https://krew.sigs.k8s.io/install.sh | bash
# 安装插件
kubectl krew install view-utilization
kubectl krew install topology
图形化工具
- Lens - Kubernetes IDE
- Octant - 可视化工具
- Kubernetes Dashboard - Web UI
- k9s - 终端 UI
故障排查清单
Pod 问题
# 1. 检查 Pod 状态
kubectl get pods -n <ns>
# 2. 查看事件
kubectl describe pod <pod>
# 3. 查看日志
kubectl logs <pod>
# 4. 检查资源
kubectl top pod <pod>
# 5. 进入调试
kubectl exec -it <pod> -- /bin/sh
Service 问题
# 1. 检查 Service
kubectl get svc
# 2. 检查 Endpoint
kubectl get endpoints <service>
# 3. 检查 DNS
kubectl exec -it busybox -- nslookup <service>
# 4. 测试连接
kubectl run test --image=busybox --rm -it --restart=Never -- wget -qO- <service>
网络问题
# 1. 检查网络策略
kubectl get networkpolicy
# 2. 检查 iptables 规则
kubectl exec -it <node> -- iptables -L -n
# 3. 检查 kube-proxy
kubectl logs -n kube-system -l k8s-app=kube-proxy
常用快捷命令
# 快速部署
kubectl apply -f .
# 查看所有命名空间
kubectl get pods -A
# 实时监控
watch -n 1 kubectl get pods
# 格式化输出
kubectl get pods -o custom-columns=NAME:.metadata.name,STATUS:.status.phase
# 导出资源
kubectl get deployment nginx -o yaml > nginx.yaml
学习资源
祝学习愉快!