目录
一.kubernetes资源管理简介
二.三种资源管理方式优缺点比较
三.命令式对象管理介绍
1.kubectl命令语法格式
2.资源类型
(1)通过“kubectl api-resources”来查看所有的资源
(2)每列含义
(3)常用资源介绍 编辑
3.kubectl命令支持命令
(1)获取命令帮助
(2)常用命令介绍 编辑
4.常用命令示例
5.kubectl格式化输出可选格式
四.命令式对象配置介绍
五.声明式对象配置
1.kubectl apply
2.操作多个文件内的资源
一.kubernetes资源管理简介
1.实际上kubernetes是一个集群管理系统,管理者在这个系统中运行容器、将程序运行在容器中,以此来部署服务。
2.在前面介绍k8s的工作流程来看,kubernetes的最小管理单元是pod,需要将容器放在pod中,再通过pod控制器来管理pod。
3.考虑到pod服务的相关管理,kubernetes支持service服务管理、便于数据持久化的存储系统等。其中,pod控制器、service管理、数据存储是关键技能。
二.三种资源管理方式优缺点比较
| 管理方式 | 描述 | 操作对象和使用环境 | 优点 | 缺点 | 示例代码 |
|---|---|---|---|---|---|
| 命令式对象管理 | 使用命令直接操作资源 | 操作”对象“,适用于测试环境 | 简易上手 | 不支持审计跟踪 | |
| 命令式对象配置 | 使用命令配置和文件配置操作资源 | 操作“文件”,适用于开发环境 | 支持审计跟踪 | 大项目配置文件繁琐时,很麻烦 | |
| 声明式对象配置 | apply命令和配置文件操作资源 | 操作“目录或文件”,适用于开发环境 | 支持对目录的操作 | 发生意外情况,资源将变得难以调试管理 |
三.命令式对象管理介绍
直接使用命令行
1.kubectl命令语法格式
kubectl 命令 资源类型 资源名称 (其他参数)| 类别 | 可选项 |
|---|---|
| 命令 | 要对资源进行的操作,create、get等 |
| 资源类型 | pod、node、deployment等,具体看下文 |
| 资源名称 | 此项对大小写很敏感,像pod名称等 |
2.资源类型
(1)通过“kubectl api-resources”来查看所有的资源
[root@k8s-master ~]# kubectl api-resources
NAME SHORTNAMES APIVERSION NAMESPACED KIND
bindings v1 true Binding
componentstatuses cs v1 false ComponentStatus
configmaps cm v1 true ConfigMap
endpoints ep v1 true Endpoints
events ev v1 true Event
limitranges limits v1 true LimitRange
namespaces ns v1 false Namespace
nodes no v1 false Node
persistentvolumeclaims pvc v1 true PersistentVolumeClaim
persistentvolumes pv v1 false PersistentVolume
pods po v1 true Pod
podtemplates v1 true PodTemplate
replicationcontrollers rc v1 true ReplicationController
resourcequotas quota v1 true ResourceQuota
secrets v1 true Secret
serviceaccounts sa v1 true ServiceAccount
services svc v1 true Service
mutatingwebhookconfigurations admissionregistration.k8s.io/v1 false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io/v1 false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io/v1 false CustomResourceDefinition
apiservices apiregistration.k8s.io/v1 false APIService
controllerrevisions apps/v1 true ControllerRevision
daemonsets ds apps/v1 true DaemonSet
deployments deploy apps/v1 true Deployment
replicasets rs apps/v1 true ReplicaSet
statefulsets sts apps/v1 true StatefulSet
selfsubjectreviews authentication.k8s.io/v1 false SelfSubjectReview
tokenreviews authentication.k8s.io/v1 false TokenReview
localsubjectaccessreviews authorization.k8s.io/v1 true LocalSubjectAccessReview
selfsubjectaccessreviews authorization.k8s.io/v1 false SelfSubjectAccessReview
selfsubjectrulesreviews authorization.k8s.io/v1 false SelfSubjectRulesReview
subjectaccessreviews authorization.k8s.io/v1 false SubjectAccessReview
horizontalpodautoscalers hpa autoscaling/v2 true HorizontalPodAutoscaler
cronjobs cj batch/v1 true CronJob
jobs batch/v1 true Job
certificatesigningrequests csr certificates.k8s.io/v1 false CertificateSigningRequest
leases coordination.k8s.io/v1 true Lease
bgpconfigurations crd.projectcalico.org/v1 false BGPConfiguration
bgppeers crd.projectcalico.org/v1 false BGPPeer
blockaffinities crd.projectcalico.org/v1 false BlockAffinity
caliconodestatuses crd.projectcalico.org/v1 false CalicoNodeStatus
clusterinformations crd.projectcalico.org/v1 false ClusterInformation
felixconfigurations crd.projectcalico.org/v1 false FelixConfiguration
globalnetworkpolicies crd.projectcalico.org/v1 false GlobalNetworkPolicy
globalnetworksets crd.projectcalico.org/v1 false GlobalNetworkSet
hostendpoints crd.projectcalico.org/v1 false HostEndpoint
ipamblocks crd.projectcalico.org/v1 false IPAMBlock
ipamconfigs crd.projectcalico.org/v1 false IPAMConfig
ipamhandles crd.projectcalico.org/v1 false IPAMHandle
ippools crd.projectcalico.org/v1 false IPPool
ipreservations crd.projectcalico.org/v1 false IPReservation
kubecontrollersconfigurations crd.projectcalico.org/v1 false KubeControllersConfiguration
networkpolicies crd.projectcalico.org/v1 true NetworkPolicy
networksets crd.projectcalico.org/v1 true NetworkSet
endpointslices discovery.k8s.io/v1 true EndpointSlice
events ev events.k8s.io/v1 true Event
flowschemas flowcontrol.apiserver.k8s.io/v1beta3 false FlowSchema
prioritylevelconfigurations flowcontrol.apiserver.k8s.io/v1beta3 false PriorityLevelConfiguration
ingressclasses networking.k8s.io/v1 false IngressClass
ingresses ing networking.k8s.io/v1 true Ingress
networkpolicies netpol networking.k8s.io/v1 true NetworkPolicy
runtimeclasses node.k8s.io/v1 false RuntimeClass
poddisruptionbudgets pdb policy/v1 true PodDisruptionBudget
clusterrolebindings rbac.authorization.k8s.io/v1 false ClusterRoleBinding
clusterroles rbac.authorization.k8s.io/v1 false ClusterRole
rolebindings rbac.authorization.k8s.io/v1 true RoleBinding
roles rbac.authorization.k8s.io/v1 true Role
priorityclasses pc scheduling.k8s.io/v1 false PriorityClass
csidrivers storage.k8s.io/v1 false CSIDriver
csinodes storage.k8s.io/v1 false CSINode
csistoragecapacities storage.k8s.io/v1 true CSIStorageCapacity
storageclasses sc storage.k8s.io/v1 false StorageClass
volumeattachments storage.k8s.io/v1 false VolumeAttachment(2)每列含义
NAME表示资源名称
SHORTNAMES表示该资源的缩写
APIVERSION表示API版本
NAMESPACED表示是否使用命名空间隔离
KIND表示API类型
(3)常用资源介绍 
3.kubectl命令支持命令
(1)获取命令帮助
[root@k8s-master ~]# kubectl --help
kubectl controls the Kubernetes cluster manager.
Find more information at: https://kubernetes.io/docs/reference/kubectl/
Basic Commands (Beginner):
create Create a resource from a file or from stdin
expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes service
run Run a particular image on the cluster
set Set specific features on objects
Basic Commands (Intermediate):
explain Get documentation for a resource
get Display one or many resources
edit Edit a resource on the server
delete Delete resources by file names, stdin, resources and names, or by resources and label selector
Deploy Commands:
rollout Manage the rollout of a resource
scale Set a new size for a deployment, replica set, or replication controller
autoscale Auto-scale a deployment, replica set, stateful set, or replication controller
Cluster Management Commands:
certificate Modify certificate resources
cluster-info Display cluster information
top Display resource (CPU/memory) usage
cordon Mark node as unschedulable
uncordon Mark node as schedulable
drain Drain node in preparation for maintenance
taint Update the taints on one or more nodes
Troubleshooting and Debugging Commands:
describe Show details of a specific resource or group of resources
logs Print the logs for a container in a pod
attach Attach to a running container
exec Execute a command in a container
port-forward Forward one or more local ports to a pod
proxy Run a proxy to the Kubernetes API server
cp Copy files and directories to and from containers
auth Inspect authorization
debug Create debugging sessions for troubleshooting workloads and nodes
events List events
Advanced Commands:
diff Diff the live version against a would-be applied version
apply Apply a configuration to a resource by file name or stdin
patch Update fields of a resource
replace Replace a resource by file name or stdin
wait Experimental: Wait for a specific condition on one or many resources
kustomize Build a kustomization target from a directory or URL
Settings Commands:
label Update the labels on a resource
annotate Update the annotations on a resource
completion Output shell completion code for the specified shell (bash, zsh, fish, or powershell)
Other Commands:
api-resources Print the supported API resources on the server
api-versions Print the supported API versions on the server, in the form of "group/version"
config Modify kubeconfig files
plugin Provides utilities for interacting with plugins
version Print the client and server version information
Usage:
kubectl [flags] [options](2)常用命令介绍 
4.常用命令示例
(1)查看所有的pod或指定名称空间下的pod
[root@k8s-master ~]# kubectl get pods -A
[root@k8s-master ~]# kubectl get pods -n kube-system(2)查看所有节点和名称空间
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready control-plane 23m v1.28.2
k8s-node1 Ready <none> 22m v1.28.2
k8s-node2 Ready <none> 22m v1.28.2
[root@k8s-master ~]# kubectl get ns
NAME STATUS AGE
default Active 23m
kube-node-lease Active 23m
kube-public Active 23m
kube-system Active 23m(3)查看资源的具体文档
[root@k8s-master ~]# kubectl explain pod
KIND: Pod
VERSION: v1
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is
created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <ObjectMeta>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <PodSpec>
Specification of the desired behavior of the pod. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <PodStatus>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
[root@k8s-master ~]# kubectl explain pod.spec #以这种形式指定查看具体某个部分的文档,一层一层(4)显示资源内部详细信息,多用于节点排错分析
需要在pod后指定pod名称,-n指定该pod位于的名称空间
[root@k8s-master ~]# kubectl describe pod calico-node-58k7l -n kube-system(5)创建名称空间并在其中运行pod
[root@k8s-master ~]# kubectl create ns myns
namespace/myns created
[root@k8s-master ~]# kubectl get ns
NAME STATUS AGE
default Active 38m
kube-node-lease Active 38m
kube-public Active 38m
kube-system Active 38m
myns Active 3s
[root@k8s-master ~]# kubectl run pod --image=nginx -n myns
pod/pod created
[root@k8s-master ~]# kubectl get pods -n myns
NAME READY STATUS RESTARTS AGE
pod 1/1 Running 0 22s(6)删除pod和namespace
[root@k8s-master ~]# kubectl get pods -n myns
NAME READY STATUS RESTARTS AGE
pod 1/1 Running 0 22s
[root@k8s-master ~]# kubectl delete pod pod -n myns
pod "pod" deleted
[root@k8s-master ~]# kubectl delete ns myns
namespace "myns" deleted
[root@k8s-master ~]# kubectl get pods -n myns
No resources found in myns namespace.5.kubectl格式化输出可选格式
(1)格式介绍
| 格式 | 含义说明 |
|---|---|
| -o yaml | 将其转化为yaml格式 |
| -o json | 将其转化为json格式 |
| -o wide | 将其以宽格式输出 |
| -o name | 只输出资源对象的名称 |
| -o custom-columns<> | 根据自定义的列名输出 |
| -o custom-columns-file<> | 将自定义列名的命令以文件形式记录 |
| --server-print=false | 关闭显示一些特殊信息 |
| --sort-by | 根据指定字段进行排序 |
(2)示例
将命令行命令转化为yaml文件但不运行
[root@k8s-master ~]# kubectl run httpd1 --image=httpd -n myns --dry-run=client -o yaml
apiVersion: v1
kind: Pod
metadata:
creationTimestamp: null
labels:
run: httpd1
name: httpd1
namespace: myns
spec:
containers:
- image: httpd
name: httpd1
resources: {}
dnsPolicy: ClusterFirst
restartPolicy: Always
status: {}转化为json格式不运行
[root@k8s-master ~]# kubectl run httpd1 --image=httpd -n myns --dry-run=client -o json
{
"kind": "Pod",
"apiVersion": "v1",
"metadata": {
"name": "httpd1",
"namespace": "myns",
"creationTimestamp": null,
"labels": {
"run": "httpd1"
}
},
"spec": {
"containers": [
{
"name": "httpd1",
"image": "httpd",
"resources": {}
}
],
"restartPolicy": "Always",
"dnsPolicy": "ClusterFirst"
},
"status": {}
}以宽格式显示
[root@k8s-master ~]# kubectl get pods -n myns -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
httpd 1/1 Running 0 13m 10.244.169.131 k8s-node2 <none> <none>
nginx 1/1 Running 0 13m 10.244.36.65 k8s-node1 <none> <none>查看myns内的pod但只输出资源对象的名称
[root@k8s-master ~]# kubectl get pods -n myns -o name
pod/httpd
pod/nginx根据自定义列名输出
#关于这个获取值的来源是pod的explain里获取到的
[root@k8s-master ~]# kubectl get pods -n myns -o custom-columns=MYNAME:.metadata.name,MYIP:.status.podIP
MYNAME MYIP
httpd 10.244.169.131
nginx 10.244.36.65
[root@k8s-master ~]# kubectl get pods -n myns -o yaml
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/containerID: defdaf44f2101595faed680814b72094a3f3e5a5e7be500d04e171215f49c5d3
cni.projectcalico.org/podIP: 10.244.169.131/32
cni.projectcalico.org/podIPs: 10.244.169.131/32
creationTimestamp: "2023-10-31T09:08:29Z"
labels:
run: httpd
name: httpd
namespace: myns
resourceVersion: "961"
uid: 4cc0df5b-19e0-421a-90a7-ccd16ef3727c
spec:
containers:
- image: httpd
imagePullPolicy: Always
name: httpd
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-bgl8q
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node2
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-bgl8q
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:08:29Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:09:12Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:09:12Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:08:29Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: containerd://be8ca922d2b16d5243f84ae06dda2c0735dae83133a15d5ba0957f5455720d4f
image: docker.io/library/httpd:latest
imageID: docker.io/library/httpd@sha256:ed6db4a8c394d075c9c59a3dbd61a3818cd302d9948057f1e19046e5bffec027
lastState: {}
name: httpd
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-10-31T09:09:12Z"
hostIP: 192.168.2.152
phase: Running
podIP: 10.244.169.131
podIPs:
- ip: 10.244.169.131
qosClass: BestEffort
startTime: "2023-10-31T09:08:29Z"
- apiVersion: v1
kind: Pod
metadata:
annotations:
cni.projectcalico.org/containerID: 2548da464094dc236833d240d3bb75f7586b732d08326179967ca9836e24df07
cni.projectcalico.org/podIP: 10.244.36.65/32
cni.projectcalico.org/podIPs: 10.244.36.65/32
creationTimestamp: "2023-10-31T09:08:17Z"
labels:
run: nginx
name: nginx
namespace: myns
resourceVersion: "872"
uid: e499fbcc-4c0c-41e6-90d1-f998b7bff754
spec:
containers:
- image: nginx
imagePullPolicy: Always
name: nginx
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /var/run/secrets/kubernetes.io/serviceaccount
name: kube-api-access-5rc8h
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
nodeName: k8s-node1
preemptionPolicy: PreemptLowerPriority
priority: 0
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
serviceAccount: default
serviceAccountName: default
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
key: node.kubernetes.io/not-ready
operator: Exists
tolerationSeconds: 300
- effect: NoExecute
key: node.kubernetes.io/unreachable
operator: Exists
tolerationSeconds: 300
volumes:
- name: kube-api-access-5rc8h
projected:
defaultMode: 420
sources:
- serviceAccountToken:
expirationSeconds: 3607
path: token
- configMap:
items:
- key: ca.crt
path: ca.crt
name: kube-root-ca.crt
- downwardAPI:
items:
- fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
path: namespace
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:08:17Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:08:21Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:08:21Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2023-10-31T09:08:17Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: containerd://2c5e82409afd496dbb61b7eedab126b130e6bb20572ebe6b901fb574d25c7a28
image: docker.io/library/nginx:latest
imageID: docker.io/library/nginx@sha256:add4792d930c25dd2abf2ef9ea79de578097a1c175a16ab25814332fe33622de
lastState: {}
name: nginx
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2023-10-31T09:08:21Z"
hostIP: 192.168.2.151
phase: Running
podIP: 10.244.36.65
podIPs:
- ip: 10.244.36.65
qosClass: BestEffort
startTime: "2023-10-31T09:08:17Z"
kind: List
metadata:
resourceVersion: ""以自定义列名文件输出
[root@k8s-master ~]# cat custom.txt
MYNAME MYIP
metadata.name status.podIP
[root@k8s-master ~]# kubectl get pods -n myns -o=custom-columns-file=custom.txt
MYNAME MYIP
httpd 10.244.169.131
nginx 10.244.36.65不显示这些pod的特定信息
[root@k8s-master ~]# kubectl get pods -n myns --server-print=false
NAME AGE
httpd 32m
nginx 33m根据指定字段排序
[root@k8s-master ~]# kubectl get pods -n myns --sort-by .status.podIP
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 35m
httpd 1/1 Running 0 35m四.命令式对象配置介绍
使用命令和文件进行操作
示例:通过kubectl命令+yaml文件,创建myns名称空间,再在其中运行nginx的pod
[root@k8s-master ~]# cat nginxpod.yaml
apiVersion: v1
kind: Namespace #指定类型为namespace
metadata: #创建名称空间
name: myns
---
apiVersion: v1
kind: Pod
metadata:
name: nginxpod
namespace: myns
spec:
containers: #使用nginx镜像进行运行pod
- name: nginx-containers
image: nginx
[root@k8s-master ~]# kubectl create -f nginxpod.yaml #指定文件进行创建
namespace/myns created
pod/nginxpod created
[root@k8s-master ~]# kubectl get -f nginxpod.yaml #获取文件中的所有资源的状态
NAME STATUS AGE
namespace/myns Active 6s
NAME READY STATUS RESTARTS AGE
pod/nginxpod 1/1 Running 0 6s
[root@k8s-master ~]# kubectl delete -f nginxpod.yaml #删除文件中所有资源,这里包括namespace和pod
namespace "myns" deleted
pod "nginxpod" deleted五.声明式对象配置
基本上同命令式对象配置,但只有apply命令
1.kubectl apply
apply -f 指定配置资源文件,资源存在时重复执行后会报资源未发生改变(相当于kubectl patch更新),在声明式对象配置中仍然是可以进行文件内资源的get和delete
[root@k8s-master ~]# kubectl apply -f nginxpod.yaml
namespace/myns created
pod/nginxpod created
[root@k8s-master ~]# kubectl apply -f nginxpod.yaml
namespace/myns unchanged
pod/nginxpod unchanged
[root@k8s-master ~]# kubectl get -f nginxpod.yaml
NAME STATUS AGE
namespace/myns Active 16s
NAME READY STATUS RESTARTS AGE
pod/nginxpod 1/1 Running 0 16s
[root@k8s-master ~]# kubectl delete -f nginxpod.yaml
namespace "myns" deleted
pod "nginxpod" deleted2.操作多个文件内的资源
[root@k8s-master nginx]# ll
total 8
-rw-r--r-- 1 root root 197 Oct 29 20:19 nginxpod1.yaml
-rw-r--r-- 1 root root 197 Oct 29 20:20 nginxpod2.yaml
[root@k8s-master nginx]# kubectl apply -f ./
namespace/myns1 created
pod/nginxpod created
namespace/myns2 created
pod/nginxpod created
[root@k8s-master nginx]# kubectl get -f ./
NAME STATUS AGE
namespace/myns1 Active 15s
NAME READY STATUS RESTARTS AGE
pod/nginxpod 1/1 Running 0 15s
NAME STATUS AGE
namespace/myns2 Active 15s
NAME READY STATUS RESTARTS AGE
pod/nginxpod 0/1 ContainerCreating 0 15s
[root@k8s-master nginx]# kubectl delete -f ./
namespace "myns1" deleted
pod "nginxpod" deleted
namespace "myns2" deleted
pod "nginxpod" deleted
