1、管理k8s核心資源的三種基礎(chǔ)方法

陳述式管理方法：主要依賴命令行CLI工具進(jìn)行管理

聲明式管理方法：主要依賴統(tǒng)一資源配置清單（manifest）進(jìn)行管理

GUI式管理方法：主要依賴圖形化操作界面（WEB）進(jìn)行管理

2、陳述式資源管理方法

陳述式管理方法說白了就是對(duì)資源進(jìn)行CDUR（增刪改查），在任意一臺(tái)運(yùn)算節(jié)點(diǎn)上進(jìn)行操作。

2.1 管理名稱空間資源

2.1.1 查看名稱空間

[root@hdss7-21 ~]# kubectl get namespaces
NAME              STATUS   AGE
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h
使用簡(jiǎn)寫
[root@hdss7-21 ~]# kubectl get ns
NAME              STATUS   AGE
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h

2.1.2 查看名稱空間資源

查看default名稱空間的所有資源
[root@hdss7-21 ~]# kubectl get all -n default
NAME                 READY   STATUS    RESTARTS   AGE
pod/nginx-ds-qbjx6   1/1     Running   2          45h
pod/nginx-ds-w7ktl   1/1     Running   2          45h

NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   192.168.0.1           443/TCP   5d23h

NAME                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/nginx-ds   2         2         2       2            2                     45h
當(dāng)不寫名稱空間時(shí)默認(rèn)使用default名稱空間
[root@hdss7-21 ~]# kubectl get all
NAME                 READY   STATUS    RESTARTS   AGE
pod/nginx-ds-qbjx6   1/1     Running   2          45h
pod/nginx-ds-w7ktl   1/1     Running   2          45h

NAME                 TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
service/kubernetes   ClusterIP   192.168.0.1           443/TCP   5d23h

NAME                      DESIRED   CURRENT   READY   UP-TO-DATE   AVAILABLE   NODE SELECTOR   AGE
daemonset.apps/nginx-ds   2         2         2       2            2                     45h
查看pod
[root@hdss7-21 ~]# kubectl get pod
NAME             READY   STATUS    RESTARTS   AGE
nginx-ds-qbjx6   1/1     Running   2          45h
nginx-ds-w7ktl   1/1     Running   2          45h
查看service
[root@hdss7-21 ~]# kubectl get service
NAME         TYPE        CLUSTER-IP    EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   192.168.0.1           443/TCP   5d23h

2.1.3 創(chuàng)建名稱空間

[root@hdss7-21 ~]# kubectl create namespace app
namespace/app created
[root@hdss7-21 ~]# kubectl get namespace
NAME              STATUS   AGE
app               Active   16s
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h
[root@hdss7-21 ~]# kubectl get all -n app
No resources found.

2.1.4 刪除名稱空間

[root@hdss7-21 ~]# kubectl delete ns app
namespace "app" deleted
[root@hdss7-21 ~]# kubectl get namespace
NAME              STATUS   AGE
default           Active   5d23h
kube-node-lease   Active   5d23h
kube-public       Active   5d23h
kube-system       Active   5d23h

2.2管理Deployment（pod控制器）資源

2.2.1 創(chuàng)建deployment

[root@hdss7-21 ~]# kubectl get all -n kube-public
No resources found.
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created

2.2.2 查看deployment

[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME                            READY   STATUS    RESTARTS   AGE
pod/nginx-dp-86678bb55c-kt9rd   1/1     Running   0          7s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-dp   1/1     1            1           7s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dp-86678bb55c   1         1         1       7s
[root@hdss7-21 ~]# kubectl get deployment -n kube-public
NAME       READY   UP-TO-DATE   AVAILABLE   AGE
nginx-dp   1/1     1            1           91s
擴(kuò)展查看
[root@hdss7-21 ~]# kubectl get deployment -o wide -n kube-public
NAME       READY   UP-TO-DATE   AVAILABLE   AGE     CONTAINERS   IMAGES                              SELECTOR
nginx-dp   1/1     1            1           7m38s   nginx        harbor.od.com/public/nginx:v1.7.9   app=nginx-dp
詳細(xì)查看
[root@hdss7-21 ~]# kubectl  describe deployment  -n kube-public
Name:                   nginx-dp
Namespace:              kube-public
CreationTimestamp:      Fri, 16 Jul 2021 20:41:44 +0800
Labels:                 app=nginx-dp
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               app=nginx-dp
Replicas:               1 desired | 1 updated | 1 total | 1 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  app=nginx-dp
  Containers:
   nginx:
    Image:        harbor.od.com/public/nginx:v1.7.9
    Port:         
    Host Port:    
    Environment:  
    Mounts:       
  Volumes:        
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Available      True    MinimumReplicasAvailable
  Progressing    True    NewReplicaSetAvailable
OldReplicaSets:  
NewReplicaSet:   nginx-dp-86678bb55c (1/1 replicas created)
Events:
  Type    Reason             Age   From                   Message
  ----    ------             ----  ----                   -------
  Normal  ScalingReplicaSet  9m    deployment-controller  Scaled up replica set nginx-dp-86678bb55c to 1

2.2.3 查看pod資源

[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE    IP           NODE                NOMINATED NODE   READINESS GATES
nginx-dp-86678bb55c-kt9rd   1/1     Running   0          110s   172.7.21.3   hdss7-21.host.com              

2.2.4 進(jìn)入pod資源

[root@hdss7-21 ~]# kubectl exec -it nginx-dp-86678bb55c-kt9rd bash -n kube-public
root@nginx-dp-86678bb55c-kt9rd:/# ip a
1: lo:  mtu 65536 qdisc noqueue state UNKNOWN qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
8: eth0@if9:  mtu 1500 qdisc noqueue state UP
    link/ether 02:42:ac:07:15:03 brd ff:ff:ff:ff:ff:ff
    inet 172.7.21.3/24 brd 172.7.21.255 scope global eth0
       valid_lft forever preferred_lft forever
或者使用docker也可以，不過docker無法跨主機(jī)，只有在本機(jī)的容器才行
[root@hdss7-21 ~]# docker ps  |grep nginx-dp
bece873198a1   84581e99d807                        "nginx -g 'daemon of…"   22 minutes ago   Up 22 minutes             k8s_nginx_nginx-dp-86678bb55c-kt9rd_kube-public_2daa2b8a-e633-11eb-9d00-000c29e396b1_0
8d56eb2e0e0e   harbor.od.com/public/pause:latest   "/pause"                 22 minutes ago   Up 22 minutes             k8s_POD_nginx-dp-86678bb55c-kt9rd_kube-public_2daa2b8a-e633-11eb-9d00-000c29e396b1_0
[root@hdss7-21 ~]# docker exec -it bece /bin/bash
root@nginx-dp-86678bb55c-kt9rd:/#

2.2.5 刪除pod資源（重啟）

[root@hdss7-21 ~]# kubectl delete pod nginx-dp-86678bb55c-kt9rd -n kube-public
pod "nginx-dp-86678bb55c-kt9rd" deleted
再次查看，刪除了原來容器，重新啟動(dòng)了一個(gè)容器在hdss7-22上，查看前面的deployment這個(gè)pod控制器的詳細(xì)信息，可以知道它采用的Replicas是一個(gè)副本，所以我們的pod會(huì)按照這個(gè)預(yù)期的期望值對(duì)容器進(jìn)行部署
[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE   IP           NODE                NOMINATED NODE   READINESS GATES
nginx-dp-86678bb55c-zd6vr   1/1     Running   0          95s   172.7.22.3   hdss7-22.host.com              
如果遇到無法刪除時(shí)，可以加入--force --grace-period=0選項(xiàng)進(jìn)行強(qiáng)制刪除
[root@hdss7-21 ~]# kubectl delete pod nginx-dp-86678bb55c-zd6vr -n kube-public --force --grace-period=0
warning: Immediate deletion does not wait for confirmation that the running resource has been terminated. The resource may continue to run on the cluster indefinitely.
pod "nginx-dp-86678bb55c-zd6vr" force deleted
[root@hdss7-21 ~]#
[root@hdss7-21 ~]# kubectl get pod -o wide -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE   IP           NODE                NOMINATED NODE   READINESS GATES
nginx-dp-86678bb55c-c6snd   1/1     Running   0          7s    172.7.21.3   hdss7-21.host.com              

2.2.6 刪除deployment

[root@hdss7-21 ~]# kubectl get deployment -n kube-public
NAME       READY   UP-TO-DATE   AVAILABLE   AGE
nginx-dp   1/1     1            1           36m
[root@hdss7-21 ~]# kubectl delete deployment nginx-dp -n kube-public
deployment.extensions "nginx-dp" deleted
[root@hdss7-21 ~]# kubectl get all -n kube-public
No resources found.

2.3 管理service資源

2.3.1 創(chuàng)建service資源

先創(chuàng)建一個(gè)deployment資源
[root@hdss7-21 ~]# kubectl create deployment nginx-dp --image=harbor.od.com/public/nginx:v1.7.9 -n kube-public
deployment.apps/nginx-dp created
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME                            READY   STATUS             RESTARTS   AGE
pod/nginx-dp-58f74bd894-9b5f7   0/1     ImagePullBackOff   0          26s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-dp   0/1     1            0           26s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dp-58f74bd894   1         1         0       26s
創(chuàng)建service資源（暴露一個(gè)80服務(wù)端口）
[root@hdss7-21 ~]# kubectl expose deployment nginx-dp --port=80 -n kube-public
service/nginx-dp exposed

2.3.2 查看service資源
再次查看多出來一個(gè)service資源，IP是192.168.196.123，這樣無論如何重啟pod，pod地址如何變更，192.168.196.1238這個(gè)人servicedeIP都不會(huì)變（其作用相當(dāng)于keepalived的VIP）

[root@hdss7-21 ~]# kubectl describe svc nginx-dp -n kube-public
Name:              nginx-dp
Namespace:         kube-public
Labels:            app=nginx-dp
Annotations:       
Selector:          app=nginx-dp
Type:              ClusterIP
IP:                192.168.196.123
Port:                80/TCP
TargetPort:        80/TCP
Endpoints:         172.7.21.3:80,172.7.22.3:80
Session Affinity:  None
Events:            
[root@hdss7-21 ~]# kubectl get all -n kube-public
NAME                            READY   STATUS             RESTARTS   AGE
pod/nginx-dp-58f74bd894-9b5f7   0/1     ImagePullBackOff   0          2m31s

NAME               TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)   AGE
service/nginx-dp   ClusterIP   192.168.196.123           80/TCP    40s

NAME                       READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/nginx-dp   0/1     1            0           2m31s

NAME                                  DESIRED   CURRENT   READY   AGE
replicaset.apps/nginx-dp-58f74bd894   1         1         0       2m31s
[root@hdss7-21 ~]# curl 192.168.196.123







Welcome to nginx!
If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.

For online documentation and support please refer to
nginx.org.

Commercial support is available at
nginx.com.

Thank you for using nginx.


但是注意，這個(gè)ip只是一個(gè)虛ip，且只有在deployment這個(gè)資源的集群中才有用，對(duì)外無法顯示，如下，在200上就無法識(shí)別
[root@hdss7-21 ~]# ping 192.168.196.123
PING 192.168.196.123 (192.168.196.123) 56(84) bytes of data.
64 bytes from 192.168.196.123: icmp_seq=1 ttl=64 time=0.137 ms
^C
--- 192.168.196.123 ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.137/0.137/0.137/0.000 ms
[root@hdss7-200 harbor]# ping 192.168.196.123
PING 192.168.196.123 (192.168.196.123) 56(84) bytes of data.
^C
--- 192.168.196.123 ping statistics ---
2 packets transmitted, 0 received, 100% packet loss, time 1001ms

2.3.3 查看ipvs代理

[root@hdss7-21 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.1:443 nq
  -> 10.4.7.21:6443               Masq    1      0          0
  -> 10.4.7.22:6443               Masq    1      0          0
TCP  192.168.196.123:80 nq
  -> 172.7.21.3:80                Masq    1      0          0
擴(kuò)容deployment資源，可以利用deployment資源啟動(dòng)的pod都是被service192.168.196.123代理
[root@hdss7-21 ~]# kubectl scale deployment nginx-dp --replicas=2 -n kube-public
deployment.extensions/nginx-dp scaled
[root@hdss7-21 ~]# ipvsadm -Ln
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
  -> RemoteAddress:Port           Forward Weight ActiveConn InActConn
TCP  192.168.0.1:443 nq
  -> 10.4.7.21:6443               Masq    1      0          0
  -> 10.4.7.22:6443               Masq    1      0          0
TCP  192.168.196.123:80 nq
  -> 172.7.21.3:80                Masq    1      0          0
  -> 172.7.22.3:80                Masq    1      0          0

2.4 陳述式資源管理方法小結(jié)

Kuuernetes集群管理集群資源的唯一入口是通過相應(yīng)的方法調(diào)用apiserver的接口；

Kubectl是官方的CLI命令行工具，用于與apiserver進(jìn)行通信，將用戶在命令行輸入的命令組織并轉(zhuǎn)化為apiserver能識(shí)別的信息，進(jìn)而實(shí)現(xiàn)管理k8s集群各種資源的一種有效途徑；

Kubectl的命令詳解可以參考下面兩種方法：
命令：kubectl --help
中文社區(qū)：http://docs.kubernetes.org.cn/683.html

陳述式資源管理方法可以滿足90%以上的資源管理需求，但是它的缺點(diǎn)也很明顯：
命令冗長(zhǎng)復(fù)雜，難以記憶；
特定場(chǎng)景下無法滿足管理需求；
對(duì)資源的增刪查操作比較容易，但是對(duì)于改操作就比較復(fù)雜。

3、聲明式資源管理方法

聲明式資源管理方法依賴于資源配置清單（yaml/json）

3.1 查看資源配置清單

查看有哪些pod
[root@hdss7-21 ~]# kubectl get pod -n kube-public
NAME                        READY   STATUS    RESTARTS   AGE
nginx-dp-86678bb55c-5ppcf   1/1     Running   1          19h
nginx-dp-86678bb55c-jh2k4   1/1     Running   1          19h
用yanl格式查看pod使用的資源配置清單
[root@hdss7-21 ~]# kubectl get pod nginx-dp-86678bb55c-5ppcf -o yaml -n kube-public
用Json格式查看資源配置清單
[root@hdss7-21 ~]# kubectl get pod nginx-dp-86678bb55c-5ppcf -o json -n kube-public
也可以根據(jù)查看service的資源配置清單
[root@hdss7-21 ~]# kubectl get service nginx-dp -o yaml -n kube-public
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2021-07-16T1308Z"
  labels:
    app: nginx-dp
  name: nginx-dp
  namespace: kube-public
  resourceVersion: "40875"
  selfLink: /api/v1/namespaces/kube-public/services/nginx-dp
  uid: df593257-e63c-11eb-9d00-000c29e396b1
spec:
  clusterIP: 192.168.196.123
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-dp
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

3.2 解釋資源配置清單

資源配置清單中基本都會(huì)有看apiVersion、kind、metadata、spec這幾個(gè)配置

查看其中metadata配置的解釋
[root@hdss7-21 ~]# kubectl explain service.metadata
[root@hdss7-21 ~]# kubectl explain pod.metadata

3.3 創(chuàng)建資源配置清單

[root@hdss7-21 ~]# vim nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx-ds
  name: nginx-ds
  namespace: default
spec:
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-ds
  sessionAffinity: None
  type: ClusterIP

3.4 應(yīng)用資源配置清單

[root@hdss7-21 ~]# kubectl create -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl create -f nginx-ds-svc.yaml
service/nginx-ds created
[root@hdss7-21 ~]# kubectl get svc -n default
NAME         TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)   AGE
kubernetes   ClusterIP   192.168.0.1               443/TCP   6d20h
nginx-ds     ClusterIP   192.168.210.122           80/TCP    45s
查看詳情
[root@hdss7-21 ~]# kubectl get svc nginx-ds -o yaml -n default
apiVersion: v1
kind: Service
metadata:
  creationTimestamp: "2021-07-17T0928Z"
  labels:
    app: nginx-ds
  name: nginx-ds
  namespace: default
  resourceVersion: "46358"
  selfLink: /api/v1/namespaces/default/services/nginx-ds
  uid: 872412d9-e6df-11eb-a8fa-000c29e396b1
spec:
  clusterIP: 192.168.210.122
  ports:
  - port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-ds
  sessionAffinity: None
  type: ClusterIP
status:
  loadBalancer: {}

3.5 修改資源配置清單并應(yīng)用

[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME       TYPE        CLUSTER-IP        EXTERNAL-IP   PORT(S)   AGE
nginx-ds   ClusterIP   192.168.210.122           80/TCP    13m

3.5.1 離線更改
即修改yaml資源配置清單

[root@hdss7-21 ~]# vim nginx-ds-svc.yaml
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx-ds
  name: nginx-ds
  namespace: default
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx-ds
  sessionAffinity: None
  type: ClusterIP
使用apply進(jìn)行變更
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
The Service "nginx-ds" is invalid:
* spec.ports[0].name: Required value
* spec.ports[1].name: Required value
如果出現(xiàn)如上報(bào)錯(cuò)，就使用--force強(qiáng)制變更
[root@hdss7-21 ~]# kubectl apply -f nginx-ds-svc.yaml --force
Warning: kubectl apply should be used on resource created by either kubectl create --save-config or kubectl apply
service/nginx-ds configured
再次查看service端口已經(jīng)變成8080了
[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
nginx-ds   ClusterIP   192.168.55.169           8080/TCP   5s

3.5.2 在線更改
使用edit在線編輯資源配置清單并保存使之生效（nginx-ds為service名稱）

[root@hdss7-21 ~]# kubectl edit svc nginx-ds
修改- port: 8081
保存退出（:wq）
service/nginx-ds edited
再次查看
[root@hdss7-21 ~]# kubectl get svc nginx-ds -n default
NAME       TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE
nginx-ds   ClusterIP   192.168.55.169           8081/TCP   7m45s

注意，使用在線更改的其資源配置清單的yaml文件并不會(huì)改變，edit查看修改的都是資源目前的真實(shí)狀態(tài)，yaml不會(huì)因此二受到改變，所以生產(chǎn)上一般不建議使用edit在線修改資源，因?yàn)閥aml文件未同步更新，會(huì)使得下次使用yaml文件時(shí)將edit修改的內(nèi)容恢復(fù)。在線修改后可以查看一下yaml文件，是沒有改變的。

3.6 刪除資源配置清單

陳述式刪除

[root@hdss7-21 ~]# kubectl delete svc nginx-ds
service "nginx-dt" deleted

聲明式刪除

[root@hdss7-21 ~]# kubectl delete -f nginx-ds-svc.yaml
service "nginx-ds" deleted

3.7 聲明式資源管理方法小結(jié)

聲明式資源管理方法，依賴于統(tǒng)一資源配置清單文件對(duì)資源進(jìn)行管理；

對(duì)資源的管理，是通過事先定義在同一資源配置清單內(nèi)，再通過陳述式命令應(yīng)用到K8s集群里

語法格式：kubectl create/apply/delete/ -f *.yaml/json

資源配置清單的學(xué)習(xí)方法
多看別人寫的（官方），能讀懂的；
能照著現(xiàn)有的文件改著用；
遇到不懂的，能用explain進(jìn)行查詢；
切記上來就自己寫，等熟悉了之后再嘗試自己寫。

鏈接：https://www.cnblogs.com/wangyuanguang/p/15022097.html