664 lines
8.3 KiB
ReStructuredText
664 lines
8.3 KiB
ReStructuredText
**********
|
|
kubernetes
|
|
**********
|
|
|
|
* Deployment → ReplicaSet → Pods → Containers
|
|
* 1 IP address per pod
|
|
|
|
Pods
|
|
====
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get pods \
|
|
-n my-namespace
|
|
|
|
Execute
|
|
-------
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
run my-pod \
|
|
--image my-image \
|
|
--restart Never \
|
|
-n my-namespace
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl edit \
|
|
pod my-pod \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl delete \
|
|
pod my-pod \
|
|
-n my-namespace \
|
|
--grace-period 0
|
|
|
|
Deployments
|
|
===========
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl get \
|
|
deploy my-deployment \
|
|
-n my-namespace \
|
|
-o wide
|
|
|
|
.. code:: shell
|
|
|
|
kubectl get \
|
|
deployments \
|
|
-n my-namespace
|
|
|
|
Execute
|
|
-------
|
|
|
|
.. code:: shell
|
|
|
|
kubectl create \
|
|
deploy my-deployment \
|
|
--image my-image \
|
|
-n my-namespace
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: my-deployment
|
|
spec:
|
|
replicas: 2
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: my-app
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
set image \
|
|
deployment/my-deployment \
|
|
my-app=my-app:1.0.1 \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete deploy my-deployment \
|
|
-n my-namespace
|
|
|
|
Scale
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
scale deploy my-deployment \
|
|
--replicas 3 \
|
|
-n my-namespace
|
|
|
|
Services
|
|
========
|
|
|
|
* ClusterIP (internal)
|
|
* ExternalName (internal alias for external DNS)
|
|
* LoadBalancer (external dedicated IP) [if available]
|
|
* NodePort (exposed via node)
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get services \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get service my-service \
|
|
-n my-namespace
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
expose deployment my-deployment \
|
|
--type LoadBalancer \
|
|
--name my-load-balancer \
|
|
--target-port 8080 \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete service my-service \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
edit service my-service \
|
|
-n my-namespace
|
|
|
|
.. warning::
|
|
|
|
ClusterIP is immutable!
|
|
|
|
NameSpaces
|
|
==========
|
|
|
|
Special:
|
|
|
|
* default
|
|
* kube-node-lease
|
|
* kube-public
|
|
* kube-system
|
|
|
|
Outside:
|
|
|
|
* Nodes
|
|
* Pod Security Policies
|
|
* Persistent Volumes
|
|
|
|
.. code:: shell
|
|
|
|
kubectl api-resources \
|
|
--namespaced false
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get namespaces
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create ns my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete ns my-namespace
|
|
|
|
Jobs
|
|
====
|
|
|
|
* one-time
|
|
* sequential
|
|
* parallel
|
|
|
|
CronJob → Job → Pods
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get jobs \
|
|
-n my-namespace
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create job my-job \
|
|
--image my-image \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create job my-job \
|
|
--from cronjob/my-cronjob \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
apply -f file.yaml \
|
|
-n my-namespace
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: batch/v1
|
|
kind: Job
|
|
metadata:
|
|
name: my-job
|
|
spec:
|
|
activeDeadlineSeconds: 60
|
|
backoffLimit: 4
|
|
completions: 1
|
|
parallelism: 1
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
restartPolicy: OnFailure
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete job my-job \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete job my-job \
|
|
cascade=false \
|
|
-n my-namespace
|
|
|
|
CronJobs
|
|
========
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get cronjobs \
|
|
-n my-namespace
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create cronjob my-cronjob \
|
|
--image my-image \
|
|
--schedule '*/4 * * * *' \
|
|
-n my-namespace
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: batch/v1
|
|
kind: CronJob
|
|
metadata:
|
|
name: my-cronjob
|
|
spec:
|
|
schedule: '*/4 * * * *'
|
|
jobTemplate:
|
|
spec:
|
|
template:
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
imagePullPolicy: IfNotPresent
|
|
command:
|
|
- /usr/bin/bash
|
|
- -c
|
|
- command
|
|
failedHistoryLimit: 2
|
|
successfulJobsHistoryLimit: 1
|
|
restartPolicy: OnFailure
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
patch cronjob my-cronjob \
|
|
-p '{"spec":{"schedule": "*/4 * * * *"}}' \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete cronjob my-cronjob \
|
|
-n my-namespace
|
|
|
|
ConfigMaps
|
|
==========
|
|
|
|
From:
|
|
|
|
* environment variables file
|
|
* file
|
|
* key and value
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get configmap \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get configmap my-configmap \
|
|
-o yaml \
|
|
-n my-namespace
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create configmap my-configmap \
|
|
--from-literal 'uid=1000' \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create configmap my-configmap \
|
|
--from-file 'my-configmap.txt' \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create configmap my-configmap \
|
|
--from-env-file 'my-configmap.env' \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete configmap my-configmap \
|
|
-n my-namespace
|
|
|
|
Pod YAML configurations
|
|
^^^^^^^^^^^^^^^^^^^^^^^
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: my-pod
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
volumeMounts:
|
|
- name: my-volume
|
|
mountPath: /var/lib/my-volume
|
|
volumes:
|
|
- name: my-volume
|
|
configMap:
|
|
name: my-configmap
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: my-pod
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
env:
|
|
- name: my-env
|
|
valueFrom:
|
|
configMapKeyRef:
|
|
name: my-configmap
|
|
key: my-key
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: my-pod
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
envFrom:
|
|
- configMapRef:
|
|
name: my-configmap
|
|
|
|
Secrets
|
|
=======
|
|
|
|
* generic
|
|
* docker-registry
|
|
* tls
|
|
|
|
From:
|
|
|
|
* environment variables file
|
|
* file
|
|
* key and value
|
|
|
|
Read
|
|
----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get secrets \
|
|
-n my-namespace
|
|
|
|
Write
|
|
-----
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create secret generic my-secret \
|
|
--from-literal 'username=user' \
|
|
--from-literal 'password=1234' \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create secret generic my-secret \
|
|
--from-file 'my-secret.txt' \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
create secret generic my-secret \
|
|
--from-env-file 'my-secret.env' \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
delete secret my-secret \
|
|
-n my-namespace
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: my-pod
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
volumeMounts:
|
|
- name: my-secret-volume
|
|
mountPath: /var/lib/my-secret-volume
|
|
volumes:
|
|
- name: my-secret-volume
|
|
secret:
|
|
secretName: my-secret
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: my-pod
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
env:
|
|
- name: username
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: username
|
|
key: username
|
|
|
|
Labels & Selectors
|
|
==================
|
|
|
|
Labels
|
|
------
|
|
|
|
* Key/Value pairs
|
|
* attached to objects
|
|
|
|
Reserved key prefixes:
|
|
|
|
* kubernetes.io
|
|
* k8s.io
|
|
|
|
Selectors
|
|
---------
|
|
|
|
* use labels
|
|
* filter/select objects
|
|
|
|
Types:
|
|
|
|
* matchLabels: =, ==, !=
|
|
* matchExpressions: exists, in, notin
|
|
|
|
Commands
|
|
--------
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get pod \
|
|
--show-labels \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get pod \
|
|
-l app=my-app,version=1.0 \
|
|
-n my-namespace
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get pod \
|
|
-l app=my-app,version in (1.0,1.1,1.2) \
|
|
-n my-namespace
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: my-pod
|
|
labels:
|
|
app: my-app
|
|
version: 1.0
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
|
|
.. code:: yaml
|
|
|
|
apiVersion: v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: my-deployment
|
|
labels:
|
|
app: my-app
|
|
spec:
|
|
containers:
|
|
- name: my-container
|
|
image: my-image
|
|
selector:
|
|
matchLabels:
|
|
app: my-app
|
|
matchExpressions:
|
|
- {key: version, operator: In, values: ["1.0","1.1","1.2"]}
|
|
|
|
kubectl
|
|
=======
|
|
|
|
* kubectl version = api-server version ± 0.1
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
get namespace \
|
|
-o 'custom-columns="NAME":".metadata.name"' \
|
|
--no-headers
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
-n my-namespace \
|
|
get pod \
|
|
--sort-by '.status.phase'
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
-n my-namespace \
|
|
get pod \
|
|
--watch
|
|
|
|
.. code:: shell
|
|
|
|
kubectl \
|
|
-n my-namespace \
|
|
exec my-pod \
|
|
-it -- \
|
|
ls
|
|
|
|
.. code:: shell
|
|
|
|
kubectl config use-context my-cluster
|
|
kubectx my-cluster
|
|
|
|
.. code:: shell
|
|
|
|
kubectl config set-context --current --namespace my-namespace
|
|
kubens my-namespace
|
|
|