通过命令学习k8s

1、kubectl 命令可以列出所有命令

2、kubectl version 命令可以查看版本号

3、kubectl cluster-info命令可以查看集群信息（192.168.218.136:6443 即为kube-apiserver的IP和端口。）
[root@k8s-master ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.218.136:6443
KubeDNS is running at https://192.168.218.136:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.

4、也可以通过 用户主目录下的.kube/config文件查看集群信息
用户主目录下的.kube/config
[root@k8s-master ~]# cat .kube/config
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FUR...0VSVElGSUNBVEUtLS0tLQo=
    server: https://192.168.218.136:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1J....BVEUtLS0tLQo=
    client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS...QVRFIEtFWS0tLS0tCg==

5、还可以通过config view命令查看配置
[root@k8s-master ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
    certificate-authority-data: DATA+OMITTED
    server: https://192.168.218.136:6443
  name: kubernetes
contexts:
- context:
    cluster: kubernetes
    user: kubernetes-admin
  name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
  user:
    client-certificate-data: REDACTED
    client-key-data: REDACTED

  ---然后可以通过curl访问 api server api接口。 也可以使用 10中的proxy访问api接口。
  curl -k https://192.168.218.136:6443 --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt --key /etc/kubernetes/pki/apiserver-kubelet-client.key

6、通过kubectl get node 查看节点信息
7、可通过kubectl get ns 拆开所有命名空间
8、通过kubectl get pod -A 查看所有命名空间下的pod
9、通过kubectl get svc-A 查看所有命名空间下的svc
10、kubectl proxy 命令开启代理
[root@k8s-master ~]# kubectl proxy --port=8080
Starting to serve on 127.0.0.1:8080
11、通过proxy http接口访问k8s
[root@k8s-master ~]# curl 127.0.0.1:8080
{
  "paths": [
    "/api",
    "/api/v1",
    "/apis",
    "/apis/",
    "/apis/apps",
    "/apis/apps/v1",
    "/apis/autoscaling",
    "/apis/autoscaling/v1",
    "/apis/autoscaling/v2beta1",
    "/apis/autoscaling/v2beta2",
    "/apis/batch",
    "/apis/batch/v1",
    "/apis/extensions",
    "/apis/extensions/v1beta1",
    "/apis/networking.k8s.io",
    "/apis/networking.k8s.io/v1",
    "/apis/networking.k8s.io/v1beta1",
    "/apis/node.k8s.io",
    "/apis/node.k8s.io/v1beta1",
    "/apis/policy",
    "/apis/policy/v1beta1",
    "/healthz",
    "/healthz/autoregister-completion",
    "/healthz/etcd",
    "/healthz/log",
    "/healthz/ping",
    "/livez",
    "/livez/autoregister-completion",
    "/livez/etcd",
    "/livez/log",
    "/livez/ping",
    "/logs",
    "/metrics",
    "/openapi/v2",
    "/readyz",
    "/readyz/autoregister-completion",
    "/readyz/etcd",
    "/readyz/log",
    "/readyz/ping",
    "/readyz/shutdown",
    "/version"
   ......

[root@k8s-master ~]# curl 127.0.0.1:8080/livez/ping
ok

[root@k8s-master ~]# curl 127.0.0.1:8080/version
{
  "major": "1",
  "minor": "18",
  "gitVersion": "v1.18.0",
  "gitCommit": "9e991415386e4cf155a24b1da15becaa390438d8",
  "gitTreeState": "clean",
  "buildDate": "2020-03-25T14:50:46Z",
  "goVersion": "go1.13.8",
  "compiler": "gc",
  "platform": "linux/amd64"
}
[root@k8s-master ~]# curl 127.0.0.1:8080/healthz
ok

[root@k8s-master ~]# curl 127.0.0.1:8080/healthz/etcd
ok

[root@k8s-master ~]# curl 127.0.0.1:8080/healthz/log
ok

[root@k8s-master ~]# curl 127.0.0.1:8080/api
{
  "kind": "APIVersions",
  "versions": [
    "v1"
  ],
  "serverAddressByClientCIDRs": [
    {
      "clientCIDR": "0.0.0.0/0",
      "serverAddress": "192.168.218.136:6443"
    }
  ]
}

[root@k8s-master ~]# curl 127.0.0.1:8080/api/v1
{
  "kind": "APIResourceList",
  "groupVersion": "v1",
  "resources": [
    {
      "name": "bindings",
      "singularName": "",
      "namespaced": true,
      "kind": "Binding",
      "verbs": [
        "create"
      ]
    },
    {
      "name": "componentstatuses",
      "singularName": "",
      "namespaced": false,
      "kind": "ComponentStatus",
      "verbs": [
        "get",
        "list"
      ],
      "shortNames": [
        "cs"
      ]
    },
 

curl 127.0.0.1:8080/api/v1/pods  --查看所有pods 
curl 127.0.0.1:8080/api/v1/namespaces/kube-system/pods/kube-scheduler-k8s-master  --查看 某个命名空间下的某个pod

20、kubelet，kube-scheduler-k8s-master、kube-controller-manager-k8s-master、kube-proxy-s8v4t 是如何找到 知道kubeapiserver的接口地址的呢？
他们都挂载了自己的配置文件，在 /etc/kubernetes/ 目录下。
其中 admin.conf 会被拷贝到 用户家目录下的 .kube/config 文件中。

即cp /etc/kubernetes/admin.conf ~/.kube/config
[root@k8s-master ~]# ll /etc/kubernetes/
-rw------- 1 root root 5451 7月  28 19:38 admin.conf
-rw------- 1 root root 5491 7月  28 19:38 controller-manager.conf
-rw------- 1 root root 1879 7月  28 19:38 kubelet.conf
drwxr-xr-x 2 root root  113 7月  28 19:38 manifests
drwxr-xr-x 3 root root 4096 7月  28 19:38 pki
-rw------- 1 root root 5439 7月  28 19:38 scheduler.conf

另外，证书文件都放在pki目录下。

21、kubeapiserver 也可以开启http端口，这样就不需要证书了。
22、查看日志
kubectl logs kube-scheduler-k8s-master  -n kube-system
kubectl logs kube-scheduler-k8s-master -c kube-scheduler -n kube-system 

22、proxy的代理功能
curl http://ip:8080/api/v1/proxy/namespace/{namespace}/services/{name}  相当于访问services的url
curl http://ip:8080/api/v1/proxy/namespace/{namespace}/pods/{name}    相当于访问pod的url 

23、访问etcd数据库

登录到k8s的etcd容器中，设置下面的环境变量

export ETCDCTL_ENDPOINTS=https://127.0.0.1:2379
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/healthcheck-client.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/healthcheck-client.key
export ETCDCTL_API=3

然后就可以通过etcdctl命令访问etcd数据库了

etcdctl get  /gaofeng/name
etcdctl put /gaofeng/name  gg

etcdctl get --prefix --keys-only /

etcdctl get  /registry/services/specs/default/kubernetes