Kubernetes 使用指南,包含常见场景和进阶技巧:
一、快速安装与配置
1. 安装 kubectl (Kubernetes CLI)
bash
# Linux
curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
chmod +x kubectl && sudo mv kubectl /usr/local/bin/
# MacOS
brew install kubectl2. 本地开发环境(Minikube/Docker Desktop)
bash
# 安装 Minikube
curl -LO https://storage.googleapis.com/minikube/releases/latest/minikube-linux-amd64
sudo install minikube-linux-amd64 /usr/local/bin/minikube
minikube start --driver=docker
# 验证集群状态
kubectl cluster-info二、核心操作示例
1. 部署首个应用
bash
kubectl create deployment nginx --image=nginx:1.23
kubectl expose deployment nginx --port=80 --type=NodePort
kubectl get services # 获取访问端口
minikube service nginx # 自动打开浏览器2. 配置文件管理
nginx-deployment.yaml
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: nginx:1.23
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "250m"
limits:
memory: "128Mi"
cpu: "500m"应用配置并验证:
bash
kubectl apply -f nginx-deployment.yaml
kubectl get pods -o wide -l app=nginx三、日常维护技巧
1. 调试命令速查
| 命令 | 用途 |
|---|---|
kubectl describe pod <name> | 查看详细事件日志 |
kubectl logs <pod> -c <container> | 查看指定容器日志 |
kubectl exec -it <pod> -- sh | 进入容器交互模式 |
kubectl top pod | 查看资源使用情况 |
kubectl get events --sort-by=.metadata.creationTimestamp | 时间排序事件 |
2. 常见问题处理
问题1:Pod 处于 Pending 状态
bash
kubectl describe pod <pod-name> # 查看失败原因(如资源不足)
kubectl get nodes -o wide # 检查节点资源状态问题2:镜像拉取失败
bash
kubectl describe pod <pod-name> | grep "Failed" # 检查镜像名称或凭证错误四、进阶配置
1. 自动扩缩容(HPA)
bash
# 前提:安装 Metrics Server
kubectl apply -f https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml
# 设置CPU自动扩缩容
kubectl autoscale deployment nginx --cpu-percent=50 --min=2 --max=10
kubectl get hpa # 查看扩缩容状态2. Helm 包管理
bash
# 安装 Helm
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
# 安装常用 Chart(如 Redis)
helm repo add bitnami https://charts.bitnami.com/bitnami
helm install my-redis bitnami/redis五、监控与日志
1. 部署监控套件(Prometheus + Grafana)
bash
helm repo add prometheus-community https://prometheus-community.github.io/helm-charts
helm install prometheus prometheus-community/kube-prometheus-stack2. 日志收集(EFK Stack)
bash
# 使用 Elasticsearch、Fluentd、Kibana
kubectl apply -f https://raw.githubusercontent.com/fluent/fluentd-kubernetes-daemonset/master/fluentd-daemonset-elasticsearch-rbac.yaml六、安全加固
1. 基于角色的访问控制(RBAC)
rbac-demo.yaml
yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dev-user
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
rules:
- apiGroups: [ "" ]
resources: [ "pods" ]
verbs: [ "get", "watch", "list" ]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: dev-user-access
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: dev-user
subjects:
- kind: ServiceAccount
name: dev-user2. 安全上下文配置
yaml
apiVersion: v1
kind: Pod
metadata:
name: security-context-demo
spec:
securityContext:
runAsUser: 1000
runAsGroup: 3000
fsGroup: 2000
containers:
- name: sec-ctx-demo
image: busybox
command: [ "sh", "-c", "sleep 1h" ]
securityContext:
allowPrivilegeEscalation: false通过以上内容,可以系统掌握 Kubernetes 的部署、维护与调优。建议通过实际项目练习,逐步深入理解各项功能。