| 知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
kubectl是Kubernetes的命令行管理工具
kubectl controls the Kubernetes cluster manager. Find more information at: https://kubernetes.io/docs/reference/kubectl/overview/ Basic Commands (Beginner): create Create a resource from a file or from stdin. expose Take a replication controller, service, deployment or pod and expose it as a new Kubernetes Service run Run a particular image on the cluster set Set specific features on objects Basic Commands (Intermediate): explain Documentation of resources get Display one or many resources edit Edit a resource on the server delete Delete resources by filenames, stdin, resources and names, or by resources and label selector Deploy Commands: rollout Manage the rollout of a resource scale Set a new size for a Deployment, ReplicaSet, Replication Controller, or Job autoscale Auto-scale a Deployment, ReplicaSet, or ReplicationController Cluster Management Commands: certificate Modify certificate resources. cluster-info Display cluster info top Display Resource (CPU/Memory/Storage) usage. cordon Mark node as unschedulable uncordon Mark node as schedulable drain Drain node in preparation for maintenance taint Update the taints on one or more nodes Troubleshooting and Debugging Commands: describe Show details of a specific resource or group of resources logs Print the logs for a container in a pod attach Attach to a running container exec Execute a command in a container port-forward Forward one or more local ports to a pod proxy Run a proxy to the Kubernetes API server cp Copy files and directories to and from containers. auth Inspect authorization Advanced Commands: diff Diff live version against would-be applied version apply Apply a configuration to a resource by filename or stdin patch Update field(s) of a resource using strategic merge patch replace Replace a resource by filename or stdin wait Experimental: Wait for a specific condition on one or many resources. convert Convert config files between different API versions Settings Commands: label Update the labels on a resource annotate Update the annotations on a resource completion Output shell completion code for the specified shell (bash or zsh) Other Commands: api-resources Print the supported API resources on the server api-versions Print the supported API versions on the server, in the form of "group/version" config Modify kubeconfig files plugin Provides utilities for interacting with plugins. version Print the client and server version information Usage: kubectl [flags] [options] Use "kubectl <command> --help" for more information about a given command. Use "kubectl options" for a list of global command-line options (applies to all commands).
docker run 命令
$ docker run -d --restart=always -e DOMAIN=cluster --name nginx -p 80:80 nginx
kubectl 命令
$ kubectl run --image=nginx nginx-app --port=80 --env="DOMAIN=cluster" $ kubectl expose deployment nginx-app --port=80 --name=nginx-http
docker exec 命令
$ docker run -t -i ubuntu:14.10 /bin/bash
kubectl 命令
$ kubectl exec -ti nginx-app-5jyvm -- /bin/sh
docker ps 命令
$ docker ps
kubectl 命令
$ kubectl get pods NAME READY STATUS RESTARTS AGE mongodba-6d5d6ddf64-jw4fv 1/1 Running 0 16h # kubectl exec -it mongodba-6d5d6ddf64-jw4fv bash
iMac:springboot neo$ kubectl api-versions admissionregistration.k8s.io/v1 admissionregistration.k8s.io/v1beta1 apiextensions.k8s.io/v1 apiextensions.k8s.io/v1beta1 apiregistration.k8s.io/v1 apiregistration.k8s.io/v1beta1 apps/v1 authentication.k8s.io/v1 authentication.k8s.io/v1beta1 authorization.k8s.io/v1 authorization.k8s.io/v1beta1 autoscaling/v1 autoscaling/v2beta1 autoscaling/v2beta2 batch/v1 batch/v1beta1 certificates.k8s.io/v1 certificates.k8s.io/v1beta1 coordination.k8s.io/v1 coordination.k8s.io/v1beta1 discovery.k8s.io/v1beta1 events.k8s.io/v1 events.k8s.io/v1beta1 extensions/v1beta1 networking.k8s.io/v1 networking.k8s.io/v1beta1 node.k8s.io/v1beta1 policy/v1beta1 rbac.authorization.k8s.io/v1 rbac.authorization.k8s.io/v1beta1 scheduling.k8s.io/v1 scheduling.k8s.io/v1beta1 storage.k8s.io/v1 storage.k8s.io/v1beta1 v1
[root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION minikube Ready master 23m v1.13.2
[root@localhost ~]# kubectl get nodes NAME STATUS ROLES AGE VERSION minikube Ready master 119m v1.13.2
iMac:~ neo$ kubectl get node NAME STATUS ROLES AGE VERSION minikube Ready master 42h v1.19.0 iMac:~ neo$ kubectl get node -o wide NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME minikube Ready master 42h v1.19.0 192.168.64.2 <none> Buildroot 2019.02.11 4.19.114 docker://19.3.12
[root@localhost ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
controller-manager Healthy ok
scheduler Healthy ok
etcd-0 Healthy {"health": "true"}
[root@localhost ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority: /root/.minikube/ca.crt
server: https://172.16.0.121:8443
name: minikube
contexts:
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: minikube
user:
client-certificate: /root/.minikube/client.crt
client-key: /root/.minikube/client.key
iMac:~ neo$ kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://kubernetes.docker.internal:6443
name: docker-desktop
- cluster:
certificate-authority: /Users/neo/.minikube/ca.crt
server: https://192.168.64.2:8443
name: minikube
contexts:
- context:
cluster: docker-desktop
user: docker-desktop
name: docker-desktop
- context:
cluster: minikube
user: minikube
name: minikube
current-context: minikube
kind: Config
preferences: {}
users:
- name: docker-desktop
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
- name: minikube
user:
client-certificate: /Users/neo/.minikube/profiles/minikube/client.crt
client-key: /Users/neo/.minikube/profiles/minikube/client.key
[root@localhost ~]# kubectl cluster-info Kubernetes master is running at https://172.16.0.121:8443 KubeDNS is running at https://172.16.0.121:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
label 用於識別對象,管理關聯關係等目的,如Pod、Service、Deployment、Node的關聯。
kubectl label nodes <node-name> <label-key>=<label-value>
kubectl get pod <pod-name> -o wide kubectl get pods --all-namespaces
[root@localhost ~]# kubectl get pods --all-namespaces NAMESPACE NAME READY STATUS RESTARTS AGE default hello-minikube-5c856cbf98-6vfvp 1/1 Running 1 4d18h kube-system coredns-86c58d9df4-2rfqf 1/1 Running 51 4d18h kube-system coredns-86c58d9df4-wkb7l 1/1 Running 49 4d18h kube-system etcd-minikube 1/1 Running 12 4d18h kube-system kube-addon-manager-minikube 1/1 Running 11 4d18h kube-system kube-apiserver-minikube 1/1 Running 74 4d18h kube-system kube-controller-manager-minikube 1/1 Running 31 4d18h kube-system kube-proxy-brrdd 1/1 Running 1 4d18h kube-system kube-scheduler-minikube 1/1 Running 31 4d18h kube-system kubernetes-dashboard-ccc79bfc9-dxcq2 1/1 Running 7 4d17h kube-system storage-provisioner 1/1 Running 2 4d18h
iMac:~ neo$ kubectl get pods --output=wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES registry-65854b565b-bkhvq 0/1 ImagePullBackOff 0 18m 172.17.0.4 minikube <none> <none>
查看pod標籤
kubectl get pods --show-labels
查看指定標籤的pod
kubectl get pods -l run=nginx
iMac:kubernetes neo$ kubectl run registry --image=registry:latest
kubectl run busybox --image=busybox --command -- ping www.netkiller.cn
kubectl run nginx --replicas=3 --labels="app=example" --image=nginx:latest --port=80
kubectl run busybox --rm=true --image=busybox --restart=Never -it
[root@localhost ~]# kubectl get pod NAME READY STATUS RESTARTS AGE hello-minikube-5c856cbf98-6vfvp 1/1 Running 0 6m59s
指定命名空間
[root@localhost ~]# kubectl get pod --namespace=kube-system NAME READY STATUS RESTARTS AGE coredns-86c58d9df4-2rfqf 1/1 Running 0 40m coredns-86c58d9df4-wkb7l 1/1 Running 0 40m etcd-minikube 1/1 Running 0 40m kube-addon-manager-minikube 1/1 Running 0 41m kube-apiserver-minikube 1/1 Running 2 40m kube-controller-manager-minikube 1/1 Running 6 40m kube-proxy-brrdd 1/1 Running 0 40m kube-scheduler-minikube 1/1 Running 5 41m kubernetes-dashboard-ccc79bfc9-dxcq2 1/1 Running 5 16m storage-provisioner 1/1 Running 0 39m
kubectl describe pod <pod-name>
iMac:~ neo$ kubectl describe pod springboot
Name: springboot
Namespace: default
Priority: 0
Node: minikube/192.168.64.2
Start Time: Mon, 21 Sep 2020 16:17:03 +0800
Labels: run=springboot
Annotations: <none>
Status: Pending
IP:
IPs: <none>
Containers:
springboot:
Container ID:
Image: 127.0.0.1:5000/netkiller/config:latest
Image ID:
Port: 8888/TCP
Host Port: 0/TCP
State: Waiting
Reason: ContainerCreating
Ready: False
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-fhfn8 (ro)
Conditions:
Type Status
Initialized True
Ready False
ContainersReady False
PodScheduled True
Volumes:
default-token-fhfn8:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-fhfn8
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 80s default-scheduler Successfully assigned default/springboot to minikube
Normal Pulling 79s kubelet Pulling image "127.0.0.1:5000/netkiller/config:latest"
其目的是分配 pod 在集群間的調度,Taint 和 toleration 相互配合,可以用來避免 pod 被分配到某個節點上。這跟節點親和性作用相反。
給 node 節點設置 label,通過給 pod 設置 nodeSelector 將 pod 調度到匹配標籤的節點上。
如果設置 toleration 應用於 pod 上,則表示 pod 可以被調度到 taint 的節點上。
設置污點: kubectl taint node [node] key=value:[effect]
effect 參數
在 shenzhen 節點上設置Taint,鍵為key,值為value,effect是NoSchedule。
kubectl taint nodes shenzhen key=value:NoSchedule
這意味着除非pod只有明確聲明toleration可以容忍這個Taint,否則就不會被調度到該節點。
apiVersion: v1
kind: Pod
metadata:
name: pod-taints
spec:
tolerations:
- key: "key"
operator: "Equal"
value: "value"
effect: "NoSchedule"
containers:
- name: pod-taints
image: busybox:latest
key 存在即可匹配
spec:
tolerations:
- key: "key"
operator: "Exists"
effect: "NoSchedule"
key 必須存在,並且值等 value
spec:
tolerations:
- key: "key"
operator: "Equal"
value: "value"
effect: "NoSchedule"
在pod上設置多個toleration:
spec:
tolerations:
- key: "key1"
operator: "Equal"
value: "value1"
effect: "NoSchedule"
- key: "key2"
operator: "Equal"
value: "value2"
effect: "NoExecute"
如果給node加上Taint effect=NoExecute的,該節點上的沒有設置toleration的pod都會被立刻驅逐,設置 tolerationSeconds 後會給 Pod 一個寬限期。
spec:
tolerations:
- key: "key"
operator: "Equal"
value: "value"
effect: "NoSchedule"
tolerationSeconds: 3600
kubectl expose deployment nginx --port=88 --target-port=80 --type=NodePort --name=nginx-service kubectl describe service nginx-service
將服務暴露出去,在服務前面加一個負載均衡,因為pod可能分佈在不同的結點上。 –port:暴露出去的連接埠 –type=NodePort:使用結點+連接埠方式訪問服務 –target-port:容器的連接埠 –name:創建service指定的名稱
kubectl expose deployment nginx --port=80 --target-port=8080 --type=NodePort kubectl expose deployment nginx --port=80 --target-port=8080 --type=LoadBalancer
[root@localhost ~]# kubectl get service NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE hello-minikube NodePort 10.109.33.86 <none> 8080:30436/TCP 134m kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 147m
排序
iMac:kubernetes neo$ kubectl get services --sort-by=.metadata.name NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE kubernetes ClusterIP 10.96.0.1 <none> 443/TCP 121m my-service ClusterIP 10.106.157.143 <none> 80/TCP,443/TCP 9m43s
iMac:kubernetes neo$ kubectl describe service/registry Name: registry Namespace: default Labels: app=registry Annotations: <none> Selector: app=registry Type: NodePort IP: 10.10.0.188 Port: registry 5000/TCP TargetPort: 5000/TCP NodePort: registry 32050/TCP Endpoints: 172.17.0.6:5000 Session Affinity: None External Traffic Policy: Cluster Events: <none>
語法
$ kubectl create service clusterip NAME [--tcp=<port>:<targetPort>] [--dry-run]
演示
kubectl create service clusterip my-service --tcp=5678:8080
headless 模式
kubectl create service clusterip my-service --clusterip="None"
語法
$ kubectl create service externalname NAME --external-name external.name [--dry-run]
演示
kubectl create service externalname my-externalname --external-name bar.com
語法
$ kubectl create service loadbalancer NAME [--tcp=port:targetPort] [--dry-run]
演示
kubectl create service loadbalancer my-lb --tcp=5678:8080
語法
$ kubectl create service nodeport NAME [--tcp=port:targetPort] [--dry-run]
演示
kubectl create service nodeport my-nodeport --tcp=5678:8080
kubectl create -f https://raw.githubusercontent.com/kubernetes/dashboard/master/src/deploy/recommended/kubernetes-dashboard.yaml kubectl get pods --namespace=kube-system
kubectl scale -n default deployment nginx --replicas=1 kubectl scale deployment springbootdemo --replicas=4 kubectl scale deployment nginx --replicas=10
進入容器內部.
$ kubectl get pods NAME READY STATUS RESTARTS AGE mongodba-6d5d6ddf64-jw4fv 1/1 Running 0 16h $ kubectl exec -it mongodba-6d5d6ddf64-jw4fv bash
kubectl run busybox --image=busybox:latest iMac:kubernetes neo$ kubectl exec -it busybox -- nslookup www.netkiller.cn Server: 10.10.0.10 Address: 10.10.0.10:53 Non-authoritative answer: www.netkiller.cn canonical name = netkiller.github.io Name: netkiller.github.io Address: 185.199.110.153 Name: netkiller.github.io Address: 185.199.108.153 Name: netkiller.github.io Address: 185.199.111.153 Name: netkiller.github.io Address: 185.199.109.153 *** Can't find www.netkiller.cn: No answer
查看發佈歷史
kubectl rollout history deployment/nginx
指定版本號
kubectl rollout history deployment/nginx --revision=3
查看部署狀態
kubectl rollout status deployment/nginx
回滾到上一個版本
kubectl rollout undo deployment/nginx-deployment
回滾到指定版本
kubectl rollout undo deployment/nginx-deployment --to-revision=3
$ cat <<EOF | kubectl create -f - apiVersion: v1 kind: Secret metadata: name: mysecret type: Opaque data: password: $(echo "passw0rd" | base64) username: $(echo "neo" | base64) EOF
kubectl create secret docker-registry docker-hub \ --docker-server=https://index.docker.io/v1/ \ --docker-username=netkiller \ --docker-password=password \ --docker-email=netkiller@msn.com
iMac:spring neo$ kubectl get secret NAME TYPE DATA AGE default-token-fhfn8 kubernetes.io/service-account-token 3 2d23h docker-hub kubernetes.io/dockerconfigjson 1 15s
apiVersion: apps/v1
kind: Deployment
metadata:
name: springboot
spec:
replicas: 3
selector:
matchLabels:
app: springboot
template:
metadata:
labels:
app: springboot
spec:
containers:
- name: springboot
image: netkiller/config:latest
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8888
imagePullSecrets:
- name: docker-hub
kubectl delete -n default secret docker-hub
# 證書生成 mkdir cert && cd cert # 生成 CA 自簽證書 openssl genrsa -out ca-key.pem 2048 openssl req -x509 -new -nodes -key ca-key.pem -days 10000 -out ca.pem -subj "/CN=kube-ca" # 編輯 openssl 配置 cp /etc/pki/tls/openssl.cnf . vim openssl.cnf [req] req_extensions = v3_req # 註釋刪掉 # 新增下面配置是 [ v3_req ] basicConstraints = CA:FALSE keyUsage = nonRepudiation, digitalSignature, keyEncipherment subjectAltName = @alt_names [alt_names] DNS.1 = ns.netkiller.cn # 生成證書 openssl genrsa -out ingress-key.pem 2048 openssl req -new -key ingress-key.pem -out ingress.csr -subj "/CN=www.netkiller.cn" -config openssl.cnf openssl x509 -req -in ingress.csr -CA ca.pem -CAkey ca-key.pem -CAcreateserial -out ingress.pem -days 365 -extensions v3_req -extfile openssl.cnf
kubectl create secret tls ingress-secret --namespace=kube-system --key cert/ingress-key.pem --cert cert/ingress.pem
ConfigMap 用於保存配置數據的鍵值,也可以用來保存配置檔案。
從key-value字元串創建ConfigMap
neo@MacBook-Pro-Neo ~ % kubectl create configmap config --from-literal=nickname=netkiller configmap/config created
neo@MacBook-Pro-Neo ~ % kubectl get configmap config -o go-template='{{.data}}'
map[nickname:netkiller]
創建多個KV對
neo@MacBook-Pro-Neo ~ % kubectl create configmap user --from-literal=username=neo --from-literal=nickname=netkiller --from-literal=age=35
configmap/user created
neo@MacBook-Pro-Neo ~ % kubectl get configmap user -o go-template='{{.data}}'
map[age:35 nickname:netkiller username:neo]%
neo@MacBook-Pro-Neo ~ % kubectl create configmap db-config --from-literal=db.host=172.16.0.10 --from-literal=db.port='3306' configmap/db-config created neo@MacBook-Pro-Neo ~ % kubectl describe configmap db-config Name: db-config Namespace: default Labels: <none> Annotations: <none> Data ==== db.port: ---- 3306 db.host: ---- 172.16.0.10 Events: <none>
neo@MacBook-Pro-Neo ~ % kubectl create configmap passwd --from-file=/etc/passwd configmap/passwd created neo@MacBook-Pro-Neo ~ % kubectl describe configmap passwd Name: passwd Namespace: default Labels: <none> Annotations: <none> Data ==== passwd: ---- ## # User Database # # Note that this file is consulted directly only when the system is running # in single-user mode. At other times this information is provided by # Open Directory. # # See the opendirectoryd(8) man page for additional information about # Open Directory. ## nobody:*:-2:-2:Unprivileged User:/var/empty:/usr/bin/false root:*:0:0:System Administrator:/var/root:/bin/sh daemon:*:1:1:System Services:/var/root:/usr/bin/false _uucp:*:4:4:Unix to Unix Copy Protocol:/var/spool/uucp:/usr/sbin/uucico _taskgated:*:13:13:Task Gate Daemon:/var/empty:/usr/bin/false _networkd:*:24:24:Network Services:/var/networkd:/usr/bin/false _installassistant:*:25:25:Install Assistant:/var/empty:/usr/bin/false _lp:*:26:26:Printing Services:/var/spool/cups:/usr/bin/false _postfix:*:27:27:Postfix Mail Server:/var/spool/postfix:/usr/bin/false _scsd:*:31:31:Service Configuration Service:/var/empty:/usr/bin/false _ces:*:32:32:Certificate Enrollment Service:/var/empty:/usr/bin/false _appstore:*:33:33:Mac App Store Service:/var/db/appstore:/usr/bin/false _mcxalr:*:54:54:MCX AppLaunch:/var/empty:/usr/bin/false _appleevents:*:55:55:AppleEvents Daemon:/var/empty:/usr/bin/false _geod:*:56:56:Geo Services Daemon:/var/db/geod:/usr/bin/false _devdocs:*:59:59:Developer Documentation:/var/empty:/usr/bin/false _sandbox:*:60:60:Seatbelt:/var/empty:/usr/bin/false _mdnsresponder:*:65:65:mDNSResponder:/var/empty:/usr/bin/false _ard:*:67:67:Apple Remote Desktop:/var/empty:/usr/bin/false _www:*:70:70:World Wide Web Server:/Library/WebServer:/usr/bin/false _eppc:*:71:71:Apple Events User:/var/empty:/usr/bin/false _cvs:*:72:72:CVS Server:/var/empty:/usr/bin/false _svn:*:73:73:SVN Server:/var/empty:/usr/bin/false _mysql:*:74:74:MySQL Server:/var/empty:/usr/bin/false _sshd:*:75:75:sshd Privilege separation:/var/empty:/usr/bin/false _qtss:*:76:76:QuickTime Streaming Server:/var/empty:/usr/bin/false _cyrus:*:77:6:Cyrus Administrator:/var/imap:/usr/bin/false _mailman:*:78:78:Mailman List Server:/var/empty:/usr/bin/false _appserver:*:79:79:Application Server:/var/empty:/usr/bin/false _clamav:*:82:82:ClamAV Daemon:/var/virusmails:/usr/bin/false _amavisd:*:83:83:AMaViS Daemon:/var/virusmails:/usr/bin/false _jabber:*:84:84:Jabber XMPP Server:/var/empty:/usr/bin/false _appowner:*:87:87:Application Owner:/var/empty:/usr/bin/false _windowserver:*:88:88:WindowServer:/var/empty:/usr/bin/false _spotlight:*:89:89:Spotlight:/var/empty:/usr/bin/false _tokend:*:91:91:Token Daemon:/var/empty:/usr/bin/false _securityagent:*:92:92:SecurityAgent:/var/db/securityagent:/usr/bin/false _calendar:*:93:93:Calendar:/var/empty:/usr/bin/false _teamsserver:*:94:94:TeamsServer:/var/teamsserver:/usr/bin/false _update_sharing:*:95:-2:Update Sharing:/var/empty:/usr/bin/false _installer:*:96:-2:Installer:/var/empty:/usr/bin/false _atsserver:*:97:97:ATS Server:/var/empty:/usr/bin/false _ftp:*:98:-2:FTP Daemon:/var/empty:/usr/bin/false _unknown:*:99:99:Unknown User:/var/empty:/usr/bin/false _softwareupdate:*:200:200:Software Update Service:/var/db/softwareupdate:/usr/bin/false _coreaudiod:*:202:202:Core Audio Daemon:/var/empty:/usr/bin/false _screensaver:*:203:203:Screensaver:/var/empty:/usr/bin/false _locationd:*:205:205:Location Daemon:/var/db/locationd:/usr/bin/false _trustevaluationagent:*:208:208:Trust Evaluation Agent:/var/empty:/usr/bin/false _timezone:*:210:210:AutoTimeZoneDaemon:/var/empty:/usr/bin/false _lda:*:211:211:Local Delivery Agent:/var/empty:/usr/bin/false _cvmsroot:*:212:212:CVMS Root:/var/empty:/usr/bin/false _usbmuxd:*:213:213:iPhone OS Device Helper:/var/db/lockdown:/usr/bin/false _dovecot:*:214:6:Dovecot Administrator:/var/empty:/usr/bin/false _dpaudio:*:215:215:DP Audio:/var/empty:/usr/bin/false _postgres:*:216:216:PostgreSQL Server:/var/empty:/usr/bin/false _krbtgt:*:217:-2:Kerberos Ticket Granting Ticket:/var/empty:/usr/bin/false _kadmin_admin:*:218:-2:Kerberos Admin Service:/var/empty:/usr/bin/false _kadmin_changepw:*:219:-2:Kerberos Change Password Service:/var/empty:/usr/bin/false _devicemgr:*:220:220:Device Management Server:/var/empty:/usr/bin/false _webauthserver:*:221:221:Web Auth Server:/var/empty:/usr/bin/false _netbios:*:222:222:NetBIOS:/var/empty:/usr/bin/false _warmd:*:224:224:Warm Daemon:/var/empty:/usr/bin/false _dovenull:*:227:227:Dovecot Authentication:/var/empty:/usr/bin/false _netstatistics:*:228:228:Network Statistics Daemon:/var/empty:/usr/bin/false _avbdeviced:*:229:-2:Ethernet AVB Device Daemon:/var/empty:/usr/bin/false _krb_krbtgt:*:230:-2:Open Directory Kerberos Ticket Granting Ticket:/var/empty:/usr/bin/false _krb_kadmin:*:231:-2:Open Directory Kerberos Admin Service:/var/empty:/usr/bin/false _krb_changepw:*:232:-2:Open Directory Kerberos Change Password Service:/var/empty:/usr/bin/false _krb_kerberos:*:233:-2:Open Directory Kerberos:/var/empty:/usr/bin/false _krb_anonymous:*:234:-2:Open Directory Kerberos Anonymous:/var/empty:/usr/bin/false _assetcache:*:235:235:Asset Cache Service:/var/empty:/usr/bin/false _coremediaiod:*:236:236:Core Media IO Daemon:/var/empty:/usr/bin/false _launchservicesd:*:239:239:_launchservicesd:/var/empty:/usr/bin/false _iconservices:*:240:240:IconServices:/var/empty:/usr/bin/false _distnote:*:241:241:DistNote:/var/empty:/usr/bin/false _nsurlsessiond:*:242:242:NSURLSession Daemon:/var/db/nsurlsessiond:/usr/bin/false _displaypolicyd:*:244:244:Display Policy Daemon:/var/empty:/usr/bin/false _astris:*:245:245:Astris Services:/var/db/astris:/usr/bin/false _krbfast:*:246:-2:Kerberos FAST Account:/var/empty:/usr/bin/false _gamecontrollerd:*:247:247:Game Controller Daemon:/var/empty:/usr/bin/false _mbsetupuser:*:248:248:Setup User:/var/setup:/bin/bash _ondemand:*:249:249:On Demand Resource Daemon:/var/db/ondemand:/usr/bin/false _xserverdocs:*:251:251:macOS Server Documents Service:/var/empty:/usr/bin/false _wwwproxy:*:252:252:WWW Proxy:/var/empty:/usr/bin/false _mobileasset:*:253:253:MobileAsset User:/var/ma:/usr/bin/false _findmydevice:*:254:254:Find My Device Daemon:/var/db/findmydevice:/usr/bin/false _datadetectors:*:257:257:DataDetectors:/var/db/datadetectors:/usr/bin/false _captiveagent:*:258:258:captiveagent:/var/empty:/usr/bin/false _ctkd:*:259:259:ctkd Account:/var/empty:/usr/bin/false _applepay:*:260:260:applepay Account:/var/db/applepay:/usr/bin/false _hidd:*:261:261:HID Service User:/var/db/hidd:/usr/bin/false _cmiodalassistants:*:262:262:CoreMedia IO Assistants User:/var/db/cmiodalassistants:/usr/bin/false _analyticsd:*:263:263:Analytics Daemon:/var/db/analyticsd:/usr/bin/false _fpsd:*:265:265:FPS Daemon:/var/db/fpsd:/usr/bin/false _timed:*:266:266:Time Sync Daemon:/var/db/timed:/usr/bin/false _nearbyd:*:268:268:Proximity and Ranging Daemon:/var/db/nearbyd:/usr/bin/false _reportmemoryexception:*:269:269:ReportMemoryException:/var/db/reportmemoryexception:/usr/bin/false _driverkit:*:270:270:DriverKit:/var/empty:/usr/bin/false _diskimagesiod:*:271:271:DiskImages IO Daemon:/var/db/diskimagesiod:/usr/bin/false _logd:*:272:272:Log Daemon:/var/db/diagnostics:/usr/bin/false _appinstalld:*:273:273:App Install Daemon:/var/db/appinstalld:/usr/bin/false _installcoordinationd:*:274:274:Install Coordination Daemon:/var/db/installcoordinationd:/usr/bin/false _demod:*:275:275:Demo Daemon:/var/empty:/usr/bin/false _rmd:*:277:277:Remote Management Daemon:/var/db/rmd:/usr/bin/false _fud:*:278:278:Firmware Update Daemon:/var/db/fud:/usr/bin/false _knowledgegraphd:*:279:279:Knowledge Graph Daemon:/var/db/knowledgegraphd:/usr/bin/false _coreml:*:280:280:CoreML Services:/var/empty:/usr/bin/false _oahd:*:441:441:OAH Daemon:/var/empty:/usr/bin/false Events: <none>
處理多個檔案
neo@MacBook-Pro-Neo ~ % kubectl create configmap apache-httpd --from-file=/etc/apache2/httpd.conf --from-file=/etc/apache2/extra/httpd-vhosts.conf configmap/apache-httpd created
處理目錄內的所有檔案
neo@MacBook-Pro-Neo ~ % kubectl create configmap apache-httpd-users --from-file=/etc/apache2/users configmap/apache-httpd-users created
cat <<EOF > /tmp/test.env username=neo nickname=netkiller age=38 sex=Y EOF
neo@MacBook-Pro-Neo ~ % cat <<EOF > /tmp/test.env username=neo nickname=netkiller age=38 sex=Y EOF neo@MacBook-Pro-Neo ~ % cat /tmp/test.env username=neo nickname=netkiller age=38 sex=Y neo@MacBook-Pro-Neo ~ % kubectl create configmap env-config --from-env-file=/tmp/test.env configmap/env-config created
neo@MacBook-Pro-Neo ~ % kubectl get configmap NAME DATA AGE config 1 52s
neo@MacBook-Pro-Neo ~ % kubectl describe configmap config Name: config Namespace: default Labels: <none> Annotations: <none> Data ==== nickname: ---- netkiller Events: <none>
neo@MacBook-Pro-Neo ~ % kubectl get configmap config -o yaml
apiVersion: v1
data:
nickname: netkiller
kind: ConfigMap
metadata:
creationTimestamp: "2020-10-02T05:05:59Z"
managedFields:
- apiVersion: v1
fieldsType: FieldsV1
fieldsV1:
f:data:
.: {}
f:nickname: {}
manager: kubectl-create
operation: Update
time: "2020-10-02T05:05:59Z"
name: config
namespace: default
resourceVersion: "18065"
selfLink: /api/v1/namespaces/default/configmaps/config
uid: 35381fa6-681b-417a-afc1-f45fdff5406d
neo@MacBook-Pro-Neo ~ % kubectl get configmap user -o json
{
"apiVersion": "v1",
"data": {
"age": "35",
"nickname": "netkiller",
"username": "neo"
},
"kind": "ConfigMap",
"metadata": {
"creationTimestamp": "2020-10-02T05:13:09Z",
"managedFields": [
{
"apiVersion": "v1",
"fieldsType": "FieldsV1",
"fieldsV1": {
"f:data": {
".": {},
"f:age": {},
"f:nickname": {},
"f:username": {}
}
},
"manager": "kubectl-create",
"operation": "Update",
"time": "2020-10-02T05:13:09Z"
}
],
"name": "user",
"namespace": "default",
"resourceVersion": "18381",
"selfLink": "/api/v1/namespaces/default/configmaps/user",
"uid": "51e3aa61-21cf-4ed1-871c-ac7119aec7a1"
}
}
iMac:kubernetes neo$ kubectl explain ingress
KIND: Ingress
VERSION: extensions/v1beta1
DESCRIPTION:
Ingress is a collection of rules that allow inbound connections to reach
the endpoints defined by a backend. An Ingress can be configured to give
services externally-reachable urls, load balance traffic, terminate SSL,
offer name based virtual hosting etc. DEPRECATED - This group version of
Ingress is deprecated by networking.k8s.io/v1beta1 Ingress. See the release
notes for more information.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <Object>
Spec is the desired state of the Ingress. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <Object>
Status is the current state of the Ingress. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
查看 ingress.spec 配置清單
iMac:kubernetes neo$ kubectl explain ingress.spec
KIND: Ingress
VERSION: extensions/v1beta1
RESOURCE: spec <Object>
DESCRIPTION:
Spec is the desired state of the Ingress. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
IngressSpec describes the Ingress the user wishes to exist.
FIELDS:
backend <Object>
A default backend capable of servicing requests that don't match any rule.
At least one of 'backend' or 'rules' must be specified. This field is
optional to allow the loadbalancer controller or defaulting logic to
specify a global default.
ingressClassName <string>
IngressClassName is the name of the IngressClass cluster resource. The
associated IngressClass defines which controller will implement the
resource. This replaces the deprecated `kubernetes.io/ingress.class`
annotation. For backwards compatibility, when that annotation is set, it
must be given precedence over this field. The controller may emit a warning
if the field and annotation have different values. Implementations of this
API should ignore Ingresses without a class specified. An IngressClass
resource may be marked as default, which can be used to set a default value
for this field. For more information, refer to the IngressClass
documentation.
rules <[]Object>
A list of host rules used to configure the Ingress. If unspecified, or no
rule matches, all traffic is sent to the default backend.
tls <[]Object>
TLS configuration. Currently the Ingress only supports a single TLS port,
443. If multiple members of this list specify different hosts, they will be
multiplexed on the same port according to the hostname specified through
the SNI TLS extension, if the ingress controller fulfilling the ingress
supports SNI.