k8s 实战入门
一、Namespace(命名空间)
作用
- 实现多环境资源隔离 或多租户资源隔离
- 默认情况下所有 Pod 可互相访问,通过 Namespace 可实现逻辑隔离
- 可配合 RBAC 和 Resource Quota 实现权限和资源限制
默认命名空间
kubernetes 在集群启动之后,会默认创建几个 namespace
bash
[root@master ~]# kubectl get ns
NAME STATUS AGE
default Active 44h # 所有未指定 Namespace 的对象都会被分配在 default 命名空间
kube-node-lease Active 44h # 集群节点之间的心跳维护,v1.13开始引入
kube-public Active 44h # 此命名空间下的资源可以被所有人访问(包括未认证用户)
kube-system Active 44h # 所有由 Kubernetes 系统创建的资源都处于这个命名空间操作命令
查看所有 ns
bash
[root@master ~]# kubectl get ns
NAME STATUS AGE
default Active 44h
kube-node-lease Active 44h
kube-public Active 44h
kube-system Active 44h查看指定 ns
bash
[root@master ~]# kubectl get ns default
NAME STATUS AGE
default Active 44h指定输出格式
kubernetes支持的格式有很多,比较常见的是wide、json、yaml
bash
[root@master ~]# kubectl get ns default -o yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2025-10-28T10:02:08Z"
labels:
kubernetes.io/metadata.name: default
name: default
resourceVersion: "39"
uid: d37dd814-baca-4683-b617-eb77832e6969
spec:
finalizers:
- kubernetes
status:
phase: Active查看 ns 详情
bash
[root@master ~]# kubectl describe ns default
Name: default
Labels: kubernetes.io/metadata.name=default
Annotations: <none>
Status: Active # Active 命名空间正在使用中 Terminating 正在删除命名空间
No resource quota. # ResourceQuota 针对 namespace 做的资源限制
No LimitRange resource. # LimitRange 针对 namespace 中的每个组件做的资源限制创建 ns
bash
[root@master ~]# kubectl create ns dev
namespace/dev created删除 ns
bash
[root@master ~]# kubectl delete ns dev
namespace "dev" deleted配置方式
首先准备一个 yaml 文件
官方文档查找模板 https://kubernetes.io/
bash
[root@master ~]# vim ns-dev.yaml
yaml
apiVersion: v1
kind: Namespace
metadata:
name: dev然后就可以执行对应的创建和删除命令了
bash
[root@master ~]# kubectl create -f ns-dev.yaml
namespace/dev created
[root@master ~]# kubectl get ns
NAME STATUS AGE
default Active 44h
dev Active 16s
kube-node-lease Active 44h
kube-public Active 44h
kube-system Active 44h
bash
[root@master ~]# kubectl delete -f ns-dev.yaml
namespace "dev" deleted
[root@master ~]# kubectl get ns
NAME STATUS AGE
default Active 44h
kube-node-lease Active 44h
kube-public Active 44h
kube-system Active 44h二、Pod
概念
- Pod 是 Kubernetes 最小管理单元
- 一个 Pod 可包含一个或多个容器
- 系统组件也以 Pod 形式运行在
kube-system命名空间中
操作命令
查看某个 ns 的 pod
bash
[root@master ~]# kubectl get pod -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-9d57d8f49-88mgl 1/1 Running 2 (5h34m ago) 44h
calico-node-2vw44 1/1 Running 2 (5h34m ago) 44h
calico-node-52ms4 1/1 Running 2 (5h34m ago) 44h
calico-node-7kh9c 1/1 Running 2 (5h34m ago) 44h
coredns-6554b8b87f-mjx7v 1/1 Running 2 (5h34m ago) 44h
coredns-6554b8b87f-sz9ft 1/1 Running 2 (5h34m ago) 44h
etcd-master 1/1 Running 2 (5h34m ago) 44h
kube-apiserver-master 1/1 Running 3 (5h33m ago) 44h
kube-controller-manager-master 1/1 Running 2 (5h34m ago) 44h
kube-proxy-dww5p 1/1 Running 2 (5h34m ago) 44h
kube-proxy-lqh62 1/1 Running 2 (5h34m ago) 44h
kube-proxy-nmtph 1/1 Running 2 (5h34m ago) 44h
kube-scheduler-master 1/1 Running 2 (5h34m ago) 44h创建并运行 pod
kubernetes 没有提供单独运行 Pod 的命令,都是通过 Pod 控制器来实现的
bash
[root@master ~]# kubectl run nginx --image=nginx:latest --port=80 --namespace dev
pod/nginx created-
--image指定Pod的镜像 -
--port指定端口 -
--namespace指定namespace
查看 pod 信息
bash
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 5m57s查看 pod 详细信息
bash
[root@master ~]# kubectl describe pod nginx -n dev
Name: nginx
Namespace: dev
Priority: 0
Service Account: default
Node: node2/192.168.100.30
Start Time: Thu, 30 Oct 2025 14:37:23 +0800
Labels: run=nginx
......获取 pod ip
bash
[root@master ~]# kubectl get pods -n dev -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 6m13s 172.16.104.4 node2 <none> <none>访问 pod
bash
[root@master ~]# curl http://172.16.104.4
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>
<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>
<p><em>Thank you for using nginx.</em></p>
</body>
</html>删除 pod
bash
[root@master ~]# kubectl delete pod nginx -n dev
pod "nginx" deleted
[root@master ~]# kubectl get pod -n dev
No resources found in dev namespace.控制器管理
控制器创建
创建多个 pod
--replicas=个数
bash
[root@master ~]# kubectl create deploy nginx --image=nginx:latest --port=80 --replicas=3 -n dev
deployment.apps/nginx created查看
bash
[root@master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 80s
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx-7c79c4bf97-4cz44 1/1 Running 0 2m
nginx-7c79c4bf97-k48jj 1/1 Running 0 2m
nginx-7c79c4bf97-zxtw6 1/1 Running 0 2m删除 pod
显示删除Pod成功,但是再查询,发现又新产生了一个,这是因为当前Pod是由Pod控制器创建的,控制器会监控Pod状况,一旦发现Pod死亡,会立即重建
bash
[root@master ~]# kubectl delete pod nginx-7c79c4bf97-4cz44 -n dev
pod "nginx-7c79c4bf97-4cz44" deleted
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx-7c79c4bf97-k48jj 1/1 Running 0 5m14s
nginx-7c79c4bf97-qlzs6 1/1 Running 0 6s
nginx-7c79c4bf97-zxtw6 1/1 Running 0 5m14s
# 此时要想删除Pod,必须删除Pod控制器
[root@master ~]# kubectl delete deploy nginx -n dev
deployment.apps "nginx" deleted
[root@master ~]# kubectl get pods -n dev
No resources found in dev namespace.配置操作
创建一个 pod-nginx.yaml
bash
[root@master ~]# vim pod-nginx.yaml
yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: dev
spec:
containers:
- image: nginx:latest
name: pod
ports:
- name: nginx-port
containerPort: 80
protocol: TCP然后就可以执行对应的创建和删除命令了
bash
[root@master ~]# kubectl create -f pod-nginx.yaml
pod/nginx created
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 17s
bash
[root@master ~]# kubectl delete -f pod-nginx.yaml
pod "nginx" deleted
[root@master ~]# kubectl get pods -n dev
No resources found in dev namespace.三、Label
概念与作用
Label(标签) 是Kubernetes系统中的核心概念之一,其核心作用是为集群中的资源对象(如Pod、Node、Service等)添加可标识的键值对(key/value) 元数据,从而实现资源的灵活区分、选择、分组和管理
主要管理场景包括
- 资源分配
- 工作负载调度
- 服务配置
- 滚动部署
Label 特点
- 附加性 :以
key=value的形式附加到各种对象上 - 多对多:一个资源可以定义任意数量的Label;一个Label也可以被添加到任意数量的资源上。
- 动态性 :通常在资源定义时确定,但也支持在对象创建后动态添加或删除
常用 Label 示例
| 类别 | 示例 |
|---|---|
| 版本标签 | "version": "release", "version": "stable" |
| 环境标签 | "environment": "dev", "environment": "test", "environment": "pro" |
| 架构标签 | "tier": "frontend", "tier": "backend" |
Label Selector(标签选择器)
Label用于定义标识,而 Label Selector 用于根据这些标识来查询和筛选资源对象。
基于等式的Selector
| 表达式 | 说明 |
|---|---|
name = slave |
选择所有包含Label中key="name"且value="slave"的对象 |
env != production |
选择所有包含Label中key="env"且value不等于"production"的对象 |
基于集合的Selector
| 表达式 | 说明 |
|---|---|
name in (master, slave) |
选择value是"master"或"slave"的对象 |
name not in (frontend) |
选择value不等于"frontend"的对象 |
多条件组合
多个选择条件可以使用逗号 , 进行分隔,表示 "AND" 关系。
name=slave, env!=productionname not in (frontend), env!=production
操作命令
创建 pod 时打标签
bash
[root@master ~]# kubectl run nginx --labels test=1 --image=nginx:latest --port=80 -n dev
pod/nginx created
[root@master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 32s test=1为 pod 更新标签
bash
[root@master ~]# kubectl label pod nginx test=2 -n dev --overwrite
pod/nginx labeled
[root@master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 6m test=2为 pod 打标签
bash
[root@master ~]# kubectl label pod nginx app=nginx -n dev
pod/nginx labeled
[root@master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 7m4s app=nginx,test=2查看标签
bash
[root@master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 8m17s app=nginx,test=2
nginx1 1/1 Running 0 5s test=1筛选标签
bash
[root@master ~]# kubectl get pod -n dev -l test=2 --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 9m9s app=nginx,test=2删除标签
bash
[root@master ~]# kubectl label pod nginx app- -n dev
pod/nginx unlabeled
[root@master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 10m test=2
nginx1 1/1 Running 0 114s test=1配置方式
bash
[root@master ~]# vim pod-nginx.yaml
yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx2
namespace: dev
labels:
test: "3"
app: "nginx"
spec:
containers:
- image: nginx:latest
name: pod
ports:
- name: nginx-port
containerPort: 80
protocol: TCP
bash
[root@master ~]# kubectl apply -f pod-nginx.yaml
pod/nginx2 created
[root@master ~]# kubectl get pod -n dev --show-labels
NAME READY STATUS RESTARTS AGE LABELS
nginx 1/1 Running 0 13m test=2
nginx1 1/1 Running 0 5m32s test=1
nginx2 1/1 Running 0 4s app=nginx,test=3四、Deployment
作用
- 管理 Pod 的生命周期,确保 Pod 数量符合预期
- 支持滚动更新、回滚、副本扩缩容
操作命令
创建 pod
bash
[root@master ~]# kubectl create deploy nginx --image=nginx:latest --port=80 --replicas=3 -n dev
deployment.apps/nginx created-
--image指定pod的镜像 -
--port指定端口 -
--replicas指定创建pod数量 -
--namespace指定namespace
查看 pod
bash
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx-7c79c4bf97-87jv7 1/1 Running 0 74s
nginx-7c79c4bf97-qjh4j 1/1 Running 0 74s
nginx-7c79c4bf97-tq5jx 1/1 Running 0 74s查看 deployment 的信息
bash
[root@master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 3m24s
[root@master ~]# kubectl get deploy -n dev -o wide
NAME READY UP-TO-DATE AVAILABLE AGE CONTAINERS IMAGES SELECTOR
nginx 3/3 3 3 4m51s nginx nginx:latest app=nginx-
UP-TO-DATE成功升级的副本数量 -
AVAILABLE可用副本的数量
查看 deployment 的详细信息
bash
[root@master ~]# kubectl describe deploy -n dev
Name: nginx
Namespace: dev
CreationTimestamp: Thu, 30 Oct 2025 15:37:56 +0800
Labels: app=nginx
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=nginx
......删除
bash
[root@master ~]# kubectl delete deploy nginx -n dev
deployment.apps "nginx" deleted
[root@master ~]# kubectl get deploy -n dev
No resources found in dev namespace.
[root@master ~]# kubectl get pods -n dev
No resources found in dev namespace.配置操作
bash
[root@master ~]# vim deploy.yaml
yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx
namespace: dev
spec:
replicas: 3
selector:
matchLabels:
run: nginx
template:
metadata:
labels:
run: nginx
spec:
containers:
- image: nginx:latest
name: nginx
ports:
- containerPort: 80
protocol: TCP
bash
[root@master ~]# vim deploy.yaml
[root@master ~]# kubectl apply -f deploy.yaml
deployment.apps/nginx created
[root@master ~]# kubectl get deploy -n dev
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 3/3 3 3 13s
[root@master ~]# kubectl get pods -n dev
NAME READY STATUS RESTARTS AGE
nginx-6c45cbd8c5-4jb54 1/1 Running 0 31s
nginx-6c45cbd8c5-m8s8h 1/1 Running 0 31s
nginx-6c45cbd8c5-vsv72 1/1 Running 0 31s删除
bash
[root@master ~]# kubectl delete -f deploy.yaml
deployment.apps "nginx" deleted
[root@master ~]# kubectl get deploy -n dev
No resources found in dev namespace.
[root@master ~]# kubectl get pods -n dev
No resources found in dev namespace.五、总结
| 资源类型 | 作用 | 常用操作 |
|---|---|---|
| Namespace | 资源隔离 | create, get, describe, delete |
| Pod | 最小部署单元 | run, get, describe, delete |
| Label | 资源标识与选择 | label, get -l, --show-labels |
| Deployment | Pod 控制器 | create deploy, get deploy, delete deploy |