文章目录
- 第1部:客户端命令kubectl
- 集群Node管理
- [worker node节点管理集群](#worker node节点管理集群)
- dashboard界面
- 节点标签(label)
- YAML声明式文件
- YAML资源对象描述方法
- 命名空间(Namespace)
第1部:客户端命令kubectl
1:命令帮助
集群中管理可以使用kubectl命令完成
bash
[root@docker-master ~ 17:02:19]# kubectl -h
kubectl controls the Kubernetes cluster manager.
Find more information at: https://kubernetes.io/docs/reference/kubectl/
Basic Commands (Beginner):
create Create a resource from a file or from stdin
expose Take a replication controller, service, deployment or pod and expose it as a new
Kubernetes service
run 在集群上运行特定镜像
set 为对象设置指定特性
Basic Commands (Intermediate):
explain Get documentation for a resource
get 显示一个或多个资源
edit 编辑服务器上的资源
delete Delete resources by file names, stdin, resources and names, or by resources and
label selector
Deploy Commands:
rollout Manage the rollout of a resource
scale Set a new size for a deployment, replica set, or replication controller
autoscale Auto-scale a deployment, replica set, stateful set, or replication controller
Cluster Management Commands:
certificate Modify certificate resources
cluster-info Display cluster information
top Display resource (CPU/memory) usage
cordon 标记节点为不可调度
uncordon 标记节点为可调度
drain 清空节点以准备维护
taint 更新一个或者多个节点上的污点
Troubleshooting and Debugging Commands:
describe 显示特定资源或资源组的详细信息
logs 打印 Pod 中容器的日志
attach 挂接到一个运行中的容器
exec 在某个容器中执行一个命令
port-forward 将一个或多个本地端口转发到某个 Pod
proxy 运行一个指向 Kubernetes API 服务器的代理
cp Copy files and directories to and from containers
auth Inspect authorization
debug Create debugging sessions for troubleshooting workloads and nodes
events List events
Advanced Commands:
diff Diff the live version against a would-be applied version
apply Apply a configuration to a resource by file name or stdin
patch Update fields of a resource
replace Replace a resource by file name or stdin
wait Experimental: Wait for a specific condition on one or many resources
kustomize Build a kustomization target from a directory or URL
Settings Commands:
label 更新某资源上的标签
annotate 更新一个资源的注解
completion Output shell completion code for the specified shell (bash, zsh, fish, or
powershell)
Other Commands:
api-resources Print the supported API resources on the server
api-versions Print the supported API versions on the server, in the form of "group/version"
config 修改 kubeconfig 文件
plugin Provides utilities for interacting with plugins
version 输出客户端和服务端的版本信息
Usage:
kubectl [flags] [options]
Use "kubectl <command> --help" for more information about a given command.
Use "kubectl options" for a list of global command-line options (applies to all commands).命令格式:kubectl 命令 资源类型 资源名称 <参数>
2:命令详解
基础命令
| 命令 | 描述 |
|---|---|
| create | 通过文件名或标准输入创建资源 |
| expose | 将一个资源公开为一个新的service |
| run | 在集群中运行一个特定的镜像 |
| set | 在对象上设置特定的功能 |
| get | 显示一个或多个资源 |
| explain | 文档参考资料 |
| edit | 使用默认的编辑器编辑一个资源 |
| delete | 通过文件名、标准输入、资源名称或标签选择器来删除资源 |
metrics-server可以查看资源(CPU、内存、存储)使用
创建metrics-server资源(需等待较长时间40分钟)
bash
[root@docker-master ~]# wget https://github.com/kubernetes-sigs/metrics-server/releases/latest/download/components.yaml -O metrics-server-components.yaml
[root@docker-master ~]# sed -i 's/registry.k8s.io\/metrics-server/registry.cn-hangzhou.aliyuncs.com\/google_containers/g' metrics-server-components.yaml
[root@docker-master ~]# vim metrics-server-components.yaml
# metrics-server v0.8.0 版本后,安全要求较高,默认情况下必须配置 --kubelet-insecuretls,否则无法从kubelet 拉取指标,导致探针失败。
...
containers:
- args:
- --cert-dir=/tmp
- --secure-port=10250
- --kubelet-insecure-tls #添加
- --kubelet-preferred-address-types=InternalIP,ExternalIP,Hostname
- --kubelet-use-node-status-port
- --metric-resolution=15s
image: registry.cn-hangzhou.aliyuncs.com/google_containers/metricsserver:v0.8.0
...
[root@docker-master ~]# kubectl apply -f metrics-server-components.yaml删除pod
bash
# -n 指定命名空间
[root@docker-master ~]# kubectl get pods -n kube-system
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-658d97c59c-xfjlv 1/1 Running 3 (101m ago) 25h
calico-node-4td7j 1/1 Running 3 (101m ago) 25h
calico-node-qbmb4 1/1 Running 4 (101m ago) 25h
calico-node-zk4jh 1/1 Running 3 (101m ago) 25h
coredns-66f779496c-4bt9n 1/1 Running 3 (101m ago) 25h
coredns-66f779496c-nnkcw 1/1 Running 3 (101m ago) 25h
etcd-master 1/1 Running 3 (101m ago) 25h
kube-apiserver-master 1/1 Running 5 (101m ago) 25h
kube-controller-manager-master 1/1 Running 3 (101m ago) 25h
kube-proxy-fhhnf 1/1 Running 3 (101m ago) 25h
kube-proxy-jn4dq 1/1 Running 3 (101m ago) 25h
kube-proxy-wkmlk 1/1 Running 3 (101m ago) 25h
kube-scheduler-master 1/1 Running 3 (101m ago) 25h
metrics-server-57999c5cf7-x67fj 1/1 Running 1 (101m ago) 140m
# 可以把不再使用的pod删除
[root@master ~]# kubectl delete pod <podNAME> -n kubesystem
# 强制删除pod
[root@master ~]# kubectl delete pod <podNAME> -n kubesystem --grace-period=0 --force查看资源创建过程
bash
[root@docker-master ~]# kubectl describe pod metrics-server-57999c5cf7-x67fj -n kube-system使用kubectl top 查看资源
pod
bash
[root@docker-master ~]# kubectl top pod kube-apiserver-master -n kube-system
NAME CPU(cores) MEMORY(bytes)
kube-apiserver-master 54m 394Minode
bash
[root@docker-master ~]# kubectl top node docker-node1
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
docker-node1 281m 7% 615Mi 10%
[root@docker-master ~]# kubectl top node docker-node2
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
docker-node2 270m 6% 595Mi 10%部署命令
| 命令 | 描述 |
|---|---|
| rollout | 管理资源的发布 |
| rolling-update | 对给定的复制控制器滚动更新 |
| scale | 扩容或缩容Pod数量,Deployment、ReplicaSet、RC或Job |
| autoscale | 创建1个自动选择扩容或缩容并设置Pod数量 |
集群管理命令
| 命令 | 描述 |
|---|---|
| certificate | 修改证书资源 |
| cluster-info | 显示集群信息 |
| top | 显示资源(CPU、内存、存储)使用。需要heapster运行 |
| cordon | 标记节点不可调度 |
| uncordon | 标记节点可调度 |
| drain | 驱逐节点上的应用,准备下线维护 |
| taint | 修改节点taint标记 |
显示集群信息
bash
[root@docker-master ~]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.108.30:6443
CoreDNS is running at https://192.168.108.30:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.显示资源
bash
[root@docker-master ~]# kubectl top pod -n kube-system
NAME CPU(cores) MEMORY(bytes)
calico-kube-controllers-658d97c59c-xfjlv 2m 72Mi
calico-node-4td7j 106m 234Mi
calico-node-qbmb4 123m 234Mi
calico-node-zk4jh 26m 217Mi
coredns-66f779496c-4bt9n 2m 69Mi
coredns-66f779496c-nnkcw 2m 16Mi
etcd-master 24m 127Mi
kube-apiserver-master 62m 394Mi
kube-controller-manager-master 17m 158Mi
kube-proxy-fhhnf 6m 80Mi
kube-proxy-jn4dq 14m 82Mi
kube-proxy-wkmlk 7m 84Mi
kube-scheduler-master 4m 75Mi
metrics-server-57999c5cf7-x67fj 13m 90Mi故障诊断和调试命令
| 命令 | 描述 |
|---|---|
| describe | 显示特定资源或资源组的详细信息 |
| logs | 在1个Pod中打印1个容器日志。如果Pod只有1个容器,容器名称是可选的 |
| attach | 附加到1个运行的容器 |
| exec | 执行命令到容器 |
| port-forward | 转发1个或多个本地端口到1个Pod |
| proxy | 运行1个proxy到kubernetes API server |
| cp | 拷贝文件或目录到容器中 |
| auth | 检查授权 |
高级命令
| 命令 | 描述 |
|---|---|
| apply | 通过文件名或标准输入对资源应用配置 |
| patch | 使用补丁修改、更新资源的字段 |
| replace | 通过文件名或标准输入替换1个资源 |
| convert | 不同的API版本之间转换配置文件 |
设置命令
| 命令 | 描述 |
|---|---|
| label | 更新资源上的标签 |
| annotate | 更新资源上的注释 |
| completion | 用于实现kubectl工具自动补全 |
其他命令
| 命令 | 描述 |
|---|---|
| api-version | 打印受支持的API版本 |
| config | 修改kubeconfig文件(用于访问API,比如配置认证信息) |
| help | 所有命令帮助 |
| plugin | 运行1个命令行插件 |
| version | 打印客户端和服务版本信息 |
查看当前kubernetes支持的api-version
bash
[root@docker-master ~]# kubectl api-versions
admissionregistration.k8s.io/v1
apiextensions.k8s.io/v1
apiregistration.k8s.io/v1
apps/v1
authentication.k8s.io/v1
authorization.k8s.io/v1
autoscaling/v1
autoscaling/v2
batch/v1
certificates.k8s.io/v1
coordination.k8s.io/v1
crd.projectcalico.org/v1
discovery.k8s.io/v1
events.k8s.io/v1
flowcontrol.apiserver.k8s.io/v1beta2
flowcontrol.apiserver.k8s.io/v1beta3
metrics.k8s.io/v1beta1
networking.k8s.io/v1
node.k8s.io/v1
policy/v1
rbac.authorization.k8s.io/v1
scheduling.k8s.io/v1
storage.k8s.io/v1
v1查看创建资源对象类型和版本
bash
[root@docker-master ~]# kubectl explain namespace
KIND: Namespace
VERSION: v1
DESCRIPTION:
Namespace provides a scope for Names. Use of multiple namespaces is
optional.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <ObjectMeta>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <NamespaceSpec>
Spec defines the behavior of the Namespace. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-status
status <NamespaceStatus>
Status describes the current status of a Namespace. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#spec-and-statuskubernetes客户端和服务端版本
bash
[root@docker-master ~]# kubectl version
Client Version: v1.28.0
Kustomize Version: v5.0.4-0.20230601165947-6ce0bf390ce3
Server Version: v1.28.0集群Node管理
1:查看集群信息
bash
[root@docker-master ~]# kubectl cluster-info
Kubernetes control plane is running at https://192.168.108.30:6443
CoreDNS is running at https://192.168.108.30:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.2:查看节点信息
查看集群节点信息
bash
[root@docker-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker-node1 Ready <none> 26h v1.28.0
docker-node2 Ready <none> 26h v1.28.0
master Ready control-plane 26h v1.28.0查看集群节点详细信息
bash
[root@docker-master ~]# kubectl get nodes -o wide
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME
docker-node1 Ready <none> 26h v1.28.0 192.168.108.31 <none> CentOS Linux 7 (Core) 3.10.0-1160.119.1.el7.x86_64 docker://26.1.4
docker-node2 Ready <none> 26h v1.28.0 192.168.108.32 <none> CentOS Linux 7 (Core) 3.10.0-1160.119.1.el7.x86_64 docker://26.1.4
master Ready control-plane 26h v1.28.0 192.168.108.30 <none> CentOS Linux 7 (Core) 3.10.0-1160.119.1.el7.x86_64 docker://26.1.4查看节点描述详细信息
bash
[root@docker-master ~]# kubectl describe node master
Name: master
Roles: control-plane
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=master
kubernetes.io/os=linux
node-role.kubernetes.io/control-plane=
node.kubernetes.io/exclude-from-external-load-balancers=
Annotations: kubeadm.alpha.kubernetes.io/cri-socket: unix:///var/run/cri-dockerd.sock
node.alpha.kubernetes.io/ttl: 0
projectcalico.org/IPv4Address: 192.168.108.30/24
projectcalico.org/IPv4IPIPTunnelAddr: 10.244.219.64
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Tue, 13 Jan 2026 16:15:16 +0800
Taints: node-role.kubernetes.io/control-plane:NoSchedule
Unschedulable: false
Lease:
HolderIdentity: master
AcquireTime: <unset>
RenewTime: Wed, 14 Jan 2026 18:46:05 +0800
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
---- ------ ----------------- ------------------ ------ -------
NetworkUnavailable False Wed, 14 Jan 2026 15:44:24 +0800 Wed, 14 Jan 2026 15:44:24 +0800 CalicoIsUp Calico is running on this node
MemoryPressure False Wed, 14 Jan 2026 18:45:24 +0800 Tue, 13 Jan 2026 16:15:16 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available
DiskPressure False Wed, 14 Jan 2026 18:45:24 +0800 Tue, 13 Jan 2026 16:15:16 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure
PIDPressure False Wed, 14 Jan 2026 18:45:24 +0800 Tue, 13 Jan 2026 16:15:16 +0800 KubeletHasSufficientPID kubelet has sufficient PID available
Ready True Wed, 14 Jan 2026 18:45:24 +0800 Tue, 13 Jan 2026 16:27:10 +0800 KubeletReady kubelet is posting ready status
Addresses:
InternalIP: 192.168.108.30
Hostname: master
Capacity:
cpu: 2
ephemeral-storage: 51175Mi
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 4025944Ki
pods: 110
Allocatable:
cpu: 2
ephemeral-storage: 48294789041
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 3923544Ki
pods: 110
System Info:
Machine ID: 8696785742d7448b9218cc0caff1eb66
System UUID: D87C4D56-E297-634E-8621-181FCC95E54F
Boot ID: 828fec12-08d3-4eeb-b98e-8e26e30860e8
Kernel Version: 3.10.0-1160.119.1.el7.x86_64
OS Image: CentOS Linux 7 (Core)
Operating System: linux
Architecture: amd64
Container Runtime Version: docker://26.1.4
Kubelet Version: v1.28.0
Kube-Proxy Version: v1.28.0
PodCIDR: 10.244.0.0/24
PodCIDRs: 10.244.0.0/24
Non-terminated Pods: (9 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age
--------- ---- ------------ ---------- --------------- ------------- ---
kube-system calico-kube-controllers-658d97c59c-xfjlv 0 (0%) 0 (0%) 0 (0%) 0 (0%) 26h
kube-system calico-node-zk4jh 250m (12%) 0 (0%) 0 (0%) 0 (0%) 26h
kube-system coredns-66f779496c-4bt9n 100m (5%) 0 (0%) 70Mi (1%) 170Mi (4%) 26h
kube-system coredns-66f779496c-nnkcw 100m (5%) 0 (0%) 70Mi (1%) 170Mi (4%) 26h
kube-system etcd-master 100m (5%) 0 (0%) 100Mi (2%) 0 (0%) 26h
kube-system kube-apiserver-master 250m (12%) 0 (0%) 0 (0%) 0 (0%) 26h
kube-system kube-controller-manager-master 200m (10%) 0 (0%) 0 (0%) 0 (0%) 26h
kube-system kube-proxy-fhhnf 0 (0%) 0 (0%) 0 (0%) 0 (0%) 26h
kube-system kube-scheduler-master 100m (5%) 0 (0%) 0 (0%) 0 (0%) 26h
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.)
Resource Requests Limits
-------- -------- ------
cpu 1100m (55%) 0 (0%)
memory 240Mi (6%) 340Mi (8%)
ephemeral-storage 0 (0%) 0 (0%)
hugepages-1Gi 0 (0%) 0 (0%)
hugepages-2Mi 0 (0%) 0 (0%)
Events: <none>worker node节点管理集群
使用kubeadm安装如果想在node节点管理就会报错
bash
[root@docker-node1 ~]# kubectl get nodes
E0114 15:46:15.000793 4076 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0114 15:46:15.001096 4076 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0114 15:46:15.013337 4076 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0114 15:46:15.029743 4076 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
E0114 15:46:15.030034 4076 memcache.go:265] couldn't get current server API group list: Get "http://localhost:8080/api?timeout=32s": dial tcp [::1]:8080: connect: connection refused
The connection to the server localhost:8080 was refused - did you specify the right host or port?解决方法:只要把master上的管理文件/etc/kubernetes/admin.conf拷贝到node节点的**$HOME/.kube/config**就可以让node节点也可以实现kubectl命令管理
重点需要(kubectl命令,指向api-server节点及证书)
1:在node节点的用户家目录创建.kube目录
bash
[root@docker-node1 ~]# mkdir /root/.kube2:在master节点把admin.conf文件复制到node节点
bash
[root@docker-master ~]# scp /etc/kubernetes/admin.conf docker-node1:/root/.kube/config
he authenticity of host 'docker-node1 (192.168.108.31)' can't be established.
ECDSA key fingerprint is SHA256:L/AedI69a252ZmDmlFTMnllYcD5lSaEWOy26Y2tvnMk.
ECDSA key fingerprint is MD5:10:87:8a:76:72:41:ca:a7:7c:74:e4:89:d1:89:ca:03.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'docker-node1,192.168.108.31' (ECDSA) to the list of known hosts.
root@docker-node1's password:
admin.conf3:在node节点验证
bash
[root@docker-node1 ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
docker-node1 Ready <none> 23h v1.28.0
docker-node2 Ready <none> 23h v1.28.0
master Ready control-plane 23h v1.28.0dashboard界面
下载并安装
下载资源
bash
[root@docker-master ~]# wget https://raw.githubusercontent.com/kubernetes/dashboard/v2.6.1/aio/deploy/recommended.yaml修改文件
bash
[root@docker-master ~]# vim recommended.yaml
# 32行开始
kind: Service
apiVersion: v1
metadata:
labels:
k8s-app: kubernetes-dashboard
name: kubernetes-dashboard
namespace: kubernetes-dashboard
spec:
ports:
- port: 443
targetPort: 8443
nodePort: 30001 #添加
selector:
k8s-app: kubernetes-dashboard
type: NodePort #添加应用修改后配置
bash
[root@docker-master ~]# kubectl apply -f recommended.yaml查看Pod状态
bash
[root@docker-master ~]# kubectl get pods -n kubernetes-dashboard
NAME READY STATUS RESTARTS AGE
dashboard-metrics-scraper-5657497c4c-bcb6f 1/1 Running 0 3h4m
kubernetes-dashboard-746fbfd67c-krq4l 1/1 Running 0 3m9s查看Service暴露端口
bash
[root@docker-master ~]# kubectl get svc -n kubernetes-dashboard
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
dashboard-metrics-scraper ClusterIP 10.104.87.241 <none> 8000/TCP 3h4m
kubernetes-dashboard NodePort 10.104.9.175 <none> 443:30001/TCP 3h4m访问dashborad界面
在浏览器中输入https://192.168.108.30:30001/**(注意:https协议)**
创建访问令牌(Token)
配置管理员账户
创建rbac.yaml文件,内容如下:
bash
[root@docker-master ~]# vim rbac.yaml
apiVersion: v1
kind: ServiceAccount
metadata:
name: dashboard-admin
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: dashboard-admin
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: cluster-admin
subjects:
- kind: ServiceAccount
name: dashboard-admin
namespace: kube-system应用配置并获取Token
bash
[root@docker-master ~]# kubectl apply -f rbac.yaml
serviceaccount/dashboard-admin created
clusterrolebinding.rbac.authorization.k8s.io/dashboard-admin created获取token,k8s1.22版本引入,默认有效期1小时,每次执行命令会生成新token,旧token会自动消失
bash
[root@docker-master ~]# kubectl create token dashboard-admin --namespace kube-system
eyJhbGciOiJSUzI1NiIsImtpZCI6InVWWU5XSEJQZDlHeXNoREROdXFHTlVUeVhSdnY3MmVsWWtRaURCLTB2emcifQ.eyJhdWQiOlsiaHR0cHM6Ly9rdWJlcm5ldGVzLmRlZmF1bHQuc3ZjLmNsdXN0ZXIubG9jYWwiXSwiZXhwIjoxNzY4MzkyMzYyLCJpYXQiOjE3NjgzODg3NjIsImlzcyI6Imh0dHBzOi8va3ViZXJuZXRlcy5kZWZhdWx0LnN2Yy5jbHVzdGVyLmxvY2FsIiwia3ViZXJuZXRlcy5pbyI6eyJuYW1lc3BhY2UiOiJrdWJlLXN5c3RlbSIsInNlcnZpY2VhY2NvdW50Ijp7Im5hbWUiOiJkYXNoYm9hcmQtYWRtaW4iLCJ1aWQiOiIxOTBjZDc5NS1iZjNkLTRhMDYtODYwZi02MDcwMzQ3ZmFmZWEifX0sIm5iZiI6MTc2ODM4ODc2Miwic3ViIjoic3lzdGVtOnNlcnZpY2VhY2NvdW50Omt1YmUtc3lzdGVtOmRhc2hib2FyZC1hZG1pbiJ9.LxcB3Co6KREmiAMRSy5nedUAiSFCAKyCy68h6dp31XZzbf5anZBKpiCsrPL0Hoi71S9VUsoBd_b7Vhzlw0dbW9-94ovXLSHoBUd1jMuaVfZ9KYOJotJCKMqXz2NB29sXyXnxBZGxxInniRGu28cOFUVPVg_TTFOkF2SrGNcxqDg2o7D6LGEEfzs6L25pp9i_oMydp2_fHlW-Pn5KyjFmokF4JT6KopddNS0fY-RXeSIy1HlU9HWbadRimabQc86xe0hJyRJ5TyH3cjQQ-AEXF5VYBVKQCL5PUE9hDRz6FIYhU9aqAGT74SaWD2qVPf3qRy7FwAJftDcn1nETwCrbJw输入token
完成部署
节点标签(label)
kubernetes集群由大量节点组成,可将节点打上对应的标签,然后通过标签进行筛选及查看,更好的进行资源对象的相关选择与匹配。
查看节点标签信息
显示的标签以键值对形式出现,键名=值
bash
[root@docker-master ~]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
docker-node1 Ready <none> 41h v1.28.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=docker-node1,kubernetes.io/os=linux
docker-node2 Ready <none> 41h v1.28.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=docker-node2,kubernetes.io/os=linux
master Ready control-plane 41h v1.28.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=设置节点标签信息
设置节点标签
为节点node2打一个region=nanjing的标签
bash
[root@docker-master ~]# kubectl label node docker-node2 region=nanjing
node/docker-node2 labeled查看标签
bash
[root@docker-master ~]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
...
docker-node2 Ready <none> 41h v1.28.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=docker-node2,kubernetes.io/os=linux,region=nanjing
...
查看所有节点带region的标签
[root@docker-master ~]# kubectl get nodes -L region
NAME STATUS ROLES AGE VERSION REGION
docker-node1 Ready <none> 41h v1.28.0
docker-node2 Ready <none> 41h v1.28.0 nanjing
master Ready control-plane 41h v1.28.0多维度标签
设置多维度标签,用于不同的需要区分的场景
如把node1标签为合肥,南区机房,测试环境,AI业务
bash
[root@docker-master ~]# kubectl label node docker-node1 region=hefei zone=south env=test bussiness=AI
node/docker-node1 labeled查看
bash
[root@docker-master ~]# kubectl get nodes docker-node1 --show-labels
NAME STATUS ROLES AGE VERSION LABELS
docker-node1 Ready <none> 41h v1.28.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,bussiness=AI,env=test,kubernetes.io/arch=amd64,kubernetes.io/hostname=docker-node1,kubernetes.io/os=linux,region=hefei,zone=south显示节点的相应标签
bash
[root@docker-master ~]# kubectl get nodes -L region,zone
NAME STATUS ROLES AGE VERSION REGION ZONE
docker-node1 Ready <none> 41h v1.28.0 hefei south
docker-node2 Ready <none> 41h v1.28.0 nanjing
master Ready control-plane 41h v1.28.0查找zone=south的节点**(键值对用小写l;键名用大写L)**
bash
[root@docker-master ~]# kubectl get nodes -l zone=south
NAME STATUS ROLES AGE VERSION
docker-node1 Ready <none> 41h v1.28.0
# -l 不加键值对,显示到zone标签的节点,zone标签不一定相同标签的修改**(overwrite:使用复写功能)**
bash
[root@docker-master ~]# kubectl label nodes docker-node1 zone=west --overwrite=true
node/docker-node1 labeled
# 查看
[root@docker-master ~]# kubectl get nodes -L zone
NAME STATUS ROLES AGE VERSION ZONE
docker-node1 Ready <none> 41h v1.28.0 west
docker-node2 Ready <none> 41h v1.28.0
master Ready control-plane 41h v1.28.0标签删除
使用key加一个减号的写法来取消标签
bash
[root@docker-master ~]# kubectl label node docker-node1 env-
node/docker-node1 unlabeled
[root@docker-master ~]# kubectl label node docker-node1 bussiness-
node/docker-node1 unlabeled
[root@docker-master ~]# kubectl get nodes --show-labels
NAME STATUS ROLES AGE VERSION LABELS
docker-node1 Ready <none> 41h v1.28.0 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=docker-node1,kubernetes.io/os=linux,region=hefei,zone=west标签选择器
用于筛选匹配特定标签的资源,主要分两类:
-
等值匹配(Equality-based)
-
精确匹配键值: app=nginx (匹配 app 值为 nginx 的资源)
-
排除匹配: env!=dev (排除 env=dev 的资源)。
-
-
集合匹配(Set-based)
-
key in (value1, value2) :匹配值在集合中的资源(如 env in (prod, staging) )
-
key notin (value1) :排除指定值(如 tier notin (backend) )
-
存在性检查: key (仅检查键是否存在)。
-
bash
[root@docker-master ~]# kubectl label node docker-node1 env=test1
node/docker-node1 labeled
[root@docker-master ~]# kubectl label node docker-node2 env=test2
node/docker-node2 labeled
[root@docker-master ~]# kubectl get nodes -l env!=test1
NAME STATUS ROLES AGE VERSION
docker-node2 Ready <none> 41h v1.28.0
master Ready control-plane 41h v1.28.0
[root@docker-master ~]# kubectl get nodes -l "env in (test1,test2)"
NAME STATUS ROLES AGE VERSION
docker-node1 Ready <none> 41h v1.28.0
docker-node2 Ready <none> 41h v1.28.0
[root@docker-master ~]# kubectl get nodes -l "env notin (test1,test2)"
NAME STATUS ROLES AGE VERSION
master Ready control-plane 41h v1.28.0YAML声明式文件
YAML:仍是一种标记语言,但为了强调这种语言以数据做为中心,而不是以标记语言为重点。是一个可
读性高,用来表达数据序列的格式。
基本语法
- 低版本(1.0、2.0)缩进时不允许使用Tab键,只允许使用空格
- 缩进的空格数目不重要,只要相同层级的元素左侧对齐即可
- #标识注释,从这个字符一直到行尾,都会被解释器忽略
数据结构
-
对象:键值对的集合,又称为映射(mapping)/哈希(hashes)/字典(dictionary)
-
数组:一组按次序排列的值,又称为序列(sequence)/列表(list)
-
纯量(scalars):单个的、不可再分的值
对象类型:对象的一组键值对,使用冒号结构表示
bash
name: Tom
age: 20
heigh: 175Yaml 也允许另一种写法,将所有键值对写成一个行内对象
bash
hash: { name: Tom, age: 20, heigh: 175 }数组类型:一组连词线开头的行,构成一个数组
bash
color
- blue
- red
- green数组也可以采用行内表示法
bash
color: [blue, red, green]复合结构:对象和数组可以结合使用,形成复合结构
bash
languages:
- java
- python
- go
websites:
YAML: yaml.org
Ruby: ruby-lang.org
Python: python.org
Perl: use.perl.org纯量:纯量是最基本的、不可再分的值。以下数据类型都属于纯量
bash
1 字符串 布尔值 整数 浮点数 Nu11
2 时间 日期
数值直接以字面量的形式表示
number: 3.14
布尔值用true和fa1se表示
isSet: true
nu11用 ~ 表示
parent: ~
parent: Null
时间采用 ISO8601 格式
iso8601:2025-7-11t20:00:00.10-05:00
日期采用复合 iso8601 格式的年、月、日表示
date: 1990-07-10
YAML 允许使用两个感叹号,强制转换数据类型
e: !!str 123
f: !!str true宇符串
字符串默认不使用引号表示
bash
str: hello如果字符串之中包含空格或特殊字符,需要放在引号之中
bash
str: 'hello world'单引号和双引号都可以使用,双引号不会对特殊字符转义
bash
s1: '你好\n世界'
s2: "你好\n世界"单引号之中如果还有单引号,必须连续使用两个单引号转义
bash
str: 'let''s go' 输出let's go字符串可以写成多行,从第二行开始,必须有一个单空格缩进。换行符会被转为 空格
bash
str: 第一行
第二行
第三行多行字符串可以使用|保留换行符,也可以使用>折叠换行(配置文件场景)
bash
names: |
tom
jerry
jackYAML资源对象描述方法
在kubernetes中,一般使用yaml格式的文件来创建符合我们预期期望的pod,这样的yaml文件称为资源 清单文件。
常用字段
| version | 字段类 型 | 说明 |
|---|---|---|
| version | String | 这里是指的是K8S API的版本, 目前基本上是v1,可以用 kubectl api-versions命令查询 |
| kind | String | 这里指的是yam文件定义的资源 类型和角色,比如:Pod |
| metadata | Object | 元数据对象,固定值就写 metadata |
| metadata.name | String | 元数据对象的名字,这里自定 义,比如命名Pod的名字 |
| metadata.namespace | String | 元数据对象的命名空间,自定义 |
| Spec | Object | 详细定义对象,固定值就写 Spec |
| spec.containers[] | list | 这里是Spec对象的容器列表定 义,是个列表 |
| spec.containers[].name | String | 这里定义容器的名称 |
| spec.containers[].image | String | 这里定义要用到的镜像名称 |
| spec.containers[].imagePullPolicy | String | 定义镜像拉取策路,有 Always、Never、lfNotPresent 三个值可选:(1)Always:意思是每 次都尝试重新拉取镜像; (2)Never:表示仅使用本地镜像; (3)IfNotPresent:如果本地有镜 像就使用本地镜像,没有就拉取 在线镜像。上面三个值都没设置 的话,默认是 Always。 |
| spec.containers[].command[] | list | 指定容器启动命令,因为是数组 可以指定多个。不指定则使用镜 像打包时使用的启动命令. |
| spec.containers[].args | list | 指定容器启动命令参数,因为是 数组可以指定多个 |
| spec.containers[].workDir | String | 指定容器的工作目录 |
| spec.containers[].volumeMounts[] | list | 指定容器内部的存储卷配置 |
| spec.containers[].volumeMounts[].name | String | 指定可以被容器挂载的存储卷的 名称 |
| spec.containers[].volumeMounts[].mountPath | String | 指定可以被容器挂载的存储卷的 路径 |
| spec.containers[].volumeMounts[].readOnly | String | 设置存储卷路径的读写模式, true或者 false,默认为读写模 式 |
| spec.containers[].ports[] | String | 指容器需要用到的端口列表 |
| spec.containers[].ports[].name | String | 指定端口名称 |
| spec.containers[].ports[].containerPort | String | 指定容器需要监听的端口号 |
| spec.containers[].ports[].hostPort | String | 指定容器所在主机需要监听的端 口号,默认跟上面 containerPort相同注意设置了 hostPort同一台主机无法启动 该容器的相同副本(因为主机的 端口号不能相同,这样会冲突) |
| spec.containers[].ports[].protocol | String | 指定端口协议,支持TCP和 UDP,默认值为TCP |
| spec.containers[].env[] | list | 指定容器运行前需设的环境变量 列表 |
| spec.containers[].env[].name | String | 指定环境变量名称 |
| spec.containers[].env[].value | String | 指定环境变量值 |
| spec.containers[].resources | Object | 指定资源 限制和资源请求的值 (这里开始就是设置容器的资源 上限) |
| spec.containers[].resources.limits | Object | 指定设置容器运行时资源的运行 上限 运行时 |
| spec.containers[].resources.limits.cpu | String | 指定CPU限制,单位为core 数,将用于docker run --cpushares参数 运行时 |
| spec.containers[].resources.limits.memory | String | 指定MEM内存的限制,单位为 MiB、GiB 运行时 |
| spec.containers[].resources.requests | Object | 指定容器启动和调度时的限制设置 启动时 |
| spec.containers[].resources.requests.cpu | String | CPU请求,单位为core数,容 器启动时初始化可用数量 启动时 |
| spec.containers[].resources.requests.memory | String | 内存请求,单位为MiB、GiB, 容器启动时初始化可用数量 启动时 |
| spec.restartPolicy | String | 定义Pod的重启策略,可选值为 Always、Never、OnFailure ,默认值为 Always。1.Always:Pod一旦终 止运行,则无论容器时如何终止 的,kubelet服务都将重启它。 (重启的时间间隔是之前重启的2倍)2.OnFailure:只有Pod以非零退 出码终止时,kubelet才会重启 该容器。如果容器正常结束(退 出码为0),则kubelet将不会重 启它。3.Never:Pod终止后, kubelet将退出码报告给Master, 不会重启该Pod。(spec.restartPolicy与探针关联,探针状态:1.存活,会重启 2.就绪:不会重启,变为Notready状态) |
| spec.nodeSelector | Object | 定义Node的Label过滤标签, 以key:value格式指定。 |
| spec.imagePullSecrets | Object | 定义pull镜像时使用secret名 称,以name:secretkey格式指 定。 |
| spec.hostNetwork | Boolean | 定义是否使用主机网络模式,默 认值为false。设置true表示使 用宿主机网络,不使用docker 网桥,同时设置了true将无法在 同一台宿主机上启动第二个副 本。 |
容器一切正常,但运行时卡顿,资源充足,可能是资源限制到达上限
案例说明
查阅使用手册说明
pod的spec中包含可用属性设置
bash
[root@docker-master ~]# kubectl explain pod.spec创建namespace
bash
apiVersion: v1
kind: Namespace
metadata:
name: web-test创建pod资源
该配置包含Deployment和Service两部分。Deployment创建2个Tomcat Pod副本(使用官方镜像), Service通过NodePort类型将容器8080端口映射到主机30080端口,并通过8888服务端口暴露。访问方 式:<节点IP>:
bash
[root@docker-master ~]# docker pull tomcat:9.0.85-jdk11
[root@docker-master ~]# vim tomcat.yaml
apiVersion: v1
kind: Namespace
metadata:
name: web-test
---
apiVersion: v1
kind: ConfigMap
metadata:
name: tomcat-web-content
data:
index.html: |
<html><body>Hello world</body></html>
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: tomcat-test
spec:
replicas: 2
selector:
matchLabels:
app: tomcat # 必须与template.metadata.labels完全匹配
template:
metadata:
labels:
app: tomcat # 必须与selector.matchLabels一致
spec:
securityContext:
runAsUser: 1000
fsGroup: 1000
containers:
- name: tomcat
image: tomcat:9.0.85-jdk11
imagePullPolicy: IfNotPresent
ports:
- containerPort: 8080
volumeMounts:
- name: wen-content
mountPath: /usr/local/tomcat/webapps/ROOT/index.html
subPath: index.html
volumes:
- name: wen-content
configMap:
name: tomcat-web-content
---
apiVersion: v1
kind: Service
metadata:
name: tomcat-service
spec:
type: NodePort
selector:
app: tomcat # 需与Pod标签匹配
ports:
- port: 80
targetPort: 8080
nodePort: 30080
# 重启calico,避免因时间不同步导致无法创建pod
[root@docker-master ~]# kubectl rollout restart daemonset calico-node -n kube-system
[root@docker-master ~]# kubectl apply -f tomcat.yaml
命名空间(Namespace)
作用
Namespace是对一组资源和对象的抽象集合。
常见的 pod, service,deployment 等都是属于某一个namespace的**(默认是 default)。**
不是所有资源都属于namespace,如nodes,persistent volume,namespace 等资源则不属于任
何namespace。
查看namespace
bash
[root@docker-master ~]# kubectl get namespaces //namespaces可以简写为namespace或ns
NAME STATUS AGE
default Active 45h # 所有未指定Namespace的对象都会被默认分配在
kube-node-lease Active 45h
kube-public Active 45h # 此命名空间下的资源可以被所有人访问
kube-system Active 45h # 所有由Kubernetes系统创建的资源都处于这个命名空间
kubernetes-dashboard Active 22h
web-test Active 5m32s查看namespace中的资源
使用kubectl get all --namespace=命名空间名称 可以查看此命名空间下的所有资源
bash
[root@docker-master ~]# kubectl get all -n kube-system
# 或者
[root@docker-master ~]# kubectl get all --namespace=kube-system
NAME READY STATUS RESTARTS AGE
pod/calico-kube-controllers-658d97c59c-xfjlv 1/1 Running 4 (5h7m ago) 45h
pod/calico-node-99489 1/1 Running 0 24m
pod/calico-node-dgs6n 1/1 Running 0 23m
pod/calico-node-rmqg4 1/1 Running 0 23m
pod/coredns-66f779496c-4bt9n 1/1 Running 4 (5h7m ago) 45h
pod/coredns-66f779496c-nnkcw 1/1 Running 4 (5h7m ago) 45h
pod/etcd-master 1/1 Running 4 (5h7m ago) 45h
pod/kube-apiserver-master 1/1 Running 6 (5h7m ago) 45h
pod/kube-controller-manager-master 1/1 Running 5 (5h7m ago) 45h
pod/kube-proxy-fhhnf 1/1 Running 4 (5h7m ago) 45h
pod/kube-proxy-jn4dq 1/1 Running 4 (5h7m ago) 45h
pod/kube-proxy-wkmlk 1/1 Running 4 (5h7m ago) 45h
pod/kube-scheduler-master 1/1 Running 4 (5h7m ago) 45h
pod/metrics-server-57999c5cf7-x67fj 1/1 Running 3 (5h6m ago) 23h
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kube-dns ClusterIP 10.96.0.10 <none> 53/UDP,53/TCP,9153/TCP 45h
service/metrics-server ClusterIP 10.111.168.59 <none> 443/TCP 23h
NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
daemonset.apps/calico-node 3 3 3 3 3 kubernetes.io/os=linux 45h
daemonset.apps/kube-proxy 3 3 3 3 3 kubernetes.io/os=linux 45h
NAME READY UP-TO-DATE AVAILABLE AGE
deployment.apps/calico-kube-controllers 1/1 1 1 45h
deployment.apps/coredns 2/2 2 2 45h
deployment.apps/metrics-server 1/1 1 1 23h
NAME DESIRED CURRENT READY AGE
replicaset.apps/calico-kube-controllers-658d97c59c 1 1 1 45h
replicaset.apps/coredns-66f779496c 2 2 2 45h
replicaset.apps/metrics-server-57999c5cf7 1 1 1 23h查看所有pod资源
bash
[root@docker-master ~]# kubectl get pods -A # A指所有命名空间
NAMESPACE NAME READY STATUS RESTARTS AGE
default nginx-7854ff8877-hrt6w 1/1 Running 2 (5h12m ago) 27h
default nginx-7854ff8877-n8ptl 1/1 Running 2 (5h12m ago) 27h
default nginx-7854ff8877-snbct 1/1 Running 2 (5h12m ago) 27h
default tomcat-test-869f4c8df4-4px6q 1/1 Running 0 11m
default tomcat-test-869f4c8df4-q9k8z 1/1 Running 0 11m
kube-system calico-kube-controllers-658d97c59c-xfjlv 1/1 Running 4 (5h12m ago) 45h
kube-system calico-node-99489 1/1 Running 0 28m
kube-system calico-node-dgs6n 1/1 Running 0 27m
kube-system calico-node-rmqg4 1/1 Running 0 28m
kube-system coredns-66f779496c-4bt9n 1/1 Running 4 (5h12m ago) 45h
kube-system coredns-66f779496c-nnkcw 1/1 Running 4 (5h12m ago) 45h
kube-system etcd-master 1/1 Running 4 (5h12m ago) 46h
kube-system kube-apiserver-master 1/1 Running 6 (5h12m ago) 46h
kube-system kube-controller-manager-master 1/1 Running 5 (5h11m ago) 46h
kube-system kube-proxy-fhhnf 1/1 Running 4 (5h12m ago) 45h
kube-system kube-proxy-jn4dq 1/1 Running 4 (5h12m ago) 45h
kube-system kube-proxy-wkmlk 1/1 Running 4 (5h12m ago) 45h
kube-system kube-scheduler-master 1/1 Running 4 (5h12m ago) 46h
kube-system metrics-server-57999c5cf7-x67fj 1/1 Running 3 (5h11m ago) 23h
kubernetes-dashboard dashboard-metrics-scraper-5657497c4c-bcb6f 1/1 Running 1 (5h12m ago) 22h
kubernetes-dashboard kubernetes-dashboard-746fbfd67c-krq4l 1/1 Running 1 (5h12m ago) 19h创建namespace
命令创建
bash
[root@docker-master ~]# kubectl create ns web1
namespace/web1 created
[root@docker-master ~]# kubectl get ns
NAME STATUS AGE
default Active 46h
kube-node-lease Active 46h
kube-public Active 46h
kube-system Active 46h
kubernetes-dashboard Active 22h
web-test Active 11m
web1 Active 8sYAML文件创建
-
k8s中几乎所有的资源都可以通这YAML编排来创建
-
可以使用 kubectl edit 资源类型 资源名 编辑资源的YAML语法
bash
[root@master ~]# kubectl edit namespaces web1- 也可使用 kubectl get 资源类型 资源名 -o yaml来查看
bash
[root@docker-master ~]# kubectl get ns web1 -o yaml
apiVersion: v1
kind: Namespace
metadata:
creationTimestamp: "2026-01-15T06:15:47Z"
labels:
kubernetes.io/metadata.name: web1
name: web1
resourceVersion: "71447"
uid: 83d9d07b-15de-493f-98cf-9a7f65504268
spec:
finalizers:
- kubernetes
status:
phase: Active- 还可通过 kubectl explain 资源类型 来查看语法文档
查看namespace相关语法参数
bash
[root@master ~]# kubectl explain namespace查看namespace下级metadata的相关语法参数
bash
[root@master ~]# kubectl explain namespace.metadata查看namespace下级metadata再下级name的相关语法参数
bash
[root@master ~]# kubectl explain namespace.metadata.name编写创建namespace的YAML文件
bash
[root@master ~]# vim create_web2.yaml
apiVersion: v1 #api版本
kind: Namespace #类型为namespace
metadata: #定义namespace的元数据属性
name: web2 #定义name为web2使用 kubctl apply -f 应用YAML文件
bash
[root@docker-master ~]# kubectl apply -f create_web2.yaml
namespace/web2 created
[root@docker-master ~]# kubectl get ns
NAME STATUS AGE
default Active 46h
kube-node-lease Active 46h
kube-public Active 46h
kube-system Active 46h
kubernetes-dashboard Active 22h
web-test Active 15m
web1 Active 3m58s
web2 Active 3s删除namespace
注意:
-
删除一个namespace会自动删除所有属于该namespace的资源(类似MySQL中drop库会删除库里的所有表一样,请慎重操作)
-
default,kube-system,kube-public命名空间不可删除
命令删除
bash
[root@docker-master ~]# kubectl delete ns web1
namespace "web1" deleted
[root@docker-master ~]# kubectl delete ns web-test
namespace "web-test" deletedYAML文件删除
bash
[root@docker-master ~]# kubectl delete -f create_web2.yaml
namespace "web2" deleted
bash
[root@docker-master ~]# kubectl get ns
NAME STATUS AGE
default Active 46h
kube-node-lease Active 46h
kube-public Active 46h
kube-system Active 46h
kubernetes-dashboard Active 22h#类型为namespace
metadata: #定义namespace的元数据属性
name: web2 #定义name为web2
使用 kubctl apply -f 应用YAML文件
```bash
[root@docker-master ~]# kubectl apply -f create_web2.yaml
namespace/web2 created
[root@docker-master ~]# kubectl get ns
NAME STATUS AGE
default Active 46h
kube-node-lease Active 46h
kube-public Active 46h
kube-system Active 46h
kubernetes-dashboard Active 22h
web-test Active 15m
web1 Active 3m58s
web2 Active 3s删除namespace
注意:
-
删除一个namespace会自动删除所有属于该namespace的资源(类似MySQL中drop库会删除库里的所有表一样,请慎重操作)
-
default,kube-system,kube-public命名空间不可删除
命令删除
bash
[root@docker-master ~]# kubectl delete ns web1
namespace "web1" deleted
[root@docker-master ~]# kubectl delete ns web-test
namespace "web-test" deletedYAML文件删除
bash
[root@docker-master ~]# kubectl delete -f create_web2.yaml
namespace "web2" deleted
bash
[root@docker-master ~]# kubectl get ns
NAME STATUS AGE
default Active 46h
kube-node-lease Active 46h
kube-public Active 46h
kube-system Active 46h
kubernetes-dashboard Active 22h