Kubernetes 集群管理与核心组件详解 | 极客日志

Shell / Bash

Kubernetes 集群管理与核心组件详解

Kubernetes 集群管理命令、命名空间、Pod 生命周期、污点容忍、资源配额、控制器（Deployment/StatefulSet/HPA）、Service 及存储卷管理的详细教程。涵盖 kubectl 常用指令、YAML 资源配置、调度策略、扩缩容机制及持久化存储方案。

月光旅人发布于 2026/3/160 浏览

一、集群管理命令

kubectl 是用于控制 Kubernetes 集群的命令工具

语法格式：

kubectl [command] [TYPE]

子命令	说明
help	用于查看命令及子命令的帮助信息
cluster-info	显示集群的相关配置信息
version	查看服务器及客户端的版本信息
api-resources	查看当前服务器上所有的资源对象
api-versions	查看当前服务器上所有资源对象的版本
config	管理当前节点上 kubeconfig 的认证信息

kubectl get ns # 简写
kubectl get namespaces # 全写
kubectl -n 命名空间 get pods # 查看命名空间中的资源对象

kubectl create ns your_namespace # 简写
kubectl create namespace your_namespace # 全写

kubectl delete namespace your_namespace

kubectl describe ns your_namespace

kubectl get pods -n your_namespace -o wide -w

kubectl describe pod your_pod -n your_namespace

kubectl run [pod 名称] --image=[镜像]:[镜像版本] --port=[对外端口] --namespace [namespace]

kubectl delete pod [pod 名称] -n [命名空间名称]

kubectl exec your_pod -c 容器名称 -n your_namespace -it /bin/bash
kubectl exec myweb -- ls 50x.html index.html

# 获取 pod 列表
kubectl get pods -n your_namespace
# 获取 pod 详情
kubectl describe pod your_pod -n your_namespace
# 进入容器内部
kubectl exec your_pod -n your_namespace -it -c your_container /bin/bash

kubectl create/apply/delete -f 资源文件名称.yaml

# node01 设置污点策略 PreferNoSchedule
kubectl taint node node01 k=v1:PreferNoSchedule
# 查看污点
kubectl describe node node01

kubectl taint node node01 k-

apiVersion: v1 # 必选，版本号，例如 v1
kind: Pod # 必选，资源类型，例如 Pod
metadata: # 必选，元数据
  name: string # 必选，Pod 名称
  annotations: # 选做，描述信息
    nginx: nginx
  namespace: string # Pod 所属的命名空间，默认为"default"
  labels: # 自定义标签列表
    - name: string
spec: # 必选，Pod 中容器的详细定义
  containers: # 必选，Pod 中容器列表
    - name: string # 必选，容器名称
      image: string # 必选，容器的镜像名称
      imagePullPolicy: [ Always|Never|IfNotPresent ] # 获取镜像的策略
      command: [string] # 容器的启动命令列表
      args: [string] # 容器的启动命令参数列表
      workingDir: string # 容器的工作目录
      volumeMounts: # 挂载到容器内部的存储卷配置
        - name: string
          mountPath: string
          readOnly: boolean
      ports: # 需要暴露的端口库号列表
        - name: string
          containerPort: 80
          hostPort: int
          protocol: string
      env: # 容器运行前需设置的环境变量列表
        - name: string
          value: string
      resources: # 资源限制和请求的设置
        limits: # 资源限制的设置 (上限)
          cpu: string
          memory: string
        requests: # 资源请求的设置 (下限)
          cpu: string
          memory: string
      lifecycle: # 生命周期钩子
        postStart: {}
        preStop: {}
      livenessProbe: # 健康检查设置
        exec: { command: [string] }
        httpGet: { path: string, port: number }
        tcpSocket: { port: number }
        initialDelaySeconds: 0
        timeoutSeconds: 0
        periodSeconds: 0
        successThreshold: 0
        failureThreshold: 0
      securityContext: { privileged: false }
      restartPolicy: [Always | Never | OnFailure]
      nodeName: <string>
      nodeSelector: object
      imagePullSecrets: [{ name: string }]
      hostNetwork: false
      volumes: # 在该 pod 上定义共享存储卷列表
        - name: string
          emptyDir: {}
          hostPath: { path: string, type: DirectoryOrCreate }
          secret: { secretname: string }
          configMap: { name: string }

---
kind: Pod
apiVersion: v1
metadata:
  name: myweb
spec:
  containers:
    - name: webserver
      image: myos:nginx
status: {}

kubectl run myweb --image=myos:nginx --dry-run=client -o yaml

kubectl explain Pod.spec.restartPolicy

---
kind: Pod
apiVersion: v1
metadata:
  name: myweb
spec:
  containers:
    - name: webserver
      image: myos:nginx
      command: ["/bin/bash"]
      args: ["-c", "while sleep 5;do echo \"hello world\" done"]

---
kind: Pod
apiVersion: v1
metadata:
  name: mycmd
spec:
  restartPolicy: Never
  containers:
    - name: linux
      image: myos:8.5
      command: ["sleep"]
      args: ["30"]

---
kind: Pod
apiVersion: v1
metadata:
  name: mycmd
spec:
  terminationGracePeriodSeconds: 0
  restartPolicy: Never
  containers:
    - name: linux
      image: myos:8.5
      command: ["sleep"]
      args: ["30"]

---
kind: Pod
apiVersion: v1
metadata:
  name: mycmd
spec:
  terminationGracePeriodSeconds: 0
  activeDeadlineSeconds: 60
  restartPolicy: Never
  containers:
    - name: linux
      image: myos:8.5
      command: ["sleep"]
      args: ["300"]

---
kind: Pod
apiVersion: v1
metadata:
  name: mynginx
spec:
  terminationGracePeriodSeconds: 0
  restartPolicy: Always
  containers:
    - name: nginx
      image: myos:nginx
    - name: php
      image: myos:php-fpm

---
kind: Pod
apiVersion: v1
metadata:
  name: web2
spec:
  containers:
    - name: httpd
      image: myos:httpd
      ports:
        - containerPort: 80
    - name: nginx
      image: myos:nginx
      ports:
        - containerPort: 8080

---
kind: Pod
apiVersion: v1
metadata:
  name: myphp
spec:
  tolerations:
    - operator: Equal
      key: k
      value: v1
      effect: NoSchedule
  containers:
    - name: php
      image: myos:php-fpm

---
kind: Pod
apiVersion: v1
metadata:
  name: myphp
spec:
  tolerations:
    - operator: Exists
      key: k
      effect: NoSchedule
  containers:
    - name: php
      image: myos:php-fpm

---
kind: PriorityClass
apiVersion: scheduling.k8s.io/v1
metadata:
  name: high-non
preemptionPolicy: Never
value: 1000
---
kind: PriorityClass
apiVersion: scheduling.k8s.io/v1
metadata:
  name: low-non
preemptionPolicy: Never
value: 500

kubectl apply -f mypriority.yaml
kubectl get priorityclasses.scheduling.k8s.io

---
kind: Pod
apiVersion: v1
metadata:
  name: php2
spec:
  nodeSelector:
    kubernetes.io/hostname: node01
  priorityClassName: low-non
  containers:
    - name: php
      image: myos:php-fpm

---
kind: PriorityClass
apiVersion: scheduling.k8s.io/v1
metadata:
  name: high
preemptionPolicy: PreemptLowerPriority
value: 1000
---
kind: PriorityClass
apiVersion: scheduling.k8s.io/v1
metadata:
  name: low
preemptionPolicy: PreemptLowerPriority
value: 500

---
kind: Pod
apiVersion: v1
metadata:
  name: myhttp
spec:
  nodeName: node-0001
  containers:
    - name: apache
      image: myos:httpd

kubectl get pods --show-labels
kubectl get nodes -l kubernetes.io/hostname=master
kubectl label pod myhttp app=apache
kubectl label pod myhttp app-

---
kind: Pod
apiVersion: v1
metadata:
  name: myhttp
  labels:
    app: apache
spec:
  nodeSelector:
    kubernetes.io/hostname: node-0002
  containers:
    - name: apache
      image: myos:httpd

---
kind: Pod
apiVersion: v1
metadata:
  name: minpod
spec:
  nodeSelector:
    kubernetes.io/hostname: node-0003
  terminationGracePeriodSeconds: 0
  containers:
    - name: linux
      image: myos:8.5
      command: ["awk","BEGIN{while(1){}}"]
      resources:
        requests:
          memory: 1100Mi

---
kind: Pod
apiVersion: v1
metadata:
  name: minpod
spec:
  terminationGracePeriodSeconds: 0
  nodeSelector:
    kubernetes.io/hostname: node-0003
  containers:
    - name: linux
      image: myos:8.5
      command: ["awk","BEGIN{while(1){}}"]
      resources:
        requests:
          cpu: 800m

---
kind: Pod
apiVersion: v1
metadata:
  name: minpod
spec:
  terminationGracePeriodSeconds: 0
  nodeSelector:
    kubernetes.io/hostname: node-0003
  containers:
    - name: linux
      image: myos:8.5
      command: ["awk","BEGIN{while(1){}}"]
      resources:
        requests:
          cpu: 800m
          memory: 1100Mi

---
kind: Pod
apiVersion: v1
metadata:
  name: maxpod
spec:
  terminationGracePeriodSeconds: 0
  containers:
    - name: linux
      image: myos:8.5
      command: ["awk","BEGIN{while(1){}}"]
      resources:
        limits:
          cpu: 800m
          memory: 2000Mi

---
apiVersion: v1
kind: LimitRange
metadata:
  name: mylimit
  namespace: work
spec:
  limits:
    - type: Container
      default:
        cpu: 300m
        memory: 500Mi
      defaultRequest:
        cpu: 8m
        memory: 8Mi

---
apiVersion: v1
kind: ResourceQuota
metadata:
  name: myquota
  namespace: work
spec:
  hard:
    requests.cpu: 1000m
    requests.memory: 2000Mi
    limits.cpu: 5000m
    limits.memory: 8Gi
    pods: 3

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: myweb
spec:
  replicas: 2
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 30%
      maxUnavailable: 30%
  selector:
    matchLabels:
      app: httpd
  template:
    metadata:
      labels:
        app: httpd
    spec:
      restartPolicy: Always
      containers:
        - name: webserver
          image: myos:httpd
          imagePullPolicy: Always

kubectl scale deployment myweb --replicas=3
kubectl create -f nginx-deployment.yaml --record=true
kubectl get deploy myweb -n your_namespace
kubectl get pods -n your_namespace

---
spec:
  revisionHistoryLimit: 10
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxSurge: 25%
      maxUnavailable: 25%

kubectl set image deployment myweb webserver=myos:nginx
kubectl annotate deployments myweb kubernetes.io/change-cause="nginx.v1"
kubectl rollout history deployment myweb

kubectl rollout undo deployment myweb --to-revision 1
kubectl rollout history deployment myweb

kubectl set image deploy your_deploy_name nginx=nginx:1.17.4 -n your_namespace && kubectl rollout pause deployment your_deploy_name -n your_namespace
kubectl rollout status deploy your_deploy_name -n your_namespace
kubectl get rs -n your_namespace -o wide
kubectl rollout resume deploy your_deploy_name -n your_namespace
kubectl get pods -n your_namespace

kubectl delete deployments myweb
kubectl delete -f mydeploy.yaml

---
kind: DaemonSet
apiVersion: apps/v1
metadata:
  name: myds
spec:
  selector:
    matchLabels:
      app: httpd
  template:
    metadata:
      labels:
        app: httpd
    spec:
      restartPolicy: Always
      containers:
        - name: webserver
          image: myos:httpd
          imagePullPolicy: Always

kubectl taint node node-0001 k=v:NoSchedule
kubectl delete -f myds.yaml
kubectl apply -f myds.yaml
kubectl get pods
kubectl taint node node-0001 k=v:NoSchedule-
kubectl delete -f myds.yaml

---
kind: Job
apiVersion: batch/v1
metadata:
  name: myjob
spec:
  template:
    spec:
      restartPolicy: OnFailure
      containers:
        - name: myjob
          image: myos:8.5
          command: ["/bin/bash"]
          args: ["-c", "sleep 3; exit $((RANDOM%2))"]

---
kind: CronJob
apiVersion: batch/v1
metadata:
  name: mycj
spec:
  schedule: "* * * * 1-5"
  jobTemplate:
    spec:
      template:
        spec:
          restartPolicy: OnFailure
          containers:
            - name: myjob
              image: myos:8.5
              command: ["/bin/bash"]
              args: ["-c", "sleep 3; exit $((RANDOM%2))"]

---
kind: Service
apiVersion: v1
metadata:
  name: mysvc2
spec:
  type: ClusterIP
  clusterIP: None
  selector:
    app: httpd
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80

---
kind: StatefulSet
apiVersion: apps/v1
metadata:
  name: mysts
spec:
  serviceName: mysvc2
  replicas: 3
  selector:
    matchLabels:
      app: httpd
  template:
    metadata:
      labels:
        app: httpd
    spec:
      restartPolicy: Always
      containers:
        - name: webserver
          image: myos:httpd
          imagePullPolicy: Always

---
kind: Deployment
apiVersion: apps/v1
metadata:
  name: myweb
spec:
  replicas: 1
  selector:
    matchLabels:
      app: httpd
  template:
    metadata:
      labels:
        app: httpd
    spec:
      restartPolicy: Always
      containers:
        - name: webserver
          image: myos:httpd
          imagePullPolicy: Always
          resources:
            requests:
              cpu: 200m

---
kind: HorizontalPodAutoscaler
apiVersion: autoscaling/v1
metadata:
  name: myweb
spec:
  minReplicas: 1
  maxReplicas: 5
  targetCPUUtilizationPercentage: 50
  scaleTargetRef:
    kind: Deployment
    apiVersion: apps/v1
    name: myweb

---
kind: Service
apiVersion: v1
metadata:
  name: mysvc
spec:
  type: ClusterIP
  clusterIP: 10.245.1.80
  selector:
    app: web
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
      nodePort: 31122

kubectl apply -f mysvc.yaml
kubectl get service

dnf -y install bind-utils
kubectl -n kube-system get service kube-dns
host mysvc.default.svc.cluster.local

---
kind: Service
apiVersion: v1
metadata:
  name: mysvc1
spec:
  type: NodePort
  selector:
    app: web
  ports:
    - protocol: TCP
      port: 80
      nodePort: 30080
      targetPort: myhttp

kubectl apply -f mysvc1.yaml
kubectl get service

mkdir ingress-controller
cd ingress-controller/
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/mandatory.yaml
wget https://raw.githubusercontent.com/kubernetes/ingress-nginx/nginx-0.30.0/deploy/static/provider/baremetal/service-nodeport.yaml
# 修改镜像仓库地址
kubectl apply -f ./
kubectl get pod -n ingress-nginx
kubectl get svc -n ingress-nginx

---
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
  name: mying
spec:
  ingressClassName: nginx
  rules:
    - host: nsd.tedu.cn
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: mysvc
                port:
                  number: 80

kubectl apply -f mying.yaml
kubectl get ingress
curl -H "Host: nsd.tedu.cn" http://192.168.1.51

---
kind: Pod
apiVersion: v1
metadata:
  name: web1
spec:
  volumes:
    - name: logdata
      hostPath:
        path: /var/weblog
        type: DirectoryOrCreate
  containers:
    - name: nginx
      image: myos:nginx
      volumeMounts:
        - name: logdata
          mountPath: /usr/local/nginx/logs

type 类型	说明
DirectoryOrCreate	卷映射对象是一个目录，如果不存在就创建它
Directory	卷映射对象是一个目录，且必须存在
FileOrCreate	卷映射对象是一个文件，如果不存在创建它
File	卷映射对象是一个文件，且必须存在
Socket	卷映射对象是一个 Socket 套接字，且必须存在
CharDevice	卷映射对象是一个字符设备，且必须存在
BlockDevice	卷映射对象是一个块设备，且必须存在

---
kind: Pod
apiVersion: v1
metadata:
  name: web1
spec:
  volumes:
    - name: website
      nfs:
        server: 192.168.1.10
        path: /var/webroot
  containers:
    - name: nginx
      image: myos:nginx
      volumeMounts:
        - name: website
          mountPath: /usr/local/nginx/html

---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: pv-local
spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  capacity:
    storage: 30Gi
  persistentVolumeReclaimPolicy: Retain
  hostPath:
    path: /var/weblog
    type: DirectoryOrCreate
---
kind: PersistentVolume
apiVersion: v1
metadata:
  name: pv-nfs
spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
    - ReadOnlyMany
    - ReadWriteMany
  capacity:
    storage: 20Gi
  persistentVolumeReclaimPolicy: Retain
  mountOptions:
    - nolock
  nfs:
    server: 192.168.1.10
    path: /var/webroot

---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc1
spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteOnce
  resources:
    requests:
      storage: 25Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
  name: pvc2
spec:
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 15Gi

---
kind: Pod
apiVersion: v1
metadata:
  name: web1
spec:
  volumes:
    - name: logdata
      persistentVolumeClaim:
        claimName: pvc1
    - name: website
      persistentVolumeClaim:
        claimName: pvc2
  containers:
    - name: nginx
      image: myos:nginx
      volumeMounts:
        - name: logdata
          mountPath: /usr/local/nginx/logs
        - name: website
          mountPath: /usr/local/nginx/html

---
kind: ConfigMap
apiVersion: v1
metadata:
  name: timezone
data:
  TZ: Asia/Shanghai

---
kind: Pod
apiVersion: v1
metadata:
  name: web1
spec:
  containers:
    - name: nginx
      image: myos:nginx
      envFrom:
        - configMapRef:
            name: timezone
      volumeMounts:
        - name: logdata
          mountPath: /usr/local/nginx/logs
        - name: website
          mountPath: /usr/local/nginx/html

kubectl create secret docker-registry harbor-auth --docker server=harbor:443 --docker-username="admin" --docker-password="admin123"
kubectl get secrets harbor-auth -o yaml

---
kind: Pod
apiVersion: v1
metadata:
  name: web2
spec:
  imagePullSecrets:
    - name: harbor-auth
  containers:
    - name: apache
      image: harbor:443/myimg/httpd:latest

---
kind: Pod
apiVersion: v1
metadata:
  name: web2
spec:
  imagePullSecrets:
    - name: harbor-auth
  volumes:
    - name: cache
      emptyDir: {}
  containers:
    - name: apache
      image: harbor:443/myimg/httpd:latest
      volumeMounts:
        - name: cache
          mountPath: /var/cache

Kubernetes 集群管理与核心组件详解

一、集群管理命令

二、命名空间

1. 获取命名空间列表

2. 创建命名空间

3. 删除命名空间

4. 查看命名空间详情

三、Pod

1. Pod 概述

2. Pod 相位状态

3. 管理命令

3.1 获取命名空间下容器 (pod) 列表

3.2 查看 pod 的详细信息

3.3 创建 && 运行

3.4 删除 pod

3.5 进入容器

3.6 根据资源对象文件运行命令

3.7 排错三兄弟

4. 污点策略

4.1 概述

4.2 设置并查看污点标签

4.3 删除污点标签

四、资源对象文件

1. 资源对象文件相关帮助

1.1 Pod 的资源清单

1.2 最基础 Pod 资源对象文件

1.3 自动生成模板命令

1.4 查询帮助信息

2. Pod

2.1 Pod 自定义命令

2.2 restartPolicy 保护策略

2.3 terminationGracePeriodSeconds 宽限期策略

2.4 activeDeadlineSeconds 策略

2.5 多容器 Pod

3. Pod 容忍策略

3.1 精确匹配策略

3.2 模糊匹配策略

4. 优先级与抢占

4.1 非抢占优先级

4.2 抢占优先级

5. Pod 调度策略

5.1 定向调度

5.2 标签调度

6. Pod 资源管理

6.1 内存资源配额

6.2 计算资源配额

6.3 综合资源配额

6.4 内存 CPU 限额

7. 全局资源管理

7.1 LimitRange

7.2 ResourceQuota

五、控制器

1. Deployment

1.1 扩缩容

1.2 镜像更新

1.3 滚动更新策略

1.4 版本回滚

1.5 金丝雀发布

1.6 删除控制器方法

2. DaemonSet

2.1 DS 控制器会受到污点策略的影响

3. Job/CronJob

3.1 Job

3.2 CronJob

4. 基础控制器的区别

4.1 Deployment

4.2 DaemonSet

4.3 CronJob/Job

5. StatefulSet

5.1 headless 服务

5.2 StatefulSet 资源配置文件

6. Horizontal Pod Autoscaler(HPA)控制器

六、Service

6.1 ClusterIP

6.2 nodePort

6.3 Ingress

七、存储卷管理

1. 持久卷

1.1 hostPath

1.2 NFS