1、kubectl 命令可以列出所有命令
2、kubectl version 命令可以查看版本号
3、kubectl cluster-info命令可以查看集群信息(192.168.218.136:6443 即为kube-apiserver的IP和端口。)
[root@k8s-master ~]# kubectl cluster-info
Kubernetes master is running at https://192.168.218.136:6443
KubeDNS is running at https://192.168.218.136:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
4、也可以通过 用户主目录下的.kube/config文件查看集群信息
用户主目录下的.kube/config
[root@k8s-master ~]# cat .kube/config
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FUR...0VSVElGSUNBVEUtLS0tLQo=
server: https://192.168.218.136:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1J....BVEUtLS0tLQo=
client-key-data: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS...QVRFIEtFWS0tLS0tCg==
5、还可以通过config view命令查看配置
[root@k8s-master ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.218.136:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
---然后可以通过curl访问 api server api接口。 也可以使用 10中的proxy访问api接口。
curl -k https://192.168.218.136:6443 --cert /etc/kubernetes/pki/apiserver-kubelet-client.crt --key /etc/kubernetes/pki/apiserver-kubelet-client.key
6、通过kubectl get node 查看节点信息
7、可通过kubectl get ns 拆开所有命名空间
8、通过kubectl get pod -A 查看所有命名空间下的pod
9、通过kubectl get svc-A 查看所有命名空间下的svc
10、kubectl proxy 命令开启代理
[root@k8s-master ~]# kubectl proxy --port=8080
Starting to serve on 127.0.0.1:8080
11、通过proxy http接口访问k8s
[root@k8s-master ~]# curl 127.0.0.1:8080
{
"paths": [
"/api",
"/api/v1",
"/apis",
"/apis/",
"/apis/apps",
"/apis/apps/v1",
"/apis/autoscaling",
"/apis/autoscaling/v1",
"/apis/autoscaling/v2beta1",
"/apis/autoscaling/v2beta2",
"/apis/batch",
"/apis/batch/v1",
"/apis/extensions",
"/apis/extensions/v1beta1",
"/apis/networking.k8s.io",
"/apis/networking.k8s.io/v1",
"/apis/networking.k8s.io/v1beta1",
"/apis/node.k8s.io",
"/apis/node.k8s.io/v1beta1",
"/apis/policy",
"/apis/policy/v1beta1",
"/healthz",
"/healthz/autoregister-completion",
"/healthz/etcd",
"/healthz/log",
"/healthz/ping",
"/livez",
"/livez/autoregister-completion",
"/livez/etcd",
"/livez/log",
"/livez/ping",
"/logs",
"/metrics",
"/openapi/v2",
"/readyz",
"/readyz/autoregister-completion",
"/readyz/etcd",
"/readyz/log",
"/readyz/ping",
"/readyz/shutdown",
"/version"
......
[root@k8s-master ~]# curl 127.0.0.1:8080/livez/ping
ok
[root@k8s-master ~]# curl 127.0.0.1:8080/version
{
"major": "1",
"minor": "18",
"gitVersion": "v1.18.0",
"gitCommit": "9e991415386e4cf155a24b1da15becaa390438d8",
"gitTreeState": "clean",
"buildDate": "2020-03-25T14:50:46Z",
"goVersion": "go1.13.8",
"compiler": "gc",
"platform": "linux/amd64"
}
[root@k8s-master ~]# curl 127.0.0.1:8080/healthz
ok
[root@k8s-master ~]# curl 127.0.0.1:8080/healthz/etcd
ok
[root@k8s-master ~]# curl 127.0.0.1:8080/healthz/log
ok
[root@k8s-master ~]# curl 127.0.0.1:8080/api
{
"kind": "APIVersions",
"versions": [
"v1"
],
"serverAddressByClientCIDRs": [
{
"clientCIDR": "0.0.0.0/0",
"serverAddress": "192.168.218.136:6443"
}
]
}
[root@k8s-master ~]# curl 127.0.0.1:8080/api/v1
{
"kind": "APIResourceList",
"groupVersion": "v1",
"resources": [
{
"name": "bindings",
"singularName": "",
"namespaced": true,
"kind": "Binding",
"verbs": [
"create"
]
},
{
"name": "componentstatuses",
"singularName": "",
"namespaced": false,
"kind": "ComponentStatus",
"verbs": [
"get",
"list"
],
"shortNames": [
"cs"
]
},
curl 127.0.0.1:8080/api/v1/pods --查看所有pods
curl 127.0.0.1:8080/api/v1/namespaces/kube-system/pods/kube-scheduler-k8s-master --查看 某个命名空间下的某个pod
20、kubelet,kube-scheduler-k8s-master、kube-controller-manager-k8s-master、kube-proxy-s8v4t 是如何找到 知道kubeapiserver的接口地址的呢?
他们都挂载了自己的配置文件,在 /etc/kubernetes/ 目录下。
其中 admin.conf 会被拷贝到 用户家目录下的 .kube/config 文件中。
即cp /etc/kubernetes/admin.conf ~/.kube/config
[root@k8s-master ~]# ll /etc/kubernetes/
-rw------- 1 root root 5451 7月 28 19:38 admin.conf
-rw------- 1 root root 5491 7月 28 19:38 controller-manager.conf
-rw------- 1 root root 1879 7月 28 19:38 kubelet.conf
drwxr-xr-x 2 root root 113 7月 28 19:38 manifests
drwxr-xr-x 3 root root 4096 7月 28 19:38 pki
-rw------- 1 root root 5439 7月 28 19:38 scheduler.conf
另外,证书文件都放在pki目录下。
21、kubeapiserver 也可以开启http端口,这样就不需要证书了。
22、查看日志
kubectl logs kube-scheduler-k8s-master -n kube-system
kubectl logs kube-scheduler-k8s-master -c kube-scheduler -n kube-system
22、proxy的代理功能
curl http://ip:8080/api/v1/proxy/namespace/{namespace}/services/{name} 相当于访问services的url
curl http://ip:8080/api/v1/proxy/namespace/{namespace}/pods/{name} 相当于访问pod的url
23、访问etcd数据库
登录到k8s的etcd容器中,设置下面的环境变量
export ETCDCTL_ENDPOINTS=https://127.0.0.1:2379
export ETCDCTL_CACERT=/etc/kubernetes/pki/etcd/ca.crt
export ETCDCTL_CERT=/etc/kubernetes/pki/etcd/healthcheck-client.crt
export ETCDCTL_KEY=/etc/kubernetes/pki/etcd/healthcheck-client.key
export ETCDCTL_API=3
然后就可以通过etcdctl命令访问etcd数据库了
etcdctl get /gaofeng/name
etcdctl put /gaofeng/name gg
etcdctl get --prefix --keys-only /
etcdctl get /registry/services/specs/default/kubernetes
![[译] APT分析报告:13.Trellix对Iran网络空间能力评估](https://i-blog.csdnimg.cn/direct/f43ef1c85ff847e6b87175fd1ab10fce.png#pic_center)
