kubectl 操作与应用部署
kubectl 是你与 K8s 集群沟通的唯一接口。它发送 API 请求给 API Server,其余的由集群自动完成。本节通过部署一个真实 Web 应用覆盖最常用的操作。
完整部署流程
graph LR
WRITE["编写 YAML 清单\n(Deployment + Service\n+ Ingress)"] --> APPLY["kubectl apply -f\n声明式应用配置"]
APPLY --> WATCH["kubectl get pods -w\n观察 Pod 启动状态"]
WATCH --> CHECK["kubectl logs / describe\n排查启动问题"]
CHECK --> EXPOSE["Service 暴露\n集群内访问就绪"]
EXPOSE --> INGRESS["Ingress 绑定域名\nHTTPS 对外访问"]
部署一个 Web 应用(完整 YAML)
# app-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: myapp
namespace: production
spec:
replicas: 2
selector:
matchLabels:
app: myapp
template:
metadata:
labels:
app: myapp
spec:
containers:
- name: myapp
image: nginx:1.25-alpine
ports:
- containerPort: 80
resources:
requests:
memory: "64Mi"
cpu: "100m"
limits:
memory: "128Mi"
cpu: "250m"
env:
- name: APP_ENV
value: "production"
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: myapp-secret
key: db-password
---
apiVersion: v1
kind: Service
metadata:
name: myapp-svc
namespace: production
spec:
selector:
app: myapp
ports:
- port: 80
targetPort: 80
type: ClusterIP
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: myapp-ingress
namespace: production
annotations:
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: myapp.example.com
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: myapp-svc
port:
number: 80
常用 kubectl 命令速查
# ===== 查看状态 =====
kubectl get pods -n production # 列出所有 Pod
kubectl get pods -n production -w # 实时监看状态变化
kubectl get deployments -A # 所有 Namespace 的 Deployment
kubectl describe pod myapp-xxx -n production # 详细诊断信息
# ===== 日志与调试 =====
kubectl logs myapp-xxx -n production # 查看 Pod 日志
kubectl logs myapp-xxx -n production -f # 持续跟踪日志
kubectl logs myapp-xxx -c myapp # 多容器时指定容器名
kubectl exec -it myapp-xxx -n production -- /bin/sh # 进入容器
# ===== 应用变更 =====
kubectl apply -f app-deployment.yaml # 应用/更新配置(声明式)
kubectl rollout status deploy/myapp -n production # 滚动部署进度
kubectl rollout undo deploy/myapp -n production # 回滚上一版本
kubectl scale deploy/myapp --replicas=4 -n production # 手动扩容
# ===== ConfigMap 与 Secret =====
kubectl create configmap app-config \
--from-literal=LOG_LEVEL=info \
--from-literal=CACHE_TTL=300 -n production
kubectl create secret generic myapp-secret \
--from-literal=db-password='your-password' -n production
# ===== 清理 =====
kubectl delete -f app-deployment.yaml # 删除整个部署
kubectl delete pod myapp-xxx --force # 强制删除卡住的 Pod
排查 Pod 不启动的标准流程
| 状态 | 含义 | 排查方法 |
|---|---|---|
Pending | 无可用节点调度 | kubectl describe pod → Events 栏 |
ImagePullBackOff | 镜像拉取失败 | 检查 image 名称/标签/私有仓库认证 |
CrashLoopBackOff | 容器反复崩溃 | kubectl logs 查启动报错 |
OOMKilled | 内存超 limit 被杀 | 调高 resources.limits.memory |
Running 但不通 | 应用内部错误 | kubectl exec 进容器测试连通性 |
本节执行清单
- [ ] 创建
productionNamespace 并部署示例应用 - [ ] 用
kubectl get pods -w观察 Pod 从Pending到Running - [ ] 用
kubectl logs查看应用日志,用describe查到 Events - [ ] 练习
kubectl rollout undo回滚一次部署
下一节:健康检查、滚动更新与资源限制