在安裝完 Kubernetes 服務後,你可能會發現你有時需要寫 shell 腳本來執行 kubectl 的某些複雜行為或取得特定資訊,這時您可以考慮將插件(plugins)安裝到 kubectl命令中,以實現自定義的功能,簡化管理步驟。而管理插件最簡單的方法是Krew。 本文將透過 Krew 來安裝並介紹一些有用的插件。
本文英文版發表在 https://darumatic.com/blog/improve_kubectl_command_with_krew
如有任何疑問,歡迎寄信與我聯絡 brandon@darumatic.com
確定 git 已經安裝。
執行以下指令來下載並安裝 krew。
(
set -x; cd "$(mktemp -d)" &&
curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/krew.{tar.gz,yaml}" &&
tar zxvf krew.tar.gz &&
KREW=./krew-"$(uname | tr '[:upper:]' '[:lower:]')_amd64" &&
"$KREW" install --manifest=krew.yaml --archive=krew.tar.gz &&
"$KREW" update
)
.bashrc 或 .zshrc 文件,並添加:export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
kubectl krew 確定有安裝成功。$ kubectl krew
krew is the kubectl plugin manager.
You can invoke krew through kubectl: "kubectl krew [command]..."
Usage:
krew [command]
Available Commands:
help Help about any command
info Show information about a kubectl plugin
install Install kubectl plugins
list List installed kubectl plugins
search Discover kubectl plugins
uninstall Uninstall plugins
update Update the local copy of the plugin index
upgrade Upgrade installed plugins to newer versions
version Show krew version and diagnostics
Flags:
-h, --help help for krew
-v, --v Level number for the log level verbosity
Use "krew [command] --help" for more information about a command.
搜索所有插件
$ kubectl krew search
NAME DESCRIPTION INSTALLED
access-matrix Show an RBAC access matrix for server resources no
advise-psp Suggests PodSecurityPolicies for cluster. no
apparmor-manager Manage AppArmor profiles for cluster. no
auth-proxy Authentication proxy to a pod or service no
bulk-action Do bulk actions on Kubernetes resources. no
ca-cert Print the PEM CA certificate of the current clu... no
capture Triggers a Sysdig capture to troubleshoot the r... no
change-ns View or change the current namespace via kubectl. no
...
獲取特定插件的詳細信息 kubectl krew info <Plugin Name>
$ kubectl krew info grep
NAME: grep
URI: https://github.com/guessi/kubectl-grep/releases/download/v1.2.2/kubectl-grep-Darwin-x86_64.tar.gz
SHA256: cef6f2642ba8f284e2a675314cfb352f53ce2b9ea0202348e4a9015a5f8f66be
VERSION: v1.2.2
HOMEPAGE: https://github.com/guessi/kubectl-grep
DESCRIPTION:
Filter Kubernetes resources by matching their names
Examples:
List all pods in all namespaces
$ kubectl grep pods --all-namespaces
List all pods in namespace "star-lab" which contain the keyword "flash"
$ kubectl grep pods -n star-lab flash
No more pipe, built-in grep :-)
CAVEATS:
\
| This plugin requires an existing KUBECONFIG file, with a `current-context` field set.
|
| Usage:
|
| $ kubectl grep # output help messages
|
| More Info:
| - https://github.com/guessi/kubectl-grep
/
也稱為"kubens",用於設置及切換當前 Namespace。
$ kubectl krew install ns
$ kubectl ns kube-system
Context "minikube" modified.
Active namespace is "kube-system".
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
coredns-66bff467f8-7xkvh 1/1 Running 2 41d
coredns-66bff467f8-wkktf 1/1 Running 2 41d
etcd-minikube 1/1 Running 2 41d
kube-apiserver-minikube 1/1 Running 2 41d
kube-controller-manager-minikube 1/1 Running 2 41d
kube-proxy-vwm6d 1/1 Running 2 41d
kube-scheduler-minikube 1/1 Running 2 41d
storage-provisioner 1/1 Running 3 41d
也稱為 "kubectx", 當你有很多 Kubernetes clusters 時,你可以利用此插件來切換到不同的cluster。
$ kubectl krew install ctx
$ kubectl ctx
minikube
$ kubectl ctx minikube
Switched to context "minikube"
此插件類似 kubectl get all ,但是真的可以列出所有的資源。
例如,原始的 kubectl get all 命令無法在 kube-public Namespaces 中找到任何資源。
$ kubectl get all -n kube-public
No resources found in kube-public namespace.
使用此插件,我們可以獲得所有資源的列表,包括 configmaps, secrets 和 serviceaccount 等.
$ kubectl krew install get-all
$ kubectl get-all -n kube-public
NAME NAMESPACE AGE
configmap/cluster-info kube-public 41d
secret/default-token-lg6sh kube-public 41d
serviceaccount/default kube-public 41d
rolebinding.rbac.authorization.k8s.io/kubeadm:bootstrap-signer-clusterinfo kube-public 41d
rolebinding.rbac.authorization.k8s.io/system:controller:bootstrap-signer kube-public 41d
role.rbac.authorization.k8s.io/kubeadm:bootstrap-signer-clusterinfo kube-public 41d
role.rbac.authorization.k8s.io/system:controller:bootstrap-signer kube-public 41d
該插件顯示了 Kubernetes 中使用的容器映像檔。
$ kubectl krew install images
$ kubectl images -A
[Summary]: 2 namespaces, 9 pods, 9 containers and 8 different images
+-----------------------------------+-------------------------+------------------------------------------------+
| PodName | ContainerName | ContainerImage |
+-----------------------------------+-------------------------+------------------------------------------------+
| nginx-deployment-6b768b47c4-99g55 | nginx | nginx:1.14.2 |
+-----------------------------------+-------------------------+------------------------------------------------+
| coredns-66bff467f8-7xkvh | coredns | k8s.gcr.io/coredns:1.6.7 |
+-----------------------------------+ + +
| coredns-66bff467f8-wkktf | | |
+-----------------------------------+-------------------------+------------------------------------------------+
| etcd-minikube | etcd | k8s.gcr.io/etcd:3.4.3-0 |
+-----------------------------------+-------------------------+------------------------------------------------+
| kube-apiserver-minikube | kube-apiserver | k8s.gcr.io/kube-apiserver:v1.18.2 |
+-----------------------------------+-------------------------+------------------------------------------------+
| kube-controller-manager-minikube | kube-controller-manager | k8s.gcr.io/kube-controller-manager:v1.18.2 |
+-----------------------------------+-------------------------+------------------------------------------------+
| kube-proxy-vwm6d | kube-proxy | k8s.gcr.io/kube-proxy:v1.18.2 |
+-----------------------------------+-------------------------+------------------------------------------------+
| kube-scheduler-minikube | kube-scheduler | k8s.gcr.io/kube-scheduler:v1.18.2 |
+-----------------------------------+-------------------------+------------------------------------------------+
| storage-provisioner | storage-provisioner | gcr.io/k8s-minikube/storage-provisioner:v1.8.1 |
+-----------------------------------+-------------------------+------------------------------------------------+
該插件可用於顯示當前登入的帳號。
$ kubectl krew install whoami
$ kubectl whoami
kubecfg:certauth:admin
Role 和 ClusterRole 是 Kubernetes 用來管理權限的資源。
該插件可以輕鬆找到與任何 User,Group 或 service account 綁定的 Roles 和 Cluster Roles。
$ kubectl krew install rbac-lookup
$ kubectl rbac-lookup --kind user
SUBJECT SCOPE ROLE
system:anonymous kube-public Role/kubeadm:bootstrap-signer-clusterinfo
system:kube-controller-manager kube-system Role/extension-apiserver-authentication-reader
system:kube-controller-manager kube-system Role/system::leader-locking-kube-controller-manager
system:kube-controller-manager cluster-wide ClusterRole/system:kube-controller-manager
system:kube-proxy cluster-wide ClusterRole/system:node-proxier
system:kube-scheduler kube-system Role/extension-apiserver-authentication-reader
system:kube-scheduler kube-system Role/system::leader-locking-kube-scheduler
system:kube-scheduler cluster-wide ClusterRole/system:kube-scheduler
system:kube-scheduler cluster-wide ClusterRole/system:volume-scheduler
這個插件可以通過匹配資源的名稱來過濾 Kubernetes 資源列表,而不是通過複雜的指令搜索資源。
在安裝此插件之前,我們通常通過以下命令過濾 Pod 列表,
$ kubectl get pods | grep "keyword"
$ kubectl get pods -o wide | grep "keyword"
安裝此插件後,您可以輕鬆地使用 kubectl grep 來達到相同目的
$ kubectl grep pods "keyword"
$ kubectl grep pods "keyword" -o wide
使用Kubernetes時,Kubectl 插件可以使生活更輕鬆。 如果找不到適合您的插件,可以參考官方手冊:如何編寫自己的插件.
iThome鐵人賽
看影片追技術