Kubernetes标签和标签选择器

标签

标签中的键名称通常由“键前缀”和“键名”组成，其格式形如“KEY_PREFIX/KEY_NAME”，键前缀为可选部分。键名至多能使用63个字符，支持字母、数字、连接号（-）、下划线（_）、点号（.）等字符，且只能以字母或数字开头。而键前缀必须为DNS子域名格式，且不能超过253个字符。省略键前缀时，键将被视为用户的私有数据。那些由Kubernetes系统组件或第三方组件自动为用户资源添加的键必须使用键前缀，kubernetes.io/和k8s.io/前缀预留给了kubernetes的核心组件使用，例如Node对象上常用的kubernetes.io/os、kubernetes.io/arch和kubernetes.io/hostname等。

标签的键值必须不能多于63个字符，它要么为空，要么是以字母或数字开头及结尾，且中间仅使用了字母、数字、连接号（-）、下划线（_）或点号（.）等字符的数据。

添加删除标签

命令行下添加删除标签

# Update pod 'foo' with the label 'unhealthy' and the value 'true'.
kubectl label pods foo unhealthy=true

# Update pod 'foo' with the label 'status' and the value 'unhealthy', overwriting any existing value.
kubectl label --overwrite pods foo status=unhealthy

# Update all pods in the namespace
kubectl label pods --all status=unhealthy

# Update a pod identified by the type and name in "pod.json"
kubectl label -f pod.json status=unhealthy

# Update pod 'foo' only if the resource is unchanged from version 1.
kubectl label pods foo status=unhealthy --resource-version=1

# Update pod 'foo' by removing a label named 'bar' if it exists.
# Does not require the --overwrite flag.
kubectl label pods foo bar-

应用打标规范

• 版本标签：”release” : “stable”，”release” : “canary”，”release” : “beta”。
• 环境标签：”environment” : “dev”，”environment” : “qa”，”environment” : “prod”。
• 应用标签：”app” : “ui”，”app” : “as”，”app” : “pc”，”app” : “sc”。
• 架构层级标签：”tier” : “frontend”，”tier” : “backend”, “tier” : “cache”。
• 分区标签：”partition” : “customerA”，”partition” : “customerB”。
• 品控级别标签：”track” : “daily”，”track” : “weekly”。

标签选择器

标签选择器用于表达标签的查询条件或选择标准，Kubernetes API目前支持两个选择器：基于等值关系（equality-based）的标签选项器以及基于集合关系（set-based）的标签选择器。同时指定多个选择器时需要以逗号将其分隔，各选择器之间遵循“与”逻辑，即必须要满足所有条件，而且空值的选择器将不选择任何对象。

基于等值关系的标签选择器的可用操作符有=、==和!=三种，其中前两个意义相同，都表示“等值”关系，最后一个表示“不等”。例如env=dev和env!=prod都是基于等值关系的选择器，而tier in (frontend,backend)则是基于集合关系的选择器。

创建标签时：release=alpha, 表示为资源进行打标。

标签选择器使用：release==alpha，表示过滤有release=alpha这个标签的资源，才符合条件。

• KEY in (VALUE1,VALUE2,…) ：指定的键名的值存在于给定的列表中即满足条件；
• KEY notin (VALUE1,VALUE2,…) ：指定的键名的值不存在于给定列表中即满足条件；
• KEY：所有存在此键名标签的资源；
• !KEY：所有不存在此键名标签的资源。

标签选择器使用示例

当前集群中的pod

root@k8s-master01:~/yaml/chapter07# kubectl get pods --show-labels 
NAME                                READY   STATUS             RESTARTS   AGE     LABELS
all-in-one                          2/2     Running            0          20h     <none>
demoapp-5f7d8f9847-jrfm6            1/1     Running            0          6d21h   app=demoapp,pod-template-hash=5f7d8f9847
demoapp-5f7d8f9847-r7h7b            1/1     Running            0          6d18h   app=demoapp,pod-template-hash=5f7d8f9847
demoapp-5f7d8f9847-v7ft8            1/1     Running            0          6d21h   app=demoapp,pod-template-hash=5f7d8f9847
init-container-demo                 1/1     Running            0          2d23h   <none>
lifecycle-demo                      1/1     Running            0          3d1h    <none>
liveness-exec-demo                  1/1     Running            2          3d19h   <none>
liveness-httpget-demo               1/1     Running            1          3d6h    <none>
liveness-tcpsocket-demo             1/1     Running            1410       3d7h    <none>
memleak-pod                         0/1     CrashLoopBackOff   563        47h     app=memleak
mypod                               1/1     Running            0          5d23h   app=mypod,release=canary
mypod-host-network                  1/1     Running            0          5d      app=demoapp,release=canary
mypod-with-env-var                  1/1     Running            0          5d1h    app=mypod,release=canary
mypod-with-ports                    1/1     Running            0          5d      app=mypod,release=canary
readiness-httpget-demo              0/1     Running            0          3d2h    <none>
securitycontext-capabilities-demo   1/1     Running            0          4d      <none>
securitycontext-runasuser-demo      1/1     Running            0          4d1h    <none>
securitycontext-sysctls-demo        1/1     Running            0          3d23h   <none>
sidecar-container-demo              2/2     Running            0          2d23h   <none>
stress-pod                          1/1     Running            1          47h     <none>

过滤出有app=demoapp的pod

root@k8s-master01:~/yaml/chapter07# kubectl get pods -l app=demoapp --show-labels 
NAME                       READY   STATUS    RESTARTS   AGE     LABELS
demoapp-5f7d8f9847-jrfm6   1/1     Running   0          6d21h   app=demoapp,pod-template-hash=5f7d8f9847
demoapp-5f7d8f9847-r7h7b   1/1     Running   0          6d19h   app=demoapp,pod-template-hash=5f7d8f9847
demoapp-5f7d8f9847-v7ft8   1/1     Running   0          6d21h   app=demoapp,pod-template-hash=5f7d8f9847
mypod-host-network         1/1     Running   0          5d      app=demoapp,release=canary

也可以使用不等来过滤pod

root@k8s-master01:~/yaml/chapter07# kubectl get pods -l app!=demoapp --show-labels 
NAME                                READY   STATUS             RESTARTS   AGE     LABELS
all-in-one                          2/2     Running            0          21h     <none>
init-container-demo                 1/1     Running            0          3d      <none>
lifecycle-demo                      1/1     Running            0          3d1h    <none>
liveness-exec-demo                  1/1     Running            2          3d19h   <none>
liveness-httpget-demo               1/1     Running            1          3d6h    <none>
liveness-tcpsocket-demo             0/1     CrashLoopBackOff   1415       3d7h    <none>
memleak-pod                         0/1     CrashLoopBackOff   566        47h     app=memleak
mypod                               1/1     Running            0          5d23h   app=mypod,release=canary
mypod-with-env-var                  1/1     Running            0          5d1h    app=mypod,release=canary
mypod-with-ports                    1/1     Running            0          5d      app=mypod,release=canary
readiness-httpget-demo              0/1     Running            0          3d2h    <none>
securitycontext-capabilities-demo   1/1     Running            0          4d      <none>
securitycontext-runasuser-demo      1/1     Running            0          4d1h    <none>
securitycontext-sysctls-demo        1/1     Running            0          3d23h   <none>
sidecar-container-demo              2/2     Running            0          2d23h   <none>
stress-pod                          1/1     Running            2          2d      <none>

# 需要注意此处使用不等于时，没有LABEL的pod也会被选中。

选中所有没有app标签的pod

root@k8s-master01:~/yaml/chapter07# kubectl get pods -l '!app' --show-labels     # 需要注意此处需要使用单引号，否则将作为shell命令执行。
NAME                                READY   STATUS             RESTARTS   AGE     LABELS
all-in-one                          2/2     Running            0          21h     <none>
init-container-demo                 1/1     Running            0          3d      <none>
lifecycle-demo                      1/1     Running            0          3d1h    <none>
liveness-exec-demo                  1/1     Running            2          3d19h   <none>
liveness-httpget-demo               1/1     Running            1          3d6h    <none>
liveness-tcpsocket-demo             0/1     CrashLoopBackOff   1417       3d7h    <none>
readiness-httpget-demo              0/1     Running            0          3d3h    <none>
securitycontext-capabilities-demo   1/1     Running            0          4d      <none>
securitycontext-runasuser-demo      1/1     Running            0          4d2h    <none>
securitycontext-sysctls-demo        1/1     Running            0          3d23h   <none>
sidecar-container-demo              2/2     Running            0          2d23h   <none>
stress-pod                          1/1     Running            2          2d      <none>

对app键的值做判断

root@k8s-master01:~/yaml/chapter07# kubectl get pods -l 'app in (mypod,demoapp)' --show-labels 
NAME                       READY   STATUS    RESTARTS   AGE     LABELS
demoapp-5f7d8f9847-jrfm6   1/1     Running   0          6d21h   app=demoapp,pod-template-hash=5f7d8f9847
demoapp-5f7d8f9847-r7h7b   1/1     Running   0          6d19h   app=demoapp,pod-template-hash=5f7d8f9847
demoapp-5f7d8f9847-v7ft8   1/1     Running   0          6d22h   app=demoapp,pod-template-hash=5f7d8f9847
mypod                      1/1     Running   0          5d23h   app=mypod,release=canary
mypod-host-network         1/1     Running   0          5d      app=demoapp,release=canary
mypod-with-env-var         1/1     Running   0          5d1h    app=mypod,release=canary
mypod-with-ports           1/1     Running   0          5d1h    app=mypod,release=canary

对app键做不存在判断

root@k8s-master01:~/yaml/chapter07# kubectl get pods -l 'app notin (mypod,demoapp)' --show-labels 
NAME                                READY   STATUS             RESTARTS   AGE     LABELS
all-in-one                          2/2     Running            0          21h     <none>
init-container-demo                 1/1     Running            0          3d      <none>
lifecycle-demo                      1/1     Running            0          3d1h    <none>
liveness-exec-demo                  1/1     Running            2          3d19h   <none>
liveness-httpget-demo               1/1     Running            1          3d6h    <none>
liveness-tcpsocket-demo             0/1     CrashLoopBackOff   1419       3d8h    <none>
memleak-pod                         0/1     CrashLoopBackOff   569        2d      app=memleak
readiness-httpget-demo              0/1     Running            0          3d3h    <none>
securitycontext-capabilities-demo   1/1     Running            0          4d      <none>
securitycontext-runasuser-demo      1/1     Running            0          4d2h    <none>
securitycontext-sysctls-demo        1/1     Running            0          3d23h   <none>
sidecar-container-demo              2/2     Running            0          3d      <none>
stress-pod                          1/1     Running            2          2d      <none>

# app键不存在和app的值非mypod或demoapp时都会被选中

对多个键值过滤

root@k8s-master01:~/yaml/chapter07# kubectl get pods -l 'app=demoapp,release=canary' --show-labels 
NAME                 READY   STATUS    RESTARTS   AGE   LABELS
mypod-host-network   1/1     Running   0          5d    app=demoapp,release=canary

# app和release之间为与逻辑必须要同时满足