• kubernetes云平台管理实战:常用命令大全(十二)


    一、获取集群相关信息

    获取集群版本

    [root@master ~]# kubectl version --short=true
    Client Version: v1.16.7
    Server Version: v1.16.7

    kubernetes集群以及部署的附件CoreDNS等提供了多种不同的服务,客户端访问这些服务时需要事先了解其访问接口

    获取集群信息

    [root@master ~]# kubelet cluster-info
    Kubernetes master is running at http://localhost:8080
    To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'

    获取node节点

    [root@master ~]# kubectl get node
    NAME     STATUS   ROLES    AGE    VERSION
    master   Ready    master   6d3h   v1.16.7
    node1    Ready    worker   6d3h   v1.16.7
    node2    Ready    <none>   6d3h   v1.16.7

    二、创建资源对象

    1、命令创建

    [root@master ~]# kubectl run nginx-deloy --image=nginx:1.12 --replicas=2
    kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead.
    deployment.apps/nginx-deloy created

    2、yaml文件创建

    编辑k8s_pod.yml文件

    [root@k8s-master ~]# cat k8s_pod.yml
    apiVersion: v1
    kind: Pod
    metadata:
      name: nginx
      labels:
        app: web
    spec:
      containers:
        - name: nginx
          image: 10.0.128.0:5000/nginx:latest
          ports:
            - containerPort: 80
    

    启动pod

    [root@k8s-master ~]# kubectl create -f k8s_pod.yml
    pod "nginx" created

    3、声明式配置

    kubectl create -f nginx_deploy.yml
    kubectl run nginx --image=10.0.128.0:5000/nginx:1.13 --replicas=5 
    kubectl run nginx --image=10.0.128.0:5000/nginx:1.13 --replicas=5 --record

    三、查看资源对象

    示例二

    [root@master ~]# kubectl get namespaces 
    NAME STATUS AGE
    default Active 4d
    demo-project Active 3d21h
    ingress-demo Active 40h
    istio-system Active 4d
    kube-node-lease Active 4d
    kube-public Active 4d
    kube-system Active 4d
    kubesphere-alerting-system Active 4d
    kubesphere-controls-system Active 4d
    kubesphere-devops-system Active 4d
    kubesphere-logging-system Active 4d
    kubesphere-monitoring-system Active 4d
    kubesphere-sample-dev Active 2d22h
    kubesphere-sample-prod Active 2d22h
    kubesphere-system Active 4d
    namespace Active 3d19h
    openpitrix-system Active 4d
    

    示例二

    [root@master ~]# kubectl get pods,services
    NAME READY STATUS RESTARTS AGE
    pod/load-generator-5fb4fb465b-9k9js 1/1 Running 0 3d14h
    pod/nginx-deloy-6c8868f55c-j45fr 1/1 Running 0 4m50s
    pod/nginx-deloy-6c8868f55c-sq2wz 1/1 Running 0 4m50s
    pod/php-apache-695cb9659c-hx6vp 0/1 ImagePullBackOff 0 3d14h
    
    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
    service/kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 4d
    service/php-apache ClusterIP 10.233.10.49 <none> 80/TCP 3d14h
    [root@master ~]# kubectl get pods,services -o wide
    NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
    pod/load-generator-5fb4fb465b-9k9js 1/1 Running 0 3d14h 10.233.90.47 node1 <none> <none>
    pod/nginx-deloy-6c8868f55c-j45fr 1/1 Running 0 4m56s 10.233.90.105 node1 <none> <none>
    pod/nginx-deloy-6c8868f55c-sq2wz 1/1 Running 0 4m56s 10.233.96.78 node2 <none> <none>
    pod/php-apache-695cb9659c-hx6vp 0/1 ImagePullBackOff 0 3d14h 10.233.90.46 node1 <none> <none>
    
    NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
    service/kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 4d <none>
    service/php-apache ClusterIP 10.233.10.49 <none> 80/TCP 3d14h run=php-apache

    获取指定Namespace对象中的资源对象的信息

    [root@master ~]# kubectl get pods -l k8s-app -n kube-system 
    NAME READY STATUS RESTARTS AGE
    calico-kube-controllers-79c9854776-89tp2 1/1 Running 0 4d
    calico-node-286tw 1/1 Running 1 4d
    calico-node-h2nwg 1/1 Running 1 4d
    calico-node-rzvq7 1/1 Running 1 4d
    coredns-7f9d8dc6c8-pvxqz 1/1 Running 0 4d
    dns-autoscaler-796f4ddddf-twhhf 1/1 Running 0 4d
    kube-proxy-9zgrh 1/1 Running 0 4d
    kube-proxy-dbnz2 1/1 Running 0 4d
    kube-proxy-wzq9q 1/1 Running 0 4d
    nodelocaldns-86xf8 1/1 Running 0 4d
    nodelocaldns-prjwk 1/1 Running 0 4d
    nodelocaldns-v629j 1/1 Running 0 4d

    系统的大部分资源隶属于某个Namespace对象,缺省的名称空间时default、若需要获取指定Namespace对象中的资源对象的信息,则需要使用-n 或Namespace指明其名称

    四、打印资源对象的详细信息

    [root@k8s-master ~]# kubectl describe pod nginx
    Name:       nginx
    Namespace:  default
    Node:       k8s-node1/10.0.128.1
    Start Time: Sun, 20 Jan 2019 13:04:51 +0800
    Labels:     app=web
    Status:     Running
    IP:     172.16.10.2
    Controllers:    <none>
    Containers:
      nginx:
        Container ID:       docker://27d25a2ee0248b103991a27b81e3f244382ebdb642694e2aeb5503c373fdb912
        Image:          10.0.128.0:5000/nginx:latest
        Image ID:           docker-pullable://10.0.128.0:5000/nginx@sha256:e2847e35d4e0e2d459a7696538cbfea42ea2d3b8a1ee8329ba7e68694950afd3
        Port:           80/TCP
        State:          Running
          Started:          Sun, 20 Jan 2019 13:48:30 +0800
        Ready:          True
        Restart Count:      0
        Volume Mounts:      <none>
        Environment Variables:  <none>
    Conditions:
      Type      Status
      Initialized   True
      Ready     True
      PodScheduled  True
    No volumes.
    QoS Class:  BestEffort
    Tolerations:    <none>
    Events:
      FirstSeen LastSeen    Count   From            SubObjectPath   Type        Reason      Message
      --------- --------    -----   ----            -------------   --------    ------      -------
      48m       48m     1   {default-scheduler }            Normal      Scheduled   Successfully assigned nginx to k8s-node1
      48m       6m      13  {kubelet k8s-node1}         Warning     FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request.  details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
     
      47m   5m  182 {kubelet k8s-node1}     Warning FailedSync  Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image "registry.access.redhat.com/rhel7/pod-infrastructure:latest""
     
      4m    4m  1   {kubelet k8s-node1} spec.containers{nginx}  Normal  Pulling         pulling image "10.0.128.0:5000/nginx:latest"
      4m    4m  2   {kubelet k8s-node1}             Warning MissingClusterDNS   kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
      4m    4m  1   {kubelet k8s-node1} spec.containers{nginx}  Normal  Pulled          Successfully pulled image "10.0.128.0:5000/nginx:latest"
      4m    4m  1   {kubelet k8s-node1} spec.containers{nginx}  Normal  Created         Created container with docker id 27d25a2ee024; Security:[seccomp=unconfined]
      4m    4m  1 

    查看kube-system名称空间中拥有标签component=kube-apiserver的Pod对象的资源配置清单及当前的转台信息,并输出为yaml格式

    [root@master ~]# kubectl get pods -l component=kube-apiserver -o yaml -n kube-system 
    apiVersion: v1
    items:
    - apiVersion: v1
      kind: Pod
      metadata:
        annotations:
          kubernetes.io/config.hash: 7e3e3089b03ec1438ee6f54b9f53c431
          kubernetes.io/config.mirror: 7e3e3089b03ec1438ee6f54b9f53c431
          kubernetes.io/config.seen: "2020-04-24T07:00:14.906135295+08:00"
          kubernetes.io/config.source: file
        creationTimestamp: "2020-04-23T23:00:18Z"
        labels:
          component: kube-apiserver
          tier: control-plane
        name: kube-apiserver-master
        namespace: kube-system
        resourceVersion: "372"
        selfLink: /api/v1/namespaces/kube-system/pods/kube-apiserver-master
        uid: 21650798-4839-4a14-b49d-f80d83bdf1a9
      spec:
        containers:
        - command:
          - kube-apiserver
          - --advertise-address=192.168.0.13
          - --allow-privileged=true
          - --anonymous-auth=True
          - --apiserver-count=1
          - --authorization-mode=Node,RBAC
          - --bind-address=0.0.0.0
          - --client-ca-file=/etc/kubernetes/ssl/ca.crt
          - --enable-admission-plugins=NodeRestriction
          - --enable-aggregator-routing=False
          - --enable-bootstrap-token-auth=true
          - --endpoint-reconciler-type=lease
          - --etcd-cafile=/etc/ssl/etcd/ssl/ca.pem
          - --etcd-certfile=/etc/ssl/etcd/ssl/node-master.pem
          - --etcd-keyfile=/etc/ssl/etcd/ssl/node-master-key.pem
          - --etcd-servers=https://192.168.0.13:2379
          - --feature-gates=CSINodeInfo=true,VolumeSnapshotDataSource=true,ExpandCSIVolumes=true,RotateKubeletClientCertificate=true
          - --insecure-port=0
          - --kubelet-client-certificate=/etc/kubernetes/ssl/apiserver-kubelet-client.crt
          - --kubelet-client-key=/etc/kubernetes/ssl/apiserver-kubelet-client.key
          - --kubelet-preferred-address-types=InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP
          - --profiling=False
          - --proxy-client-cert-file=/etc/kubernetes/ssl/front-proxy-client.crt
          - --proxy-client-key-file=/etc/kubernetes/ssl/front-proxy-client.key
          - --request-timeout=1m0s
          - --requestheader-allowed-names=front-proxy-client
          - --requestheader-client-ca-file=/etc/kubernetes/ssl/front-proxy-ca.crt
          - --requestheader-extra-headers-prefix=X-Remote-Extra-
          - --requestheader-group-headers=X-Remote-Group
          - --requestheader-username-headers=X-Remote-User
          - --runtime-config=
          - --secure-port=6443
          - --service-account-key-file=/etc/kubernetes/ssl/sa.pub
          - --service-cluster-ip-range=10.233.0.0/18
          - --service-node-port-range=30000-32767
          - --storage-backend=etcd3
          - --tls-cert-file=/etc/kubernetes/ssl/apiserver.crt
          - --tls-private-key-file=/etc/kubernetes/ssl/apiserver.key
          image: kubesphere/hyperkube:v1.16.7
          imagePullPolicy: IfNotPresent
          livenessProbe:
            failureThreshold: 8
            httpGet:
              host: 192.168.0.13
              path: /healthz
              port: 6443
              scheme: HTTPS
            initialDelaySeconds: 15
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 15
          name: kube-apiserver
          resources:
            requests:
              cpu: 250m
          terminationMessagePath: /dev/termination-log
          terminationMessagePolicy: File
          volumeMounts:
          - mountPath: /etc/ssl/certs
            name: ca-certs
            readOnly: true
          - mountPath: /etc/pki
            name: etc-pki
            readOnly: true
          - mountPath: /etc/pki/ca-trust
            name: etc-pki-ca-trust
            readOnly: true
          - mountPath: /etc/pki/tls
            name: etc-pki-tls
            readOnly: true
          - mountPath: /etc/ssl/etcd/ssl
            name: etcd-certs-0
            readOnly: true
          - mountPath: /etc/kubernetes/ssl
            name: k8s-certs
            readOnly: true
        dnsPolicy: ClusterFirst
        enableServiceLinks: true
        hostNetwork: true
        nodeName: master
        priority: 2000000000
        priorityClassName: system-cluster-critical
        restartPolicy: Always
        schedulerName: default-scheduler
        securityContext: {}
        terminationGracePeriodSeconds: 30
        tolerations:
        - effect: NoExecute
          operator: Exists
        volumes:
        - hostPath:
            path: /etc/ssl/certs
            type: DirectoryOrCreate
          name: ca-certs
        - hostPath:
            path: /etc/pki
            type: DirectoryOrCreate
          name: etc-pki
        - hostPath:
            path: /etc/pki/ca-trust
            type: ""
          name: etc-pki-ca-trust
        - hostPath:
            path: /etc/pki/tls
            type: ""
          name: etc-pki-tls
        - hostPath:
            path: /etc/ssl/etcd/ssl
            type: DirectoryOrCreate
          name: etcd-certs-0
        - hostPath:
            path: /etc/kubernetes/ssl
            type: DirectoryOrCreate
          name: k8s-certs
      status:
        conditions:
        - lastProbeTime: null
          lastTransitionTime: "2020-04-23T23:00:18Z"
          status: "True"
          type: Initialized
        - lastProbeTime: null
          lastTransitionTime: "2020-04-23T23:00:18Z"
          status: "True"
          type: Ready
        - lastProbeTime: null
          lastTransitionTime: "2020-04-23T23:00:18Z"
          status: "True"
          type: ContainersReady
        - lastProbeTime: null
          lastTransitionTime: "2020-04-23T23:00:18Z"
          status: "True"
          type: PodScheduled
        containerStatuses:
        - containerID: docker://003b7e68f2a5918de30923950ee3dd47d23cc2dec259f07509cee1c3eadb9c11
          image: kubesphere/hyperkube:v1.16.7
          imageID: docker-pullable://kubesphere/hyperkube@sha256:b4285fd78d62c5bc9ef28dac4a88b2914727ddc8c82a32003d6a2ef2dd0caf3c
          lastState: {}
          name: kube-apiserver
          ready: true
          restartCount: 0
          started: true
          state:
            running:
              startedAt: "2020-04-23T22:59:44Z"
        hostIP: 192.168.0.13
        phase: Running
        podIP: 192.168.0.13
        podIPs:
        - ip: 192.168.0.13
        qosClass: Burstable
        startTime: "2020-04-23T23:00:18Z"
    kind: List
    metadata:
      resourceVersion: ""
      selfLink: ""

    五、容器中常用命令

    1、打印容器中的日志信息

    [root@master ~]# kubectl logs kube-apiserver-master -n kube-system |head
    Flag --insecure-port has been deprecated, This flag will be removed in a future version.
    I0423 22:59:44.568981 1 server.go:623] external host was not specified, using 192.168.0.13
    I0423 22:59:44.569260 1 server.go:149] Version: v1.16.7
    I0423 22:59:45.311086 1 plugins.go:158] Loaded 11 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,MutatingAdmissionWebhook,RuntimeClass.
    I0423 22:59:45.311116 1 plugins.go:161] Loaded 7 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,Priority,PersistentVolumeClaimResize,ValidatingAdmissionWebhook,RuntimeClass,ResourceQuota.
    I0423 22:59:45.312164 1 plugins.go:158] Loaded 11 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,MutatingAdmissionWebhook,RuntimeClass.
    I0423 22:59:45.312179 1 plugins.go:161] Loaded 7 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,Priority,PersistentVolumeClaimResize,ValidatingAdmissionWebhook,RuntimeClass,ResourceQuota.
    I0423 22:59:45.315842 1 client.go:357] parsed scheme: "endpoint"
    I0423 22:59:45.315918 1 endpoint.go:68] ccResolverWrapper: sending new addresses to cc: [{https://192.168.0.13:2379 0 <nil>}]
    I0423 22:59:45.329792 1 client.go:357] parsed scheme: "endpoint"

    添加-f 选项、还能用于持续监控指定容器中的日志输出、其行为类似于用了-f选项的tail命令

    2、在容器中执行命令

    [root@master ~]# kubectl exec nginx-deloy-6c8868f55c-j45fr ls
    bin
    boot
    dev
    etc
    home
    lib
    lib64
    media
    mnt
    opt
    proc
    root
    run
    sbin
    srv
    sys
    tmp
    usr
    var

    如果POD中有多个容器、则需要以-c 选项执行容器后再运行

    六、删除资源对象

    [root@k8s-master ~]# kubectl delete pods myweb-9rmf4
    pod "myweb-9rmf4" deleted
    kubectl delete pods -l app=monitor -n kube-system
    kubectl delete pods -l --all -n kube-public
  • 相关阅读:
    建立自己的开发知识库?分享制作电子书的经验
    海量Office文档搜索
    为什么要检测数据库连接是否可用
    多年的.NET开发,也只学会了这么几招
    总结一下ERP .NET程序员必须掌握的.NET技术
    菜单设计器(Menu Designer)及其B/S,C/S双重实现(B/S开源)
    软件公司为什么要加密源代码
    .NET开发中经常用到的扩展方法
    在Win8 Mertro 中使用SQLite
    SQLite
  • 原文地址:https://www.cnblogs.com/luoahong/p/12808015.html
Copyright © 2020-2023  润新知