k8s常用运维命令 

alias k=kubectl

操作kubeconfig

# 查看context
k config get-contexts
# 切换context
k config use-context contextName
# 使用context访问
k --context=contextName get pod

操作k8s资源

# 增加节点标签(打注解k annotate与之类似)
k label node nodeName key=value --overwrite
# 删除节点标签
k label node nodeName key-
# 设置节点污点
k taint node nodeName key=value:NoSchedule
# 删除节点污点
k taint node nodeName key=value:NoSchedule-
# 设置节点不可调度
k cordon nodeName
# 驱逐节点上pod
k drain nodeName --ignore-daemonsets
# 更新pod镜像
k set image deploy/deployName containerName=imageName -n yourNamespace
# 设置实例数量
k scale deploy/deployName --replicas=targetReplicas -n yourNamespace
# 查看k8s资源类型信息,APIVERSION值是apigroup/version格式
k api-resources -owide
# 备份指定namespace下所有资源
namespace=kube-system
newDir=backup/${namespace}
rm -rf ${newDir}
mkdir -p ${newDir}

ignoreResources=("events.events.k8s.io" "events" "endpoints" "endpointslices.discovery.k8s.io"  "controllerrevisions.apps" "csistoragecapacities.storage.k8s.io" "horizontalpodautoscalers.autoscaling" "localsubjectaccessreviews.authorization.k8s.io" "poddisruptionbudgets.policy" "pods" "podtemplates" "replicasets.apps" "replicationcontrollers" "resourcequotas")
for resource in $(kubectl api-resources --namespaced=true -o name); do
  isFind=false
  for item in "${ignoreResources[@]}"
  do
    if [ ${item} = ${resource} ]; then
      isFind=true
      break
    fi
  done

  if [ ${isFind} = true ]; then
    continue
  fi

  echo "===== ${resource} ====="
  kubectl get ${resource} -n ${namespace} -oyaml 2>/dev/null 1>${newDir}/${resource}.yaml
done
# 还原指定namespace下所有资源
namespace=kube-system
kubectl create -f backup/${namespace}
# 根据关键词查找一组未压缩pod日志
namespace=xxx
keyWord="xxx"
podNamePrefix="xxx"
for pod in $(kubectl get pod -n ${namespace} | awk '{print $1}' | grep ${podNamePrefix}); do
  echo "================ pod name: ${pod} ================"
  kubectl logs ${pod} -n ${namespace} | grep "${keyWord}"
done

kubelet

# 查看kubelet配置中kube-apiserver地址配置
cat /etc/kubernetes/kubelet.conf | grep server

containerd

# nerdctl是类似于docker的命令行工具,推荐使用
# 拷贝容器文件到宿主机上
nerdctl cp [容器id]:xxx xxx
# 拷贝宿主机上文件到容器
nerdctl cp xxx [容器id]:xxx
# 删除没有容器关联的镜像
nerdctl image prune --all

# 根据podName查询业务容器
crictl ps | grep [podName]
# 查看业务容器详情
crictl inspect [containerId]
# 查看pause容器列表
ctr -n k8s.io c ls | grep "pause:"
# 查看容器列表
ctr -n k8s.io task ls
# 查看pause容器详情
ctr -n k8s.io c info [完整containerId]
# 根据podName查找pause容器进程号
podName=[xxx]
for pauseId in $(ctr -n k8s.io c ls | grep "pause:" | awk '{print $1}')
do
    pauseContainerId=`ctr -n k8s.io c info $pauseId | jq --arg pod "$podName" 'select(.Labels."io.kubernetes.pod.name" == $pod)' | jq -r '.ID'`
    if [[ -n ${pauseContainerId} ]]; then
        ctr -n k8s.io task ls | grep ${pauseContainerId} | awk '{print $2}'
    fi
done

# 拉取镜像
crictl --debug --timeout 1s --creds [用户名:密码] pull [镜像名]

docker

# 查看docker容器映射到宿主机上的端口,箭头左边是主机映射端口,箭头右边是容器开放端口。
docker ps --format "table {{.Names}}\t{{.Ports}}"

# 删除所有不再使用的镜像
docker image prune -a -f
# 删除所有退出容器
docker container prune -f
# 查看容器列表
ctr -n moby task ls

通过socket调用docker接口

# 参考https://docs.docker.com/reference/api/engine/version/v1.47/#tag/Container
# docker ps
# v1.47是docker api版本
curl --unix-socket /var/run/docker.sock http://v1.47/containers/json

runc

# 查看docker拉起的k8s容器
runc --root /run/docker/runtime-runc/moby list
# 查看containerd拉起的k8s容器
runc --root /run/containerd/runc/k8s.io list

 

posted on 2024-05-21 09:17  王景迁  阅读(101)  评论(0)    收藏  举报

导航