kubernetes云平台管理实战:常用命令大全(十二)
一、获取集群相关信息
获取集群版本
[root@master ~]# kubectl version --short=true Client Version: v1.16.7 Server Version: v1.16.7
kubernetes集群以及部署的附件CoreDNS等提供了多种不同的服务,客户端访问这些服务时需要事先了解其访问接口
获取集群信息
[root@master ~]# kubelet cluster-info Kubernetes master is running at http://localhost:8080 To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'
获取node节点
[root@master ~]# kubectl get node NAME STATUS ROLES AGE VERSION master Ready master 6d3h v1.16.7 node1 Ready worker 6d3h v1.16.7 node2 Ready <none> 6d3h v1.16.7
二、创建资源对象
1、命令创建
[root@master ~]# kubectl run nginx-deloy --image=nginx:1.12 --replicas=2 kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. deployment.apps/nginx-deloy created
2、yaml文件创建
编辑k8s_pod.yml文件
[root@k8s-master ~]# cat k8s_pod.yml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: web
spec:
containers:
- name: nginx
image: 10.0.128.0:5000/nginx:latest
ports:
- containerPort: 80
启动pod
[root@k8s-master ~]# kubectl create -f k8s_pod.yml pod "nginx" created
3、声明式配置
kubectl create -f nginx_deploy.yml kubectl run nginx --image=10.0.128.0:5000/nginx:1.13 --replicas=5 kubectl run nginx --image=10.0.128.0:5000/nginx:1.13 --replicas=5 --record
三、查看资源对象
示例二
[root@master ~]# kubectl get namespaces NAME STATUS AGE default Active 4d demo-project Active 3d21h ingress-demo Active 40h istio-system Active 4d kube-node-lease Active 4d kube-public Active 4d kube-system Active 4d kubesphere-alerting-system Active 4d kubesphere-controls-system Active 4d kubesphere-devops-system Active 4d kubesphere-logging-system Active 4d kubesphere-monitoring-system Active 4d kubesphere-sample-dev Active 2d22h kubesphere-sample-prod Active 2d22h kubesphere-system Active 4d namespace Active 3d19h openpitrix-system Active 4d
示例二
[root@master ~]# kubectl get pods,services NAME READY STATUS RESTARTS AGE pod/load-generator-5fb4fb465b-9k9js 1/1 Running 0 3d14h pod/nginx-deloy-6c8868f55c-j45fr 1/1 Running 0 4m50s pod/nginx-deloy-6c8868f55c-sq2wz 1/1 Running 0 4m50s pod/php-apache-695cb9659c-hx6vp 0/1 ImagePullBackOff 0 3d14h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 4d service/php-apache ClusterIP 10.233.10.49 <none> 80/TCP 3d14h [root@master ~]# kubectl get pods,services -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/load-generator-5fb4fb465b-9k9js 1/1 Running 0 3d14h 10.233.90.47 node1 <none> <none> pod/nginx-deloy-6c8868f55c-j45fr 1/1 Running 0 4m56s 10.233.90.105 node1 <none> <none> pod/nginx-deloy-6c8868f55c-sq2wz 1/1 Running 0 4m56s 10.233.96.78 node2 <none> <none> pod/php-apache-695cb9659c-hx6vp 0/1 ImagePullBackOff 0 3d14h 10.233.90.46 node1 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 4d <none> service/php-apache ClusterIP 10.233.10.49 <none> 80/TCP 3d14h run=php-apache
获取指定Namespace对象中的资源对象的信息
[root@master ~]# kubectl get pods -l k8s-app -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-79c9854776-89tp2 1/1 Running 0 4d calico-node-286tw 1/1 Running 1 4d calico-node-h2nwg 1/1 Running 1 4d calico-node-rzvq7 1/1 Running 1 4d coredns-7f9d8dc6c8-pvxqz 1/1 Running 0 4d dns-autoscaler-796f4ddddf-twhhf 1/1 Running 0 4d kube-proxy-9zgrh 1/1 Running 0 4d kube-proxy-dbnz2 1/1 Running 0 4d kube-proxy-wzq9q 1/1 Running 0 4d nodelocaldns-86xf8 1/1 Running 0 4d nodelocaldns-prjwk 1/1 Running 0 4d nodelocaldns-v629j 1/1 Running 0 4d
系统的大部分资源隶属于某个Namespace对象,缺省的名称空间时default、若需要获取指定Namespace对象中的资源对象的信息,则需要使用-n 或Namespace指明其名称
四、打印资源对象的详细信息
[root@k8s-master ~]# kubectl describe pod nginx
Name: nginx
Namespace: default
Node: k8s-node1/10.0.128.1
Start Time: Sun, 20 Jan 2019 13:04:51 +0800
Labels: app=web
Status: Running
IP: 172.16.10.2
Controllers: <none>
Containers:
nginx:
Container ID: docker://27d25a2ee0248b103991a27b81e3f244382ebdb642694e2aeb5503c373fdb912
Image: 10.0.128.0:5000/nginx:latest
Image ID: docker-pullable://10.0.128.0:5000/nginx@sha256:e2847e35d4e0e2d459a7696538cbfea42ea2d3b8a1ee8329ba7e68694950afd3
Port: 80/TCP
State: Running
Started: Sun, 20 Jan 2019 13:48:30 +0800
Ready: True
Restart Count: 0
Volume Mounts: <none>
Environment Variables: <none>
Conditions:
Type Status
Initialized True
Ready True
PodScheduled True
No volumes.
QoS Class: BestEffort
Tolerations: <none>
Events:
FirstSeen LastSeen Count From SubObjectPath Type Reason Message
--------- -------- ----- ---- ------------- -------- ------ -------
48m 48m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node1
48m 6m 13 {kubelet k8s-node1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"
47m 5m 182 {kubelet k8s-node1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\""
4m 4m 1 {kubelet k8s-node1} spec.containers{nginx} Normal Pulling pulling image "10.0.128.0:5000/nginx:latest"
4m 4m 2 {kubelet k8s-node1} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy.
4m 4m 1 {kubelet k8s-node1} spec.containers{nginx} Normal Pulled Successfully pulled image "10.0.128.0:5000/nginx:latest"
4m 4m 1 {kubelet k8s-node1} spec.containers{nginx} Normal Created Created container with docker id 27d25a2ee024; Security:[seccomp=unconfined]
4m 4m 1
查看kube-system名称空间中拥有标签component=kube-apiserver的Pod对象的资源配置清单及当前的转台信息,并输出为yaml格式
[root@master ~]# kubectl get pods -l component=kube-apiserver -o yaml -n kube-system
apiVersion: v1
items:
- apiVersion: v1
kind: Pod
metadata:
annotations:
kubernetes.io/config.hash: 7e3e3089b03ec1438ee6f54b9f53c431
kubernetes.io/config.mirror: 7e3e3089b03ec1438ee6f54b9f53c431
kubernetes.io/config.seen: "2020-04-24T07:00:14.906135295+08:00"
kubernetes.io/config.source: file
creationTimestamp: "2020-04-23T23:00:18Z"
labels:
component: kube-apiserver
tier: control-plane
name: kube-apiserver-master
namespace: kube-system
resourceVersion: "372"
selfLink: /api/v1/namespaces/kube-system/pods/kube-apiserver-master
uid: 21650798-4839-4a14-b49d-f80d83bdf1a9
spec:
containers:
- command:
- kube-apiserver
- --advertise-address=192.168.0.13
- --allow-privileged=true
- --anonymous-auth=True
- --apiserver-count=1
- --authorization-mode=Node,RBAC
- --bind-address=0.0.0.0
- --client-ca-file=/etc/kubernetes/ssl/ca.crt
- --enable-admission-plugins=NodeRestriction
- --enable-aggregator-routing=False
- --enable-bootstrap-token-auth=true
- --endpoint-reconciler-type=lease
- --etcd-cafile=/etc/ssl/etcd/ssl/ca.pem
- --etcd-certfile=/etc/ssl/etcd/ssl/node-master.pem
- --etcd-keyfile=/etc/ssl/etcd/ssl/node-master-key.pem
- --etcd-servers=https://192.168.0.13:2379
- --feature-gates=CSINodeInfo=true,VolumeSnapshotDataSource=true,ExpandCSIVolumes=true,RotateKubeletClientCertificate=true
- --insecure-port=0
- --kubelet-client-certificate=/etc/kubernetes/ssl/apiserver-kubelet-client.crt
- --kubelet-client-key=/etc/kubernetes/ssl/apiserver-kubelet-client.key
- --kubelet-preferred-address-types=InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP
- --profiling=False
- --proxy-client-cert-file=/etc/kubernetes/ssl/front-proxy-client.crt
- --proxy-client-key-file=/etc/kubernetes/ssl/front-proxy-client.key
- --request-timeout=1m0s
- --requestheader-allowed-names=front-proxy-client
- --requestheader-client-ca-file=/etc/kubernetes/ssl/front-proxy-ca.crt
- --requestheader-extra-headers-prefix=X-Remote-Extra-
- --requestheader-group-headers=X-Remote-Group
- --requestheader-username-headers=X-Remote-User
- --runtime-config=
- --secure-port=6443
- --service-account-key-file=/etc/kubernetes/ssl/sa.pub
- --service-cluster-ip-range=10.233.0.0/18
- --service-node-port-range=30000-32767
- --storage-backend=etcd3
- --tls-cert-file=/etc/kubernetes/ssl/apiserver.crt
- --tls-private-key-file=/etc/kubernetes/ssl/apiserver.key
image: kubesphere/hyperkube:v1.16.7
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 8
httpGet:
host: 192.168.0.13
path: /healthz
port: 6443
scheme: HTTPS
initialDelaySeconds: 15
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 15
name: kube-apiserver
resources:
requests:
cpu: 250m
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/ssl/certs
name: ca-certs
readOnly: true
- mountPath: /etc/pki
name: etc-pki
readOnly: true
- mountPath: /etc/pki/ca-trust
name: etc-pki-ca-trust
readOnly: true
- mountPath: /etc/pki/tls
name: etc-pki-tls
readOnly: true
- mountPath: /etc/ssl/etcd/ssl
name: etcd-certs-0
readOnly: true
- mountPath: /etc/kubernetes/ssl
name: k8s-certs
readOnly: true
dnsPolicy: ClusterFirst
enableServiceLinks: true
hostNetwork: true
nodeName: master
priority: 2000000000
priorityClassName: system-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
tolerations:
- effect: NoExecute
operator: Exists
volumes:
- hostPath:
path: /etc/ssl/certs
type: DirectoryOrCreate
name: ca-certs
- hostPath:
path: /etc/pki
type: DirectoryOrCreate
name: etc-pki
- hostPath:
path: /etc/pki/ca-trust
type: ""
name: etc-pki-ca-trust
- hostPath:
path: /etc/pki/tls
type: ""
name: etc-pki-tls
- hostPath:
path: /etc/ssl/etcd/ssl
type: DirectoryOrCreate
name: etcd-certs-0
- hostPath:
path: /etc/kubernetes/ssl
type: DirectoryOrCreate
name: k8s-certs
status:
conditions:
- lastProbeTime: null
lastTransitionTime: "2020-04-23T23:00:18Z"
status: "True"
type: Initialized
- lastProbeTime: null
lastTransitionTime: "2020-04-23T23:00:18Z"
status: "True"
type: Ready
- lastProbeTime: null
lastTransitionTime: "2020-04-23T23:00:18Z"
status: "True"
type: ContainersReady
- lastProbeTime: null
lastTransitionTime: "2020-04-23T23:00:18Z"
status: "True"
type: PodScheduled
containerStatuses:
- containerID: docker://003b7e68f2a5918de30923950ee3dd47d23cc2dec259f07509cee1c3eadb9c11
image: kubesphere/hyperkube:v1.16.7
imageID: docker-pullable://kubesphere/hyperkube@sha256:b4285fd78d62c5bc9ef28dac4a88b2914727ddc8c82a32003d6a2ef2dd0caf3c
lastState: {}
name: kube-apiserver
ready: true
restartCount: 0
started: true
state:
running:
startedAt: "2020-04-23T22:59:44Z"
hostIP: 192.168.0.13
phase: Running
podIP: 192.168.0.13
podIPs:
- ip: 192.168.0.13
qosClass: Burstable
startTime: "2020-04-23T23:00:18Z"
kind: List
metadata:
resourceVersion: ""
selfLink: ""
五、容器中常用命令
1、打印容器中的日志信息
[root@master ~]# kubectl logs kube-apiserver-master -n kube-system |head
Flag --insecure-port has been deprecated, This flag will be removed in a future version.
I0423 22:59:44.568981 1 server.go:623] external host was not specified, using 192.168.0.13
I0423 22:59:44.569260 1 server.go:149] Version: v1.16.7
I0423 22:59:45.311086 1 plugins.go:158] Loaded 11 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,MutatingAdmissionWebhook,RuntimeClass.
I0423 22:59:45.311116 1 plugins.go:161] Loaded 7 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,Priority,PersistentVolumeClaimResize,ValidatingAdmissionWebhook,RuntimeClass,ResourceQuota.
I0423 22:59:45.312164 1 plugins.go:158] Loaded 11 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,MutatingAdmissionWebhook,RuntimeClass.
I0423 22:59:45.312179 1 plugins.go:161] Loaded 7 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,Priority,PersistentVolumeClaimResize,ValidatingAdmissionWebhook,RuntimeClass,ResourceQuota.
I0423 22:59:45.315842 1 client.go:357] parsed scheme: "endpoint"
I0423 22:59:45.315918 1 endpoint.go:68] ccResolverWrapper: sending new addresses to cc: [{https://192.168.0.13:2379 0 <nil>}]
I0423 22:59:45.329792 1 client.go:357] parsed scheme: "endpoint"
添加-f 选项、还能用于持续监控指定容器中的日志输出、其行为类似于用了-f选项的tail命令
2、在容器中执行命令
[root@master ~]# kubectl exec nginx-deloy-6c8868f55c-j45fr ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
如果POD中有多个容器、则需要以-c 选项执行容器后再运行
六、删除资源对象
[root@k8s-master ~]# kubectl delete pods myweb-9rmf4 pod "myweb-9rmf4" deleted kubectl delete pods -l app=monitor -n kube-system kubectl delete pods -l --all -n kube-public
作者:罗阿红
出处:http://www.cnblogs.com/luoahong/
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接。
