获取所有节点的污点信息
kubectl get nodes -o='custom-columns=NodeName:.metadata.name,TaintKey:.spec.taints[*].key,TaintValue:.spec.taints[*].value,TaintEffect:.spec.taints[*].effect'
获取集群内的所有域名
kubectl get ingress -A -o=custom-columns=Host:.spec.rules[*].host |grep -v none |sed 's/,/\n/g' |sort -n |uniq |sort |grep -v Host
获取配置了证书的域名
kubectl get ingress -A -o=custom-columns=Tls:.spec.tls[*].hosts[0] |grep -v none |sed 's/,/\n/g' |sort -n |uniq |sort |grep -v Tls
筛选运行异常的POD
kubectl get pod -A --field-selector='status.phase==Failed' --output=custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace,STATUS:.status.phase,AGE:'.metadata.creationTimestamp'
# 获取异常状态超过2天的POD
kubectl get pod -A --field-selector='status.phase==Failed' --output=custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace,STATUS:.status.phase,AGE:'.metadata.creationTimestamp'| awk '$4 <= "'$(date -d '2 days ago' -Ins --utc | sed 's/+0000/Z/')'"
k8s查看pod的网络是否为hostNetwork
kubectl get pod <pod-name> -o jsonpath='{.spec.hostNetwork}'
k8s获取secrets的配置并进行解码
kubectl get secret my-secret -o 'go-template={{index .data "username"}}' | base64 -d
根据k8s node的异常进程排查到对应的容器POD
# 1. top查看 对应异常异常的ID
# 2. 查看对应的容器ID
ps -ef |grep $id
[root@devops.cpu.node.10-198-x-xx ~]$ps -ef |grep 2716551
root 2716551 1 0 Sep23 ? 00:41:07 /usr/bin/containerd-shim-runc-v2 -namespace k8s.io -id 0ce50fcd5aa40fbd3028770211e6b2b6aa57e9861b4ca2342e49034013f6cb78 -address /run/containerd/containerd.sock
# 3.查看容器ID对应的POD的标签对应的POD
[root@devops.cpu.node.10-198-x-xx ~]$ctr -n k8s.io c info 0ce50fcd5aa40fbd3028770211e6b2b6aa57e9861b4ca2342e49034013f6cb78 |jq .Labels
{
"component": "etcd",
"io.cri-containerd.kind": "sandbox",
"io.kubernetes.pod.name": "etcd-devops.cpu.node.10-198-5-33",
"io.kubernetes.pod.namespace": "kube-system",
"io.kubernetes.pod.uid": "9f441e625528932315b967e671fb2cbe",
"tier": "control-plane"
}
浙公网安备 33010602011771号