隐私政策
留言板
金色传说
kubernetes
terraform
云生原
helm
代码编程
Java
Python
Shell
DevOps
Ansible
Gitlab
Jenkins
运维
老司机
Linux 杂锦
Nginx
数据库
elasticsearch
监控
上帝视角
DJI FPV
DJI mini 3 pro
关于本站共计 12434 个字符,预计需要花费 32 分钟才能阅读完成。
此处做个备忘录,记录下博主常用的一些k8s命令
集群
查看集群版本
[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9", GitCommit:"94f372e501c973a7fa9eb40ec9ebd2fe7ca69848", GitTreeState:"clean", BuildDate:"2020-09-16T13:56:40Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9", GitCommit:"94f372e501c973a7fa9eb40ec9ebd2fe7ca69848", GitTreeState:"clean", BuildDate:"2020-09-16T13:47:43Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
查看集群信息
[root@k8s-master ~]# kubectl cluster-info
Kubernetes master is running at https://apiserver.demo:6443
KubeDNS is running at https://apiserver.demo:6443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy
To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'.
查看kubeconfig配置
[root@k8s-master ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://apiserver.demo:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: REDACTED
client-key-data: REDACTED
查看当前集群api-resources
[root@k8s-master ~]# kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
componentstatuses cs false ComponentStatus
configmaps cm true ConfigMap
endpoints ep true Endpoints
events ev true Event
limitranges limits true LimitRange
namespaces ns false Namespace
nodes no false Node
persistentvolumeclaims pvc true PersistentVolumeClaim
persistentvolumes pv false PersistentVolume
pods po true Pod
podtemplates true PodTemplate
replicationcontrollers rc true ReplicationController
resourcequotas quota true ResourceQuota
secrets true Secret
serviceaccounts sa true ServiceAccount
services svc true Service
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration
validatingwebhookconfigurations admissionregistration.k8s.io false ValidatingWebhookConfiguration
customresourcedefinitions crd,crds apiextensions.k8s.io false CustomResourceDefinition
####### 略组件
查看组件状态
[root@k8s-master ~]# kubectl get cs
NAME STATUS MESSAGE ERROR
scheduler Unhealthy Get http://127.0.0.1:10251/healthz: dial tcp 127.0.0.1:10251: connect: connection refused
controller-manager Unhealthy Get http://127.0.0.1:10252/healthz: dial tcp 127.0.0.1:10252: connect: connection refused
etcd-0 Healthy {"health":"true"}
博主这里使用kubedm部署,这些组件的配置在/etc/kubernetes/manifests内
[root@k8s-master ~]# cd /etc/kubernetes/manifests/
[root@k8s-master manifests]# ll
total 16
-rw------- 1 root root 1882 Oct 1 12:46 etcd.yaml
-rw------- 1 root root 2730 Oct 1 12:46 kube-apiserver.yaml
-rw------- 1 root root 2598 Oct 1 12:46 kube-controller-manager.yaml
-rw------- 1 root root 1153 Oct 1 12:46 kube-scheduler.yamlkubelet则在/var/lib/kubelete内
[root@k8s-master ~]# cd /var/lib/kubelet/
[root@k8s-master kubelet]# ll
total 16
-rw-r--r-- 1 root root 782 Oct 1 12:45 config.yaml
-rw------- 1 root root 62 Oct 1 12:46 cpu_manager_state
drwxr-xr-x 2 root root 80 Jan 19 21:30 device-plugins
-rw-r--r-- 1 root root 135 Oct 1 12:45 kubeadm-flags.env
drwxr-xr-x 2 root root 124 Oct 1 12:46 pki
drwxr-x--- 2 root root 6 Oct 1 12:46 plugins
drwxr-x--- 2 root root 6 Oct 1 12:46 plugins_registry
drwxr-x--- 2 root root 26 Jan 19 21:30 pod-resources
drwxr-x--- 35 root root 4096 Jan 18 22:59 pods
kube-proxy的配置在configmap中配置
[root@k8s-master kubelet]# kubectl get cm -n kube-system kube-proxy
NAME DATA AGE
kube-proxy 2 110d
coredns的配置在configmap中配置
[root@k8s-master kubelet]# kubectl get cm -n kube-system coredns
NAME DATA AGE
coredns 1 110dcalico-config网络组件配置在configmap中配置
[root@k8s-master kubelet]# kubectl get cm -n kube-system calico-config
NAME DATA AGE
calico-config 4 110dnode
查看节点状态
[root@k8s-master ~]# kubectl get nodes -o wide --show-labels
NAME STATUS ROLES AGE VERSION INTERNAL-IP EXTERNAL-IP OS-IMAGE KERNEL-VERSION CONTAINER-RUNTIME LABELS
k8s-master Ready compute,master 110d v1.18.9 192.168.44.151 <none> CentOS Linux 7 (Core) 3.10.0-1127.el7.x86_64 docker://19.3.8 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-master,kubernetes.io/os=linux,node-role.kubernetes.io/compute=dedicated-middleware,node-role.kubernetes.io/master=
k8s-node-01 Ready <none> 32h v1.18.9 192.168.44.152 <none> CentOS Linux 7 (Core) 3.10.0-1127.el7.x86_64 docker://19.3.8 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-01,kubernetes.io/os=linux
k8s-node-02 Ready <none> 32h v1.18.9 192.168.44.153 <none> CentOS Linux 7 (Core) 3.10.0-1127.el7.x86_64 docker://19.3.8 beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=k8s-node-02,kubernetes.io/os=linux
新增node节点
# 获取增加节点命令,24小时时效性
[root@k8s-master ~]# kubeadm token create --print-join-command
W0119 23:51:01.740531 43997 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join apiserver.demo:6443 --token 8criyg.0wf5n8wvjdzc2bp1 --discovery-token-ca-cert-hash sha256:94d16a5811ec81c8bf3c74d1afabfac2400d6b9ea653f9e5aad7a451a0de675c
# 获取token列表
[root@k8s-master ~]# kubeadm token list
TOKEN TTL EXPIRES USAGES DESCRIPTION EXTRA GROUPS
8criyg.0wf5n8wvjdzc2bp1 23h 2021-01-20T23:51:01+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
jjxora.ry0indl22meve43d 23h 2021-01-20T23:50:57+08:00 authentication,signing <none> system:bootstrappers:kubeadm:default-node-token
# 根据上面获取的命令,将节点加入集群,在节点中运行
[root@k8s-node-01 ~]# kubeadm join apiserver.demo:6443 --token 8criyg.0wf5n8wvjdzc2bp1 --discovery-token-ca-cert-hash sha256:94d16a5811ec81c8bf3c74d1afabfac2400d6b9ea653f9e5aad7a451a0de675c
新增master节点
# 获取节点加入命令
[root@k8s-master ~]# kubeadm token create --print-join-command
W0120 00:06:54.280183 61911 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
kubeadm join apiserver.demo:6443 --token jgfnf1.uitgucls32c779pi --discovery-token-ca-cert-hash sha256:94d16a5811ec81c8bf3c74d1afabfac2400d6b9ea653f9e5aad7a451a0de675c
# 更新并获取 certificate key
[root@k8s-master ~]# kubeadm init phase upload-certs --upload-certs
I0120 00:07:49.896924 62979 version.go:252] remote version is much newer: v1.26.1; falling back to: stable-1.18
W0120 00:07:50.621028 62979 configset.go:202] WARNING: kubeadm cannot validate component configs for API groups [kubelet.config.k8s.io kubeproxy.config.k8s.io]
[upload-certs] Storing the certificates in Secret "kubeadm-certs" in the "kube-system" Namespace
[upload-certs] Using certificate key:
0ab9a27424ba575c975258db6908e1dd2f5078d084a249cc1669f9272975ac03
# 新master节点上拼接上面两部操作的命令
[root@k8s-master-02 ~]# kubeadm join apiserver.demo:6443 --token jgfnf1.uitgucls32c779pi --discovery-token-ca-cert-hash sha256:94d16a5811ec81c8bf3c74d1afabfac2400d6b9ea653f9e5aad7a451a0de675c --control-plane --certificate-key 0ab9a27424ba575c975258db6908e1dd2f5078d084a249cc1669f9272975ac03配置节点调度
# 查看当前节点状态
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready compute,master 110d v1.18.9
k8s-node-01 Ready <none> 32h v1.18.9
k8s-node-02 Ready <none> 32h v1.18.9
# 设置节点1不可调度
[root@k8s-master ~]# kubectl cordon k8s-node-01
node/k8s-node-01 cordoned
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready compute,master 110d v1.18.9
k8s-node-01 Ready,SchedulingDisabled <none> 32h v1.18.9
k8s-node-02 Ready <none> 32h v1.18.9
# 设置可调度
[root@k8s-master ~]# kubectl uncordon k8s-node-01
node/k8s-node-01 uncordoned
[root@k8s-master ~]# kubectl get nodes
NAME STATUS ROLES AGE VERSION
k8s-master Ready compute,master 110d v1.18.9
k8s-node-01 Ready <none> 32h v1.18.9
k8s-node-02 Ready <none> 32h v1.18.9配置节点排水
# 一般下线节点时,先设置不可调度,然后驱逐pod
# 驱逐pod
[root@k8s-master ~]# kubectl cordon k8s-node-01
[root@k8s-master ~]# kubectl drain --ignore-daemonsets --delete-emptydir-data k8s-node-01删除节点
[root@k8s-master ~]# kubectl delete node k8s-node-01节点资源使用率
# 该功能依赖于metrics-server组件
[root@k8s-master ~]# kubectl top nodes
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
k8s-master 882m 11% 3722Mi 48%
k8s-node-01 226m 11% 1000Mi 27%
k8s-node-02 180m 9% 610Mi 16%
pod
查看pod状态
[root@k8s-master ~]# kubectl get pod -n kube-system -o wide --show-labels
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES LABELS
calico-kube-controllers-5b8b769fcd-8hlzn 1/1 Running 24 110d 10.100.235.229 k8s-master <none> <none> k8s-app=calico-kube-controllers,pod-template-hash=5b8b769fcd
calico-node-fwcss 1/1 Running 24 110d 192.168.44.151 k8s-master <none> <none> controller-revision-hash=b9dd4bd9f,k8s-app=calico-node,pod-template-generation=1
calico-node-m84rz 1/1 Running 1 32h 192.168.44.153 k8s-node-02 <none> <none> controller-revision-hash=b9dd4bd9f,k8s-app=calico-node,pod-template-generation=1
calico-node-tvs89 1/1 Running 1 32h 192.168.44.152 k8s-node-01 <none> <none> controller-revision-hash=b9dd4bd9f,k8s-app=calico-node,pod-template-generation=1
coredns-65556b4c97-dhkz4 1/1 Running 6 26d 10.100.235.193 k8s-master <none> <none> k8s-app=kube-dns,pod-template-hash=65556b4c97
etcd-k8s-master 1/1 Running 24 110d 192.168.44.151 k8s-master <none> <none> component=etcd,tier=control-plane
kube-apiserver-k8s-master 1/1 Running 24 110d 192.168.44.151 k8s-master <none> <none> component=kube-apiserver,tier=control-plane
kube-controller-manager-k8s-master 1/1 Running 25 110d 192.168.44.151 k8s-master <none> <none> component=kube-controller-manager,tier=control-plane
kube-proxy-h4smb 1/1 Running 2 25h 192.168.44.152 k8s-node-01 <none> <none> controller-revision-hash=949786769,k8s-app=kube-proxy,pod-template-generation=1
kube-proxy-rf688 1/1 Running 2 25h 192.168.44.151 k8s-master <none> <none> controller-revision-hash=949786769,k8s-app=kube-proxy,pod-template-generation=1
kube-proxy-wtr4c 1/1 Running 2 25h 192.168.44.153 k8s-node-02 <none> <none> controller-revision-hash=949786769,k8s-app=kube-proxy,pod-template-generation=1
kube-scheduler-k8s-master 1/1 Running 24 110d 192.168.44.151 k8s-master <none> <none> component=kube-scheduler,tier=control-plane
metrics-server-86499f7fd8-pdw6d 1/1 Running 4 10d 10.100.235.212 k8s-master <none> <none> k8s-app=metrics-server,pod-template-hash=86499f7fd8
nfs-client-provisioner-df46b8d64-jwgd4 1/1 Running 24 110d 10.100.235.237 k8s-master <none> <none> app=nfs-client-provisioner,pod-template-hash=df46b8d64
查看pod状态并排序
# 按启动时间降序
[root@k8s-master ~]# kubectl get pods --sort-by=.metadata.creationTimestamp
# 按启动时间升序,其实就是配合tac反转
[root@k8s-master ~]# kubectl get pods --sort-by=metadata.creationTimestamp --no-headers | tac
# 按pod重启次数升序排序
[root@k8s-master ~]# kubectl get pods -A --sort-by='.status.containerStatuses[0].restartCount'
查看pod资源利用率
[root@k8s-master ~]# kubectl top pod -n kube-system
NAME CPU(cores) MEMORY(bytes)
calico-kube-controllers-5b8b769fcd-8hlzn 3m 10Mi
calico-node-fwcss 83m 58Mi
calico-node-m84rz 50m 60Mi
calico-node-tvs89 40m 60Mi
coredns-65556b4c97-dhkz4 7m 15Mi
etcd-k8s-master 46m 177Mi
kube-apiserver-k8s-master 130m 619Mi
kube-controller-manager-k8s-master 55m 77Mi
kube-proxy-h4smb 11m 19Mi
kube-proxy-rf688 1m 16Mi
kube-proxy-wtr4c 11m 19Mi
kube-scheduler-k8s-master 7m 22Mi
metrics-server-86499f7fd8-pdw6d 5m 21Mi
nfs-client-provisioner-df46b8d64-jwgd4 2m 11Mi
查看pod日志
# 如果一个pod只有一个容器
[root@k8s-master ~]# kubectl logs -n kube-system etcd-k8s-master
# 如果一个pod有多个容器,查看指定容器日志
[root@k8s-master ~]# kubectl logs -n monitoring prometheus-operator-5cd4d464cc-g2m9w
error: a container name must be specified for pod prometheus-operator-5cd4d464cc-g2m9w, choose one of: [prometheus-operator kube-rbac-proxy]
[root@k8s-master ~]# kubectl logs -n monitoring prometheus-operator-5cd4d464cc-g2m9w prometheus-operator获取所有pod的Qos
# 之前在做k8s升级时,14-》16时,如果request不等于limit的话,升级时是会有应用重启的预期
[root@k8s-master ~]# kubectl get pods --all-namespaces -o custom-columns=NAME:.metadata.name,NAMESPACE:.metadata.namespace,QOS-CLASS:.status.qosClass
NAME NAMESPACE QOS-CLASS
busybox default BestEffort
dnsutils default BestEffort
nginx-a-55c8c877d5-29smq default BestEffort
nginx-a-55c8c877d5-5s92q default BestEffort
清理k8s异常pod
# 清理evicted状态pod
[root@k8s-master ~]# kubectl get pods --all-namespaces -o wide | grep Evicted | awk '{print $1,$2}' | xargs -L1 kubectl delete pod -n
# 清理error状态pod
[root@k8s-master ~]# kubectl get pods --all-namespaces -o wide | grep Error | awk '{print $1,$2}' | xargs -L1 kubectl delete pod -n
# 清理compete状态pod
[root@k8s-master ~]# kubectl get pods --all-namespaces -o wide | grep Completed | awk '{print $1,$2}' | xargs -L1 kubectl delete pod -n强制删除pod
[root@k8s-master ~]# kubectl delete pod mypod --grace-period=0 --force
# 过滤terminating的进行删除
[root@k8s-master ~]# kubectl get pod |grep Terminating|awk '{print $1}'|xargs kubectl delete pod --grace-period=0 --force临时关闭daemonset
# 在调整ingress-controller的专属节点时,不想删除其配置信息,因为是ds无法设置副本数,只能将其的nodeselector配置到一个不存在的节点来临时关闭
[root@k8s-master ~]# kubectl patch daemonsets nginx-ingress-controller -p '{"spec":{"template":{"spec":{"nodeSelector":{"tier/ingress":"false"}}}}}workload
重启workload
# 使用rollout restart来重启应用
[root@k8s-master ~]# kubectl -n <namespace> rollout restart deployment <deployment-name>storageclass
给sc patch为默认sc
[root@k8s-master ~]# kubectl patch storageclass <your-class-name> -p '{"metadata": {"annotations":{"storageclass.kubernetes.io/is-default-class":"true"}}}'
正文完
