Kubernetes基础——各种状态检查
一、状态检查
1、Kubernetes集群版本
[root@k8s-master ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.5-eki.0", GitCommit:"83c85a6e50757c6bbb81c6ceaac60234c1161817", GitTreeState:"clean", BuildDate:"2021-10-19T08:30:59Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"21+", GitVersion:"v1.21.5-eki.0", GitCommit:"83c85a6e50757c6bbb81c6ceaac60234c1161817", GitTreeState:"clean", BuildDate:"2021-10-19T08:28:00Z", GoVersion:"go1.16.8", Compiler:"gc", Platform:"linux/amd64"}
2、kubelet.service守护进程状态
[root@k8s-master ~]# systemctl status kubelet.service ● kubelet.service - Kubernetes Kubelet Server Loaded: loaded (/etc/systemd/system/kubelet.service; enabled; vendor preset: disabled) Active: active (running) since Tue 2024-12-03 09:51:34 CST; 25min ago Docs: https://github.com/GoogleCloudPlatform/kubernetes Main PID: 1098 (kubelet) Tasks: 17 Memory: 143.6M CGroup: /system.slice/kubelet.service └─1098 /apps/bin/kubelet --alsologtostderr=true --logtostderr=false --log-dir=/apps/logs/kubelet --log-file=/apps/logs/kubelet/kubelet.log --v=2 --node-ip=192.168.190.132 --hostn> Dec 03 10:14:41 k8s-master kubelet[1098]: I1203 10:14:41.898259 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-controller-manager-k8s-master" status=Running Dec 03 10:14:41 k8s-master kubelet[1098]: I1203 10:14:41.898269 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-apiserver-k8s-master" status=Running Dec 03 10:15:41 k8s-master kubelet[1098]: I1203 10:15:41.899297 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-apiserver-k8s-master" status=Running Dec 03 10:15:41 k8s-master kubelet[1098]: I1203 10:15:41.899337 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-scheduler-k8s-master" status=Running Dec 03 10:15:41 k8s-master kubelet[1098]: I1203 10:15:41.899348 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/etcd-k8s-master" status=Running Dec 03 10:15:41 k8s-master kubelet[1098]: I1203 10:15:41.899362 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-controller-manager-k8s-master" status=Running Dec 03 10:16:41 k8s-master kubelet[1098]: I1203 10:16:41.901872 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-apiserver-k8s-master" status=Running Dec 03 10:16:41 k8s-master kubelet[1098]: I1203 10:16:41.901957 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-scheduler-k8s-master" status=Running Dec 03 10:16:41 k8s-master kubelet[1098]: I1203 10:16:41.901969 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/etcd-k8s-master" status=Running Dec 03 10:16:41 k8s-master kubelet[1098]: I1203 10:16:41.901977 1098 kubelet_getters.go:176] "Pod status updated" pod="kube-system/kube-controller-manager-k8s-master" status=Running
3、查看Kubernetes集群服务状态
[root@k8s-master kubernetes]# kubectl get svc -A NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE default kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 265d kube-system calico-typha ClusterIP 10.233.32.247 <none> 5473/TCP 265d kube-system kube-dns ClusterIP 10.233.0.10 <none> 53/UDP,53/TCP,9153/TCP 265d kube-system kube-state-metrics ClusterIP None <none> 8080/TCP,8081/TCP 265d kube-system metrics-server ClusterIP 10.233.6.51 <none> 443/TCP 265d
4、查看Kubernetes集群nodes状态
[root@k8s-master kubernetes]# kubectl get nodes -A NAME STATUS ROLES AGE VERSION k8s-121 Ready node 216d v1.21.5-eki.0 k8s-122 Ready control-plane,master,node 265d v1.21.5-eki.0 k8s-master Ready control-plane,master,node 265d v1.21.5-eki.0
5、查看Kubernetes集群pods状态
[root@k8s-master kubernetes]# kubectl get pods -A NAMESPACE NAME READY STATUS RESTARTS AGE kube-system calico-kube-controllers-5d7f5cdb8f-q2782 1/1 Running 120 216d kube-system calico-node-8hsdr 1/1 Running 12 20d kube-system calico-node-cqgdx 1/1 Running 79 265d kube-system calico-node-z9v7b 1/1 Running 53 216d kube-system calico-typha-b5d6cb65c-v9nrn 1/1 Running 53 218d kube-system calico-typha-b5d6cb65c-wmcfh 1/1 Running 255 265d kube-system coredns-f4f5fdc7f-b8vx7 1/1 Running 53 218d kube-system coredns-f4f5fdc7f-xv9w7 1/1 Running 113 218d kube-system etcd-k8s-122 1/1 Running 294 265d kube-system etcd-k8s-master 1/1 Running 612 265d kube-system kube-apiserver-k8s-122 1/1 Running 364 265d kube-system kube-apiserver-k8s-master 1/1 Running 697 258d kube-system kube-controller-manager-k8s-122 1/1 Running 255 265d kube-system kube-controller-manager-k8s-master 1/1 Running 228 265d kube-system kube-dns-autoscaler-856cb5bcd9-9twqd 1/1 Running 52 218d kube-system kube-proxy-8bxls 1/1 Running 74 265d kube-system kube-proxy-pq6hq 1/1 Running 60 222d kube-system kube-proxy-qnhkq 1/1 Running 46 216d kube-system kube-scheduler-k8s-122 1/1 Running 277 265d kube-system kube-scheduler-k8s-master 1/1 Running 202 265d kube-system kube-state-metrics-84b8789784-dcgrz 1/1 Running 62 216d kube-system metrics-server-6fd7c6cfcb-fz826 1/1 Running 63 218d kube-system nginx-proxy-k8s-121 1/1 Running 56 216d
6、查看Kubernetes集群证书过期时间
[root@k8s-master kubernetes]# sudo openssl x509 -in /apps/conf/kubernetes/ssl/apiserver.crt -noout -text |grep -i after|awk '{print $7}' 2034
[root@k8s-master kubernetes]# sudo openssl x509 -in /apps/conf/kubernetes/ssl/ca.crt -noout -text |grep -i after|awk '{print $7}'
2124
[root@k8s-master kubernetes]# sudo openssl x509 -in /apps/conf/kubernetes/ssl/apiserver-kubelet-client.crt -noout -text |grep -i after|awk '{print $7}'
2034
[root@k8s-master kubernetes]# sudo openssl x509 -in /apps/conf/kubernetes/ssl/front-proxy-ca.crt -noout -text |grep -i after|awk '{print $7}'
2124
[root@k8s-master kubernetes]# sudo openssl x509 -in /apps/conf/kubernetes/ssl/front-proxy-client.crt -noout -text |grep -i after|awk '{print $7}'
2034
[root@k8s-master kubernetes]# sudo openssl x509 -in /apps/conf/kubernetes/ssl/apiserver-etcd-client.crt -noout -text |grep -i after|grep -i after|awk '{print $7}'
2034
7、查看主机ETCD节点状态
# 查看etcd版本
[root@k8s-master ~]# etcdctl version
etcdctl version: 3.4.13
API version: 3.4
# 查看etcd节点健康状态
[root@k8s-master ~]# etcdctl --cacert=/apps/conf/kubernetes/ssl/etcd/ca.crt --cert=/apps/conf/kubernetes/ssl/etcd/peer.crt --key=/apps/conf/kubernetes/ssl/etcd/peer.key --write-out=table --endpoints=192.168.190.132:2379,192.168.190.122:2379 endpoint health +----------------------+--------+-------------+-------+ | ENDPOINT | HEALTH | TOOK | ERROR | +----------------------+--------+-------------+-------+ | 192.168.190.132:2379 | true | 11.082324ms | | | 192.168.190.122:2379 | true | 12.820992ms | | +----------------------+--------+-------------+-------+
# 查看etcd节点2379和2380服务状态
[root@k8s-master ~]# etcdctl --cacert=/apps/conf/kubernetes/ssl/etcd/ca.crt --cert=/apps/conf/kubernetes/ssl/etcd/peer.crt --key=/apps/conf/kubernetes/ssl/etcd/peer.key --write-out=table --endpoints=192.168.190.132:2379,192.168.190.122:2379 member list +------------------+---------+------------+------------------------------+------------------------------+------------+ | ID | STATUS | NAME | PEER ADDRS | CLIENT ADDRS | IS LEARNER | +------------------+---------+------------+------------------------------+------------------------------+------------+ | 1a3894ac8b9e961b | started | k8s-master | https://192.168.190.132:2380 | https://192.168.190.132:2379 | false | | dcc7e0494d9e1eec | started | k8s-122 | https://192.168.190.122:2380 | https://192.168.190.122:2379 | false | +------------------+---------+------------+------------------------------+------------------------------+------------+
# 查看etcd节点Leader
[root@k8s-master ~]# etcdctl --cacert=/apps/conf/kubernetes/ssl/etcd/ca.crt --cert=/apps/conf/kubernetes/ssl/etcd/peer.crt --key=/apps/conf/kubernetes/ssl/etcd/peer.key --write-out=table --endpoints=192.168.190.132:2379,192.168.190.122:2379 endpoint status +----------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+ | ENDPOINT | ID | VERSION | DB SIZE | IS LEADER | IS LEARNER | RAFT TERM | RAFT INDEX | RAFT APPLIED INDEX | ERRORS | +----------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+ | 192.168.190.132:2379 | 1a3894ac8b9e961b | 3.4.13 | 17 MB | true | false | 19119 | 2266693 | 2266693 | | | 192.168.190.122:2379 | dcc7e0494d9e1eec | 3.4.13 | 17 MB | false | false | 19119 | 2266693 | 2266693 | | +----------------------+------------------+---------+---------+-----------+------------+-----------+------------+--------------------+--------+
8、etcd数据库备份
sudo etcdctl \ --endpoints=https://127.0.0.1:2379 \ --cacert="/apps/conf/kubernetes/ssl/etcd/ca.crt" \ --cert="/apps/conf/kubernetes/ssl/etcd/peer.crt" \ --key="/apps/conf/kubernetes/ssl/etcd/peer.key" \ snapshot save "/apps/etcdbak/etcd_backup_$(date +%Y%m%d).db"
[root@Master ~]# ls -al /apps/etcdbak/
total 5392
drwxr-xr-x 2 root root 4096 Dec 4 11:13 .
drwxr-xr-x 9 root root 4096 Dec 4 11:13 ..
-rw------- 1 root root 5509152 Dec 4 11:13 etcd_backup_20241204.db
# 查找并删除超过一个月的备份文件
sudo find "$BACKUP_DIR" -name 'etcd_backup_*.db' -type f -mtime +30 -exec rm -f {} \;
# 设置 cron 作业
编辑 cron 作业表来安排每天执行备份和清理任务。打开 cron 表:
sudo crontab -e
添加以下行来安排每天凌晨 1 点执行备份,以及每天凌晨 2 点执行清理:
# 每天凌晨 1 点执行备份
0 1 * * * /apps/etcdbak/backup_etcd.sh
# 每天凌晨 2 点执行清理
0 2 * * * /apps/etcdbak/cleanup_old_backups.sh
# 检查etcd快照
[root@Master ~]# etcdctl snapshot status /apps/etcdbak/etcd_backup_20241204.db -wtable
+----------+----------+------------+------------+
| HASH | REVISION | TOTAL KEYS | TOTAL SIZE |
+----------+----------+------------+------------+
| 8b5fab6f | 345177 | 1291 | 5.5 MB |
+----------+----------+------------+------------+
附录A:资源类型
Resource types
The following table includes a list of all the supported resource types and their abbreviated aliases. (This output can be retrieved from kubectl api-resources, and was accurate as of Kubernetes 1.25.0)
| NAME | SHORTNAMES | APIVERSION | NAMESPACED | KIND |
|---|---|---|---|---|
bindings |
v1 | true | Binding | |
componentstatuses |
cs |
v1 | false | ComponentStatus |
configmaps |
cm |
v1 | true | ConfigMap |
endpoints |
ep |
v1 | true | Endpoints |
events |
ev |
v1 | true | Event |
limitranges |
limits |
v1 | true | LimitRange |
namespaces |
ns |
v1 | false | Namespace |
nodes |
no |
v1 | false | Node |
persistentvolumeclaims |
pvc |
v1 | true | PersistentVolumeClaim |
persistentvolumes |
pv |
v1 | false | PersistentVolume |
pods |
po |
v1 | true | Pod |
podtemplates |
v1 | true | PodTemplate | |
replicationcontrollers |
rc |
v1 | true | ReplicationController |
resourcequotas |
quota |
v1 | true | ResourceQuota |
secrets |
v1 | true | Secret | |
serviceaccounts |
sa |
v1 | true | ServiceAccount |
services |
svc |
v1 | true | Service |
mutatingwebhookconfigurations |
admissionregistration.k8s.io/v1 | false | MutatingWebhookConfiguration | |
validatingwebhookconfigurations |
admissionregistration.k8s.io/v1 | false | ValidatingWebhookConfiguration | |
customresourcedefinitions |
crd,crds |
apiextensions.k8s.io/v1 | false | CustomResourceDefinition |
apiservices |
apiregistration.k8s.io/v1 | false | APIService | |
controllerrevisions |
apps/v1 | true | ControllerRevision | |
daemonsets |
ds |
apps/v1 | true | DaemonSet |
deployments |
deploy |
apps/v1 | true | Deployment |
replicasets |
rs |
apps/v1 | true | ReplicaSet |
statefulsets |
sts |
apps/v1 | true | StatefulSet |
tokenreviews |
authentication.k8s.io/v1 | false | TokenReview | |
localsubjectaccessreviews |
authorization.k8s.io/v1 | true | LocalSubjectAccessReview | |
selfsubjectaccessreviews |
authorization.k8s.io/v1 | false | SelfSubjectAccessReview | |
selfsubjectrulesreviews |
authorization.k8s.io/v1 | false | SelfSubjectRulesReview | |
subjectaccessreviews |
authorization.k8s.io/v1 | false | SubjectAccessReview | |
horizontalpodautoscalers |
hpa |
autoscaling/v2 | true | HorizontalPodAutoscaler |
cronjobs |
cj |
batch/v1 | true | CronJob |
jobs |
batch/v1 | true | Job | |
certificatesigningrequests |
csr |
certificates.k8s.io/v1 | false | CertificateSigningRequest |
leases |
coordination.k8s.io/v1 | true | Lease | |
endpointslices |
discovery.k8s.io/v1 | true | EndpointSlice | |
events |
ev |
events.k8s.io/v1 | true | Event |
flowschemas |
flowcontrol.apiserver.k8s.io/v1beta2 | false | FlowSchema | |
prioritylevelconfigurations |
flowcontrol.apiserver.k8s.io/v1beta2 | false | PriorityLevelConfiguration | |
ingressclasses |
networking.k8s.io/v1 | false | IngressClass | |
ingresses |
ing |
networking.k8s.io/v1 | true | Ingress |
networkpolicies |
netpol |
networking.k8s.io/v1 | true | NetworkPolicy |
runtimeclasses |
node.k8s.io/v1 | false | RuntimeClass | |
poddisruptionbudgets |
pdb |
policy/v1 | true | PodDisruptionBudget |
podsecuritypolicies |
psp |
policy/v1beta1 | false | PodSecurityPolicy |
clusterrolebindings |
rbac.authorization.k8s.io/v1 | false | ClusterRoleBinding | |
clusterroles |
rbac.authorization.k8s.io/v1 | false | ClusterRole | |
rolebindings |
rbac.authorization.k8s.io/v1 | true | RoleBinding | |
roles |
rbac.authorization.k8s.io/v1 | true | Role | |
priorityclasses |
pc |
scheduling.k8s.io/v1 | false | PriorityClass |
csidrivers |
storage.k8s.io/v1 | false | CSIDriver | |
csinodes |
storage.k8s.io/v1 | false | CSINode | |
csistoragecapacities |
storage.k8s.io/v1 | true | CSIStorageCapacity | |
storageclasses |
sc |
storage.k8s.io/v1 | false | StorageClass |
volumeattachments |
storage.k8s.io/v1 | false | VolumeAttachment |
稳步前行,只争朝夕。
分类:
Kubernetes
标签:
kubernetes
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· TypeScript + Deepseek 打造卜卦网站:技术与玄学的结合
· Manus的开源复刻OpenManus初探
· 三行代码完成国际化适配,妙~啊~
· .NET Core 中如何实现缓存的预热?
· 如何调用 DeepSeek 的自然语言处理 API 接口并集成到在线客服系统