kubernetes云平台管理实战:常用命令大全(十二)
一、获取集群相关信息
获取集群版本
[root@master ~]# kubectl version --short=true Client Version: v1.16.7 Server Version: v1.16.7
kubernetes集群以及部署的附件CoreDNS等提供了多种不同的服务,客户端访问这些服务时需要事先了解其访问接口
获取集群信息
[root@master ~]# kubelet cluster-info Kubernetes master is running at http://localhost:8080 To further debug and diagnose cluster problems, use 'kubectl cluster-info dump'
获取node节点
[root@master ~]# kubectl get node NAME STATUS ROLES AGE VERSION master Ready master 6d3h v1.16.7 node1 Ready worker 6d3h v1.16.7 node2 Ready <none> 6d3h v1.16.7
二、创建资源对象
1、命令创建
[root@master ~]# kubectl run nginx-deloy --image=nginx:1.12 --replicas=2 kubectl run --generator=deployment/apps.v1 is DEPRECATED and will be removed in a future version. Use kubectl run --generator=run-pod/v1 or kubectl create instead. deployment.apps/nginx-deloy created
2、yaml文件创建
编辑k8s_pod.yml文件
[root@k8s-master ~]# cat k8s_pod.yml apiVersion: v1 kind: Pod metadata: name: nginx labels: app: web spec: containers: - name: nginx image: 10.0.128.0:5000/nginx:latest ports: - containerPort: 80
启动pod
[root@k8s-master ~]# kubectl create -f k8s_pod.yml pod "nginx" created
3、声明式配置
kubectl create -f nginx_deploy.yml kubectl run nginx --image=10.0.128.0:5000/nginx:1.13 --replicas=5 kubectl run nginx --image=10.0.128.0:5000/nginx:1.13 --replicas=5 --record
三、查看资源对象
示例二
[root@master ~]# kubectl get namespaces NAME STATUS AGE default Active 4d demo-project Active 3d21h ingress-demo Active 40h istio-system Active 4d kube-node-lease Active 4d kube-public Active 4d kube-system Active 4d kubesphere-alerting-system Active 4d kubesphere-controls-system Active 4d kubesphere-devops-system Active 4d kubesphere-logging-system Active 4d kubesphere-monitoring-system Active 4d kubesphere-sample-dev Active 2d22h kubesphere-sample-prod Active 2d22h kubesphere-system Active 4d namespace Active 3d19h openpitrix-system Active 4d
示例二
[root@master ~]# kubectl get pods,services NAME READY STATUS RESTARTS AGE pod/load-generator-5fb4fb465b-9k9js 1/1 Running 0 3d14h pod/nginx-deloy-6c8868f55c-j45fr 1/1 Running 0 4m50s pod/nginx-deloy-6c8868f55c-sq2wz 1/1 Running 0 4m50s pod/php-apache-695cb9659c-hx6vp 0/1 ImagePullBackOff 0 3d14h NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE service/kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 4d service/php-apache ClusterIP 10.233.10.49 <none> 80/TCP 3d14h [root@master ~]# kubectl get pods,services -o wide NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES pod/load-generator-5fb4fb465b-9k9js 1/1 Running 0 3d14h 10.233.90.47 node1 <none> <none> pod/nginx-deloy-6c8868f55c-j45fr 1/1 Running 0 4m56s 10.233.90.105 node1 <none> <none> pod/nginx-deloy-6c8868f55c-sq2wz 1/1 Running 0 4m56s 10.233.96.78 node2 <none> <none> pod/php-apache-695cb9659c-hx6vp 0/1 ImagePullBackOff 0 3d14h 10.233.90.46 node1 <none> <none> NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR service/kubernetes ClusterIP 10.233.0.1 <none> 443/TCP 4d <none> service/php-apache ClusterIP 10.233.10.49 <none> 80/TCP 3d14h run=php-apache
获取指定Namespace对象中的资源对象的信息
[root@master ~]# kubectl get pods -l k8s-app -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-79c9854776-89tp2 1/1 Running 0 4d calico-node-286tw 1/1 Running 1 4d calico-node-h2nwg 1/1 Running 1 4d calico-node-rzvq7 1/1 Running 1 4d coredns-7f9d8dc6c8-pvxqz 1/1 Running 0 4d dns-autoscaler-796f4ddddf-twhhf 1/1 Running 0 4d kube-proxy-9zgrh 1/1 Running 0 4d kube-proxy-dbnz2 1/1 Running 0 4d kube-proxy-wzq9q 1/1 Running 0 4d nodelocaldns-86xf8 1/1 Running 0 4d nodelocaldns-prjwk 1/1 Running 0 4d nodelocaldns-v629j 1/1 Running 0 4d
系统的大部分资源隶属于某个Namespace对象,缺省的名称空间时default、若需要获取指定Namespace对象中的资源对象的信息,则需要使用-n 或Namespace指明其名称
四、打印资源对象的详细信息
[root@k8s-master ~]# kubectl describe pod nginx Name: nginx Namespace: default Node: k8s-node1/10.0.128.1 Start Time: Sun, 20 Jan 2019 13:04:51 +0800 Labels: app=web Status: Running IP: 172.16.10.2 Controllers: <none> Containers: nginx: Container ID: docker://27d25a2ee0248b103991a27b81e3f244382ebdb642694e2aeb5503c373fdb912 Image: 10.0.128.0:5000/nginx:latest Image ID: docker-pullable://10.0.128.0:5000/nginx@sha256:e2847e35d4e0e2d459a7696538cbfea42ea2d3b8a1ee8329ba7e68694950afd3 Port: 80/TCP State: Running Started: Sun, 20 Jan 2019 13:48:30 +0800 Ready: True Restart Count: 0 Volume Mounts: <none> Environment Variables: <none> Conditions: Type Status Initialized True Ready True PodScheduled True No volumes. QoS Class: BestEffort Tolerations: <none> Events: FirstSeen LastSeen Count From SubObjectPath Type Reason Message --------- -------- ----- ---- ------------- -------- ------ ------- 48m 48m 1 {default-scheduler } Normal Scheduled Successfully assigned nginx to k8s-node1 48m 6m 13 {kubelet k8s-node1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)" 47m 5m 182 {kubelet k8s-node1} Warning FailedSync Error syncing pod, skipping: failed to "StartContainer" for "POD" with ImagePullBackOff: "Back-off pulling image \"registry.access.redhat.com/rhel7/pod-infrastructure:latest\"" 4m 4m 1 {kubelet k8s-node1} spec.containers{nginx} Normal Pulling pulling image "10.0.128.0:5000/nginx:latest" 4m 4m 2 {kubelet k8s-node1} Warning MissingClusterDNS kubelet does not have ClusterDNS IP configured and cannot create Pod using "ClusterFirst" policy. Falling back to DNSDefault policy. 4m 4m 1 {kubelet k8s-node1} spec.containers{nginx} Normal Pulled Successfully pulled image "10.0.128.0:5000/nginx:latest" 4m 4m 1 {kubelet k8s-node1} spec.containers{nginx} Normal Created Created container with docker id 27d25a2ee024; Security:[seccomp=unconfined] 4m 4m 1
查看kube-system名称空间中拥有标签component=kube-apiserver的Pod对象的资源配置清单及当前的转台信息,并输出为yaml格式
[root@master ~]# kubectl get pods -l component=kube-apiserver -o yaml -n kube-system apiVersion: v1 items: - apiVersion: v1 kind: Pod metadata: annotations: kubernetes.io/config.hash: 7e3e3089b03ec1438ee6f54b9f53c431 kubernetes.io/config.mirror: 7e3e3089b03ec1438ee6f54b9f53c431 kubernetes.io/config.seen: "2020-04-24T07:00:14.906135295+08:00" kubernetes.io/config.source: file creationTimestamp: "2020-04-23T23:00:18Z" labels: component: kube-apiserver tier: control-plane name: kube-apiserver-master namespace: kube-system resourceVersion: "372" selfLink: /api/v1/namespaces/kube-system/pods/kube-apiserver-master uid: 21650798-4839-4a14-b49d-f80d83bdf1a9 spec: containers: - command: - kube-apiserver - --advertise-address=192.168.0.13 - --allow-privileged=true - --anonymous-auth=True - --apiserver-count=1 - --authorization-mode=Node,RBAC - --bind-address=0.0.0.0 - --client-ca-file=/etc/kubernetes/ssl/ca.crt - --enable-admission-plugins=NodeRestriction - --enable-aggregator-routing=False - --enable-bootstrap-token-auth=true - --endpoint-reconciler-type=lease - --etcd-cafile=/etc/ssl/etcd/ssl/ca.pem - --etcd-certfile=/etc/ssl/etcd/ssl/node-master.pem - --etcd-keyfile=/etc/ssl/etcd/ssl/node-master-key.pem - --etcd-servers=https://192.168.0.13:2379 - --feature-gates=CSINodeInfo=true,VolumeSnapshotDataSource=true,ExpandCSIVolumes=true,RotateKubeletClientCertificate=true - --insecure-port=0 - --kubelet-client-certificate=/etc/kubernetes/ssl/apiserver-kubelet-client.crt - --kubelet-client-key=/etc/kubernetes/ssl/apiserver-kubelet-client.key - --kubelet-preferred-address-types=InternalDNS,InternalIP,Hostname,ExternalDNS,ExternalIP - --profiling=False - --proxy-client-cert-file=/etc/kubernetes/ssl/front-proxy-client.crt - --proxy-client-key-file=/etc/kubernetes/ssl/front-proxy-client.key - --request-timeout=1m0s - --requestheader-allowed-names=front-proxy-client - --requestheader-client-ca-file=/etc/kubernetes/ssl/front-proxy-ca.crt - --requestheader-extra-headers-prefix=X-Remote-Extra- - --requestheader-group-headers=X-Remote-Group - --requestheader-username-headers=X-Remote-User - --runtime-config= - --secure-port=6443 - --service-account-key-file=/etc/kubernetes/ssl/sa.pub - --service-cluster-ip-range=10.233.0.0/18 - --service-node-port-range=30000-32767 - --storage-backend=etcd3 - --tls-cert-file=/etc/kubernetes/ssl/apiserver.crt - --tls-private-key-file=/etc/kubernetes/ssl/apiserver.key image: kubesphere/hyperkube:v1.16.7 imagePullPolicy: IfNotPresent livenessProbe: failureThreshold: 8 httpGet: host: 192.168.0.13 path: /healthz port: 6443 scheme: HTTPS initialDelaySeconds: 15 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 15 name: kube-apiserver resources: requests: cpu: 250m terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/ssl/certs name: ca-certs readOnly: true - mountPath: /etc/pki name: etc-pki readOnly: true - mountPath: /etc/pki/ca-trust name: etc-pki-ca-trust readOnly: true - mountPath: /etc/pki/tls name: etc-pki-tls readOnly: true - mountPath: /etc/ssl/etcd/ssl name: etcd-certs-0 readOnly: true - mountPath: /etc/kubernetes/ssl name: k8s-certs readOnly: true dnsPolicy: ClusterFirst enableServiceLinks: true hostNetwork: true nodeName: master priority: 2000000000 priorityClassName: system-cluster-critical restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 tolerations: - effect: NoExecute operator: Exists volumes: - hostPath: path: /etc/ssl/certs type: DirectoryOrCreate name: ca-certs - hostPath: path: /etc/pki type: DirectoryOrCreate name: etc-pki - hostPath: path: /etc/pki/ca-trust type: "" name: etc-pki-ca-trust - hostPath: path: /etc/pki/tls type: "" name: etc-pki-tls - hostPath: path: /etc/ssl/etcd/ssl type: DirectoryOrCreate name: etcd-certs-0 - hostPath: path: /etc/kubernetes/ssl type: DirectoryOrCreate name: k8s-certs status: conditions: - lastProbeTime: null lastTransitionTime: "2020-04-23T23:00:18Z" status: "True" type: Initialized - lastProbeTime: null lastTransitionTime: "2020-04-23T23:00:18Z" status: "True" type: Ready - lastProbeTime: null lastTransitionTime: "2020-04-23T23:00:18Z" status: "True" type: ContainersReady - lastProbeTime: null lastTransitionTime: "2020-04-23T23:00:18Z" status: "True" type: PodScheduled containerStatuses: - containerID: docker://003b7e68f2a5918de30923950ee3dd47d23cc2dec259f07509cee1c3eadb9c11 image: kubesphere/hyperkube:v1.16.7 imageID: docker-pullable://kubesphere/hyperkube@sha256:b4285fd78d62c5bc9ef28dac4a88b2914727ddc8c82a32003d6a2ef2dd0caf3c lastState: {} name: kube-apiserver ready: true restartCount: 0 started: true state: running: startedAt: "2020-04-23T22:59:44Z" hostIP: 192.168.0.13 phase: Running podIP: 192.168.0.13 podIPs: - ip: 192.168.0.13 qosClass: Burstable startTime: "2020-04-23T23:00:18Z" kind: List metadata: resourceVersion: "" selfLink: ""
五、容器中常用命令
1、打印容器中的日志信息
[root@master ~]# kubectl logs kube-apiserver-master -n kube-system |head Flag --insecure-port has been deprecated, This flag will be removed in a future version. I0423 22:59:44.568981 1 server.go:623] external host was not specified, using 192.168.0.13 I0423 22:59:44.569260 1 server.go:149] Version: v1.16.7 I0423 22:59:45.311086 1 plugins.go:158] Loaded 11 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,MutatingAdmissionWebhook,RuntimeClass. I0423 22:59:45.311116 1 plugins.go:161] Loaded 7 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,Priority,PersistentVolumeClaimResize,ValidatingAdmissionWebhook,RuntimeClass,ResourceQuota. I0423 22:59:45.312164 1 plugins.go:158] Loaded 11 mutating admission controller(s) successfully in the following order: NamespaceLifecycle,LimitRanger,ServiceAccount,NodeRestriction,TaintNodesByCondition,Priority,DefaultTolerationSeconds,DefaultStorageClass,StorageObjectInUseProtection,MutatingAdmissionWebhook,RuntimeClass. I0423 22:59:45.312179 1 plugins.go:161] Loaded 7 validating admission controller(s) successfully in the following order: LimitRanger,ServiceAccount,Priority,PersistentVolumeClaimResize,ValidatingAdmissionWebhook,RuntimeClass,ResourceQuota. I0423 22:59:45.315842 1 client.go:357] parsed scheme: "endpoint" I0423 22:59:45.315918 1 endpoint.go:68] ccResolverWrapper: sending new addresses to cc: [{https://192.168.0.13:2379 0 <nil>}] I0423 22:59:45.329792 1 client.go:357] parsed scheme: "endpoint"
添加-f 选项、还能用于持续监控指定容器中的日志输出、其行为类似于用了-f选项的tail命令
2、在容器中执行命令
[root@master ~]# kubectl exec nginx-deloy-6c8868f55c-j45fr ls bin boot dev etc home lib lib64 media mnt opt proc root run sbin srv sys tmp usr var
如果POD中有多个容器、则需要以-c 选项执行容器后再运行
六、删除资源对象
[root@k8s-master ~]# kubectl delete pods myweb-9rmf4 pod "myweb-9rmf4" deleted kubectl delete pods -l app=monitor -n kube-system kubectl delete pods -l --all -n kube-public
作者:罗阿红
出处:http://www.cnblogs.com/luoahong/
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接。