本文主要介绍kubernetes排查问题时经常用到的命令。这里主要借助kubectl命令来实现。以下列出常用命令,后面会对每个命令进行详细解释,并举例
一:使用kubectl命令管理项目的生命周期
项目的生命周期,创建、发布、更新、回滚、删除
1.1:创建kubectl run命令
replicas:副本数量
[root@master ~]# kubectl run nginx-test --image=nginx:latest --port=80 --replicas=3
'//-w 动态查看'
[root@master2 ~]# kubectl get pods -w
'//查看创建的资源'
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-deployment-5477945587-2dmhp 1/1 Running 0 17s
nginx-deployment-5477945587-kjlgv 1/1 Running 0 17s
nginx-deployment-5477945587-w9zvf 0/1 ContainerCreating 0 17s
'//查看资源创建在哪个节点上'
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-deployment-5477945587-2dmhp 1/1 Running 0 3m19s 172.17.93.3 20.0.0.42 <none>
nginx-deployment-5477945587-kjlgv 1/1 Running 0 3m19s 172.17.5.2 20.0.0.43 <none>
nginx-deployment-5477945587-w9zvf 1/1 Running 0 3m19s 172.17.5.3 20.0.0.43 <none>
'//查看更详细信息,副本资源和控制器资源'
[root@master ~]# kubectl get all
NAME READY STATUS RESTARTS AGE
pod/nginx-deployment-5477945587-2dmhp 1/1 Running 0 5m5s
pod/nginx-deployment-5477945587-kjlgv 1/1 Running 0 5m5s
pod/nginx-deployment-5477945587-w9zvf 1/1 Running 0 5m5s
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 9d
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.apps/nginx-deployment 3 3 3 3 5m5s
NAME DESIRED CURRENT READY AGE
replicaset.apps/nginx-deployment-5477945587 3 3 3 5m5s
'//仅查询pod资源的两个项'
[root@master ~]# kubectl get deployment,replicaset
NAME DESIRED CURRENT UP-TO-DATE AVAILABLE AGE
deployment.extensions/nginx-deployment 3 3 3 3 6m38s
NAME DESIRED CURRENT READY AGE
replicaset.extensions/nginx-deployment-5477945587 3 3 3 6m38s
1.2:我们从新创建一个nginx资源
'//运行一个指定的镜像'
[root@master ~]# kubectl run nginx --image=nginx:latest --port=80 --replicas=3
kubectl run --generator=deployment/apps.v1beta1 is DEPRECATED and will be removed in a future version. Use kubectl create instead.
deployment.apps/nginx created
'//查看所有pod列表'
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-7697996758-9m4j5 0/1 ContainerCreating 0 12s
nginx-7697996758-fvlwf 0/1 ContainerCreating 0 12s
nginx-7697996758-nk6fn 1/1 Running 0 12s
'//查看pods在哪个节点 网络状态详细信息'
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-7697996758-9m4j5 1/1 Running 0 3m13s 172.17.93.3 20.0.0.42 <none>
nginx-7697996758-fvlwf 1/1 Running 0 3m13s 172.17.5.2 20.0.0.43 <none>
nginx-7697996758-nk6fn 1/1 Running 0 3m13s 172.17.5.3 20.0.0.43 <none>
1.3:发布nginx service提供负载均衡的功能
kubectl expose
将资源暴露为新的Kubernetes Service。
指定deployment、service、replica
set、replication
controller或pod
,并使用该资源的选择器作为指定端口上新服务的选择器。deployment 或 replica
set只有当其选择器可转换为service支持的选择器时,即当选择器仅包含matchLabels组件时才会作为暴露新的Service。
资源包括(不区分大小写):
pod(po),service(svc),replication
controller(rc),deployment(deploy),replica set(rs)
语法
$ expose (-f FILENAME | TYPE NAME) [--port=port] [--protocol=TCP|UDP] [--target-port=number-or-name] [--name=name] [--external-ip=external-ip-of-service] [--type=type]
示例
- 为deployment的nginx创建service,并通过service的80端口转发至容器的80端口上,最后提供给外部访问k8集群的service入口
[root@master ~]# kubectl expose deployment nginx --port=80 --target-port=80 --name=nginx-service --type=NodePort
'//查看pods在哪个节点上'
[root@master ~]# kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE
nginx-7697996758-9m4j5 1/1 Running 0 55m 172.17.93.3 20.0.0.42 <none>
nginx-7697996758-fvlwf 1/1 Running 0 55m 172.17.5.2 20.0.0.43 <none>
nginx-7697996758-nk6fn 1/1 Running 0 55m 172.17.5.3 20.0.0.43 <none>
'//查看资源对象简写'
[root@master ~]# kubectl api-resources
'//查看关联后端的节点'
[root@master ~]# kubectl get endpoints
NAME ENDPOINTS AGE
kubernetes 20.0.0.41:6443,20.0.0.44:6443 10d
nginx-service 172.17.5.2:80,172.17.5.3:80,172.17.93.3:80 36m
'//查看服务暴露端口'
[root@master ~]# kubectl get service
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 10d
nginx-service NodePort 10.0.0.212 <none> 80:37288/TCP 18m
1.4:pods资源调度
当我们创建多个pod、service资源时,kube-proxy会做负载均衡,此时我们通过访问任意node节点ip可以访问所有的资源
kubernetes中kube-proxy支持三种模式,在v1.8之前我们使用的是iptables以及userspace两种模式,在kubernetes1.8之后加入了ipvs
'//节点服务器下载ipvs'
[root@node1 ~]# yum -y install ipvsadm
'//查看负载均衡调度'
[root@node1 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.93.0:30001 rr
-> 172.17.93.2:8443 Masq 1 0 0
TCP 172.17.93.0:37288 rr '//发现可以访问本地地址可以自动轮询给三个pod资源'
-> 172.17.5.2:80 Masq 1 0 0
-> 172.17.5.3:80 Masq 1 0 0
-> 172.17.93.3:80 Masq 1 0 0
'//查看node2节点'
[root@node2 ~]# ipvsadm -L -n
IP Virtual Server version 1.2.1 (size=4096)
Prot LocalAddress:Port Scheduler Flags
-> RemoteAddress:Port Forward Weight ActiveConn InActConn
TCP 172.17.5.0:30001 rr
-> 172.17.93.2:8443 Masq 1 0 0
TCP 172.17.5.0:37288 rr
-> 172.17.5.2:80 Masq 1 0 0
-> 172.17.5.3:80 Masq 1 0 0
-> 172.17.93.3:80 Masq 1 0 0
- 在node1操作,查看负载负载均衡端口37288
-
在maste节点操作,查看访问日志
-
注意:如果访问其他node无法访问检查proxy组件
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-7697996758-9m4j5 1/1 Running 0 19h
nginx-7697996758-fvlwf 1/1 Running 0 19h
nginx-7697996758-nk6fn 1/1 Running 0 19h
'//查看访问日志'
[root@master ~]# kubectl logs nginx-7697996758-9m4j5 '这边我们随便查看一个'
2020/10/10 10:17:36 [error] 28#28: *3 open() "/usr/share/nginx/html/favicon.ico" failed (2: No such file or directory), client: 172.17.93.1, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "20.0.0.42:37288", referrer: "http://20.0.0.42:37288/"
172.17.93.1 - - [10/Oct/2020:10:17:36 +0000] "GET /favicon.ico HTTP/1.1" 404 555 "http://20.0.0.42:37288/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/84.0.4147.105 Safari/537.36 Edg/84.0.522.52" "-"
'//可以看到是node1节点的docker0代为访问'
1.5:更新nginx版本
这边我们用的谷歌的浏览器,查看一下nginx的版本信息
'//查看配置应用资源帮助'
[root@master ~]# kubectl set --help
Configure application resources
These commands help you make changes to existing application resources.
Available Commands:
env Update environment variables on a pod template
image 更新一个 pod template 的镜像
resources 在对象的 pod templates 上更新资源的 requests/limits
selector 设置 resource 的 selector
serviceaccount Update ServiceAccount of a resource
subject Update User, Group or ServiceAccount in a RoleBinding/ClusterRoleBinding
Usage:
kubectl set SUBCOMMAND [options]
'//获取修改模板'
Configure application resources
These commands help you make changes to existing application resources.
Available Commands:
env Update environment variables on a pod template
image 更新一个 pod template 的镜像
resources 在对象的 pod templates 上更新资源的 requests/limits
selector 设置 resource 的 selector
serviceaccount Update ServiceAccount of a resource
subject Update User, Group or ServiceAccount in a RoleBinding/ClusterRoleBinding
Usage:
kubectl set SUBCOMMAND [options]
'//获取修改模板'
[root@master ~]# kubectl set image --help
'//更新版本为1.14'
[root@master ~]# kubectl set image deployment/nginx nginx=nginx:1.14
'//查看资源动态,处于监听状态'
[root@master ~]# kubectl get pods -w
'//容器的更新是滚动更新,只有删除和创建,要一直保持副本数量'
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-6ff7c89c7c-28ntp 1/1 Running 0 3m14s
nginx-6ff7c89c7c-6zhdd 1/1 Running 0 2m41s
nginx-6ff7c89c7c-w2j8k 1/1 Running 0 2m58s
- 再次访问网页,查看一下nginx版本
假如我们想恢复到原来的状态该怎么操作,对了就是接下来的回滚操作
1.6:回滚nginx资源
[root@master ~]# kubectl rollout --help
......省略消息......
Available Commands:
history 显示 rollout 历史
pause 标记提供的 resource 为中止状态
resume 继续一个停止的 resource
status 显示 rollout 的状态
undo 撤销上一次的 rollout
......省略消息.......
'//查看历史版本'
[root@master ~]# kubectl rollout history deploy/nginx
deployment.extensions/nginx
REVISION CHANGE-CAUSE
1 <none>
2 <none>
'//执行回滚'
[root@master ~]# kubectl rollout undo deploy/nginx
deployment.extensions/nginx
'//再次检查回滚汉状态'
[root@master ~]# kubectl rollout status deploy/nginx
deployment "nginx" successfully rolled out
- 再次查看nginx的网页版本信息
如果不需要pods资源我们可以进行删除
1.7:删除资源
[root@master ~]# kubectl delete deploy/nginx
deployment.extensions "nginx" deleted
'//查看pods资源已经删除了'
[root@master ~]# kubectl get pods
No resources found.
'查看所有的资源 删除不仅仅是pod'
[root@master ~]# kubectl get all
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
service/kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 11d
service/nginx-service NodePort 10.0.0.212 <none> 80:37288/TCP 19h
'删除service'
[root@master ~]# kubectl delete svc/nginx-service
service "nginx-service" deleted
[root@master ~]# kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
kubernetes ClusterIP 10.0.0.1 <none> 443/TCP 11d
1.71:查看具体资源的详细信息
[root@master ~]# kubectl run nginx --image=nginx --port=80 --replicas=3
[root@master ~]# kubectl get pods
NAME READY STATUS RESTARTS AGE
nginx-cdb6b5b95-98zhp 1/1 Running 0 17s
nginx-cdb6b5b95-klmm4 0/1 ContainerCreating 0 17s
nginx-cdb6b5b95-znv76 0/1 ContainerCreating 0 17s
输出指定的一个/多个资源的详细信息
[root@master ~]# kubectl describe pod nginx-cdb6b5b95-98zhp
Name: nginx-cdb6b5b95-98zhp
Namespace: default
Priority: 0
PriorityClassName: <none>
Node: 20.0.0.42/20.0.0.42
Start Time: Sat, 10 Oct 2020 19:48:35 +0800
Labels: pod-template-hash=cdb6b5b95
run=nginx
Annotations: <none>
Status: Running
IP: 172.17.93.3
Controlled By: ReplicaSet/nginx-cdb6b5b95
Containers:
nginx:
Container ID: docker://cf7643869f1cd52a5a7c8d1549515f9ad825dd5c8b39c28fec62d40c53f33941
Image: nginx
Image ID: docker-pullable://nginx@sha256:fc66cdef5ca33809823182c9c5d72ea86fd2cef7713cf3363e1a0b12a5d77500
Port: 80/TCP
Host Port: 0/TCP
State: Running
Started: Sat, 10 Oct 2020 19:48:37 +0800
Ready: True
Restart Count: 0
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from default-token-cfdcs (ro)
Conditions:
Type Status
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
default-token-cfdcs:
Type: Secret (a volume populated by a Secret)
SecretName: default-token-cfdcs
Optional: false
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute for 300s
node.kubernetes.io/unreachable:NoExecute for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 8m3s default-scheduler Successfully assigned default/nginx-cdb6b5b95-98zhp to 20.0.0.42
Normal Pulling 8m2s kubelet, 20.0.0.42 pulling image "nginx"
Normal Pulled 8m1s kubelet, 20.0.0.42 Successfully pulled image "nginx"
Normal Created 8m1s kubelet, 20.0.0.42 Created container
Normal Started 8m1s kubelet, 20.0.0.42 Started container
1.72:进入pod
[root@master ~]# kubectl exec -it nginx-cdb6b5b95-98zhp bash
'//查看列表'
root@nginx-cdb6b5b95-98zhp:/# ls
bin dev docker-entrypoint.sh home lib64 mnt proc run srv tmp var
boot docker-entrypoint.d etc lib media opt root sbin sys usr
'//退出'
root@nginx-cdb6b5b95-98zhp:/# exit
exit
今天小结结束!感谢观看。