0.前言
之前花了很长的时间部署了一个3节点的k8s集群,今天来总结一下k8s集群的常见命令,本次只讲一些简单且实用的命令,一些复杂的命令,像存储、网络、调度(污点、亲和性)等,后续会分开单独讲。
1.集群相关
1.1版本号
kubectl version
1.2集群信息
kubectl cluster-info
查看集群基本信息,比如apiserver和coreDNS运行情况。
2.节点相关
2.1 查看所有节点
kubectl get node
可以看到每个节点的名称,运行状态,角色,运行时间和版本号。
2.2 单个节点详情
kubectl describe node k8s-master
Name: k8s-master
Roles: master
Labels: beta.kubernetes.io/arch=amd64
beta.kubernetes.io/os=linux
kubernetes.io/arch=amd64
kubernetes.io/hostname=k8s-master
kubernetes.io/os=linux
node-role.kubernetes.io/master=
node.kubernetes.io/node=
Annotations: node.alpha.kubernetes.io/ttl: 0
projectcalico.org/IPv4Address: 192.168.159.164/24
projectcalico.org/IPv4IPIPTunnelAddr: 172.30.235.192
volumes.kubernetes.io/controller-managed-attach-detach: true
CreationTimestamp: Sat, 21 Sep 2024 16:44:40 +0800
Taints: <none>
Unschedulable: false
Lease:
HolderIdentity: k8s-master
AcquireTime: <unset>
RenewTime: Tue, 24 Sep 2024 11:40:36 +0800
Conditions:
Type Status LastHeartbeatTime LastTransitionTime Reason Message
---- ------ ----------------- ------------------ ------ -------
NetworkUnavailable False Mon, 23 Sep 2024 18:06:35 +0800 Mon, 23 Sep 2024 18:06:35 +0800 CalicoIsUp Calico is running on this node
MemoryPressure False Tue, 24 Sep 2024 11:37:39 +0800 Mon, 23 Sep 2024 17:57:54 +0800 KubeletHasSufficientMemory kubelet has sufficient memory available
DiskPressure False Tue, 24 Sep 2024 11:37:39 +0800 Mon, 23 Sep 2024 17:57:54 +0800 KubeletHasNoDiskPressure kubelet has no disk pressure
PIDPressure False Tue, 24 Sep 2024 11:37:39 +0800 Mon, 23 Sep 2024 17:57:54 +0800 KubeletHasSufficientPID kubelet has sufficient PID available
Ready True Tue, 24 Sep 2024 11:37:39 +0800 Mon, 23 Sep 2024 18:06:35 +0800 KubeletReady kubelet is posting ready status
Addresses:
InternalIP: 192.168.159.164
Hostname: k8s-master
Capacity:
cpu: 4
ephemeral-storage: 17340Mi
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 7837288Ki
pods: 110
Allocatable:
cpu: 4
ephemeral-storage: 16364077029
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 7734888Ki
pods: 110
System Info:
Machine ID: 2785782508f543ab9ef0d544aa5cd429
System UUID: 28ee4d56-b485-262e-304f-d352aae8a622
Boot ID: f3ab19bb-b9f9-4c51-8e0d-323439f6c042
Kernel Version: 5.14.0-427.13.1.el9_4.x86_64
OS Image: Rocky Linux 9.4 (Blue Onyx)
Operating System: linux
Architecture: amd64
Container Runtime Version: containerd://1.7.22
Kubelet Version: v1.30.5
Kube-Proxy Version: v1.30.5
PodCIDR: 172.30.0.0/24
PodCIDRs: 172.30.0.0/24
Non-terminated Pods: (3 in total)
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits Age
--------- ---- ------------ ---------- --------------- ------------- ---
kube-system calico-kube-controllers-65dcc554ff-9pws2 0 (0%) 0 (0%) 0 (0%) 0 (0%) 17h
kube-system calico-node-rccq4 250m (6%) 0 (0%) 0 (0%) 0 (0%) 17h
test busybox2 0 (0%) 0 (0%) 0 (0%) 0 (0%) 16h
Allocated resources:
(Total limits may be over 100 percent, i.e., overcommitted.)
Resource Requests Limits
-------- -------- ------
cpu 250m (6%) 0 (0%)
memory 0 (0%) 0 (0%)
ephemeral-storage 0 (0%) 0 (0%)
hugepages-1Gi 0 (0%) 0 (0%)
hugepages-2Mi 0 (0%) 0 (0%)
Events: <none>
可以看到详细的节点信息,包括节点所在主机信息,节点运行情况和节点资源使用情况,当节点出现unready状态时,就可以使用该命令排查节点异常原因。
3.namespace相关
3.1 创建命令空间
kubectl create namespace test
test是namespace名称,可以自行指定。
3.2 查看namespace
kubectl get namespace/ns(简写)
注意: default namespace是一个很特殊的namespace,创建资源的时候不指定namespace的话,资源会默认创建在default namespace下,查找资源时。
3.3 查看指定namespace详情
kubectl describe ns test
4.pod相关
4.1 创建一个pod(以busybox为例)
(1)pod的声明文件
cd /data/yaml
cat busybox.yaml
apiVersion: v1
kind: Pod
metadata:
name: busybox
namespace: default
spec:
containers:
- name: busybox
image: docker.m.daocloud.io/library/busybox
command:
- sleep
- "3600"
imagePullPolicy: IfNotPresent
restartPolicy: Always
(2)创建pod
kubectl create -f busybox.yaml
4.2 查看所有pod
kubectl get pod -n default
可以看到pod运行情况,包括名称、pod就绪的数量,运行状态,重启次数和运行时间。
4.3 查看pod中应用日志
kubectl logs coredns-797bbb564b-whv9z -n kube-system
这里就可以看到coredns服务的日志信息。
4.4 pod中执行命令
(1)执行普通命令:
kubectl exec busybox -- echo hello
可以看到,会打印hello字符串。
在早期版本,可以通过以下命令进入到pod内部:
(2)进入Pod内部:
kubectl exec -it busybox /bin/sh
但是官方表示会移除该命令,推荐使用上述在pod内执行命令的方式。
4.5 查看pod详情
kubectl describe pod busybox -n default
Name: busybox
Namespace: default
Priority: 0
Service Account: default
Node: k8s-node2/192.168.159.166
Start Time: Mon, 23 Sep 2024 18:43:39 +0800
Labels: <none>
Annotations: cni.projectcalico.org/containerID: f097a23677ace8e128cf0451171f7db9ce1c8637b6109ed05ecf3237e04dbf89
cni.projectcalico.org/podIP: 172.30.169.129/32
cni.projectcalico.org/podIPs: 172.30.169.129/32
Status: Running
IP: 172.30.169.129
IPs:
IP: 172.30.169.129
Containers:
busybox:
Container ID: containerd://152f5039ba1d8c2f2d5c974e010316d969b27a923e3b3b539cff98ce39819731
Image: docker.m.daocloud.io/library/busybox
Image ID: docker.m.daocloud.io/library/busybox@sha256:c230832bd3b0be59a6c47ed64294f9ce71e91b327957920b6929a0caa8353140
Port: <none>
Host Port: <none>
Command:
sleep
3600
State: Running
Started: Tue, 24 Sep 2024 15:04:41 +0800
Last State: Terminated
Reason: Completed
Exit Code: 0
Started: Tue, 24 Sep 2024 13:40:11 +0800
Finished: Tue, 24 Sep 2024 15:04:40 +0800
Ready: True
Restart Count: 4
Environment: <none>
Mounts:
/var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-frb2g (ro)
Conditions:
Type Status
PodReadyToStartContainers True
Initialized True
Ready True
ContainersReady True
PodScheduled True
Volumes:
kube-api-access-frb2g:
Type: Projected (a volume that contains injected data from multiple sources)
TokenExpirationSeconds: 3607
ConfigMapName: kube-root-ca.crt
ConfigMapOptional: <nil>
DownwardAPI: true
QoS Class: BestEffort
Node-Selectors: <none>
Tolerations: node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Created 13m (x5 over 20h) kubelet Created container busybox
Normal Started 13m (x5 over 20h) kubelet Started container busybox
Normal Pulled 13m (x4 over 5h17m) kubelet Container image "docker.m.daocloud.io/library/busybox" already present on machine
可以看到pod的详细信息,当pod状态异常的时候,基于pod详情可以快速排查pod异常的原因。
5.deployment相关
5.1 创建deployment
(1)deployment声明式文件
cd /data/yaml
cat nginx-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: nginx-deployment
labels:
app: nginx
spec:
replicas: 3
selector:
matchLabels:
app: nginx
template:
metadata:
labels:
app: nginx
spec:
containers:
- name: nginx
image: docker.m.daocloud.io/library/nginx
ports:
- containerPort: 80
(2)创建deployment:
kubectl apply -f nginx-deployment.yaml
5.2 查看deployment:
(1)查看deployment运行情况:
kubectl get deployment -n default
可以看到deploy名称,包含三个pod,且三个Pod准备就绪。
(2)查看replicaSet:
kubectl get replicaSet -n default
可以看到replicaSet的名称是deployment-随机编码,也即该replicaSet是关联之前创建的deployment的,这里显示用户期望pod数是3,当前运行数也是3,也即replicaSet正常运行。
(3)查看deployment对应pod:
kubectl get pod -n default |grep nginx
可以看到有3个pod分别运行在3个node上,这里之所以pod可以运行在master节点上,是因为现在没有给master节点加污点,pod可以调度到master节点上。
(4)查看deployment详情:
kubectl describe deployment nginx-deployment -n default
Name: nginx-deployment
Namespace: default
CreationTimestamp: Tue, 24 Sep 2024 15:37:54 +0800
Labels: app=nginx
Annotations: deployment.kubernetes.io/revision: 1
Selector: app=nginx
Replicas: 3 desired | 3 updated | 3 total | 3 available | 0 unavailable
StrategyType: RollingUpdate
MinReadySeconds: 0
RollingUpdateStrategy: 25% max unavailable, 25% max surge
Pod Template:
Labels: app=nginx
Containers:
nginx:
Image: docker.m.daocloud.io/library/nginx
Port: 80/TCP
Host Port: 0/TCP
Environment: <none>
Mounts: <none>
Volumes: <none>
Node-Selectors: <none>
Tolerations: <none>
Conditions:
Type Status Reason
---- ------ ------
Available True MinimumReplicasAvailable
Progressing True NewReplicaSetAvailable
OldReplicaSets: <none>
NewReplicaSet: nginx-deployment-846887469d (3/3 replicas created)
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ScalingReplicaSet 37m deployment-controller Scaled up replica set nginx-deployment-846887469d to 3
5.3 扩容deployment
kubectl scale nginx-deployment --replicas=4
如上命令,可以将nginx-deployment pod数扩容到4个,但是最好是在声明文件里面修改repica数,然后执行apply命令进行扩容。
5.4 deployment发布
deployment支持查看历史发布信息,并且支持回滚等操作,这些功能对于应用发布而言是非常重要的,所以官方也推荐以deployment的形式发布应用,而不是以pod的形式。
(1)查看所有deployment历史版本:
kubectl rollout history deployment -n default
(2)查看指定deployment历史版本:
kubectl rollout history deployment/nginx-deployment(deployment名称)-n default
(3)查看指定deployment指定历史版本详情:
kubectl rollout history deployment/nginx-deployment --revision=1(版本号)-n default
(4)回退到指定版本
kubectl rollout undo deployment/pc-deployment --to-revision=1 -n default
(5)查看回退状态
kubectl rollout status deploy/nginx-deployment -n default
5.5 删除deployment:
kubectl delete -f nginx-deployment.yaml
6.service相关
6.1 ClusterIP类型
(1)service声明文件:
cd /data/yaml
cat nginx-service-clusterIp.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 8080
targetPort: 80
type: ClusterIP
service是根据seletor关键字选中pod的,我们这里填写的是app:nginx,对应的是nginx-deployment中pod的标签。
kubectl get pod -n default --show-labels |grep nginx
可以看到pod labels里面有app=nginx这一项。
修改三个pod中nginx首页显示信息:
kubectl exec -it nginx-deployment-846887469d-5hj5w /bin/bash
echo nginx1 > /usr/share/nginx/html/index.html
kubectl exec -it nginx-deployment-846887469d-bs5k8 /bin/bash
echo nginx2 > /usr/share/nginx/html/index.html
kubectl exec -it nginx-deployment-846887469d-n5p7d /bin/bash
echo nginx3 > /usr/share/nginx/html/index.html
(2)创建service
kubectl apply -f nginx-service-nodePort.yaml
(3)查看service
kubectl get svc
可以看到service对应的IP是10.96.208.179,我们请求这个IP的8080端口,请求就会转发给对应的pod。
curl 10.96.208.179:8080
nginx3
curl 10.96.208.179:8080
nginx1
curl 10.96.208.179:8080
nginx2
看结果,如我们所想,请求到了nginx-deployment的pod,并正常响应。
6.2 NodePort类型
(1)service声明文件如下:
cd /data/yaml
cat nginx-service-nodePort.yaml
apiVersion: v1
kind: Service
metadata:
name: nginx-service
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 8080
targetPort: 80
type: NodePort
(2)创建service:
kubectl apply -f nginx-service-nodePort.yaml
(3)查看svc
kubectl get svc
可以看到service的IP地址是10.96.208.179,并有两个端口8080和30219,可以通过10.96.208.179:8080端口访问pod,也可以通过任意k8s节点IP和30219端口访问pod.。
curl 10.96.208.179:8080
nginx1
curl 10.96.208.179:8080
nginx2
curl 10.96.208.179:8080
nginx3
curl 192.168.159.164:30219
nginx1
curl 192.168.159.165:30219
nginx2
curl 192.168.159.166:30219
nginx3
可以看到请求成功,且正常响应。
7.总结
今天主要讲了集群、pod、deployment、service等资源管理相关的命令,其他组件管理命令也都差不多,就不一一列举了,实在遇到比较少见的命令,也可以到官网查看,学习官方手册并实践,是进步最快的方式,后续会慢慢讲解k8s中存储、调度、网络等方案,happy hacking。