Kubernetes 常用命令 持续更新
1、进入指定namespace pod
kubectl exec -it --namespace=kube-system g-lsb-proxy-nginx-r7zfl-2522744936-11rld /bin/sh
kubectl exec -it g-lsb-proxy-nginx-r7zfl-2522744936-9tz5k -n kube-system /bin/bash
2、查看k8s pod详情
kubectl describe pods -n jiankunking gateway-7d89b6f6fb-dj4qp
kubectl get pod logging-filebeat-filebeat-v1-0-5565m -n kube-system -o json
3、 指定api版本查看
kubectl get hpa.v2beta2.autoscaling -n jiankunking app-hpa-331087943 -oyaml
4、工作负载异常:结束中,解决Terminating状态的Pod删不掉的问题
kubectl delete pod es-remote-cluster-5757595946-vtzsh -n dev1 --grace-period=0 --force
5、查看cron job运行情况
kubectl describe job -n console k8s-sync-1611306600
具体信息:
Name: k8s-sync-1611306600
Namespace: console
Selector: controller-uid=9b6edd8d-5c91-11eb-90b0-e4434b7c486d
Labels: app=k8s-synccontroller.jiankunking.io/chart=appcontroller.jiankunking.io/release=k8s-syncversion=v1
Annotations: helm.sh/namespace: consolehelm.sh/path: apphelm.sh/release: k8s-sync
Controlled By: CronJob/k8s-sync
Parallelism: 1
Completions: 1
Active Deadline Seconds: 1800s
Pods Statuses: 0 Running / 0 Succeeded / 0 Failed
Pod Template:Labels: app=k8s-synccontroller-uid=9b6edd8d-5c91-11eb-90b0-e4434b7c486dcontroller.jiankunking.io/chart=appcontroller.jiankunking.io/name=k8s-synccontroller.jiankunking.io/release=k8s-syncjob-name=k8s-sync-1611306600version=v1Annotations: helm.sh/namespace: consolehelm.sh/path: apphelm.sh/release: k8s-syncv1.multus-cni.io/default-network: k8s-pod-networkContainers:c0:Image: registry.jiankunking.net/k8s/k8s-sync:v0.0.18-cliPort: <none>Host Port: <none>Command:k8s-syncnamespaceLimits:cpu: 300mmemory: 50MiRequests:cpu: 100mmemory: 20MiEnvironment:POD_NAMESPACE: (v1:metadata.namespace)POD_NAME: (v1:metadata.name)POD_IP: (v1:status.podIP)NODE_NAME: (v1:spec.nodeName)Mounts: <none>Volumes: <none>
Events:Type Reason Age From Message---- ------ ---- ---- -------Warning FailedCreate 14m job-controller Error creating: pods "k8s-sync-1611306600-khfng" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25Warning FailedCreate 14m job-controller Error creating: pods "k8s-sync-1611306600-klpt2" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25Warning FailedCreate 13m job-controller Error creating: pods "k8s-sync-1611306600-vqk6v" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25Warning FailedCreate 13m job-controller Error creating: pods "k8s-sync-1611306600-tmq2r" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25Warning FailedCreate 11m job-controller Error creating: pods "k8s-sync-1611306600-7z6rf" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25Warning FailedCreate 9m16s job-controller Error creating: pods "k8s-sync-1611306600-lsg25" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25Warning FailedCreate 3m56s job-controller Error creating: pods "k8s-sync-1611306600-8rldr" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25
6、查看所有api资源
kubectl api-resources
结果类似:
root@kube-master-10-10-1-2:~# kubectl api-resources
NAME SHORTNAMES APIGROUP NAMESPACED KIND
bindings true Binding
componentstatuses cs false ComponentStatus
configmaps cm true ConfigMap
endpoints ep true Endpoints
events ev true Event
limitranges limits true LimitRange
namespaces ns false Namespace
nodes no false Node
persistentvolumeclaims pvc true PersistentVolumeClaim
persistentvolumes pv false PersistentVolume
pods po true Pod
podtemplates true PodTemplate
replicationcontrollers rc true ReplicationController
resourcequotas quota true ResourceQuota
secrets true Secret
serviceaccounts sa true ServiceAccount
services svc true Service
challenges acme.cert-manager.io true Challenge
orders acme.cert-manager.io true Order
initializerconfigurations admissionregistration.k8s.io false InitializerConfiguration
mutatingwebhookconfigurations admissionregistration.k8s.io false MutatingWebhookConfiguration
7、查看networkpolicy 信息
kubectl get networkpolicy --all-namespaces
kubectl get networkpolicy -n work-prod work-prod -oyaml
8、查看pod中有几容器
kubectl top pod lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8 -n kube-system --containers
输出
POD NAME CPU(cores) MEMORY(bytes)
lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8 proxy 122m 404Mi
lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8 sidecar 1m 42Mi
进入某个容器
kubectl exec -it lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8 -n kube-system -c proxy /bin/bash
如果提示下面的错误
Error from server (Forbidden): pods "lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8" is forbidden: cannot exec into or attach to a container using host network
就到pod对应的机器上,通过docker exec进入
8、查看contexts候选列表
kubectl config get-contexts
9、切换contexts
kubectl config use-context {your-contexts}
10、查询集群中的node
kubectl get nodes
11、查询某个node上所有的pod
// linuxkubectl get po --all-namespaces -o wide |select-string 56-7// powershellkubectl get po --all-namespaces -o wide |grep 56-7
12、从本机拷贝文件到pod
kubectl cp 主机文件路径 -n 分区 -c 容器 pod名:容器内绝对路径
kubectl cp ./go-runner -n apisix apisix-gw-deployment-68469c88b6-l4mcm:/tmp
13、pod 网络监控
nsenter -t 2498080 -n tcpdump -i eth0 -nnvvA port 8080 -w a.pcap
https://blog.csdn.net/jiankunking/article/details/125189956?spm=1001.2014.3001.5501
14、查看系统中的 CRD 资源
kubectl get CustomResourceDefinition
15、kubectl 指定配置文件
kubectl --kubeconfig /root/config config get-contexts
16、使用 nsenter 进入 netns 抓包
https://jiankunking.blog.csdn.net/article/details/125189956
17、如何查看k8s中kube-proxy的模式是ipvs还是iptables
通过 kubectl 命令查看 kube-proxy 的配置:
[jiankunking@hddxps8156 ~]# kubectl config use-context qd-test
Switched to context "qd-test".
[jiankunking@hddxps8156 ~]# kubectl get configmap kube-proxy -n kube-system -o yaml | grep modemode: ipvs
[jiankunking@hddxps8156 ~]#
18、kubectl describe node
可通过该命令查看 Pod 在节点上的资源分配情况(Request、Limits),如下:
# product 表示生产环境
kubectl describe node -l env=product# 执行结果
Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits AGE
--------- ---- ------------ ---------- --------------- ------------- ---
product annoroad-clinicallims3-754dddb5cb-k5xkn 0 (0%) 0 (0%) 0 (0%) 0 (0%) 85d
product annoroad-crm-796884585d-ts2xn 0 (0%) 0 (0%) 0 (0%) 0 (0%) 85d
product annoroad-dms-6d658d564f-m6j7r 0 (0%) 0 (0%) 0 (0%) 0 (0%) 16d
product annoroad-dms-server-6557c5bc85-45sw2 0 (0%) 0 (0%) 0 (0%) 0 (0%) 15d19、kubectl top node
可通过该命令查看节点的资源使用情况,如下:
# product 表示生产环境
kubectl top node -l env=product# 执行结果
NAME CPU(cores) CPU% MEMORY(bytes) MEMORY%
cn-beijing.192.16.168.102 904m 11% 10340Mi 69%
cn-beijing.192.16.168.103 1393m 17% 12810Mi 86%
cn-beijing.192.16.168.104 1994m 24% 13281Mi 89%
cn-beijing.192.16.168.105 987m 12% 9399Mi 63%
cn-beijing.192.16.168.115 638m 15% 12017Mi 80%
cn-beijing.192.16.168.118 806m 20% 9372Mi 62%
cn-beijing.192.16.168.135 258m 6% 9696Mi 65%
cn-beijing.192.16.168.136 871m 21% 10957Mi 73%
cn-beijing.192.16.168.137 310m 7% 9322Mi 62%
cn-beijing.192.16.168.138 943m 23% 11908Mi 80%20、kubectl top pod
可通过该命令查看 Pod 资源使用情况,如下:
# product 表示生产环境
kubectl top pod -n product# 执行结果
NAME CPU(cores) MEMORY(bytes)
annoroad-alpha-5dbd868d-lsvj5 2m 383Mi
annoroad-applet-6f977779bc-2bgpn 3m 384Mi
annoroad-applet-6f977779bc-mgdhw 3m 387Mi
annoroad-applet-6f977779bc-qhqbg 2m 393Mi
annoroad-beta-7c4d7c654f-m4rkf 2m 334Mi
annoroad-clinicallims-67855bf4f5-9ddwd 4m 502Mi
annoroad-clinicallims-67855bf4f5-rdq2s 3m 488Mi
annoroad-clinicallims-67855bf4f5-vvrsn 3m 436Mi
annoroad-clinicallims-67855bf4f5-zhbvk 4m 509Mi
annoroad-clinicallims-67855bf4f5-zs65j 3m 420Mi
annoroad-clinicallims3-56d9c87786-2ftzq 3m 596Mi21、kubectl get pod -o wide |grep $node
可通过该命令查看指定 node 上运行的所有 pod,如下:
# product 表示生产环境
kubectl get pod -n product -o wide |grep cn-beijing.172.15.14.128# 执行结果
annoroad-clinical-lims-8556cc6b76-57ctq 1/1 Running 6 20h 170.22.11.23 cn-beijing.172.15.14.128 <none> <none>
annoroad-covid19-front-fdd7469ff-pg2hm 1/1 Running 0 29d 170.22.11.20 cn-beijing.172.15.14.128 <none> <none>
annoroad-crm-7b9cd5c6c9-hj5s8 1/1 Running 0 10d 170.22.11.12 cn-beijing.172.15.14.128 <none> <none>
annoroad-crm-server-696d4f5867-77bdd 1/1 Running 2 29d 170.22.11.122 cn-beijing.172.15.14.128 <none> <none>
annoroad-gateway-55785fd8c-xlx4q 1/1 Running 0 88d 170.22.11.99 cn-beijing.172.15.14.128 <none> <none>22、kubectl top pod |grep -E “ p o d n a m e 1 ∣ podname1| podname1∣podname2|…”
可通过该命令查看一个 pod 或几个 pod 的资源使用情况 ,如下:
# product 表示生产环境
kubectl top pod -n product |grep -E "annoroad-clinical-lims-8556cc6b76-57ctq|annoroad-covid19-front-fdd7469ff-pg2hm"# 执行结果
annoroad-clinical-lims-8556cc6b76-57ctq 74m 1216Mi
annoroad-covid19-front-fdd7469ff-pg2hm 1m 2Mi23、查看带某标签的节点列表
kubectl get no -l ${label_name}
24、