Kubernetes 常用命令 持续更新

1、进入指定namespace pod

kubectl exec -it --namespace=kube-system  g-lsb-proxy-nginx-r7zfl-2522744936-11rld /bin/sh
kubectl exec -it g-lsb-proxy-nginx-r7zfl-2522744936-9tz5k -n kube-system  /bin/bash

2、查看k8s pod详情

kubectl describe pods -n jiankunking gateway-7d89b6f6fb-dj4qp
kubectl get pod logging-filebeat-filebeat-v1-0-5565m -n kube-system -o json

3、 指定api版本查看

kubectl get hpa.v2beta2.autoscaling -n jiankunking app-hpa-331087943  -oyaml

4、工作负载异常:结束中,解决Terminating状态的Pod删不掉的问题

kubectl delete pod es-remote-cluster-5757595946-vtzsh -n dev1 --grace-period=0 --force

5、查看cron job运行情况

kubectl describe job -n console  k8s-sync-1611306600

具体信息:

Name:                     k8s-sync-1611306600
Namespace:                console
Selector:                 controller-uid=9b6edd8d-5c91-11eb-90b0-e4434b7c486d
Labels:                   app=k8s-sync
                          controller.jiankunking.io/chart=app
                          controller.jiankunking.io/release=k8s-sync
                          version=v1
Annotations:              helm.sh/namespace: console
                          helm.sh/path: app
                          helm.sh/release: k8s-sync
Controlled By:            CronJob/k8s-sync
Parallelism:              1
Completions:              1
Active Deadline Seconds:  1800s
Pods Statuses:            0 Running / 0 Succeeded / 0 Failed
Pod Template:
  Labels:       app=k8s-sync
                controller-uid=9b6edd8d-5c91-11eb-90b0-e4434b7c486d
                controller.jiankunking.io/chart=app
                controller.jiankunking.io/name=k8s-sync
                controller.jiankunking.io/release=k8s-sync
                job-name=k8s-sync-1611306600
                version=v1
  Annotations:  helm.sh/namespace: console
                helm.sh/path: app
                helm.sh/release: k8s-sync
                v1.multus-cni.io/default-network: k8s-pod-network
  Containers:
   c0:
    Image:      registry.jiankunking.net/k8s/k8s-sync:v0.0.18-cli
    Port:       
    Host Port:  
    Command:
      k8s-sync
      namespace
    Limits:
      cpu:     300m
      memory:  50Mi
    Requests:
      cpu:     100m
      memory:  20Mi
    Environment:
      POD_NAMESPACE:       (v1:metadata.namespace)
      POD_NAME:            (v1:metadata.name)
      POD_IP:              (v1:status.podIP)
      NODE_NAME:           (v1:spec.nodeName)
    Mounts:               
  Volumes:                
Events:
  Type     Reason        Age    From            Message
  ----     ------        ----   ----            -------
  Warning  FailedCreate  14m    job-controller  Error creating: pods "k8s-sync-1611306600-khfng" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25
  Warning  FailedCreate  14m    job-controller  Error creating: pods "k8s-sync-1611306600-klpt2" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25
  Warning  FailedCreate  13m    job-controller  Error creating: pods "k8s-sync-1611306600-vqk6v" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25
  Warning  FailedCreate  13m    job-controller  Error creating: pods "k8s-sync-1611306600-tmq2r" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25
  Warning  FailedCreate  11m    job-controller  Error creating: pods "k8s-sync-1611306600-7z6rf" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25
  Warning  FailedCreate  9m16s  job-controller  Error creating: pods "k8s-sync-1611306600-lsg25" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25
  Warning  FailedCreate  3m56s  job-controller  Error creating: pods "k8s-sync-1611306600-8rldr" is forbidden: exceeded quota: console, requested: limits.cpu=300m,requests.cpu=100m, used: limits.cpu=60,requests.cpu=25, limited: limits.cpu=60,requests.cpu=25

6、查看所有api资源

kubectl api-resources

结果类似:

root@kube-master-10-10-1-2:~#  kubectl api-resources
NAME                              SHORTNAMES          APIGROUP                       NAMESPACED   KIND
bindings                                                                             true         Binding
componentstatuses                 cs                                                 false        ComponentStatus
configmaps                        cm                                                 true         ConfigMap
endpoints                         ep                                                 true         Endpoints
events                            ev                                                 true         Event
limitranges                       limits                                             true         LimitRange
namespaces                        ns                                                 false        Namespace
nodes                             no                                                 false        Node
persistentvolumeclaims            pvc                                                true         PersistentVolumeClaim
persistentvolumes                 pv                                                 false        PersistentVolume
pods                              po                                                 true         Pod
podtemplates                                                                         true         PodTemplate
replicationcontrollers            rc                                                 true         ReplicationController
resourcequotas                    quota                                              true         ResourceQuota
secrets                                                                              true         Secret
serviceaccounts                   sa                                                 true         ServiceAccount
services                          svc                                                true         Service
challenges                                            acme.cert-manager.io           true         Challenge
orders                                                acme.cert-manager.io           true         Order
initializerconfigurations                             admissionregistration.k8s.io   false        InitializerConfiguration
mutatingwebhookconfigurations                         admissionregistration.k8s.io   false        MutatingWebhookConfiguration

7、查看networkpolicy 信息

kubectl get networkpolicy --all-namespaces
kubectl get networkpolicy -n work-prod work-prod -oyaml

8、查看pod中有几容器

kubectl top pod lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8 -n kube-system  --containers

输出

POD                                                NAME      CPU(cores)   MEMORY(bytes)   
lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8   proxy     122m         404Mi           
lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8   sidecar   1m           42Mi 

进入某个容器

kubectl  exec -it lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8 -n kube-system -c proxy  /bin/bash

如果提示下面的错误

Error from server (Forbidden): pods "lb-1823094884-proxy-nginx-j4yzw-564c48d4cc-l22h8" is forbidden: cannot exec into or attach to a container using host network

就到pod对应的机器上,通过docker exec进入

8、查看contexts候选列表

kubectl config get-contexts

9、切换contexts

kubectl config use-context {your-contexts}

10、查询集群中的node

 kubectl get nodes

11、查询某个node上所有的pod

 // linux
 kubectl get po --all-namespaces -o wide |select-string 56-7
 // powershell
  kubectl get po --all-namespaces -o wide |grep 56-7

12、从本机拷贝文件到pod

kubectl cp 主机文件路径 -n 分区 -c 容器 pod名:容器内绝对路径
kubectl cp ./go-runner -n apisix  apisix-gw-deployment-68469c88b6-l4mcm:/tmp

13、pod 网络监控

nsenter -t 2498080 -n tcpdump -i eth0 -nnvvA port 8080 -w a.pcap

https://blog.csdn.net/jiankunking/article/details/125189956?spm=1001.2014.3001.5501

14、查看系统中的 CRD 资源

kubectl get CustomResourceDefinition

15、kubectl 指定配置文件

kubectl --kubeconfig /root/config  config get-contexts

16、使用 nsenter 进入 netns 抓包
https://jiankunking.blog.csdn.net/article/details/125189956

17、如何查看k8s中kube-proxy的模式是ipvs还是iptables
通过 kubectl 命令查看 kube-proxy 的配置:

[jiankunking@hddxps8156 ~]# kubectl config use-context qd-test
Switched to context "qd-test".
[jiankunking@hddxps8156 ~]# kubectl get configmap kube-proxy -n kube-system -o yaml | grep mode
    mode: ipvs
[jiankunking@hddxps8156 ~]# 

18、kubectl describe node
可通过该命令查看 Pod 在节点上的资源分配情况(Request、Limits),如下:

# product 表示生产环境
kubectl describe node -l env=product

# 执行结果
Namespace                   Name                                                      CPU Requests  CPU Limits  Memory Requests  Memory Limits  AGE
---------                   ----                                                      ------------  ----------  ---------------  -------------  ---
product                     annoroad-clinicallims3-754dddb5cb-k5xkn                   0 (0%)        0 (0%)      0 (0%)           0 (0%)         85d
product                     annoroad-crm-796884585d-ts2xn                             0 (0%)        0 (0%)      0 (0%)           0 (0%)         85d
product                     annoroad-dms-6d658d564f-m6j7r                             0 (0%)        0 (0%)      0 (0%)           0 (0%)         16d
product                     annoroad-dms-server-6557c5bc85-45sw2                      0 (0%)        0 (0%)      0 (0%)           0 (0%)         15d

19、kubectl top node
可通过该命令查看节点的资源使用情况,如下:

# product 表示生产环境
kubectl top node -l env=product

# 执行结果
NAME                       CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%
cn-beijing.192.16.168.102   904m         11%    10340Mi         69%
cn-beijing.192.16.168.103   1393m        17%    12810Mi         86%
cn-beijing.192.16.168.104   1994m        24%    13281Mi         89%
cn-beijing.192.16.168.105   987m         12%    9399Mi          63%
cn-beijing.192.16.168.115   638m         15%    12017Mi         80%
cn-beijing.192.16.168.118   806m         20%    9372Mi          62%
cn-beijing.192.16.168.135   258m         6%     9696Mi          65%
cn-beijing.192.16.168.136   871m         21%    10957Mi         73%
cn-beijing.192.16.168.137   310m         7%     9322Mi          62%
cn-beijing.192.16.168.138   943m         23%    11908Mi         80%

20、kubectl top pod
可通过该命令查看 Pod 资源使用情况,如下:

# product 表示生产环境
kubectl top pod -n product

# 执行结果
NAME                                         CPU(cores)   MEMORY(bytes)
annoroad-alpha-5dbd868d-lsvj5                2m           383Mi
annoroad-applet-6f977779bc-2bgpn             3m           384Mi
annoroad-applet-6f977779bc-mgdhw             3m           387Mi
annoroad-applet-6f977779bc-qhqbg             2m           393Mi
annoroad-beta-7c4d7c654f-m4rkf               2m           334Mi
annoroad-clinicallims-67855bf4f5-9ddwd       4m           502Mi
annoroad-clinicallims-67855bf4f5-rdq2s       3m           488Mi
annoroad-clinicallims-67855bf4f5-vvrsn       3m           436Mi
annoroad-clinicallims-67855bf4f5-zhbvk       4m           509Mi
annoroad-clinicallims-67855bf4f5-zs65j       3m           420Mi
annoroad-clinicallims3-56d9c87786-2ftzq      3m           596Mi

21、kubectl get pod -o wide |grep $node
可通过该命令查看指定 node 上运行的所有 pod,如下:

# product 表示生产环境
kubectl get pod -n product -o wide |grep cn-beijing.172.15.14.128

# 执行结果
annoroad-clinical-lims-8556cc6b76-57ctq        1/1     Running   6          20h    170.22.11.23     cn-beijing.172.15.14.128   <none>           <none>
annoroad-covid19-front-fdd7469ff-pg2hm         1/1     Running   0          29d    170.22.11.20   	cn-beijing.172.15.14.128   <none>           <none>
annoroad-crm-7b9cd5c6c9-hj5s8                  1/1     Running   0          10d    170.22.11.12     cn-beijing.172.15.14.128   <none>           <none>
annoroad-crm-server-696d4f5867-77bdd           1/1     Running   2          29d    170.22.11.122    cn-beijing.172.15.14.128   <none>           <none>
annoroad-gateway-55785fd8c-xlx4q               1/1     Running   0          88d    170.22.11.99     cn-beijing.172.15.14.128   <none>           <none>

22、kubectl top pod |grep -E “ p o d n a m e 1 ∣ podname1| podname1∣podname2|…”
可通过该命令查看一个 pod 或几个 pod 的资源使用情况 ,如下:

# product 表示生产环境
kubectl top pod -n product |grep -E "annoroad-clinical-lims-8556cc6b76-57ctq|annoroad-covid19-front-fdd7469ff-pg2hm"

# 执行结果
annoroad-clinical-lims-8556cc6b76-57ctq        74m          1216Mi
annoroad-covid19-front-fdd7469ff-pg2hm         1m           2Mi

23、查看带某标签的节点列表

kubectl get no -l ${label_name}

24、使用 nsenter 进入 netns 抓包
https://jiankunking.blog.csdn.net/article/details/125189956

25、

你可能感兴趣的:(Kubernetes,kubernetes,docker,容器)