K8s基础

来自linux中国网wiki
Evan讨论 | 贡献2023年10月29日 (日) 14:03的版本 →‎临时容器
跳到导航 跳到搜索

base

K8s应用#2022

Rancher基础

#使用glusterfs做存储,不懂glusterfs的请参考其他文章

命名空间

k8s实战示例1:创建命名空间和简单pod

容器

临时容器


root@ubuntu-200430-1:~# kubectl create deployment nginx-deployment --image=nginx:1.25.2-alpine 
deployment.apps/nginx-deployment created
root@ubuntu-200430-1:~# kubectl get deploy
NAME               READY   UP-TO-DATE   AVAILABLE   AGE
nginx-deployment   0/1     1            0           11s

root@ubuntu-200430-1:~# kubectl get pod 
NAME                                READY   STATUS    RESTARTS   AGE
nginx-deployment-574699d69d-ggwl5   1/1     Running   0          3m55s
root@ubuntu-200430-1:~# kubectl debug -it pods/nginx-deployment-574699d69d-ggwl5 --image=busybox
Defaulting debug container name to debugger-5nbhj.

/ # ping linuxsa.org 
PING linuxsa.org (104.21.72.8): 56 data bytes
64 bytes from 104.21.72.8: seq=1 ttl=51 time=322.350 ms

root@ubuntu-200430-1:~#  kubectl describe pods  nginx-deployment-574699d69d-ggwl5
Name:         nginx-deployment-574699d69d-ggwl5
Namespace:    cicd
Priority:     0


Ephemeral Containers:
  debugger-5nbhj:
    Container ID:   containerd://1996b57d36c4a8a8c632e9a5e37dc732231abae65e47dbc95d1fac400399c253
    Image:          busybox
    Image ID:       docker.io/library/busybox@sha256:3fbc632167424a6d997e74f52b878d7cc478225cffac6bc977eedfe51c7f4e79
    Port:           <none>
    Host Port:      <none>
    State:          Terminated
      Reason:       Error


与临时容器共享进程命名空间

进程命名空间共享一直是一个很好的故障排查选项,此功能可用于临时容器。进程命名空间共享不能应用于现有容器,因此必须创建目标容器的副本。 –share-processesflag 在与 –copy-to 一起使用时,可实现进程命名空间共享。这些标志将现有的 Pod spec定义复制到新定义中,并在spec中启用了进程命名空间共享。

$ kubectl debug -it <POD_NAME> --image=busybox --share-processes --copy-to=debug-pod

运行 ps 命令以查看正在运行的进程。 正如您所期望的那样,您可以从 busybox 容器中看到 /pause,从 nginx-deployment 容器中看到 nginx 进程。
/ # ps aux 
PID   USER     TIME  COMMAND
    1 65535     0:00 /pause
    7 root      0:00 nginx: master process nginx -g daemon off;
   35 101       0:00 nginx: worker process
   36 101       0:00 nginx: worker process
   37 101       0:00 nginx: worker process
   38 101       0:00 nginx: worker process
   39 root      0:00 sh
   46 root      0:00 ps aux

如何使用Kubernetes临时容器进行故障排查

label

给节点打标签label

root@ubuntu-200470-1:~/pod# kubectl get node 
NAME     STATUS   ROLES           AGE   VERSION
master   Ready    control-plane   22d   v1.24.10
work1    Ready    <none>          22d   v1.24.10
work2    Ready    <none>          22d   v1.24.10

#给节点1 work1打上 nodename=node01
root@ubuntu-200470-1:~/pod# kubectl  label  nodes  work1  nodename=node01
node/work1 labeled

#查看效果
root@ubuntu-200470-1:~/pod# kubectl get node --show-labels=true
NAME     STATUS   ROLES           AGE   VERSION    LABELS
master   Ready    control-plane   22d   v1.24.10   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=master,kubernetes.io/os=linux,node-role.kubernetes.io/control-plane=,node.kubernetes.io/exclude-from-external-load-balancers=
work1    Ready    <none>          22d   v1.24.10   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=work1,kubernetes.io/os=linux,nodename=node01
work2    Ready    <none>          22d   v1.24.10   beta.kubernetes.io/arch=amd64,beta.kubernetes.io/os=linux,kubernetes.io/arch=amd64,kubernetes.io/hostname=work2,kubernetes.io/os=linux


#使用 例如在dp 
apiVersion: apps/v1
kind: Deployment
metadata:
  name: dep-nginx-sel-node
      
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
     
  template:
    metadata:
      labels:
        app: nginx
        ver: beta
    spec:
      containers:
      - name: nginx
        image: nginx:1.25.2-alpine
        imagePullPolicy: IfNotPresent
      nodeSelector:
        nodename: node01


label svc

oot@ubuntu-200470-1:~/oct19# kubectl  get svc nginx --show-labels 
NAME    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE     LABELS
nginx   ClusterIP   None         <none>        80/TCP    6h15m   app=nginxlabelstest
root@ubuntu-200470-1:~/oct19# kubectl  label svc nginx   version=1
service/nginx labeled
root@ubuntu-200470-1:~/oct19# kubectl  get svc nginx --show-labels 
NAME    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE     LABELS
nginx   ClusterIP   None         <none>        80/TCP    6h15m   app=nginxlabelstest,version=1
root@ubuntu-200470-1:~/oct19# kubectl  label svc nginx   version-
service/nginx unlabeled
root@ubuntu-200470-1:~/oct19# kubectl  get svc nginx --show-labels 
NAME    TYPE        CLUSTER-IP   EXTERNAL-IP   PORT(S)   AGE     LABELS
nginx   ClusterIP   None         <none>        80/TCP    6h16m   app=nginxlabelstest
root@ubuntu-200470-1:~/oct19# 


k8s 配置管理

configmap

ConfigMap 存储 Nginx 配置文件

#创建并查看ConfigMap
cat  my-nginx.yaml 
apiVersion: apps/v1
kind: Deployment 
metadata:
  name: my-nginx 
spec:
  replicas: 1 
  selector:
    matchLabels:
      app: nginx 
  template:
    metadata:
      labels:
        app: nginx 
    spec:
      containers:
      - name: nginx 
        image: nginx:1.25.2-alpine
        imagePullPolicy: IfNotPresent  
        ports:
        - containerPort: 80


#在k8s集群拉起一个nginx的pod并加载ConfigMap,通过默认8080去访问。

编写nginx的yaml文件,并加载ConfigMap
root@ubuntu-200470-1:~/oct21# cat my-nginx-cm.yaml 
apiVersion: apps/v1
kind: Deployment 
metadata:
  name: my-nginx 
spec:
  replicas: 1 
  selector:
    matchLabels:
      app: nginx 
  template:
    metadata:
      labels:
        app: nginx 
    spec:
      containers:
      - name: nginx 
        image: nginx:1.25.2-alpine
        imagePullPolicy: IfNotPresent  
        ports:
        - containerPort: 80
        volumeMounts:
        - name: config-volume 
          mountPath: /etc/nginx/conf.d
      volumes:
      - name: config-volume 
        configMap:
          name: nginx-conf
root@ubuntu-200470-1:~/oct21# kubectl apply -f  my-nginx-cm.yaml 
deployment.apps/my-nginx configured
root@ubuntu-200470-1:~/oct21# kubectl get pod 
NAME                                  READY   STATUS                       RESTARTS          AGE
dapi-test-pod                         0/1     Completed                    0                 30h
env-valuefrom-64956864d6-sh7hb        0/1     CrashLoopBackOff             138 (3m48s ago)   30h
laravel-deployment-5b44dcf689-lvkhp   1/1     Running                      3 (95m ago)       3d9h
my-nginx-7678bcdf4c-qbl6b             1/1     Running                      0                 15s
mydep-759989964c-tdf5l                1/1     Running                      3 (94m ago)       3d6h
mypod                                 1/1     Running                      1 (91m ago)       29h
mypod2                                1/1     Running                      1 (95m ago)       29h
mysql-deploy-7fdd46c697-4r842         0/1     CreateContainerConfigError   0                 3d9h
nginx-deployment-89857df9d-4m8kl      1/1     Running                      2 (91m ago)       2d6h
nginx-deployment-89857df9d-fcqm5      1/1     Running                      2 (95m ago)       2d6h
nginx-deployment-89857df9d-gwdql      1/1     Running                      2 (94m ago)       2d6h
nginx-deployment-89857df9d-kg595      1/1     Running                      2 (95m ago)       2d6h
nginx-deployment-89857df9d-nbqhm      1/1     Running                      2 (90m ago)       2d6h
secret-env-pod                        0/1     Unknown                      0                 29h
web-0                                 1/1     Running                      2 (91m ago)       2d5h
web-1                                 1/1     Running                      2 (91m ago)       2d5h
web-2                                 1/1     Running                      2 (93m ago)       2d4h
wordpress-deploy-5d6679b4c4-tcmpd     1/1     Running                      3 (94m ago)       3d9h
root@ubuntu-200470-1:~/oct21# kubectl get pod my-nginx-7678bcdf4c-qbl6b -o wide 
NAME                        READY   STATUS    RESTARTS   AGE   IP              NODE    NOMINATED NODE   READINESS GATES
my-nginx-7678bcdf4c-qbl6b   1/1     Running   0          32s   10.234.252.13   work2   <none>           <none>
root@ubuntu-200470-1:~/oct21# curl 10.234.252.13:8080
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
html { color-scheme: light dark; }
body { width: 35em; margin: 0 auto;
font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body>
<h1>Welcome to nginx!</h1>
<p>If you see this page, the nginx web server is successfully installed and
working. Further configuration is required.</p>

<p>For online documentation and support please refer to
<a href="http://nginx.org/">nginx.org</a>.<br/>
Commercial support is available at
<a href="http://nginx.com/">nginx.com</a>.</p>

<p><em>Thank you for using nginx.</em></p>
</body>
</html>
root@ubuntu-200470-1:~/oct21# kubectl exec -it my-nginx-7678bcdf4c-qbl6b -- cat /etc/nginx/conf.d/default.conf 
server {
  listen     8080;
  listen  [::]:80;
  server_name  localhost;

  location / {
      root   /usr/share/nginx/html;
      index  index.html index.htm;
  }

  error_page   500 502 503 504  /50x.html;
  location = /50x.html {
      root   /usr/share/nginx/html;
  }



https://www.cnblogs.com/paul8339/p/15424586.html

controllers 控制器

控制器DaemonSet

控制器CronJob

Helm3

k8s-imagePullPolicy拉取策略

imagePullPolicy: Always 总是拉取 pull  以前好像是这个默认值
imagePullPolicy: IfNotPresent 默认值,本地有则使用本地镜像,不拉取
imagePullPolicy: Never 只使用本地镜像,从不拉取


k8s 进入pod shell


kubectl get pods   #查看所有正在运行的pod

NAME                            READY     STATUS    RESTARTS   AGE

nginx-56b8c64cb4-t97vb          1/1       Running   3          1d

 kubectl exec -it nginx-56b8c64cb4-t97vb -- /bin/bash      #假如当前pod只有一个容器,运行以下命令即可

root@nginx-56b8c64cb4-t97vb:/# ps -ef

UID        PID  PPID  C STIME TTY          TIME CMD

root         1     0  0 14:45 ?        00:00:00 nginx: master process nginx -g daemon off;

假如一个pod里有多个容器,用--container or -c 参数。例如:假如这里有个Pod名为my-pod,这个Pod有两个容器,分别名为main-app 和 helper-app,下面的命令将打开到main-app的shell的容器里。

kubectl exec -it my-pod --container main-app -- /bin/bash

k8s不进入pod,直接通过shell在pod里执行命令

k8s使用shell进入容器被拒绝连接

k8s删除pod

1、先删除pod2、再删除对应的deployment否则只是删除pod是不管用的,还会看到pod,因为deployment.yaml文件中定义了副本数量


实例如下:

删除pod

[root@test2 ~]# kubectl get pod -n jenkins
NAME                        READY     STATUS    RESTARTS   AGE
jenkins2-8698b5449c-grbdm   1/1       Running   0          8s
[root@test2 ~]# kubectl delete pod jenkins2-8698b5449c-grbdm -n jenkins
pod "jenkins2-8698b5449c-grbdm" deleted

查看pod仍然存储

[root@test2 ~]# kubectl get pod -n jenkins
NAME                        READY     STATUS    RESTARTS   AGE
jenkins2-8698b5449c-dbqqb   1/1       Running   0          8s
[root@test2 ~]# 

删除deployment

[root@test2 ~]# kubectl get deployment -n jenkins
NAME       DESIRED   CURRENT   UP-TO-DATE   AVAILABLE   AGE
jenkins2   1         1         1            1           17h
[root@test2 ~]# kubectl delete deployment jenkins2 -n jenkins

再次查看pod消失

deployment.extensions "jenkins2" deleted
[root@test2 ~]# kubectl get deployment -n jenkins
No resources found.
[root@test2 ~]# 
[root@test2 ~]# kubectl get pod -n jenkins
No resources found.

[ k8s中正确删除一个pod k8s中正确删除一个pod ]

常见组件安装

安装Metrics server

hpa

coredns状态为ImagePullBackOff问题


kubectl get pods --all-namespaces

kube-system   coredns-7f6cbbb7b8-knhl8             0/1     ImagePullBackOff   0               24h
kube-system   coredns-7f6cbbb7b8-lt4k5             0/1     ImagePullBackOff   0               24h


解决办法:

确定pod所使用的镜像

kubectl get pods coredns-7f6cbbb7b8-knhl8 -n kube-system -o yaml | grep image




    image: registry.aliyuncs.com/google_containers/coredns:v1.8.4
    imagePullPolicy: IfNotPresent
  - image: registry.aliyuncs.com/google_containers/coredns:v1.8.4
    imageID: ""
        message: Back-off pulling image "registry.aliyuncs.com/google_containers/coredns:v1.8.4"

root@k8s-master:~# docker pull registry.aliyuncs.com/google_containers/coredns:v1.8.4
Error response from daemon: manifest for registry.aliyuncs.com/google_containers/coredns:v1.8.4 not found: manifest unknown: manifest unknown

拉个latest 再别名 
docker pull registry.aliyuncs.com/google_containers/coredns

root@k8s-master:~# docker  images | grep coredns 
registry.aliyuncs.com/google_containers/coredns                   latest    8d147537fb7d   3 months ago   47.6MB

强制 改一下 tag 
root@k8s-master:~# docker tag 8d147537fb7d  registry.aliyuncs.com/google_containers/coredns:v1.8.4

root@k8s-master:~# kubectl get pods --all-namespaces | grep coredns  
kube-system   coredns-7f6cbbb7b8-knhl8             1/1     Running            0                24h
kube-system   coredns-7f6cbbb7b8-lt4k5             1/1     Running            0                24h
root@k8s-master:~# 


root@k8s-master:~#  kubectl get all -n kube-system 
NAME                                     READY   STATUS             RESTARTS        AGE
pod/coredns-7f6cbbb7b8-knhl8             0/1     ImagePullBackOff   0               24h
pod/coredns-7f6cbbb7b8-lt4k5             0/1     ImagePullBackOff   0               24h

docker pull registry.aliyuncs.com/google_containers/coredns

coredns状态为ImagePullBackOff问题

k8s解决coredns 的ImagePullBackOff 和ErrImagePull 问题

https://stackoverflow.com/questions/53559291/kubernetes-coredns-in-crashloopbackoff

Kubernetes CoreDNS 状态是 CrashLoopBackOff 解决思路

CrashLoopBackOff的解决方法

记录一次修复k8s pod长时间处于CrashLoopBackOff状态问题

k8s启动Pod遇到CrashLoopBackOff的解决方法

k8s常见问题

pod无故重启

OOM

运维攻坚之kubernetes pod无故重启问题排查

记一次k8s pod频繁重启的优化之旅

POD 中容器异常重启原因定位

see also

几款k8s快速部署的开源项目对比


kuernetes 修改pod时区的方法

docker基础知识

Linux的namespace和cgroups简介