[k8s]Docker 用户使用 kubectl 命令指南-unkown排错(kubelet端口解析)
参考:https://kubernetes.io/docs/user-guide/kubectl-cheatsheet/
https://k8smeetup.github.io/docs/user-guide/docker-cli-to-kubectl/
https://kubernetes.io/docs/user-guide/docker-cli-to-kubectl/
https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/
https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/
开启自动补全
source <(kubectl completion bash)
yum install bash-com* -y
alias kk='kubectl get pod --all-namespaces -o wide --show-labels'
alias ks='kubectl get svc --all-namespaces -o wide'
alias kss='kubectl get svc --all-namespaces -o wide --show-labels'
alias kd='kubectl get deploy --all-namespaces -o wide'
alias wk='watch kubectl get pod --all-namespaces -o wide --show-labels'
alias kv='kubectl get pv -o wide'
alias kvc='kubectl get pvc -o wide --all-namespaces --show-labels'
alias kbb='kubectl run -it --rm --restart=Never busybox --image=busybox sh'
alias kbbc='kubectl run -it --rm --restart=Never curl --image=appropriate/curl sh'
alias kd='kubectl get deployment --all-namespaces --show-labels'
alias kcm='kubectl get cm --all-namespaces -o wide'
alias kin='kubectl get ingress --all-namespaces -o wide'
容器停止后就自动删除:
docker run --rm centos /bin/echo "One";
杀死所有正在运行的容器:
docker kill $(docker ps -a -q)
删除所有已经停止的容器:
docker rm $(docker ps -a -q)
删除所有未打标签的镜像:
docker rmi $(docker images -q -f dangling=true)
1.kubectl run-快速启动nginx服务
kubectl run nginx --image=nginx
kubectl run --image=nginx nginx-app --port=80 --env="DOMAIN=cluster"
kubectl run -it --rm --restart=Never busybox --image=busybox sh
kubectl run --image=nginx --port=80 --hostport=8888 mynginx
kubectl run hostnames --image=gcr.io/google_containers/serve_hostname \
--labels=app=hostnames \
--port=9376 \
--replicas=3
deployment "hostnames" created
# Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
# Start the nginx container using a different command and custom arguments.
kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
2.kubectl expose抛出svc端口
kubectl expose deployment nginx --port=80 --target-port=8000
3.watching方式查看object
kubectl get po -w
kubectl edit svc/docker-registry
kubectl scale --replicas=3 -f foo.yaml
kubectl --help获取帮助
- 通过kubectl explain
kubectl explain pods,svc
- 通过--help
[root@m1 yaml]# kubectl run --help
Create and run a particular image, possibly replicated.
Creates a deployment or job to manage the created container(s).
Examples:
# Start a single instance of nginx.
kubectl run nginx --image=nginx
# Start a single instance of hazelcast and let the container expose port 5701 .
kubectl run hazelcast --image=hazelcast --port=5701
# Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default"
in the container.
kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
# Start a replicated instance of nginx.
kubectl run nginx --image=nginx --replicas=5
# Dry run. Print the corresponding API objects without creating them.
kubectl run nginx --image=nginx --dry-run
# Start a single instance of nginx, but overload the spec of the deployment with a partial set of values parsed from
JSON.
kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'
# Start a pod of busybox and keep it in the foreground, don't restart it if it exits.
kubectl run -i -t busybox --image=busybox --restart=Never
# Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
# Start the nginx container using a different command and custom arguments.
kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
# Start the perl container to compute π to 2000 places and print it out.
kubectl run pi --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
# Start the cron job to compute π to 2000 places and print it out every 5 minutes.
kubectl run pi --schedule="0/5 * * * ?" --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
Options:
--allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
--attach=false: If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...'
were called. Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the
exit code of the container process is returned.
--command=false: If true and extra arguments are present, use them as the 'command' field in the container, rather
than the 'args' field which is the default.
--dry-run=false: If true, only print the object that would be sent, without sending it.
--env=[]: Environment variables to set in the container
--expose=false: If true, a public, external service is created for the container(s) which are run
--generator='': The name of the API generator to use, see
http://kubernetes.io/docs/user-guide/kubectl-conventions/#generators for a list.
--hostport=-1: The host port mapping for the container port. To demonstrate a single-machine container.
--image='': The image for the container to run.
--image-pull-policy='': The image pull policy for the container. If left empty, this value will not be specified
by the client and defaulted by the server
--include-extended-apis=true: If true, include definitions of new APIs via calls to the API server. [default true]
-l, --labels='': Labels to apply to the pod(s).
--leave-stdin-open=false: If the pod is started in interactive mode or with stdin, leave stdin open after the
first attach completes. By default, stdin will be closed after the first attach completes.
--limits='': The resource requirement limits for this container. For example, 'cpu=200m,memory=512Mi'. Note that
server side components may assign limits depending on the server configuration, such as limit ranges.
--no-headers=false: When using the default or custom-column output format, don't print headers (default print
headers).
-o, --output='': Output format. One of:
json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...
See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template
[http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template
[http://kubernetes.io/docs/user-guide/jsonpath].
--overrides='': An inline JSON override for the generated object. If this is non-empty, it is used to override the
generated object. Requires that the object supply a valid apiVersion field.
--pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one
pod is running
--port='': The port that this container exposes. If --expose is true, this is also the port used by the service
that is created.
--quiet=false: If true, suppress prompt messages.
--record=false: Record current kubectl command in the resource annotation. If set to false, do not record the
command. If set to true, record the command. If not set, default to updating the existing annotation value only if one
already exists.
-r, --replicas=1: Number of replicas to create for this container. Default is 1.
--requests='': The resource requirement requests for this container. For example, 'cpu=100m,memory=256Mi'. Note
that server side components may assign requests depending on the server configuration, such as limit ranges.
--restart='Always': The restart policy for this Pod. Legal values [Always, OnFailure, Never]. If set to 'Always'
a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the
latter two --replicas must be 1. Default 'Always', for CronJobs `Never`.
--rm=false: If true, delete resources created in this command for attached containers.
--save-config=false: If true, the configuration of current object will be saved in its annotation. Otherwise, the
annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
--schedule='': A schedule in the Cron format the job should be run with.
--service-generator='service/v2': The name of the generator to use for creating a service. Only used if --expose
is true
--service-overrides='': An inline JSON override for the generated service object. If this is non-empty, it is used
to override the generated object. Requires that the object supply a valid apiVersion field. Only used if --expose is
true.
-a, --show-all=false: When printing, show all resources (default hide terminated pods.)
--show-labels=false: When printing, show all labels as the last column (default hide labels column)
--sort-by='': If non-empty, sort list types using this field specification. The field specification is expressed
as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression
must be an integer or a string.
-i, --stdin=false: Keep stdin open on the container(s) in the pod, even if nothing is attached.
--template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
-t, --tty=false: Allocated a TTY for each container in the pod.
Usage:
kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool]
[--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]
Use "kubectl options" for a list of global command-line options (applies to all commands).
获取某个object的简单的每个字段描述
[root@m1 yaml]# kubectl explain pods
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an
object. Servers should convert recognized schemas to the latest internal
value, and may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds
metadata <Object>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata
spec <Object>
Specification of the desired behavior of the pod. More info: https://
git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status/
status <Object>
Most recently observed status of the pod. This data may not be up to date.
Populated by the system. Read-only. More info: https://git.k8s.io/community/
contributors/devel/api-conventions.md#spec-and-status/
kubectl get 为什么unknown
原因: api访问kubelte的10250端口不通
$ kubectl -n kube-public exec -it spring-2391788630-jldnp bash
Error from server: error dialing backend: dial tcp 192.168.x.x:10250: getsockopt: connection refused
我打算测下kubelet挂掉会发生什么,结果发现这个问题.
1.kubelet挂掉,pvc正常,容器还可以正常访问
2,几分钟后 node显示NotReady
Every 2.0s: kubectl get no -o wide
NAME STATUS AGE VERSION EXTERNAL-IP
n1.ma.com Ready 10d v1.7.10 <none>
n2.ma.com NotReady 10d v1.7.10 <none>
kubelet端口解析:
10250 –port: kubelet服务监听的端口,api会检测他是否存活
10248 –healthz-port: 健康检查服务的端口
10255 –read-only-port: 只读端口,可以不用验证和授权机制,直接访问
4194 –cadvisor-port: 当前节点 cadvisor 运行的端口
kubelet参数手头书
参数 | 解释 | 默认值 |
---|---|---|
–address | kubelet 服务监听的地址 | 0.0.0.0 |
–port | kubelet 服务监听的端口 | 10250 |
–read-only-port | 只读端口,可以不用验证和授权机制,直接访问 | 10255 |
–allow-privileged | 是否允许容器运行在 privileged 模式 | false |
–api-servers | 以逗号分割的 API Server 地址,用于和集群中数据交互 | [] |
–cadvisor-port | 当前节点 cadvisor 运行的端口 | 4194 |
–config 本地 manifest | 文件的路径或者目录 | "" |
–file-check-frequency | 轮询本地 manifest 文件的时间间隔 | 20s |
–container-runtime | 后端容器 runtime,支持 docker 和 rkt | docker |
–enable-server | 是否启动 kubelet HTTP server | true |
–healthz-bind-address | 健康检查服务绑定的地址,设置成 0.0.0.0 可以监听在所有网络接口 | 127.0.0.1 |
–healthz-port | 健康检查服务的端口 | 10248 |
–hostname-override | 指定 hostname,如果非空会使用这个值作为节点在集群中的标识 | "" |
–log-dir | 日志文件,如果非空,会把 log 写到该文件 | "" |
–logtostderr | 是否打印 log 到终端 | true |
–max-open-files | 允许 kubelet 打开文件的最大值 | 1000000 |
–max-pods | 允许 kubelet 运行 pod 的最大值 | 110 |
–pod-infra-container-image | 基础镜像地址,每个 pod 最先启动的容器,会配置共享的网络 | gcr.io/google_containers/pause-amd64:3.0 |
–root-dir | kubelet 保存数据的目录 | /var/lib/kubelet |
–runonce | 从本地 manifest 或者 URL 指定的 manifest 读取并运行结束就退出,和 --api-servers 、--enable-server 参数不兼容 | |
–v | 日志 level | 0 |
只有kube-system里svc打了 kubernetes.io/cluster-service=true标签clusterinfo才出现
有人提起cluster-info里地址访问不了,于是做了下实现,发现default里svc无法出现在clusterinfo里.后来发现只有kube-system里才出现这个,并且可以提供外部访问
注: 这里也无需master安装flannel.
$ cat nginx-svc.yaml
kind: Service
apiVersion: v1
metadata:
namespace: kube-system
name: mynginx
labels:
kubernetes.io/cluster-service: "true"
spec:
selector:
app: nginx
ports:
- protocol: TCP
port: 8080
targetPort: 80
kube api-versions不同版本对比
参考: https://www.youtube.com/watch?v=bMiU4xH8pLw&t=1862s
[k8架构]k8s架构及调度机制图解参考
http://www.cnblogs.com/iiiiher/p/8043444.html
$ kubectl api-versions
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1beta1
apps/v1beta1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
batch/v1
bitnami.com/v1alpha1
certificates.k8s.io/v1beta1
extensions/v1beta1
k8s.io/v1
networking.k8s.io/v1
policy/v1beta1
rbac.authorization.k8s.io/v1alpha1
rbac.authorization.k8s.io/v1beta1
settings.k8s.io/v1alpha1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1
kubectl操作节点
参考: https://kubernetes.io/docs/reference/kubectl/cheatsheet/
$ kubectl cordon my-node # Mark my-node as unschedulable
$ kubectl drain my-node # Drain my-node in preparation for maintenance
$ kubectl uncordon my-node # Mark my-node as schedulable
$ kubectl top node my-node # Show metrics for a given node
$ kubectl cluster-info # Display addresses of the master and services
$ kubectl cluster-info dump # Dump current cluster state to stdout
$ kubectl cluster-info dump --output-directory=/path/to/cluster-state # Dump current cluster state to /path/to/cluster-state
# If a taint with that key and effect already exists, its value is replaced as specified.
$ kubectl taint nodes foo dedicated=special-user:NoSchedule
[k8s]Docker 用户使用 kubectl 命令指南-unkown排错(kubelet端口解析)的更多相关文章
- K8S从入门到放弃系列-(4)kubernetes集群之kubectl命令行工具部署
摘要:随着版本的不断迭代,k8s为了集群安全,集群中趋向采用TLS+RBAC的安全配置方式,所以我们在部署过程中,所有组件都需要证书,并启用RBAC认证. 我们这里采用二进制安装,下载解压后,把对应组 ...
- k8s技术--Kubernetes集群kubectl命令的常见使用方法
简介:kubectl是一个命令行界面,用于运行针对Kubernetes群集的命令. 语法: kubectl [command] [TYPE] [NAME] [flags] command:指定您希望对 ...
- k8s结合jumpserver做kubectl权限控制 用户在多个namespaces的访问权限 rbac权限控制
圈子太小,做人留一面,日后好相见. 其实这个文章就是用户用jumpserver登录到k8s master节点 然后执行kubectl的时候只有自己namespaces的所有权限. 背景 1,k8s 有 ...
- 使用kubectl管理Kubernetes(k8s)集群:常用命令,查看负载,命名空间namespace管理
目录 一.系统环境 二.前言 三.kubectl 3.1 kubectl语法 3.2 kubectl格式化输出 四.kubectl常用命令 五.查看kubernetes集群node节点和pod负载 5 ...
- [转帖] k8s kubectl 命令行技巧
https://jimmysong.io/posts/kubectl-cheatsheet/ Kubectl Cheatsheet kubectl命令技巧大全Posted on November 3, ...
- K8S命令-Kubectl 命令大全
参考1:https://jimmysong.io/kubernetes-handbook/guide/kubectl-cheatsheet.html?h=kubectl Kubctl 命令是操作 ku ...
- 使用二进制方式安装K8S时使用kubectl命令报错:The connection to the server localhost:8080 was refused - did you specify the right host or port?
解决思路: kubectl 默认从 ~/.kube/config 配置文件获取访问 kube-apiserver 地址.证书.用户名等信息,如果没有配置该文件,或者该文件个别参数配置出错,执行命令时出 ...
- 【SFA官方翻译】使用 Kubernetes、Spring Boot 2.0 和 Docker 的微服务快速指南
[SFA官方翻译]使用 Kubernetes.Spring Boot 2.0 和 Docker 的微服务快速指南 原创: Darren Luo SpringForAll社区 今天 原文链接:https ...
- k8s docker集群搭建
一.Kubernetes系列之介绍篇 •Kubernetes介绍 1.背景介绍 云计算飞速发展 - IaaS - PaaS - SaaS Docker技术突飞猛进 - 一次构建,到处运行 - 容器 ...
随机推荐
- 超出JavaScript安全整数限制的数字计算-BigInt
JavaScript中的基本数据类Number是双精度浮点数,它可以表示的最大安全范围是正负9007199254740991,也就是2的53次方减一,在浏览器控制台分别输入Number.MAX_SAF ...
- 2D Rotated Rectangle Collision
Introduction While working on a project for school, I found it necessary to perform a collision chec ...
- Java笔记(十七) 异步任务执行服务
异步任务执行服务 一.基本原理和概念 一)基本接口 1)Runnable和Callable:表示要执行的异步任务. 2)Executor和ExecutorService:表示执行服务. 3)Futur ...
- How to show color in CSS
转至:https://blog.csdn.net/CallMeQiuqiuqiu/article/details/54743459 http://www.w3school.com.cn/cssref/ ...
- LeetCode Weekly Contest 32
581. Shortest Unsorted Continuous Subarray Given an integer array, you need to find one continuous s ...
- C++学习笔记50:队列类模板
队列是只能向一端添加元素,从另一端删除元素的线性群体 循环队列 在想象中将数组弯曲成环形,元素出队时,后继元素不移动,每当队尾达到数组最后一个元素时,便再回到数组开头. 队列类模板 //Queue.h ...
- js计算本地时间
获取时间戳: 方法一 var dateTime = new Date();//获取本地时间 var nowTime = dateTime.getTime();//获取本地毫秒,即当前时间 var en ...
- weak_ptr_c++11
unique_ptr 替代了原来的auto_ptr,指向对象具有唯一性,即同一时间只能有unique_ptr指向给定对象(和auto_ptr不同是禁止拷贝语义,通过移动语义替代) unique_ptr ...
- Hashmap的Hash()
JDK7: public final int hashCode() { return Objects.hashCode(getKey()) ^ Objects.hashCode( ...
- Introducing stapbpf – SystemTap’s new BPF backend
https://developers.redhat.com/blog/2017/12/13/introducing-stapbpf-systemtaps-new-bpf-backend/