1.列出pod并排序
[root@node-21-243 ~]# kubectl get pods -n kube-system --sort-by={.metadata.name}
NAME READY STATUS RESTARTS AGE
calico-kube-controllers-7cbcff948f-tlwvj 1/1 Running 0 78d
calico-node-ls4vc 1/1 Running 0 78d
coredns-w9p7k 1/1 Running 0 78d
etcd-node-21-243 1/1 Running 12 78d
kube-apiserver-node-21-243 1/1 Running 15 78d
kube-controller-manager-node-21-243 1/1 Running 36 78d
kube-proxy-vvh4m 1/1 Running 0 78d
kube-scheduler-node-21-243 1/1 Running 35 78d
tiller-deploy-c67dm 1/1 Running 0 78d
2.找出pod中的错误日志
平时的使用中,常用到-f和--since=3s参数,-f持续输出,--since只输出前面多久的,防止日志太多。
下面的原理,使用kubectl logs打印所有日志,通过管道传送,使用grep进行过滤之后写入文件中。
[root@node-21-243 ~]# kubectl logs kube-apiserver-node-21-243 -n kube-system | grep error > error.log
3.创建一个pod ,并调度到某个节点上
[root@node-21-243 ~]# kubectl label node node-21-243 teststatus=lxh
node/node-21-243 labeled
[root@node-21-243 ~]# vi pods.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
teststatus: lxh
[root@node-21-243 ~]# kubectl create -f pods.yaml
如果记不住pods格式的,直接官网查https://kubernetes.io/zh/docs/concepts/scheduling-eviction/assign-pod-node/。
4.列出正常节点的个数
[root@node-21-243 ~]# kubectl get nodes | awk '{print $2}' |grep Ready | wc -l
1
5.pod中挂载volume
[root@node-21-243 ~]# vi pods.yaml
apiVersion: v1
kind: Pod
metadata:
name: test-pd
spec:
containers:
- image: k8s.gcr.io/test-webserver
name: test-container
volumeMounts:
- mountPath: /cache
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
[root@node-21-243 ~]# kubectl create -f pods.yaml
官方链接:https://kubernetes.io/zh/docs/concepts/storage/volumes/
6.提供一个pod,添加init-container ,在container中添加一个空文件,启动的时候。在另一个containre中检测是否有这个文件,否则退出
[root@node-21-243 ~]# vi pods.yaml
apiVersion: v1
kind: Pod
metadata:
name: myapp-pod
labels:
app: myapp
spec:
containers:
- name: myapp-container
image: busybox:1.28
command: ['sh', '-c', 'cat /tmp/001.txt']
volumeMounts:
- mountPath: /tmp
name: cache-volume
initContainers:
- name: init-myservice
image: busybox:1.28
command: ['sh', '-c', "touch /tmp/001.txt"]
volumeMounts:
- mountPath: /tmp
name: cache-volume
volumes:
- name: cache-volume
emptyDir: {}
[root@node-21-243 ~]# kubectl create -f pods.yaml
参考:
https://kubernetes.io/zh/docs/concepts/storage/volumes/
https://kubernetes.io/zh/docs/concepts/workloads/pods/init-containers/
7.创建pod,再创建一个service
[root@node-21-243 ~]# vi services.yaml
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376
[root@node-21-243 ~]# vi pods.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: MyApp
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
[root@node-21-243 ~]# kubectl create -f pods.yaml
[root@node-21-243 ~]# kubectl create -f services.yaml
如果pods已经存在的话,可以用label命令添加或者修改label:
kubectl label pods nginx app=MyApp
8.在一个pod中创建2个容器,如redis+nginx
[root@node-21-243 ~]# vi pods.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
app: MyApp
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
- name: redis
image: redis
imagePullPolicy: IfNotPresent
[root@node-21-243 ~]# kubectl create -f pods.yaml
9.找到指定service下的pod中,cpu利用率按高到底排序
kubectl top pods --selector="app=demo" | grep -v NAME | sort -k 2 -nr
10.创建一个简单的daemonset
[root@node-21-243 ~]# vi daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
name: fluentd-elasticsearch
namespace: kube-system
labels:
k8s-app: fluentd-logging
spec:
selector:
matchLabels:
name: fluentd-elasticsearch
template:
metadata:
labels:
name: fluentd-elasticsearch
spec:
containers:
- name: fluentd-elasticsearch
image: quay.io/fluentd_elasticsearch/fluentd:v2.5.2
[root@node-21-243 ~]# kubectl create -f daemonset.yaml
官方:https://kubernetes.io/zh/docs/concepts/workloads/controllers/daemonset/
11.deployment的扩容 ,scale命令
kubectl scale --current-replicas=2 --replicas=3 deployment/mysql
直接kubectl scale --help,就可以看到官方命令案例。
12 创建secret,有一个password字段(手动base64加密),创建两个pod引用该secret,一个用env ,一个用volume来调用
[root@node-21-243 ~]# base64
adminYWRtaW4=
[root@node-21-243 ~]# echo -n admin | base64
YWRtaW4=
[root@node-21-243 ~]# echo -n password | base64
cGFzc3dvcmQ=
[root@node-21-243 ~]# echo -n "password" | base64
cGFzc3dvcmQ=
[root@node-21-243 ~]# vi secret.yaml
apiVersion: v1
data:
username: YWRtaW4=
password: MWYyZDFlMmU2N2Rm
kind: Secret
metadata:
name: mysecret
namespace: default
type: Opaque
[root@node-21-243 ~]# kubectl create -f secret.yaml
[root@node-21-243 ~]# vi pod.yaml
apiVersion: v1
kind: Pod
metadata:
name: mypod
spec:
containers:
- name: mypod
image: redis
volumeMounts:
- name: foo
mountPath: "/etc/foo"
readOnly: true
volumes:
- name: foo
secret:
secretName: mysecret
[root@node-21-243 ~]# kubectl create -f pod.yaml
[root@node-21-243 ~]# vi pod1.yaml
apiVersion: v1
kind: Pod
metadata:
name: secret-env-pod
spec:
containers:
- name: mycontainer
image: redis
env:
- name: SECRET_USERNAME
valueFrom:
secretKeyRef:
name: mysecret
key: username
- name: SECRET_PASSWORD
valueFrom:
secretKeyRef:
name: mysecret
key: password
restartPolicy: Never
[root@node-21-243 ~]# kubectl create -f pod1.yaml
官方:https://kubernetes.io/zh/docs/concepts/configuration/secret/
13.先将nginx:1.9的deployment,升级到nginx:1.11,记录下来(—record),然后回滚到1.9
14.使用 nslookup 查看service 和pod的dns
# 查看 dns
$ kubectl run -it --image busybox:1.28.4 dnstest --rm /bin/sh
# 查看 sevice
$ nslookup svc-demo.kube-system.svc.cluster.local
# 查看 pod
# 查看pod ip时,要把1.2.3.4换成1-2-3-4,否则会报错
$ nslookup 1-2-3-4.default.pod.cluster.local
官方:https://kubernetes.io/zh/docs/tasks/debug-application-cluster/debug-service/
15.etcdctl 来 备份etcd
ETCDCTL_API=3 etcdctl --cacert=/opt/kubernetes/ssl/ca.pem --cert=/opt/kubernetes/ssl/server.pem --key=/opt/kubernetes/ssl/server-key.pem --endpoints=https://192.168.1.36:2379 snapshot save date.db
官方:https://kubernetes.io/docs/tasks/administer-cluster/configure-upgrade-etcd/
16.static pod 的使用
mkdir /etc/kubelet.d/
cat <<EOF >/etc/kubelet.d/static-web.yaml
apiVersion: v1
kind: Pod
metadata:
name: static-web
labels:
role: myrole
spec:
containers:
- name: web
image: nginx
ports:
- name: web
containerPort: 80
protocol: TCP
EOF
#配置这个节点上的 kubelet,使用这个参数执行 --pod-manifest-path=/etc/kubelet.d/。 在 Fedora 上编辑 /etc/kubernetes/kubelet 以包含下行:
KUBELET_ARGS="--cluster-dns=10.254.0.10 --cluster-domain=kube.local --pod-manifest-path=/etc/kubelet.d/"
systemctl restart kubelet
17.在一个新的namespace创建pod
[root@node-21-243 ~]# kubectl create namespace my-namespace
[root@node-21-243 ~]# vi pods.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
namespace: my-namespace
labels:
app: MyApp
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
- name: redis
image: redis
imagePullPolicy: IfNotPresent
[root@node-21-243 ~]# kubectl create -f pods.yaml
18.pv 类型 hostpath 位置在/data,大小为1G, readonly 模式
[root@node-21-243 ~]# vi PersistentVolume.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: example-pv
spec:
capacity:
storage: 1Gi
volumeMode: Filesystem
accessModes:
- ReadOnlyMany
persistentVolumeReclaimPolicy: Delete
storageClassName: local-storage
local:
path: /data
[root@node-21-243 ~]# kubectl create -f PersistentVolume.yaml
官方:https://kubernetes.io/docs/concepts/storage/volumes/
19.给pod创建service
[root@node-21-243 ~]# vi services.yaml
apiVersion: v1
kind: Service
metadata:
name: my-service
spec:
selector:
app: MyApp
ports:
- protocol: TCP
port: 80
targetPort: 9376
[root@node-21-243 ~]# kubectl create -f services.yaml
20.使用node selector,选择disk为ssd的机器调度
[root@node-21-243 ~]# kubectl label node node-21-243 disk=ssd
node/node-21-243 labeled
[root@node-21-243 ~]# vi pods.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
labels:
env: test
spec:
containers:
- name: nginx
image: nginx
imagePullPolicy: IfNotPresent
nodeSelector:
disk: ssd
[root@node-21-243 ~]# kubectl create -f pods.yaml
21.把一个node弄成unavailable 并且把上边的pod重新调度去新的node上
kubectl drain ${node-name} --delete-local-data=true --ignore-daemonsets=true
kubectl drain ${node-name} --force
使用中最重要的两东西,一个是kubelet explain,一个是后面加--help。