[k8s]Docker 用戶使用 kubectl 命令指南-unkown排錯(kubelet端口解析)

參考:https://kubernetes.io/docs/user-guide/kubectl-cheatsheet/
https://k8smeetup.github.io/docs/user-guide/docker-cli-to-kubectl/
https://kubernetes.io/docs/user-guide/docker-cli-to-kubectl/
https://kubernetes.io/docs/tutorials/stateless-application/expose-external-ip-address/
https://kubernetes.io/docs/tasks/debug-application-cluster/debug-service/

開啓自動補全

source <(kubectl completion bash)
yum install bash-com* -y

alias kk='kubectl get pod --all-namespaces -o wide --show-labels'
alias ks='kubectl get svc --all-namespaces -o wide'
alias kss='kubectl get svc --all-namespaces -o wide --show-labels'
alias kd='kubectl get deploy --all-namespaces -o wide'
alias wk='watch kubectl get pod --all-namespaces -o wide --show-labels'
alias kv='kubectl get pv -o wide'
alias kvc='kubectl get pvc -o wide --all-namespaces --show-labels'
alias kbb='kubectl run -it --rm --restart=Never busybox --image=busybox sh'
alias kbbc='kubectl run -it --rm --restart=Never curl --image=appropriate/curl sh'
alias kd='kubectl get deployment --all-namespaces --show-labels'
alias kcm='kubectl get cm --all-namespaces -o wide'
alias kin='kubectl get ingress --all-namespaces -o wide'

容器中止後就自動刪除:
docker run --rm centos /bin/echo "One";

殺死全部正在運行的容器:
docker kill $(docker ps -a -q)
刪除全部已經中止的容器:
docker rm $(docker ps -a -q)
刪除全部未打標籤的鏡像:
docker rmi $(docker images -q -f dangling=true)

1.kubectl run-快速啓動nginx服務

kubectl run nginx --image=nginx

kubectl run --image=nginx nginx-app --port=80 --env="DOMAIN=cluster"

kubectl run -it --rm --restart=Never busybox --image=busybox sh


 kubectl run --image=nginx --port=80 --hostport=8888 mynginx

 kubectl run hostnames --image=gcr.io/google_containers/serve_hostname \
                        --labels=app=hostnames \
                        --port=9376 \
                        --replicas=3
deployment "hostnames" created


  # Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
  kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
  
  # Start the nginx container using a different command and custom arguments.
  kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>

2.kubectl expose拋出svc端口

kubectl expose deployment nginx --port=80 --target-port=8000

3.watching方式查看object

kubectl  get po -w


kubectl edit svc/docker-registry 
kubectl scale --replicas=3 -f foo.yaml

kubectl --help獲取幫助

• 經過kubectl explain

kubectl explain pods,svc

• 經過--help

[root@m1 yaml]# kubectl run --help
Create and run a particular image, possibly replicated. 

Creates a deployment or job to manage the created container(s).

Examples:
  # Start a single instance of nginx.
  kubectl run nginx --image=nginx
  
  # Start a single instance of hazelcast and let the container expose port 5701 .
  kubectl run hazelcast --image=hazelcast --port=5701
  
  # Start a single instance of hazelcast and set environment variables "DNS_DOMAIN=cluster" and "POD_NAMESPACE=default"
in the container.
  kubectl run hazelcast --image=hazelcast --env="DNS_DOMAIN=cluster" --env="POD_NAMESPACE=default"
  
  # Start a replicated instance of nginx.
  kubectl run nginx --image=nginx --replicas=5
  
  # Dry run. Print the corresponding API objects without creating them.
  kubectl run nginx --image=nginx --dry-run
  
  # Start a single instance of nginx, but overload the spec of the deployment with a partial set of values parsed from
JSON.
  kubectl run nginx --image=nginx --overrides='{ "apiVersion": "v1", "spec": { ... } }'
  
  # Start a pod of busybox and keep it in the foreground, don't restart it if it exits.
  kubectl run -i -t busybox --image=busybox --restart=Never
  
  # Start the nginx container using the default command, but use custom arguments (arg1 .. argN) for that command.
  kubectl run nginx --image=nginx -- <arg1> <arg2> ... <argN>
  
  # Start the nginx container using a different command and custom arguments.
  kubectl run nginx --image=nginx --command -- <cmd> <arg1> ... <argN>
  
  # Start the perl container to compute π to 2000 places and print it out.
  kubectl run pi --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'
  
  # Start the cron job to compute π to 2000 places and print it out every 5 minutes.
  kubectl run pi --schedule="0/5 * * * ?" --image=perl --restart=OnFailure -- perl -Mbignum=bpi -wle 'print bpi(2000)'

Options:
      --allow-missing-template-keys=true: If true, ignore any errors in templates when a field or map key is missing in
the template. Only applies to golang and jsonpath output formats.
      --attach=false: If true, wait for the Pod to start running, and then attach to the Pod as if 'kubectl attach ...'
were called.  Default false, unless '-i/--stdin' is set, in which case the default is true. With '--restart=Never' the
exit code of the container process is returned.
      --command=false: If true and extra arguments are present, use them as the 'command' field in the container, rather
than the 'args' field which is the default.
      --dry-run=false: If true, only print the object that would be sent, without sending it.
      --env=[]: Environment variables to set in the container
      --expose=false: If true, a public, external service is created for the container(s) which are run
      --generator='': The name of the API generator to use, see
http://kubernetes.io/docs/user-guide/kubectl-conventions/#generators for a list.
      --hostport=-1: The host port mapping for the container port. To demonstrate a single-machine container.
      --image='': The image for the container to run.
      --image-pull-policy='': The image pull policy for the container. If left empty, this value will not be specified
by the client and defaulted by the server
      --include-extended-apis=true: If true, include definitions of new APIs via calls to the API server. [default true]
  -l, --labels='': Labels to apply to the pod(s).
      --leave-stdin-open=false: If the pod is started in interactive mode or with stdin, leave stdin open after the
first attach completes. By default, stdin will be closed after the first attach completes.
      --limits='': The resource requirement limits for this container.  For example, 'cpu=200m,memory=512Mi'.  Note that
server side components may assign limits depending on the server configuration, such as limit ranges.
      --no-headers=false: When using the default or custom-column output format, don't print headers (default print
headers).
  -o, --output='': Output format. One of:
json|yaml|wide|name|custom-columns=...|custom-columns-file=...|go-template=...|go-template-file=...|jsonpath=...|jsonpath-file=...
See custom columns [http://kubernetes.io/docs/user-guide/kubectl-overview/#custom-columns], golang template
[http://golang.org/pkg/text/template/#pkg-overview] and jsonpath template
[http://kubernetes.io/docs/user-guide/jsonpath].
      --overrides='': An inline JSON override for the generated object. If this is non-empty, it is used to override the
generated object. Requires that the object supply a valid apiVersion field.
      --pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one
pod is running
      --port='': The port that this container exposes.  If --expose is true, this is also the port used by the service
that is created.
      --quiet=false: If true, suppress prompt messages.
      --record=false: Record current kubectl command in the resource annotation. If set to false, do not record the
command. If set to true, record the command. If not set, default to updating the existing annotation value only if one
already exists.
  -r, --replicas=1: Number of replicas to create for this container. Default is 1.
      --requests='': The resource requirement requests for this container.  For example, 'cpu=100m,memory=256Mi'.  Note
that server side components may assign requests depending on the server configuration, such as limit ranges.
      --restart='Always': The restart policy for this Pod.  Legal values [Always, OnFailure, Never].  If set to 'Always'
a deployment is created, if set to 'OnFailure' a job is created, if set to 'Never', a regular pod is created. For the
latter two --replicas must be 1.  Default 'Always', for CronJobs `Never`.
      --rm=false: If true, delete resources created in this command for attached containers.
      --save-config=false: If true, the configuration of current object will be saved in its annotation. Otherwise, the
annotation will be unchanged. This flag is useful when you want to perform kubectl apply on this object in the future.
      --schedule='': A schedule in the Cron format the job should be run with.
      --service-generator='service/v2': The name of the generator to use for creating a service.  Only used if --expose
is true
      --service-overrides='': An inline JSON override for the generated service object. If this is non-empty, it is used
to override the generated object. Requires that the object supply a valid apiVersion field.  Only used if --expose is
true.
  -a, --show-all=false: When printing, show all resources (default hide terminated pods.)
      --show-labels=false: When printing, show all labels as the last column (default hide labels column)
      --sort-by='': If non-empty, sort list types using this field specification.  The field specification is expressed
as a JSONPath expression (e.g. '{.metadata.name}'). The field in the API resource specified by this JSONPath expression
must be an integer or a string.
  -i, --stdin=false: Keep stdin open on the container(s) in the pod, even if nothing is attached.
      --template='': Template string or path to template file to use when -o=go-template, -o=go-template-file. The
template format is golang templates [http://golang.org/pkg/text/template/#pkg-overview].
  -t, --tty=false: Allocated a TTY for each container in the pod.

Usage:
  kubectl run NAME --image=image [--env="key=value"] [--port=port] [--replicas=replicas] [--dry-run=bool]
[--overrides=inline-json] [--command] -- [COMMAND] [args...] [options]

Use "kubectl options" for a list of global command-line options (applies to all commands).

獲取某個object的簡單的每一個字段描述

[root@m1 yaml]# kubectl explain pods
DESCRIPTION:
Pod is a collection of containers that can run on a host. This resource is created by clients and scheduled onto hosts.

FIELDS:
   apiVersion   <string>
     APIVersion defines the versioned schema of this representation of an
     object. Servers should convert recognized schemas to the latest internal
     value, and may reject unrecognized values. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#resources

   kind <string>
     Kind is a string value representing the REST resource this object
     represents. Servers may infer this from the endpoint the client submits
     requests to. Cannot be updated. In CamelCase. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#types-kinds

   metadata <Object>
     Standard object's metadata. More info:
     https://git.k8s.io/community/contributors/devel/api-conventions.md#metadata

   spec <Object>
     Specification of the desired behavior of the pod. More info: https://
     git.k8s.io/community/contributors/devel/api-conventions.md#spec-and-status/

   status   <Object>
     Most recently observed status of the pod. This data may not be up to date.
     Populated by the system. Read-only. More info: https://git.k8s.io/community/
     contributors/devel/api-conventions.md#spec-and-status/

kubectl get 爲何unknown

緣由: api訪問kubelte的10250端口不通
$ kubectl -n kube-public exec -it spring-2391788630-jldnp bash
Error from server: error dialing backend: dial tcp 192.168.x.x:10250: getsockopt: connection refused

我打算測下kubelet掛掉會發生什麼,結果發現這個問題.

1.kubelet掛掉,pvc正常,容器還能夠正常訪問
2,幾分鐘後 node顯示NotReady

Every 2.0s: kubectl get no -o wide                     

NAME        STATUS     AGE       VERSION   EXTERNAL-IP
n1.ma.com   Ready      10d       v1.7.10   <none>
n2.ma.com   NotReady   10d       v1.7.10   <none>

kubelet端口解析:

10250  –port:           kubelet服務監聽的端口,api會檢測他是否存活
10248  –healthz-port:   健康檢查服務的端口
10255  –read-only-port: 只讀端口，能夠不用驗證和受權機制，直接訪問
4194   –cadvisor-port:  當前節點 cadvisor 運行的端口

kubelet參數手頭書

參數	解釋	默認值
–address	kubelet 服務監聽的地址	0.0.0.0
–port	kubelet 服務監聽的端口	10250
–read-only-port	只讀端口，能夠不用驗證和受權機制，直接訪問	10255
–allow-privileged	是否容許容器運行在 privileged 模式	false
–api-servers	以逗號分割的 API Server 地址，用於和集羣中數據交互	[]
–cadvisor-port	當前節點 cadvisor 運行的端口	4194
–config 本地 manifest	文件的路徑或者目錄	""
–file-check-frequency	輪詢本地 manifest 文件的時間間隔	20s
–container-runtime	後端容器 runtime，支持 docker 和 rkt	docker
–enable-server	是否啓動 kubelet HTTP server	true
–healthz-bind-address	健康檢查服務綁定的地址，設置成 0.0.0.0 能夠監聽在全部網絡接口	127.0.0.1
–healthz-port	健康檢查服務的端口	10248
–hostname-override	指定 hostname，若是非空會使用這個值做爲節點在集羣中的標識	""
–log-dir	日誌文件，若是非空，會把 log 寫到該文件	""
–logtostderr	是否打印 log 到終端	true
–max-open-files	容許 kubelet 打開文件的最大值	1000000
–max-pods	容許 kubelet 運行 pod 的最大值	110
–pod-infra-container-image	基礎鏡像地址，每一個 pod 最早啓動的容器，會配置共享的網絡	gcr.io/google_containers/pause-amd64:3.0
–root-dir	kubelet 保存數據的目錄	/var/lib/kubelet
–runonce	從本地 manifest 或者 URL 指定的 manifest 讀取並運行結束就退出，和 --api-servers 、--enable-server 參數不兼容
–v	日誌 level	0

只有kube-system裏svc打了 kubernetes.io/cluster-service=true標籤clusterinfo纔出現

有人提起cluster-info裏地址訪問不了,因而作了下實現,發現default裏svc沒法出如今clusterinfo裏.後來發現只有kube-system裏纔出現這個,而且能夠提供外部訪問

注: 這裏也無需master安裝flannel.

$ cat nginx-svc.yaml 
kind: Service
apiVersion: v1
metadata:
  namespace: kube-system
  name: mynginx
  labels:
    kubernetes.io/cluster-service: "true"
spec:
  selector:
    app: nginx
  ports:
  - protocol: TCP
    port: 8080
    targetPort: 80

kube api-versions不一樣版本對比

參考: https://www.youtube.com/watch?v=bMiU4xH8pLw&t=1862s

[k8架構]k8s架構及調度機制圖解參考
http://www.cnblogs.com/iiiiher/p/8043444.html

$ kubectl api-versions
apiextensions.k8s.io/v1beta1
apiregistration.k8s.io/v1beta1
apps/v1beta1
authentication.k8s.io/v1
authentication.k8s.io/v1beta1
authorization.k8s.io/v1
authorization.k8s.io/v1beta1
autoscaling/v1
batch/v1
bitnami.com/v1alpha1
certificates.k8s.io/v1beta1
extensions/v1beta1
k8s.io/v1
networking.k8s.io/v1
policy/v1beta1
rbac.authorization.k8s.io/v1alpha1
rbac.authorization.k8s.io/v1beta1
settings.k8s.io/v1alpha1
storage.k8s.io/v1
storage.k8s.io/v1beta1
v1

kubectl操做節點

參考: https://kubernetes.io/docs/reference/kubectl/cheatsheet/

$ kubectl cordon my-node                                                # Mark my-node as unschedulable
$ kubectl drain my-node                                                 # Drain my-node in preparation for maintenance
$ kubectl uncordon my-node                                              # Mark my-node as schedulable
$ kubectl top node my-node                                              # Show metrics for a given node
$ kubectl cluster-info                                                  # Display addresses of the master and services
$ kubectl cluster-info dump                                             # Dump current cluster state to stdout
$ kubectl cluster-info dump --output-directory=/path/to/cluster-state   # Dump current cluster state to /path/to/cluster-state

# If a taint with that key and effect already exists, its value is replaced as specified.
$ kubectl taint nodes foo dedicated=special-user:NoSchedule