三、kubectl使用详解
1、常用基础命令
1.1 Kubectl命令格式
1.2 查询一个资源
# 查询deploy下的资源
[root@k8s-master01 ~]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
counter 1/1 1 1 5d4h
test-harbor 1/1 1 1 9h
# 指定命名空间,查询它下面的资源
[root@k8s-master01 ~]# kubectl get deploy -n kube-system
NAME READY UP-TO-DATE AVAILABLE AGE
calico-kube-controllers 1/1 1 1 5d4h
coredns 2/2 2 2 5d4h
metrics-server 1/1 1 1 5d4h
# 查询所有命名空间下的资源
[root@k8s-master01 ~]# kubectl get deploy -A
# 指定一个名称查询
[root@k8s-master01 ~]# kubectl get deploy counter
NAME READY UP-TO-DATE AVAILABLE AGE
counter 1/1 1 1 5d4h
# 将其以yaml的格式导出
[root@k8s-master01 ~]# kubectl get deploy counter -o yaml
...
# 查询一个pod
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
counter-7dd9fb465f-8j2wq 1/1 Running 3 (9h ago) 5d4h
test-harbor-7946964f55-2c5fs 1/1 Running 0 9h
# 查询指定命名空间的pod
[root@k8s-master01 ~]# kubectl get pod -n kube-system
# 查询所有命名空间的pod
[root@k8s-master01 ~]# kubectl get pod -A
# 查看一个pod的详情
[root@k8s-master01 ~]# kubectl describe po counter-7dd9fb465f-8j2wq
Name: counter-7dd9fb465f-8j2wq
Namespace: default
Priority: 0
Service Account: default
Node: k8s-node01/192.168.200.51
Start Time: Mon, 02 Jun 2025 21:24:08 +0800
...
# 查看一个pod的日志
# 注意一个pod下面有可能会存在多个容器的情况,只指定pod名称默认查看第一个容器的日志,如果需要查看指定容器的日志,需要在后面加上`-c 容器名称`
[root@k8s-master01 ~]# kubectl logs -f counter-7dd9fb465f-8j2wq
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
...
1.3 创建一个资源
# 指定一个镜像创建
[root@k8s-master01 ~]# kubectl create deployment nginx --image=crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
[root@k8s-master01 ~]# kubectl get deploy nginx
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 1/1 1 1 2m35s
# 生成一个yaml文件
[root@k8s-master01 ~]# kubectl create deployment nginx --image=crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15 --dry-run=client -o yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
resources: {}
status: {}
# 修改它的配置
[root@k8s-master01 ~]# vim nginx.deploy.yaml
[root@k8s-master01 ~]# cat nginx.deploy.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
creationTimestamp: null
labels:
app: nginx
name: nginx
spec:
replicas: 1
selector:
matchLabels:
app: nginx
strategy: {}
template:
metadata:
creationTimestamp: null
labels:
app: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
env: #增加了一个标签
-
name: test
value: test
resources: {}
status: {}
# 重新加载配置
[root@k8s-master01 ~]# kubectl replace -f nginx.deploy.yaml
deployment.apps/nginx replaced
查看pod,已经更新过了
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
...
nginx-b759bb7db-7pmhd 1/1 Running 0 4s
...
#检查更新的部分
[root@k8s-master01 ~]# kubectl get pod nginx-b759bb7db-7pmhd -o yaml
...
spec:
containers:
- env:
- name: test
value: test
...
kubectl replace -f xxx.yaml # 只能替换一个已经存在的资源
kubectl apply -f xxx.yaml # 如果不存在就创建,存在就更新
1.4 修改一个资源
# 修改它的副本数
[root@k8s-master01 ~]# kubectl edit deploy nginx
...
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 10
...
[root@k8s-master01 ~]# kubectl get deploy nginx
NAME READY UP-TO-DATE AVAILABLE AGE
nginx 2/2 2 2 29m
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
counter-7dd9fb465f-8j2wq 1/1 Running 3 (10h ago) 5d5h
nginx-b759bb7db-7pmhd 1/1 Running 0 10m
nginx-b759bb7db-wtnp6 1/1 Running 0 2m2s
test-harbor-7946964f55-2c5fs 1/1 Running 0 10h
1.5 删除一个资源
[root@k8s-master01 ~]# kubectl delete deploy nginx
deployment.apps "nginx" deleted
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
counter-7dd9fb465f-8j2wq 1/1 Running 3 (10h ago) 5d5h
test-harbor-7946964f55-2c5fs 1/1 Running 0 10h
# 也可以直接指定yaml
kubectl delete -f xxx.yaml
1.6 其他
# 将当前配置文件打印出来
[root@k8s-master01 ~]# kubectl config view
apiVersion: v1
clusters:
- cluster:
certificate-authority-data: DATA+OMITTED
server: https://192.168.200.50:6443
name: kubernetes
contexts:
- context:
cluster: kubernetes
user: kubernetes-admin
name: kubernetes-admin@kubernetes
current-context: kubernetes-admin@kubernetes
kind: Config
preferences: {}
users:
- name: kubernetes-admin
user:
client-certificate-data: DATA+OMITTED
client-key-data: DATA+OMITTED
[root@k8s-master01 ~]# kubectl get deploy
NAME READY UP-TO-DATE AVAILABLE AGE
counter 1/1 1 1 5d5h
test-harbor 1/1 1 1 10h
# 重启一个pod
[root@k8s-master01 ~]# kubectl rollout restart deploy counter
[root@k8s-master01 ~]# kubectl get pod
NAME READY STATUS RESTARTS AGE
counter-84ff9ff4cd-sxrcn 1/1 Running 0 11s
更多命令可以参考官网
2、K8s隔离机制Namespace(命名空间作用及使用)
2.1 什么是命名空间
- Namespace提供了一种将集群资源逻辑上隔离的方式,允许在同一个集群中划分多个虚拟的、逻辑上独立的集群环境,相当于集群的“虚拟化”。
- Namespace经常用于多个团队和多个项目的场景,可以按照不同的环境划分Namespace,或者按照不同的团队及租户划分Namespace
2.2 命名空间主要作用
- 资源隔离:不同团队或项目可以拥有自己独立的Namespace,以防止资源相互干扰
- 权限控制:可以为不同的Namespace设置不同的访问权限,实现不同的用户具有不同的权限
- 环境拆分:使用Namespace可以模拟出多个虚拟的集群环境,如开发、测试和生产环境。每个环境可以有自己的资源和服务,相互之间保持隔离,有助于简化部署和管理
- 资源配额和限制:划分不同的Namespace可以更加有效的分配资源和限制资源的使用量
- 服务发现和负载均衡:在同一个Namespace中服务发现和负载均衡更加简单和高效
- 简化管理:拆分不同的Namespace,可以更加方便的对Namespace下的资源进行操作,比如删除、备份或迁移等
2.3 默认Namespace
- default: 默认命名空间,在未指定命名空间时,即表示为default
- kube-node-lease:此空间保存与每个节点关联的租约(Lease)对象
- kube-public:公开的命名空间可以被任何用户访问,包括未授权的用户
- kube-system: Kubernetes系统组件所在的命名空间
2.4 Namespace基本使用
# 创建:kubectl create ns NAMESPACE_NAME
# 通过Yaml创建:
apiVersion: v1
kind: Namespace
metadata:
name: development
# 删除:kubectl delete ns NAMESPACE_NAME
# 查看:kubectl get ns NAMESPACE_NAME --show-labels
Namespace名字限制:最多63个字符,只能包含字母、数字、和中横线-,并且开头和结尾只能是数字和字母
3、K8s最小单元Pod
3.1 什么是Pod
Pod是Kubernetes集群中运行和管理的最小部署单元,其内部封装了一个或多个容器,这些容器共享存储、网络、PID、IPC等,并且容器之间可以使用localhost:port相互访问,也可以使用volume等实现数据共享。
同时每个Pod还包含了一个Pause容器,Pause容器是Pod的父容器,它主要负责僵尸进程的回收管理,并且存储共享、网络共享等功能都是通过Pause容器实现的。
3.2 Pod架构
3.3 Pod设计思想
- 多容器协作
- 强依赖服务
- 简化应用的生命周期管理
- 兼容多种CRI运行时
3.4 Pod基本使用
kubectl run nginx --image=crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/counter:v1 -n xxx
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- name: nginx
image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/counter:v1
ports:
- containerPort: 80
kubectl delete po nginx
kubectl get po -owide --show-labels
kubectl describe po
kubectl logs -f
3.5 Pod常见状态及故障排查
| 状态 | 说明 |
|---|---|
| Pending(挂起) | Pod已被Kubernetes系统接收,但仍有一个或多个容器未被创建,可以通过kubectl describe查看处于Pending状态的原因 |
| Running(运行中) | Pod已经被绑定到一个节点上,并且所有的容器都已经被创建,而且至少有一个是运行状态,或者是正在启动或者重启,可以通过kubectl logs查看Pod的日志 |
| Succeeded(成功) | 所有容器执行成功并终止,并且不会再次重启,可以通过kubectl logs查看Pod日志 |
| Failed/Error(失败) | 所有容器都已终止,并且至少有一个容器以失败的方式终止,也就是说这个容器要么以非零状态退出,要么被系统终止,可以通过logs和describe查看Pod日志和状态 |
| Unknown(未知) | 通常是由于通信问题造成的无法获得Pod的状态 |
| ImagePullBackOff/ErrImagePull | 镜像拉取失败,一般是由于镜像不存在、网络不通或者需要登录认证引起的,可以使用describe命令查看具体原因 |
| CrashLoopBackOff | 容器启动失败,可以通过logs命令查看具体原因,一般为启动命令不正确,健康检查不通过等 |
| OOMKilled | 容器内存溢出,一般是容器的内存Limit设置的过小,或者程序本身有内存溢出,可以通过logs查看程序启动日志 |
| Terminating | Pod正在被删除,可以通过describe查看状态 |
| SysctlForbidden | Pod自定义了内核配置,但kubelet没有添加内核配置或配置的内核参数不支持,可以通过describe查看具体原因 |
| Completed | 容器内部主进程退出,一般计划任务执行结束会显示该状态,此时可以通过logs查看容器日志 |
| ContainerCreating | Pod正在创建,一般为正在下载镜像,或者有配置不当的地方,可以通过describe查看具体原因 |
4、Pod入门与实战
# 可以通过 explain 命令查看yaml文件格式该怎么写,该使用什么格式,里面都包含什么
# 如果想查询多个,格式:kubectl explain deploy.kind
[root@k8s-master01 ~]# kubectl explain deploy
GROUP: apps
KIND: Deployment
VERSION: v1
DESCRIPTION:
Deployment enables declarative updates for Pods and ReplicaSets.
FIELDS:
apiVersion <string>
APIVersion defines the versioned schema of this representation of an object.
Servers should convert recognized schemas to the latest internal value, and
may reject unrecognized values. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
kind <string>
Kind is a string value representing the REST resource this object
represents. Servers may infer this from the endpoint the client submits
requests to. Cannot be updated. In CamelCase. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
metadata <ObjectMeta>
Standard object's metadata. More info:
https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#metadata
spec <DeploymentSpec>
Specification of the desired behavior of the Deployment.
status <DeploymentStatus>
Most recently observed status of the Deployment.
4.1 创建一个 Pod
# 定义一个 Pod
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1 # 必选,API的版本号
kind: Pod # 必选,类型 Pod
metadata: # 必选,元数据
name: nginx # 必选,符合 RFC 1035规范的 Pod名称
spec: # 必选,用于定义 Pod的详细信息
containers: # 必选,容器列表
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15 # 必选,容器所用的镜像的地址
name: nginx # 必选,符合 RFC 1035规范的容器名称
ports: # 可选,容器需要暴露的端口号列表
- containerPort: 80
# 创建 Pod
[root@k8s-master01 ~]# kubectl create -f nginx.yaml
# 查看 Pod 状态
[root@k8s-master01 ~]# kubectl get po nginx
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 93s
4.2 一个 Pod 多个容器
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
ports:
- containerPort: 80
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/redis:7.2.5
name: redis
ports:
- containerPort: 6379
4.3 更改 Pod 的启动命令和参数
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
command: # 可选,容器启动执行的命令
- sleep
- "30"
ports:
- containerPort: 80
# 创建 Pod
[root@k8s-master01 ~]# kubectl create -f nginx.yaml
# 查看 Pod 状态
[root@k8s-master01 ~]# kubectl get po nginx
NAME READY STATUS RESTARTS AGE
nginx 1/1 Running 0 4s
# 查看pod节点分配
[root@k8s-master01 ~]# kubectl get po nginx -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 17s 192.168.85.202 k8s-node01 <none> <none>
# 到node01节点验证命令是否去执行
[root@k8s-node01 ~]# ps -ef|grep sleep|grep -v grep
root 35463 35153 0 18:40 ? 00:00:00 sleep 30
4.4 分配 CPU 和内存
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
ports:
- containerPort: 80
resources:
requests: # 给pod分配的最小资源(requests这里分配了多少资源直接从系统划走)
memory: "100Mi" # 单位 E、P、T、G、M、K、Ei、Pi、Ti、Gi、Mi、Ki
cpu: 100m # 1核等于 1000m
limits: # 给pod分配的最大资源限制
memory: "200Mi"
cpu: 200m
# 查看部署到什么节点
[root@k8s-master01 ~]# kubectl get po nginx -owide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
nginx 1/1 Running 0 19s 192.168.85.208 k8s-node01 <none> <none>
# 可分配cpu、内存、pod的容量
[root@k8s-master01 ~]# kubectl describe node k8s-node01 | grep Capacity -A6
Capacity:
cpu: 2
ephemeral-storage: 50108Mi
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 3710044Ki
pods: 110
# 实际可分配cpu、内存、pod的数量
[root@k8s-master01 ~]# kubectl describe node k8s-node01 | grep Allocatable -A6
Allocatable:
cpu: 2
ephemeral-storage: 47287841509
hugepages-1Gi: 0
hugepages-2Mi: 0
memory: 3607644Ki
pods: 110
4.5 Pod 配置环境变量及内置字段
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
ports:
- containerPort: 80
env: # 两种环境变量
- name: ENV
value: test
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
[root@k8s-master01 ~]# kubectl create -f nginx.yaml
# 进入到容器内查看变量是否生效
[root@k8s-master01 ~]# kubectl exec -it nginx -- bash
root@nginx:/# env|egrep "ENV|POD_IP"
ENV=test
POD_IP=192.168.85.210
# 可选的内置字段:
metadata.name
metadata.namespace
metadata.uid
metadata.labels[xxx]
metadata.annotations[xxx]
spec.nodeName
spec.serviceAccountName
status.hostIP
status.hostIPs
status.podIP
status.podIPs
4.6 Pod 镜像拉取策略
通过 spec.containers[].imagePullPolicy 参数可以指定镜像的拉取策略,目前支持的策略如下:
| 操作方式 | 说明 |
|---|---|
| Always | 总是拉取,当镜像 tag 为 latest 时,且 imagePullPolicy 未配置,默认为 Always |
| Never | 不管是否存在都不会拉取 |
| IfNotPresent | 镜像不存在时拉取镜像,如果tag 为非latest,且imagePullPolicy未配置,默认为IfNotPresent |
# Always
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
imagePullPolicy: Always # 可选,镜像拉取策略
ports:
- containerPort: 80
# 创建 Pod
[root@k8s-master01 ~]# kubectl create -f nginx.yaml
# 查看一个pod的详情(重新拉取了镜像)
[root@k8s-master01 ~]# kubectl describe po nginx
....
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 12s default-scheduler Successfully assigned default/nginx to k8s-node01
Normal Pulling 0s kubelet Pulling image "crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15"
Normal Pulled 0s kubelet Successfully pulled image "crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15" in 2.746s (2.746s including waiting). Image size: 44794060 bytes.
Normal Created <invalid> kubelet Created container: nginx
Normal Started <invalid> kubelet Started container nginx
# Never
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
imagePullPolicy: Never # 可选,镜像拉取策略
ports:
- containerPort: 80
# 查看一个pod的详情(没有拉取镜像的动作)
[root@k8s-master01 ~]# kubectl describe po nginx
....
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 44s default-scheduler Successfully assigned default/nginx to k8s-node01
Normal Pulled 34s kubelet Container image "crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15" already present on machine
Normal Created 34s kubelet Created container: nginx
Normal Started 33s kubelet Started container nginx
# IfNotPresent
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:stable
name: nginx
imagePullPolicy: IfNotPresent # 可选,镜像拉取策略
ports:
- containerPort: 80
# 查看一个pod的详情(镜像不存在时拉取了镜像)
[root@k8s-master01 ~]# kubectl describe po nginx
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 6s default-scheduler Successfully assigned default/nginx to k8s-node01
Normal Pulling <invalid> kubelet Pulling image "crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:stable"
4.7 Pod 重启策略
可以使用 spec.restartPolicy 指定容器的重启策略
| 操作方式 | 说明 |
|---|---|
| Always | 默认策略。容器失效时,自动重启该容器 |
| OnFailure | 容器以不为 0 的状态码终止,自动重启该容器 |
| Never | 无论何种状态,都不会重启 |
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
command:
- sleepp # 故意把命令写错
- "30"
ports:
- containerPort: 80
restartPolicy: Always # 默认策略。容器失效时,自动重启该容器
# pod一直在重启
[root@k8s-master01 ~]# kubectl get po nginx
NAME READY STATUS RESTARTS AGE
nginx 0/1 CrashLoopBackOff 1 (3s ago) 16s
[root@k8s-master01 ~]#
[root@k8s-master01 ~]# kubectl get po nginx
NAME READY STATUS RESTARTS AGE
nginx 0/1 RunContainerError 2 (2s ago) 32s
# 查看启动日志
[root@k8s-master01 ~]# kubectl describe po nginx
....
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 49s default-scheduler Successfully assigned default/nginx to k8s-node01
Normal Pulled <invalid> (x4 over 38s) kubelet Container image "crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15" already present on machine
Normal Created <invalid> (x4 over 38s) kubelet Created container: nginx
Warning Failed <invalid> (x4 over 38s) kubelet Error: failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "sleepp": executable file not found in $PATH: unknown # 提示没有这个命令
Warning BackOff <invalid> (x5 over 36s) kubelet Back-off restarting failed container nginx in pod nginx_default(5798d3d1-a91a-48ec-bd5b-d2a2969ef6b0)
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
command:
- sleepp
- "30"
ports:
- containerPort: 80
restartPolicy: Never
# 查看状态,直接就是startError
[root@k8s-master01 ~]# kubectl get po nginx
NAME READY STATUS RESTARTS AGE
nginx 0/1 StartError 0 5s
# 查看启动日志
[root@k8s-master01 ~]# kubectl describe po nginx
....
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal Scheduled 60s default-scheduler Successfully assigned default/nginx to k8s-node01
Normal Pulled 48s kubelet Container image "crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15" already present on machine
Normal Created 48s kubelet Created container: nginx
Warning Failed 48s kubelet Error: failed to create containerd task: failed to create shim task: OCI runtime create failed: runc create failed: unable to start container process: error during container init: exec: "sleepp": executable file not found in $PATH: unknown
4.8 Pod 的三种探针
三种探针都可以配置上,只有startupProbe生效了之后,livenessProbe与readinessProbe才会生效
| 种类 | 说明 |
|---|---|
| startupProbe | Kubernetes1.16新加的探测方式,用于判断容器内的应用程序是否已经启动。如果配置了startupProbe,就会先禁用其他探测,直到它成功为止。如果探测失败, Kubelet会杀死容器,之后根据重启策略进行处理,如果探测成功,或没有配置 startupProbe,则状态为成功,之后就不再探测。 |
| livenessProbe | 用于探测容器是否在运行,如果探测失败,kubelet会“杀死”容器并根据重启策略进行相应的处理。如果未指定该探针,将默认为 Success |
| readinessProbe | 一般用于探测容器内的程序是否健康,即判断容器是否为就绪(Ready)状态。如果是,则可以处理请求,反之Endpoints Controller 将从所有的 Service 的 Endpoints中删除此容器所在 Pod 的 IP 地址。如果未指定,将默认为 Success |
4.9 探针的四种检查方式
四种检查方式只能同时配置一个
| 实现方式 | 说明 |
|---|---|
| ExecAction | 在容器内执行一个指定的命令,如果命令返回值为 0,则认为容器健康 |
| TCPSocketAction | 通过 TCP 连接检查容器指定的端口,如果端口开放,则认为容器健康 |
| HTTPGetAction | 对指定的 URL 进行 Get 请求,如果状态码在 200~400 之间,则认为容器健康 |
| GRPC | GRPC 协议的健康检查,如果响应的状态是 “SERVING”,则认为容器健康 |
4.10 livenessProbe 和 readinessProbe
# readinessProbe 与 livenessProbe 是并行运行的
[root@k8s-master01 ~]# vim slow.yaml
[root@k8s-master01 ~]# cat slow.yaml
apiVersion: v1
kind: Pod
metadata:
name: slow
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/slow:latest
name: slow
ports:
- containerPort: 8080
readinessProbe: # 可选,健康检查。注意三种检查方式同时只能使用一种
httpGet: # 接口检测方式
path: /ping # 检查路径(返回码必须在200~400之间)
port: 8080
scheme: HTTP # HTTP or HTTPS
initialDelaySeconds: 10 # 初始化时间(等待多长时间去执行readinessProbe这个检查)
timeoutSeconds: 2 # 超时时间(2s没有返回状态码,就认为已经故障了)
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功 1 次表示就绪
failureThreshold: 2 # 检测失败 2 次表示未就绪
livenessProbe: # 可选,健康检查
tcpSocket: # 端口检测方式
port: 8080
initialDelaySeconds: 60 # 初始化时间(不太推荐这种)
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功 1 次表示就绪
failureThreshold: 2 # 检测失败 2 次表示未就绪
ports:
- containerPort: 8080
restartPolicy: Never
解析:
1、livenessProbe:初始化时间是60s,所以会等待60s才会去检测容器内的程序是否正常启动。如果2s之内没有返回200~400之间的状态嘛,就默认程序启动失败(或者未成功启动)会间隔5s之后再去检测一遍。如果检测2遍都没有成功启动程序,就说明启动失了;如果有成功检测成功一次,就表明程序启动成功。
2、但是 readinessProbe 与 livenessProbe 是并行运行的
3、readinessProbe:初始化时间是10s,默认会等待10s去检测接口是否正常。如果在预期的时间内检测失败会导致Pod从Service的Endpoints中移除。
4.11 配置 StartupProbe
[root@k8s-master01 ~]# vim slow.yaml
[root@k8s-master01 ~]# cat slow.yaml
apiVersion: v1
kind: Pod
metadata:
name: slow
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/slow:latest
name: slow
ports:
- containerPort: 8080
startupProbe:
tcpSocket: # 接口检测方式
port: 8080 # 探测端口
initialDelaySeconds: 10 # 初始化时间
timeoutSeconds: 2 # 超时时间
periodSeconds: 5 # 检测间隔
successThreshold: 1 # 检查成功 1 次表示就绪
failureThreshold: 30 # 检测失败 30 次表示未就绪
readinessProbe:
httpGet:
path: /ping
port: 8080
scheme: HTTP
initialDelaySeconds: 10
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 2
livenessProbe:
exec:
command: ["mkdir", "-p", "/tmp/slow"]
initialDelaySeconds: 10
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 2
ports:
- containerPort: 8080
# 查看启动状态
[root@k8s-master01 ~]# kubectl get po slow
NAME READY STATUS RESTARTS AGE
slow 1/1 Running 0 78s
# 查看日志
[root@k8s-master01 ~]# kubectl logs -f slow
Starting...
Start initializing basic data...
Startup Success: 8080
4.12 preStop 和 postStart
# preStop
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
# terminationGracePeriodSeconds: 30 # 宽限期时间
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
lifecycle:
postStart:
exec:
command: ["mkdir", "-p", "/tmp/test"] # 创建一个目录
ports:
- containerPort: 80
# 检查是否成功创建目录
[root@k8s-master01 ~]# kubectl exec -it nginx -- ls /tmp
test
[root@k8s-master01 ~]# vim nginx.yaml
[root@k8s-master01 ~]# cat nginx.yaml
apiVersion: v1
kind: Pod
metadata:
name: nginx
spec:
# terminationGracePeriodSeconds: 30 # 宽限期时间
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/nginx:1.15
name: nginx
lifecycle:
postStart: # 命令并不是容器启动之前完成的(可以理解是同时进行的)
exec:
command: ["mkdir", "-p", "/tmp/test"]
preStop:
exec:
command: ["sleep", "10"] # 退出等待10s
ports:
- containerPort: 80
# 删除pod测试
[root@k8s-master01 ~]# time kubectl delete po nginx
pod "nginx" deleted
real 0m11.366s
user 0m0.045s
sys 0m0.037s
4.13 gRPC 探测(1.24 默认开启)
[root@k8s-master01 ~]# vim etcd.yaml
[root@k8s-master01 ~]# cat etcd.yaml
apiVersion: v1
kind: Pod
metadata:
name: etcd
spec:
containers:
- image: crpi-q1nb2n896zwtcdts.cn-beijing.personal.cr.aliyuncs.com/ywb01/etcd:3.5.1-0
name: etcd
command: ["/usr/local/bin/etcd", "--data-dir", "/var/lib/etcd", "--listen-client-urls", "http://0.0.0.0:2379", "--advertise-client-urls","http://127.0.0.1:2379", "--log-level", "debug"]
ports:
- containerPort: 2379
name: grpc-2379
readinessProbe:
grpc:
port: 2379
initialDelaySeconds: 10
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 2
livenessProbe:
tcpSocket:
port: 2379
initialDelaySeconds: 10
timeoutSeconds: 2
periodSeconds: 5
successThreshold: 1
failureThreshold: 2
ports:
- containerPort: 2379
# 启动成功
[root@k8s-master01 ~]# kubectl get po etcd
NAME READY STATUS RESTARTS AGE
etcd 1/1 Running 0 2m20s
4.14 Pod启动过程
此博客来源于:https://edu.51cto.com/lecturer/11062970.html