Kubectl 語法整理
指定特別 kubeconf 檔方式
- Exp. kubeconf 檔案存放在 /iiidevops/kube-config/config
kubectl --kubeconfig /iiidevops/kube-config/config get pod
檢查 K8s Cluster 的健康狀態
kubectl get componentstatus
結果類似以下訊息:
$ kubectl get componentstatus NAME STATUS MESSAGE ERROR controller-manager Healthy ok scheduler Healthy ok etcd-0 Healthy {"health":"true"}
讀取 K8s Cluster Name 的方式
- 方法1
kubectl config current-context
結果:
rkeuser@devops2:~$ kubectl config current-context iiidevops-k8s
- 方法2
kubectl config view
結果:
rkeuser@devops2:~$ kubectl config view apiVersion: v1 clusters: - cluster: certificate-authority-data: DATA+OMITTED server: https://172.16.0.172:6443 name: iiidevops-k8s contexts: - context: cluster: iiidevops-k8s user: kube-admin-iiidevops-k8s name: iiidevops-k8s current-context: iiidevops-k8s kind: Config preferences: {} users: - name: kube-admin-iiidevops-k8s user: client-certificate-data: REDACTED client-key-data: REDACTED
顯示 K8s 內的 POD 清單
kubectl get pod
Exp.
localadmin@iiidevops-73:~$ kubectl get pod NAME READY STATUS RESTARTS AGE devopsapi-dbbcf7fd4-j5nv2 1/1 Running 0 36m devopsdb-5555449b8d-rd2z9 1/1 Running 0 37m devopsui-84496c7fcc-bd99r 1/1 Running 0 126m redmine-547cbdbbbb-wk9s6 1/1 Running 1 17h redmine-postgresql-6fb9475c6c-gs9gh 1/1 Running 0 17h sonarqube-server-6ccbf4c54f-vksmp 1/1 Running 0 17h
- 加上 -n 參數 指定所要查詢的 namespace 內 pod 清單
kubectl get pod -n kube-system
Exp.
$ kubectl get pod -n kube-system NAME READY STATUS RESTARTS AGE calico-kube-controllers-c955d588c-kcm7r 1/1 Running 2 36h calico-node-sghsm 1/1 Running 2 36h : rke-metrics-addon-deploy-job-dhjbl 0/1 Completed 0 36h rke-network-plugin-deploy-job-6vzqh 0/1 Completed 0 36h
- 加上 -A 參數可呈現所有 namespace 的 pod 清單
kubectl get pod -A
Exp.
localadmin@iiidevops-hv-2:~$ kubectl get pod -A NAMESPACE NAME READY STATUS RESTARTS AGE cattle-pipeline registry-proxy-96bbj 1/1 Running 0 40m cattle-system cattle-cluster-agent-7d569b986c-57485 1/1 Running 0 145m : kube-system rke-metrics-addon-deploy-job-tb2sn 0/1 Completed 0 146m kube-system rke-network-plugin-deploy-job-pcgss 0/1 Completed 0 146m p-8kvwh-pipeline docker-registry-57fbddc6cc-ch9cw 1/1 Running 0 40m p-8kvwh-pipeline jenkins-f4d6b89cb-h8554 1/1 Running 0 40m p-8kvwh-pipeline minio-5ccb99b5c7-kp9lc 1/1 Running 0 40m
顯示 K8s 內 POD 的 logs
kubectl logs [pod NAME]
Exp.
localadmin@iiidevops-73:~$ kubectl logs redmine-547cbdbbbb-wk9s6 | tail -20 I, [2020-12-21T10:47:03.089762 #1] INFO -- : Rendered enumerations/_form.html.erb (2.8ms) I, [2020-12-21T10:47:03.090267 #1] INFO -- : Rendered enumerations/new.html.erb within layouts/admin (4.2ms) I, [2020-12-21T10:47:03.095432 #1] INFO -- : Rendered admin/_menu.html.erb (4.9ms) I, [2020-12-21T10:47:03.095745 #1] INFO -- : Rendering layouts/base.html.erb I, [2020-12-21T10:47:03.107140 #1] INFO -- : Rendered layouts/base.html.erb (11.3ms) I, [2020-12-21T10:47:03.107464 #1] INFO -- : Completed 200 OK in 32ms (Views: 19.9ms | ActiveRecord: 5.8ms) I, [2020-12-21T10:47:05.101236 #1] INFO -- : Started POST "/enumerations" for 10.20.0.74 at 2020-12-21 10:47:05 +0000 I, [2020-12-21T10:47:05.102407 #1] INFO -- : Processing by EnumerationsController#create as HTML I, [2020-12-21T10:47:05.102487 #1] INFO -- : Parameters: {"utf8"=>"✓", "authenticity_token"=>"wRaItdciacpkIjcxxxxxxxxxxrdQWdKf66WuZPq6AGAIQyK9BLeuyOlyKODKQedaCNdAoADOadTy+3UH4mTeg==", "enumeration"=>{"type"=>"IssuePriority", "name"=>"Low", "active"=>"1", "is_default"=>"0"}, "commit"=>"Create"} I, [2020-12-21T10:47:05.112128 #1] INFO -- : Current user: admin (id=1) I, [2020-12-21T10:47:05.192218 #1] INFO -- : Redirected to http://10.20.0.74:32748/enumerations I, [2020-12-21T10:47:05.192469 #1] INFO -- : Completed 302 Found in 90ms (ActiveRecord: 17.5ms) 10.20.0.74 - - [21/Dec/2020:10:47:05 UTC] "POST /enumerations HTTP/1.1" 302 102 http://10.20.0.74:32748/enumerations/new?type=IssuePriority -> /enumerations 10.20.0.74 - - [21/Dec/2020:10:47:05 UTC] "GET /enumerations HTTP/1.1" 200 8526 http://10.20.0.74:32748/enumerations/new?type=IssuePriority -> /enumerations 10.20.0.74 - - [22/Dec/2020:02:21:47 UTC] "GET /users/current.json HTTP/1.1" 200 253 - -> /users/current.json 10.20.0.74 - - [22/Dec/2020:02:21:47 UTC] "GET /users.json?offset=0&limit=25&key=d64c31axxxxxxxxxxd085fc5825ec257b31a3ec7 HTTP/1.1" 200 230 - -> /users.json?offset=0&limit=25&key=d64c31aff3xxxxxxxxxx5fc5825ec257b31a3ec7
顯示 K8s 內 POD 的描述資訊
kubectl describe pod [pod NAME]
Exp.
localadmin@iiidevops-71:~/deploy-devops$ kubectl describe pod devopsapi-cdccbcb48-qv4n9 Name: devopsapi-cdccbcb48-qv4n9 Namespace: default Priority: 0 Node: iiidevops-72/10.20.0.72 Start Time: Thu, 24 Dec 2020 06:27:37 +0000 Labels: app=devopsapi pod-template-hash=cdccbcb48 : : Normal Pulling 15s (x2 over 38s) kubelet Pulling image "iiiorg/devops-api:develop" Warning Failed 11s (x2 over 34s) kubelet Failed to pull image "iiiorg/devops-api:develop": rpc error: code = Unknown desc = Error response from daemon: toomanyrequests: You have reached your pull rate limit. You may increase the limit by authenticating and upgrading: https://www.docker.com/increase-rate-limit Warning Failed 11s (x2 over 34s) kubelet Error: ErrImagePull
進入一個 POD 內操作
kubectl exec -it [POD Name] -- bash
Exp.
localadmin@iiidevops-hv-2:~$ kubectl exec -it devopsapi-74c78bb4c8-77phj -- bash root@devopsapi-74c78bb4c8-77phj:/usr/src/app# ls -lt total 76 drwxr-xr-x 1 root root 4096 Jan 23 08:18 apis drwxrwxrwx 2 root root 4096 Jan 23 08:18 logs -rw-r--r-- 1 root root 41 Jan 22 22:15 git_commit -rwxr-xr-x 1 root root 435 Jan 22 22:15 Dockerfile -rwxr-xr-x 1 root root 11357 Jan 22 22:15 LICENSE -rwxr-xr-x 1 root root 878 Jan 22 22:15 README.md -rwxr-xr-x 1 root root 1994 Jan 22 22:15 _alembic.ini : : -rwxr-xr-x 1 root root 3133 Jan 22 22:15 k8s_config root@devopsapi-c9ddc8cdf-mrb9f:/usr/src/app#
- 如果要進入不同 namespace 的 pod 操作就需要加上 –namespace=“xxx” 的參數 Exp.
localadmin@iiidevops-hv-2:~$ kubectl exec -it --namespace="p-8kvwh-pipeline" minio-5ccb99b5c7-kp9lc -- traceroute 172.17.13.183 traceroute to 172.17.13.183 (172.17.13.183), 30 hops max, 46 byte packets 1 172-17-13-183.kubernetes.default.svc.cluster.local (172.17.13.183) 0.007 ms 0.009 ms 0.007 ms
顯示 K8s 內的 deploy 清單
kubctl get deploy
Exp.
localadmin@iiidevops-73:~$ kubectl get deploy NAME READY UP-TO-DATE AVAILABLE AGE devopsapi 1/1 1 1 17h devopsdb 1/1 1 1 37m devopsui 1/1 1 1 17h redmine 1/1 1 1 17h redmine-postgresql 1/1 1 1 17h sonarqube-server 1/1 1 1 17h
移除 K8s 內的 deploy pod
kubctl delete deploy [deploy NAME]
Exp.
localadmin@iiidevops-73:~$ kubectl delete deploy devopsui devopsdb devopsapi deployment.apps "devopsui" deleted deployment.apps "devopsdb" deleted deployment.apps "devopsapi" deleted
顯示 K8s 內的 namespace 清單
kubctl get namespace
Exp.
iiidevops@iiidevops1:~$ kubectl get namespace NAME STATUS AGE account Active 49d cattle-pipeline Active 6d22h cattle-system Active 50d default Active 50d iii-devops-toolchain Active 6d22h ingress-nginx Active 50d kube-node-lease Active 50d kube-public Active 50d kube-system Active 50d p-pdx2d-pipeline Active 6d22h security-scan Active 50d
移除 K8s 內的 namespace deploy pod
kubctl delete namespace [namespace NAME]
Exp.
iiidevops@iiidevops1:~$ kubectl delete namespace iii-devops-toolchain namespace "iii-devops-toolchain" deleted
讀取 Secret 的內容
kubectl get secret [secret_name]
Exp.
rkeuser@dev4-86:~$ kubectl get secret NAME TYPE DATA AGE default-token-pssx6 kubernetes.io/service-account-token 3 21d gitlab Opaque 1 21d harbor Opaque 1 21d harbor-harbor-clair Opaque 3 21d harbor-harbor-clair-internal-tls kubernetes.io/tls 3 21d harbor-harbor-core Opaque 8 21d :
- 顯示 secret 的內容, 有定義那些 key
kubectl describe secret [secret_name]
Exp.
rkeuser@dev4-86:~$ kubectl describe secret harbor Name: harbor Namespace: default Labels: <none> Annotations: field.cattle.io/creatorId: user-jwvbx field.cattle.io/projectId: local:p-rhflt lifecycle.cattle.io/create.secretsController_local: true secret.user.cattle.io/secret: true Type: Opaque Data ==== harbor-local: 25 bytes
- 顯示 secret key 的 value 編碼內容
kubectl get secrets/<secret_name> --template={{.data.<key>}}
Exp.
kubectl get secrets/harbor --template={{.data.harbor-local}}
如果要直接解碼可使用 base64 -d 的方式處理 Exp.
kubectl get secrets/harbor --template={{.data.harbor-local}} | base64 -d
讀取 kubelet 內的 pod 目錄編號
- 實際 pod 的檔案存在 node 內的 /var/lib/kubelet/pods 內, 可透過以下語法獲知 pod 的目錄編號
kubectl get pods -A -o custom-columns=NodeName:.spec.nodeName,PodName:.metadata.name,PodUID:.metadata.uid