Kubernetes 使用手册 for Devs

kubectl

kubectl是Kubernetes 命令行管理工具,我们可以通过kubectl来管理本地/远程 的Kubernetes集群。

请首先安装 kubectl,官网有安装方法 https://kubernetes.io/zh/docs/tasks/tools/

常用操作

  1. 查找pod

    1. kubectl -n ${namespace} get pods ${podName}

  2. 查看 pod 信息

    1. kubectl -n ${namespace} describe pod ${podName}

    例:


    查看pod完整信息

    1. Name:         lecare-insurance-58b7bdc4cd-76fvs
    2. Namespace:    lejian-insu
    3. Priority:     0
    4. Node:         cn-hangzhou.192.168.121.215/192.168.121.215
    5. Start Time:   Fri, 11 Jun 2021 14:38:20 +0800
    6. Labels:       app=lecare-insurance
    7.               pod-template-hash=58b7bdc4cd
    8. Annotations:  <none>
    9. Status:       Running
    10. IP:           192.168.137.200
    11. IPs:
    12.   IP:           192.168.137.200
    13. Controlled By:  ReplicaSet/lecare-insurance-58b7bdc4cd
    14. Containers:
    15.   lecare-insurance:
    16.     Container ID:  docker://a4d76e08f026adaefc0eed451de550cf63dea3bcd038ea89ac93227c413d675d
    17.     Image:         registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance:ab22bc48
    18.     Image ID:      docker-pullable://registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance@sha256:b050fcd4fc00f1bc2bd2811c8bd4452ca83e2796d34b92a2ce61973938e3c58d
    19.     Port:          8080/TCP
    20.     Host Port:     0/TCP
    21.     Command:
    22.       java
    23.       -jar
    24.       lecare_insurance.jar
    25.       -Djava.security.egd=file:/dev/./urandom
    26.       --spring.profiles.active=${RUNNING_ENV}
    27.       -Xmx2g
    28.       -Xms1g
    29.       -Xmn1g
    30.       -Xss512k
    31.       --server.port=8080
    32.     State:          Running
    33.       Started:      Fri, 11 Jun 2021 14:38:41 +0800
    34.     Ready:          True
    35.     Restart Count:  0
    36.     Limits:
    37.       cpu:     2
    38.       memory:  4Gi
    39.     Requests:
    40.       cpu:     100m
    41.       memory:  2Gi
    42.     Environment:
    43.       MYSQL_USERNAME:  <set to the key 'MYSQL_USERNAME' in secret 'mysql-prod'>                 Optional: false
    44.       MYSQL_PASSWORD:  <set to the key 'MYSQL_PASSWORD' in secret 'mysql-prod'>                 Optional: false
    45.       REDIS_HOST:      <set to the key 'REDIS_HOST' of config map 'lecare-insurance-vars'>      Optional: false
    46.       REDIS_PORT:      <set to the key 'REDIS_PORT' of config map 'lecare-insurance-vars'>      Optional: false
    47.       REDIS_DATABASE:  <set to the key 'REDIS_DATABASE' of config map 'lecare-insurance-vars'>  Optional: false
    48.       REDIS_PASSWORD:  <set to the key 'REDIS_PASSWORD' in secret 'redis-prod'>                 Optional: false
    49.       MYSQL_URL:       <set to the key 'MYSQL_URL' of config map 'lecare-insurance-vars'>       Optional: false
    50.       MYSQL_DATABASE:  <set to the key 'MYSQL_DATABASE' of config map 'lecare-insurance-vars'>  Optional: false
    51.       RUNNING_ENV:     <set to the key 'RUNNING_ENV' of config map 'lecare-insurance-vars'>     Optional: false
    52.     Mounts:
    53.       /etc/localtime from datetime (rw)
    54.       /opt/javalogs from javalogs (rw)
    55.       /var/run/secrets/kubernetes.io/serviceaccount from default-token-2lkn2 (ro)
    56. Conditions:
    57.   Type              Status
    58.   Initialized       True
    59.   Ready             True
    60.   ContainersReady   True
    61.   PodScheduled      True
    62. Volumes:
    63.   mysql-prod:
    64.     Type:        Secret (a volume populated by a Secret)
    65.     SecretName:  mysql-prod
    66.     Optional:    false
    67.   redis-prod:
    68.     Type:        Secret (a volume populated by a Secret)
    69.     SecretName:  redis-prod
    70.     Optional:    false
    71.   javalogs:
    72.     Type:          HostPath (bare host directory volume)
    73.     Path:          /var/lib/container/log
    74.     HostPathType:
    75.   datetime:
    76.     Type:          HostPath (bare host directory volume)
    77.     Path:          /usr/share/zoneinfo/Asia/Shanghai
    78.     HostPathType:
    79.   default-token-2lkn2:
    80.     Type:        Secret (a volume populated by a Secret)
    81.     SecretName:  default-token-2lkn2
    82.     Optional:    false
    83. QoS Class:       Burstable
    84. Node-Selectors:  <none>
    85. Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
    86.                  node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
    87. Events:
    88.   Type    Reason          Age   From               Message
    89.   ----    ------          ----  ----               -------
    90.   Normal  Scheduled       54m   default-scheduler  Successfully assigned lejian-insu/lecare-insurance-58b7bdc4cd-76fvs to cn-hangzhou.192.168.121.215
    91.   Normal  AllocIPSucceed  54m   terway-daemon      Alloc IP 192.168.137.200/20 for Pod
    92.   Normal  Pulling         54m   kubelet            Pulling image "registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance:ab22bc48"
    93.   Normal  Pulled          53m   kubelet            Successfully pulled image "registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance:ab22bc48"
    94.   Normal  Created         53m   kubelet            Created container lecare-insurance
    95.   Normal  Started         53m   kubelet            Started container lecare-insurance


    因为pod的信息比较多,如果想筛选,请使用grep

    1. kubectl describe pod lecare-insurance-58b7bdc4cd-76fvs | grep IP:
  1. 查看pod console日志
    1. kubectl -n ${namespace} logs ${podName}
    可以支持 类似 tail 、more 命令的参数,比如:
    1. kubectl -n ${namespace} logs -f --tail=100 ${podName}
    2. // -f 持续输出日志 --tail=n 从当前日志尾部n行开始输出
  1. 使用shell登录pod中容器环境
    1. kubectl exec ${podName} -it ${shell}
    一般基础容器镜像包含 sh 或 bash 等shell程序
    1. kubectl -n ${namespace} exec ${podName} -it sh   //使用sh 作为shell
    2. kubectl -n ${namespace} exec ${podName} -it bash //使用 bash 作为shell

kubectl 增效工具

下面这些工具可以非常好的提高使用kubectl的效率。但是遗憾的是只有macOS和linux可以简单安装。

kt connect / telepresence

他们都是基于 kubectl proxy-forward 来实现容器内外网络互通的工具。

Jvm remote debug

借助上面提到的 kt-connect 和 telepresence,我们可以非常容易的实现本地和k8s容器网络互通。接下来对于jvm remote debug就非常容易了。

  1. 在我们的jvm启动参数上增加 remote debug 端口

    1. -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=10086

  2. 在k8s中启动应用,并通过上面提到的找到应用对应的pod,定位pod的ip

    1. kubectl describe pod lecare-insurance-58b7bdc4cd-76fvs | grep IP:

  3. 启动kt-connect

    1. sudo ktctl connect

    kt-connect连接

  4. 在我们的IDE中(eclipse 或者 idea )使用 Remote JVM Debug,填入上面获取的IP和JVM参数对应的端口

文档更新时间: 2021-06-11 21:31