Kubernetes集群常用命令
kubectl get podskubectl get pod --all-namespaceskubectl get pods --all-namespaces -o wide |grep nodenamehttps://help.aliyun.com/document_detail/100251.html 关于垃圾产生及回收,您可以看下这篇文章 https://www.kubernetes.org.cn/4508.html
kubectl访问集群环境配置
brew install kubernetes-cli下载exe
curl -LO https://storage.googleapis.com/kubernetes-release/release/v1.11.0/bin/windows/amd64/kubectl.exe将程序添加到系统PATH
brew install kubernetes-helm下载地址:https://github.com/helm/helm/releases
brew install kubectxkubens xxx使用scp命令安全地将主节点的配置从 Kubernetes 集群主 VM 中的 /etc/kubernetes/kube.conf 复制到本地计算机的 $HOME/.kube/config
mkdir -p $HOME/.kubescp root@<master-public-ip>:/etc/kubernetes/kube.conf $HOME/.kube/config$ mkdir -p ~/.config/fish/completions$ cd ~/.config/fish$ git clone https://github.com/evanlucas/fish-kubectl-completions$ ln -s ../fish-kubectl-completions/completions/kubectl.fish completions/其他shell参见:https://kubernetes.io/docs/tasks/tools/install-kubectl/
上一篇Kubernetes搭建本地实验环境 安装好可以本地运行的单节点Kubernetes,这里继续相关的配置, 主要涉及到:
Minikube插件registry-creds, 将Google容器注册表(GCR),亚马逊EC2容器注册表(ECR)和私有Docker仓库注册表
凭证映射到Minikube。需要运行:minikube addons configure registry-creds 和minikube addons enable registry-creds 命令, 如:
$ minikube addons configure registry-credsDo you want to enable AWS Elastic Container Registry? [y/n]: n
Do you want to enable Google Container Registry? [y/n]: y-- Enter path to credentials (e.g. /home/user/.config/gcloud/application_default_credentials.json):/home/user/.config/gcloud/application_default_credentials.json
Do you want to enable Docker Registry? [y/n]: nregistry-creds was successfully configured$ minikube addons enable registry-credsk8s中配置私有容器registry更好的处理方式是使用ImagePullSecrets。
在Minikube通过虚拟机的方式运行Kubernetes,可以使用kubectl访问集群信息,如:
$ kubectl cluster-infoKubernetes master is running at https://192.168.99.100:8443KubeDNS is running at https://192.168.99.100:8443/api/v1/namespaces/kube-system/services/kube-dns:dns/proxy由于Minikube启动时是通过虚拟机的方式,此时只能本机访问,局域网中的其他机器无法访问。此时,可以通过kubectl proxy方式进访问。
$ kubectl proxy --address='0.0.0.0' --disable-filter=true &默认将Kubernetes api代理到本地8001端口
复制本机/etc/kubernetes/kubelet.conf, 到目标机器 ~/.kube, 并重命名为config, 并将将https://192.168.1.128:8443, 修改为修改为本机ip, 如:http://192.168.1.111:80001 并保存。
此时,就可以在目标机器上使用kubectl命令访问集群。
为了方便大家本地开发和体验Kubernetes,社区提供了可以在本机部署的Minikube, 此外, Docker社区版也已经提供了对Kubernetes的支持。
这里将使用Minikube进行本地部署。由于网络问题,这里具体用阿里修改的版本(Minikube v0.31.0), 从阿里云的镜像地址来获取所需Docker镜像和配置。
如需更新minikube,需要更新 minikube 安装包
- minikube delete
删除现有虚机,删除~/.minikube` 目录缓存的文件- 重新创建 minikube 环境
安装 kubectl
安装 Minikube
Mac OSX
curl -Lo minikube http://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v0.31.0/minikube-darwin-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/Linux
curl -Lo minikube http://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/releases/v0.31.0/minikube-linux-amd64 && chmod +x minikube && sudo mv minikube /usr/local/bin/缺省Minikube使用VirtualBox驱动来创建Kubernetes本地环境
$ minikube start --registry-mirror=https://registry.docker-cn.com缺省启动时,虚拟机默认使用2核2048M内存, 可以在启动时指定参数,来修改默认行为
# 虚拟机使用4096M内存, 3核CPU$ minikube start --registry-mirror=https://registry.docker-cn.com --memory=4096 --cpus=3启动过程容易出错,方便定位问题,可以通过—alsologtostderr指定启动过程中,在标准输出中也输出日志信息
$ minikube start --registry-mirror=https://registry.docker-cn.com --memory=4096 --cpus=3 --alsologtostderrW0102 15:18:57.642061 25984 root.go:146] Error reading config file at /root/.minikube/config/config.json: open /root/.minikube/config/config.json: no such file or directoryI0102 15:18:57.646767 25984 notify.go:121] Checking for updates...Starting local Kubernetes v1.10.0 cluster...Starting VM...I0102 15:18:57.877452 25984 cluster.go:69] Machine does not exist... provisioning new machineI0102 15:18:57.877480 25984 cluster.go:70] Provisioning machine with config: {MinikubeISO:https://kubernetes.oss-cn-hangzhou.aliyuncs.com/minikube/iso/minikube-v0.31.0.iso Memory:4096 CPUs:3 DiskSize:20000 VMDriver:virtualbox ContainerRuntime: HyperkitVpnKitSock: HyperkitVSockPorts:[] XhyveDiskDriver:ahci-hd DockerEnv:[] InsecureRegistry:[] RegistryMirror:[https://registry.docker-cn.com] HostOnlyCIDR:192.168.99.1/24 HypervVirtualSwitch: KvmNetwork:default Downloader:{} DockerOpt:[] DisableDriverMounts:false NFSShare:[] NFSSharesRoot:/nfsshares UUID: GPU:false}Downloading Minikube ISO打开Kubernetes控制台
$ minikube dashboard此时,通过在在本机查看到Kubernetes dashboard
但只能在本机浏览访问,如果需要在局域网中的其他机器上访问dashboard,可以:
$ kubectl proxy --address='0.0.0.0' --disable-filter=true &将Kubernetes API代理到本地,默认端口是8001(—proxy参数可以自定义),访问地址指定为“0.0.0.0”。假定本机IP为:192.168.1.2, 那么dashboard访问地址:http://192.168.1.2:8001/api/v1/namespaces/kube-system/services/http:kubernetes-dashboard:/proxy/。
创建单机Kubenetes集群环境后,Pod一直处于ContainerCreating状态:
[root@VM_0_3_centos]# kubectl get podsNAME READY STATUS RESTARTS AGEmyweb-pgn80 0/1 ContainerCreating 0 10m查看Pod的Event记录
[root@VM_0_3_centos]# kubectl describe pod myweb-pgn80无法创建的原因提示:
Error syncing pod, skipping: failed to "StartContainer" for "POD" with ErrImagePull: "image pull failed for registry.access.redhat.com/rhel7/pod-infrastructure:latest, this may be because there are no credentials on this request. details: (open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory)"查找缺失的文件,显示是一个软连接,链接目标是/etc/rhsm:
[root@VM_0_3_centos conf.d]# ll /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crtlrwxrwxrwx 1 root root 27 Jun 10 11:37 /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt -> /etc/rhsm/ca/redhat-uep.pem尝试手动拉取镜像
[root@VM_0_3_centos]# docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest提示:
open /etc/docker/certs.d/registry.access.redhat.com/redhat-ca.crt: no such file or directory依据google的解决办法,尝试使用
[root@VM_0_3_centos]# yum install *rhsm*Loaded plugins: fastestmirror, langpacksLoading mirror speeds from cached hostfilePackage python-rhsm-1.19.10-1.el7_4.x86_64 is obsoleted by subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64 which is already installedPackage subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64 already installed and latest versionPackage python-rhsm-certificates-1.19.10-1.el7_4.x86_64 is obsoleted by subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64 which is already installedPackage subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64 already installed and latest versionNothing to do问题出在目标的两个包被subscription-manager-rhsm-certificates-1.20.11-1.el7.centos.x86_64 和subscription-manager-rhsm-1.20.11-1.el7.centos.x86_64替代。
删除已经安装的这两个包,手动安装目标包
[root@VM_0_3_centos]# yum remove *rhsm*下载目标包,注意版本
#wget ftp://ftp.icm.edu.pl/vol/rzm6/linux-scientificlinux/7.4/x86_64/os/Packages/python-rhsm-certificates-1.19.9-1.el7.x86_64.rpm#wget ftp://ftp.icm.edu.pl/vol/rzm6/linux-scientificlinux/7.4/x86_64/os/Packages/python-rhsm-1.19.9-1.el7.x86_64.rpm然后执行安装命令
[root@VM_0_3_centos centos]# rpm -ivh *.rpmwarning: python-rhsm-1.19.9-1.el7.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 192a7d7d: NOKEYPreparing... ################################# [100%]Updating / installing... 1:python-rhsm-certificates-1.19.9-1################################# [ 50%] 2:python-rhsm-1.19.9-1.el7 ################################# [100%]重新拉取镜像
[root@VM_0_3_centos centos]#docker pull registry.access.redhat.com/rhel7/pod-infrastructure:latest查看POD状态
[root@VM_0_3_centos centos]# kubectl get podsNAME READY STATUS RESTARTS AGEmysql-m4n1g 1/1 Running 0 9hmyweb-pgn80 1/1 Running 0 9hmyweb-z7q4v 1/1 Running 0 9h解决问题
腾讯云CentOS7.3
使用yum安装etcd和Kubernetes软件
yum install -y ectd kubernetes按顺序启动所有的服务
systemctl start etcdsystemctl start dockersystemctl start kube-apiserversystemctl start kube-controller-managersystemctl start kube-schedulersystemctl start kubeletsystemctl start kube-proxy完成一个单机版的Kubernetes集群环境。
创建mysql-rc.yaml
kubectl create -f mysql-rc.yaml查看创建的服务
kubectl get rc # 反馈正常查看pds,显示『no resource found』
kubectl get pods