Kubernetes 使用手册 for Devs

kubectl

kubectl是Kubernetes 命令行管理工具，我们可以通过kubectl来管理本地/远程 的Kubernetes集群。

请首先安装 kubectl，官网有安装方法 https://kubernetes.io/zh/docs/tasks/tools/

常用操作

1. 查找pod

   kubectl -n ${namespace} get pods ${podName}

2. 查看 pod 信息

   kubectl -n ${namespace} describe pod ${podName}

   例：
   

   
   

   查看pod完整信息

   Name:         lecare-insurance-58b7bdc4cd-76fvs
   Namespace:    lejian-insu
   Priority:     0
   Node:         cn-hangzhou.192.168.121.215/192.168.121.215
   Start Time:   Fri, 11 Jun 2021 14:38:20 +0800
   Labels:       app=lecare-insurance
                 pod-template-hash=58b7bdc4cd
   Annotations:  <none>
   Status:       Running
   IP:           192.168.137.200
   IPs:
     IP:           192.168.137.200
   Controlled By:  ReplicaSet/lecare-insurance-58b7bdc4cd
   Containers:
     lecare-insurance:
       Container ID:  docker://a4d76e08f026adaefc0eed451de550cf63dea3bcd038ea89ac93227c413d675d
       Image:         registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance:ab22bc48
       Image ID:      docker-pullable://registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance @sha256:b050fcd4fc00f1bc2bd2811c8bd4452ca83e2796d34b92a2ce61973938e3c58d
       Port:          8080/TCP
       Host Port:     0/TCP
       Command:
         java
         -jar
         lecare_insurance.jar
         -Djava.security.egd=file:/dev/./urandom
         --spring.profiles.active=${RUNNING_ENV}
         -Xmx2g
         -Xms1g
         -Xmn1g
         -Xss512k
         --server.port=8080
       State:          Running
         Started:      Fri, 11 Jun 2021 14:38:41 +0800
       Ready:          True
       Restart Count:  0
       Limits:
         cpu:     2
         memory:  4Gi
       Requests:
         cpu:     100m
         memory:  2Gi
       Environment:
         MYSQL_USERNAME:  <set to the key 'MYSQL_USERNAME' in secret 'mysql-prod'>                 Optional: false
         MYSQL_PASSWORD:  <set to the key 'MYSQL_PASSWORD' in secret 'mysql-prod'>                 Optional: false
         REDIS_HOST:      <set to the key 'REDIS_HOST' of config map 'lecare-insurance-vars'>      Optional: false
         REDIS_PORT:      <set to the key 'REDIS_PORT' of config map 'lecare-insurance-vars'>      Optional: false
         REDIS_DATABASE:  <set to the key 'REDIS_DATABASE' of config map 'lecare-insurance-vars'>  Optional: false
         REDIS_PASSWORD:  <set to the key 'REDIS_PASSWORD' in secret 'redis-prod'>                 Optional: false
         MYSQL_URL:       <set to the key 'MYSQL_URL' of config map 'lecare-insurance-vars'>       Optional: false
         MYSQL_DATABASE:  <set to the key 'MYSQL_DATABASE' of config map 'lecare-insurance-vars'>  Optional: false
         RUNNING_ENV:     <set to the key 'RUNNING_ENV' of config map 'lecare-insurance-vars'>     Optional: false
       Mounts:
         /etc/localtime from datetime (rw)
         /opt/javalogs from javalogs (rw)
         /var/run/secrets/kubernetes.io/serviceaccount from default-token-2lkn2 (ro)
   Conditions:
     Type              Status
     Initialized       True
     Ready             True
     ContainersReady   True
     PodScheduled      True
   Volumes:
     mysql-prod:
       Type:        Secret (a volume populated by a Secret)
       SecretName:  mysql-prod
       Optional:    false
     redis-prod:
       Type:        Secret (a volume populated by a Secret)
       SecretName:  redis-prod
       Optional:    false
     javalogs:
       Type:          HostPath (bare host directory volume)
       Path:          /var/lib/container/log
       HostPathType:
     datetime:
       Type:          HostPath (bare host directory volume)
       Path:          /usr/share/zoneinfo/Asia/Shanghai
       HostPathType:
     default-token-2lkn2:
       Type:        Secret (a volume populated by a Secret)
       SecretName:  default-token-2lkn2
       Optional:    false
   QoS Class:       Burstable
   Node-Selectors:  <none>
   Tolerations:     node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                    node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
   Events:
     Type    Reason          Age   From               Message
     ----    ------          ----  ----               -------
     Normal  Scheduled       54m   default-scheduler  Successfully assigned lejian-insu/lecare-insurance-58b7bdc4cd-76fvs to cn-hangzhou.192.168.121.215
     Normal  AllocIPSucceed  54m   terway-daemon      Alloc IP 192.168.137.200/20 for Pod
     Normal  Pulling         54m   kubelet            Pulling image "registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance:ab22bc48"
     Normal  Pulled          53m   kubelet            Successfully pulled image "registry.cn-hangzhou.aliyuncs.com/lejian-insu/lecare-insurance:ab22bc48"
     Normal  Created         53m   kubelet            Created container lecare-insurance
     Normal  Started         53m   kubelet            Started container lecare-insurance

   
   因为pod的信息比较多，如果想筛选，请使用grep

   kubectl describe pod lecare-insurance-58b7bdc4cd-76fvs | grep IP:

1. 查看pod console日志

   kubectl -n ${namespace} logs ${podName}

   可以支持 类似 tail 、more 命令的参数，比如：

   kubectl -n ${namespace} logs -f --tail=100 ${podName}
   // -f 持续输出日志 --tail=n 从当前日志尾部n行开始输出

1. 使用shell登录pod中容器环境

   kubectl exec ${podName} -it ${shell}

   一般基础容器镜像包含 sh 或 bash 等shell程序

   kubectl -n ${namespace} exec ${podName} -it sh   //使用sh 作为shell
   kubectl -n ${namespace} exec ${podName} -it bash //使用 bash 作为shell

kubectl 增效工具

下面这些工具可以非常好的提高使用kubectl的效率。但是遗憾的是只有macOS和linux可以简单安装。

• kubens / kubectx (macOS/linux)

  https://github.com/ahmetb/kubectx

  kubens 指定全局 namespace，可以省去每次加 -n ${namespace}麻烦之处。

  kubectx 快速切换 .kube/config 下不同的k8s集群环境（.kube/config内可以配置多个集群）。

• stern (macOS/linux/windows)

  https://github.com/wercker/stern

  快速读取pod内容器的标准输出，方便排查日志找问题。

• kubectxwin (windows)
  kubens、kubectx 的windows版本
  https://github.com/thomasliddledba/kubectxwin

kt connect / telepresence

他们都是基于 kubectl proxy-forward 来实现容器内外网络互通的工具。

• kt-connect

  https://github.com/alibaba/kt-connect

• telepresence

  https://github.com/telepresenceio/telepresence

Jvm remote debug

借助上面提到的 kt-connect 和 telepresence，我们可以非常容易的实现本地和k8s容器网络互通。接下来对于jvm remote debug就非常容易了。

1. 在我们的jvm启动参数上增加 remote debug 端口

   -agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=10086

2. 在k8s中启动应用，并通过上面提到的找到应用对应的pod，定位pod的ip

   kubectl describe pod lecare-insurance-58b7bdc4cd-76fvs | grep IP:

3. 启动kt-connect

   sudo ktctl connect

   
   

   kt-connect连接

   
   
   

4. 在我们的IDE中（eclipse 或者 idea ）使用 Remote JVM Debug，填入上面获取的IP和JVM参数对应的端口