Linux容器篇-kubernetes监控和日志管理

文章目录


一、kubernetes基本概念

  • Pod:k8s的最小部署单位,一组容器的集合

  • Development:最常见的控制器,用于更高级别部署和管理Pod

  • Service:为一组Pod提供负载均衡,对外提供统一的访问入口

  • Label: 标签,附加到某个资源上,用于关联对象,查询和筛选

  • NameSpace:命名空间,将对象逻辑上隔离,也有利于权限控制

​ kubernetes将资源对象逻辑上隔离,从而形成了多个虚拟集群,更方便管理。

bash 复制代码
kubectl get namespace
NAME                   STATUS   AGE
calico-apiserver       Active   12d
calico-system          Active   12d
default                Active   12d
kube-node-lease        Active   12d
kube-public            Active   12d
kube-system            Active   12d
kubernetes-dashboard   Active   12d
tigera-operator        Active   12d

​ default : 默认命名空间

​ kube-system: k8s系统方面的命名空间

​ kube-public : 公开的命名空间,谁都可以访问

​ kube-node-least : k8s内部命名空间

​ 两种方法指定资源所属的命名空间:

bash 复制代码
命令行加-n选项;yaml资源元数据里指定namespace字段;

二、集群资源监控

查看API资源对象及缩写

bash 复制代码
[root@k8s-master ~]# kubectl api-resources 
NAME                              SHORTNAMES                                      APIVERSION                             NAMESPACED   KIND
bindings                                                                          v1                                     true         Binding
componentstatuses                 cs                                              v1                                     false        ComponentStatus
configmaps                        cm                                              v1                                     true         ConfigMap
endpoints                         ep                                              v1                                     true         Endpoints
events                            ev                                              v1                                     true         Event
limitranges                       limits                                          v1                                     true         LimitRange
namespaces                        ns                                              v1                                     false        Namespace
nodes                             no                                              v1                                     false        Node
persistentvolumeclaims            pvc                                             v1                                     true         PersistentVolumeClaim
persistentvolumes                 pv                                              v1                                     false        PersistentVolume
pods                              po                                              v1                                     true         Pod
......

资源对象的简写可以提高我们在使用k8s过程中的输入效率,但是对初学者来说不容易理解,可以采用配置kubectl自动补全的方式

查看master组件状态

这条命令会显示master节点的主要组件:etcd,controller-manager,scheduler的工作状态

bash 复制代码
[root@k8s-master ~]#kubectl get cs
bash 复制代码
[root@k8s-master ~]# kubectl get componentstatuses 
Warning: v1 ComponentStatus is deprecated in v1.19+
NAME                 STATUS    MESSAGE   ERROR
etcd-0               Healthy   ok        
controller-manager   Healthy   ok        
scheduler            Healthy   ok

查看集群节点状态

这条命令可以查到当前集群master节点和node节点的工作状态

bash 复制代码
kubectl get nodes
bash 复制代码
[root@k8s-master ~]# kubectl get nodes
NAME         STATUS   ROLES           AGE   VERSION
k8s-master   Ready    control-plane   13d   v1.28.0
k8s-node1    Ready    <none>          13d   v1.28.0
k8s-node2    Ready    <none>          13d   v1.28.0

查看资源详情

bash 复制代码
kubectl describe <资源类型> <资源名称>

查看一个deployment的详细信息

bash 复制代码
[root@k8s-master ~]# kubectl get deployment -n test 
NAME         READY   UP-TO-DATE   AVAILABLE   AGE
nginx        3/3     3            3           5d17h
nginx-test   1/1     1            1           11d
[root@k8s-master ~]# kubectl describe deployment nginx -n test 
Name:                   nginx
Namespace:              test
CreationTimestamp:      Wed, 10 Jul 2024 17:04:14 +0800
Labels:                 app=nginx
Annotations:            deployment.kubernetes.io/revision: 1
Selector:               app=nginx
Replicas:               3 desired | 3 updated | 3 total | 3 available | 0 unavailable
StrategyType:           RollingUpdate
MinReadySeconds:        0
RollingUpdateStrategy:  25% max unavailable, 25% max surge
Pod Template:
  Labels:  app=nginx
  Containers:
   nginx:
    Image:        nginx:1.16
    Port:         <none>
    Host Port:    <none>
    Environment:  <none>
    Mounts:       <none>
  Volumes:        <none>
Conditions:
  Type           Status  Reason
  ----           ------  ------
  Progressing    True    NewReplicaSetAvailable
  Available      True    MinimumReplicasAvailable
OldReplicaSets:  <none>
NewReplicaSet:   nginx-85bfcd86d5 (3/3 replicas created)
Events:          <none>

查看一个pod的详细信息

bash 复制代码
[root@k8s-master ~]# kubectl get pods -n test 
NAME                         READY   STATUS    RESTARTS        AGE
nginx-85bfcd86d5-5dl44       1/1     Running   3 (4d12h ago)   5d17h
nginx-85bfcd86d5-7kjvt       1/1     Running   3 (4d12h ago)   5d17h
nginx-85bfcd86d5-fltkh       1/1     Running   3 (4d12h ago)   5d17h
nginx-test-d87b84fb7-lcvg7   1/1     Running   6 (4d12h ago)   11d
[root@k8s-master ~]# kubectl describe pods nginx-test-d87b84fb7-lcvg7 -n test 
Name:             nginx-test-d87b84fb7-lcvg7
Namespace:        test
Priority:         0
Service Account:  default
Node:             k8s-node1/192.168.3.11
Start Time:       Thu, 04 Jul 2024 10:45:20 +0800
Labels:           k8s-app=nginx-test
                  pod-template-hash=d87b84fb7
Annotations:      cni.projectcalico.org/containerID: 5d84c8a34dd067d8b77205c1abfd7eef58ddf67571c39e807e862457bc400c5f
                  cni.projectcalico.org/podIP: 10.244.36.97/32
                  cni.projectcalico.org/podIPs: 10.244.36.97/32
Status:           Running
IP:               10.244.36.97
IPs:
  IP:           10.244.36.97
Controlled By:  ReplicaSet/nginx-test-d87b84fb7
Containers:
  nginx-test:
    Container ID:   docker://1a0bdae7e63c45454024fd0e66fdbc615d832a3bd82ba5a1f27315c75ce63ec7
    Image:          nginx:1.23
    Image ID:       docker-pullable://nginx@sha256:f5747a42e3adcb3168049d63278d7251d91185bb5111d2563d58729a5c9179b0
    Port:           <none>
    Host Port:      <none>
    State:          Running
      Started:      Tue, 16 Jul 2024 10:04:31 +0800
    Last State:     Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Thu, 11 Jul 2024 19:23:30 +0800
      Finished:     Thu, 11 Jul 2024 22:18:17 +0800
    Ready:          True
    Restart Count:  6
    Environment:    <none>
    Mounts:
      /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-9nsbn (ro)
Conditions:
  Type              Status
  Initialized       True 
  Ready             True 
  ContainersReady   True 
  PodScheduled      True 
Volumes:
  kube-api-access-9nsbn:
    Type:                    Projected (a volume that contains injected data from multiple sources)
    TokenExpirationSeconds:  3607
    ConfigMapName:           kube-root-ca.crt
    ConfigMapOptional:       <nil>
    DownwardAPI:             true
QoS Class:                   BestEffort
Node-Selectors:              <none>
Tolerations:                 node.kubernetes.io/not-ready:NoExecute op=Exists for 300s
                             node.kubernetes.io/unreachable:NoExecute op=Exists for 300s
Events:
  Type     Reason          Age                From             Message
  ----     ------          ----               ----             -------
  Warning  NodeNotReady    4d13h              node-controller  Node is not ready
  Normal   SandboxChanged  33m (x2 over 33m)  kubelet          Pod sandbox changed, it will be killed and re-created.
  Normal   Pulled          32m                kubelet          Container image "nginx:1.23" already present on machine
  Normal   Created         32m                kubelet          Created container nginx-test
  Normal   Started         32m                kubelet          Started container nginx-test

查看service的详细信息

bash 复制代码
[root@k8s-master ~]# kubectl get service -n test 
NAME         TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)   AGE
nginx-test   ClusterIP   10.96.255.119   <none>        80/TCP    11d       
[root@k8s-master ~]# kubectl describe service nginx-test -n test 
Name:              nginx-test
Namespace:         test
Labels:            k8s-app=nginx-test
Annotations:       <none>
Selector:          k8s-app=nginx-test
Type:              ClusterIP
IP Family Policy:  SingleStack
IP Families:       IPv4
IP:                10.96.255.119
IPs:               10.96.255.119
Port:              tcp-80-80-rqfqj  80/TCP
TargetPort:        80/TCP
Endpoints:         10.244.36.97:80
Session Affinity:  None
Events:            <none>

查看资源信息

bash 复制代码
kubectl get <资源类型> <资源名称>
-o wide  显示详情
-o yaml  将配置输出为yaml格式
-n namespace  查看对应命名空间

资源监控服务

资源监控服务由metric-server服务提供数据,而这个服务默认没有安装,还需要手动部署一下。

metric server 是一个集群范围的资源使用情况的数据聚合器,作为一个应用部署在集群中。metric server从每个节点上的kubelet API 收集指标,通过kubernetes聚合器注册在Master APIserver中,为集群提供Node、 Pods资源利用率指标。

metric组件的yaml文件可以在github拉取,国内网络不允许,需要合适的加速器

查看node资源消耗

bash 复制代码
kubectl top node <node name>

[root@k8s-master ~]# kubectl top nodes
NAME         CPU(cores)   CPU%   MEMORY(bytes)   MEMORY%   
k8s-master   292m         14%    1154Mi          67%       
k8s-node1    169m         8%     706Mi           41%       
k8s-node2    220m         11%    883Mi           51%  

查看Pod资源消耗

bash 复制代码
kubectl top pod <pod name>

[root@k8s-master ~]# kubectl top pod nginx-test-d87b84fb7-lcvg7 -n test 
NAME                         CPU(cores)   MEMORY(bytes)   
nginx-test-d87b84fb7-lcvg7   0m           12Mi  

k8s日志

kubelet日志:

到对应的宿主机查看,使用

bash 复制代码
journalctl -u kubelet

pod组件日志:

bash 复制代码
kubectl logs <资源名称> -n <命名空间>

查看pod日志

bash 复制代码
[root@k8s-master ~]# kubectl logs nginx-test-d87b84fb7-lcvg7 -n test 
/docker-entrypoint.sh: /docker-entrypoint.d/ is not empty, will attempt to perform configuration
/docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
/docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
10-listen-on-ipv6-by-default.sh: info: Getting the checksum of /etc/nginx/conf.d/default.conf
10-listen-on-ipv6-by-default.sh: info: Enabled listen on IPv6 in /etc/nginx/conf.d/default.conf
/docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
/docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
/docker-entrypoint.sh: Configuration complete; ready for start up
2024/07/16 02:04:32 [notice] 1#1: using the "epoll" event method
2024/07/16 02:04:32 [notice] 1#1: nginx/1.23.4
2024/07/16 02:04:32 [notice] 1#1: built by gcc 10.2.1 20210110 (Debian 10.2.1-6) 
2024/07/16 02:04:32 [notice] 1#1: OS: Linux 3.10.0-1160.71.1.el7.x86_64
2024/07/16 02:04:32 [notice] 1#1: getrlimit(RLIMIT_NOFILE): 1048576:1048576
2024/07/16 02:04:32 [notice] 1#1: start worker processes
2024/07/16 02:04:32 [notice] 1#1: start worker process 29
2024/07/16 02:04:32 [notice] 1#1: start worker process 30

系统日志:

/var/log/messages

容器的标准输出日志:

bash 复制代码
kubectl logs <Pod名称>
kubectl logs -f <Pod名称> #-f可以动态显示日志

kubectl exec -it <Pod名称> -- bash  #进入pod内部查看标准输出日志
相关推荐
舞动CPU4 小时前
linux c/c++最高效的计时方法
linux·运维·服务器
皮锤打乌龟5 小时前
(干货)Jenkins使用kubernetes插件连接k8s的认证方式
运维·kubernetes·jenkins
钰@5 小时前
小程序开发者工具的network选项卡中有某域名的接口请求,但是在charles中抓不到该接口
运维·服务器·小程序
wanhengwangluo5 小时前
云服务器和物理服务器的区别有哪些?
运维·服务器
秦jh_6 小时前
【Linux】多线程(概念,控制)
linux·运维·前端
yaosheng_VALVE7 小时前
稀硫酸介质中 V 型球阀的材质选择与选型要点-耀圣
运维·spring cloud·自动化·intellij-idea·材质·1024程序员节
看山还是山,看水还是。7 小时前
Redis 配置
运维·数据库·redis·安全·缓存·测试覆盖率
扣得君7 小时前
C++20 Coroutine Echo Server
运维·服务器·c++20
keep__go8 小时前
Linux 批量配置互信
linux·运维·服务器·数据库·shell
矛取矛求8 小时前
Linux中给普通账户一次性提权
linux·运维·服务器