k8s基礎概念之十二
阿新 • • 發佈:2021-12-16
官網:https://v1-19.docs.kubernetes.io/zh/docs/concepts/workloads/pods/ephemeral-containers/
涉及k8s所有元件新增引數,修改前建議停止etcd,並且備份資料,實驗過程中,etcd崩過一次未解決,
--feature-gates="EphemeralContainers=true"
給所有元件新增這一個選項,放在引數存放目錄,
注:放在最末尾,注意雙引號("")、反斜線(\),
#第一步 查詢服務啟動引數存放檔案 [root@master03 system]# cat `ls /usr/lib/systemd/system | grep kube` | grep conf EnvironmentFile=/etc/kubernetes/cfg/kube-apiserver.conf EnvironmentFile=/etc/kubernetes/cfg/kube-controller-manager.conf EnvironmentFile=/etc/kubernetes/cfg/kubelet.conf EnvironmentFile=/etc/kubernetes/cfg/kube-proxy.conf EnvironmentFile=/etc/kubernetes/cfg/kube-scheduler.conf #第二步 停止etcd(所有master節點操作) systemctl stop etcd #第三步 在所有(node節點只有kubelet、kube-proxy也要修改,一樣的方式)節點引數檔案 新增引數 #過濾了所有引數資料夾,具體根據實際情況而定 [root@master03 cfg]# cat `ls | grep -e conf$` KUBE_APISERVER_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --advertise-address=172.16.1.12 \ --default-not-ready-toleration-seconds=360 \ --default-unreachable-toleration-seconds=360 \--max-mutating-requests-inflight=2000 \ --max-requests-inflight=4000 \ --default-watch-cache-size=200 \ --delete-collection-workers=2 \ --bind-address=0.0.0.0 \ --secure-port=6443 \ --allow-privileged=true \ --service-cluster-ip-range=10.96.0.0/16 \ --service-node-port-range=10-52767 \ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \ --enable-bootstrap-token-auth=true \ --token-auth-file=/etc/kubernetes/cfg/token.csv \ --kubelet-client-certificate=/etc/kubernetes/ssl/server.pem \ --kubelet-client-key=/etc/kubernetes/ssl/server-key.pem \ --tls-cert-file=/etc/kubernetes/ssl/server.pem \ --tls-private-key-file=/etc/kubernetes/ssl/server-key.pem \ --client-ca-file=/etc/kubernetes/ssl/ca.pem \ --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem \ --audit-log-maxage=30 \ --audit-log-maxbackup=3 \ --audit-log-maxsize=100 \ --audit-log-path=/var/log/kubernetes/k8s-audit.log \ --etcd-servers=https://172.16.1.11:2379,https://172.16.1.12:2379,https://172.16.1.13:2379 \ --etcd-cafile=/etc/etcd/ssl/ca.pem \ --etcd-certfile=/etc/etcd/ssl/etcd.pem \ --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem \ --feature-gates="EphemeralContainers=true"" KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --leader-elect=true \ --cluster-name=kubernetes \ --bind-address=127.0.0.1 \ --allocate-node-cidrs=true \ --cluster-cidr=10.244.0.0/12 \ --service-cluster-ip-range=10.96.0.0/16 \ --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \ --root-ca-file=/etc/kubernetes/ssl/ca.pem \ --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \ --kubeconfig=/etc/kubernetes/cfg/kube-controller-manager.kubeconfig \ --tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem \ --tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem \ --experimental-cluster-signing-duration=87600h0m0s \ --controllers=*,bootstrapsigner,tokencleaner \ --use-service-account-credentials=true \ --node-monitor-grace-period=10s \ --horizontal-pod-autoscaler-use-rest-clients=true \ --feature-gates="EphemeralContainers=true"" KUBELET_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --hostname-override=master03 \ --container-runtime=docker \ --kubeconfig=/etc/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig \ --config=/etc/kubernetes/cfg/kubelet-config.yml \ --cert-dir=/etc/kubernetes/ssl \ --image-pull-progress-deadline=15m \ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/k8sos/pause:3.2 \ --feature-gates="EphemeralContainers=true"" KUBE_PROXY_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --config=/etc/kubernetes/cfg/kube-proxy-config.yml \ --feature-gates="EphemeralContainers=true"" KUBE_SCHEDULER_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --kubeconfig=/etc/kubernetes/cfg/kube-scheduler.kubeconfig \ --leader-elect=true \ --master=http://127.0.0.1:8080 \ --bind-address=127.0.0.1 \ --feature-gates="EphemeralContainers=true"" #第四步yml檔案新增引數 [root@master01 cfg]# vi kubelet-config.yml …… featureGates: EphemeralContainers: true # 第五步 啟動服務 systemctl restart kube-apiserver kube-controller-manager kubelet kube-proxy kube-scheduler etcd systemctl status kube-apiserver kube-controller-manager kubelet kube-proxy kube-scheduler etcd | grep '(running)' #第六步 檢視k8s叢集狀態 [root@master01 cfg]# kubectl get nodes NAME STATUS ROLES AGE VERSION master01 Ready master 12d v1.19.16 master02 Ready master 12d v1.19.16 master03 Ready master 12d v1.19.16 node01 Ready <none> 12d v1.19.16 node02 Ready <none> 12d v1.19.16
臨時容器的使用
配置檔案說明
cat ec.json { "apiVersion": "v1", "kind": "EphemeralContainers", "metadata": { "name": "nginx-f89759699-pqbp7" #被注入的容器名字 }, "ephemeralContainers": [{ "command": [ "sh" #執行的命令 ], "image": "busybox", #注入容器名字 "imagePullPolicy": "IfNotPresent", "name": "debug", "stdin": true, "tty": true, "terminationMessagePolicy": "File" }] }
[root@master01 yaml2]# kubectl replace --raw /api/v1/namespaces/default/pods/nginx-f89759699-pqbp7/ephemeralcontainers -f ec.json {"kind":"EphemeralContainers","apiVersion":"v1","metadata":{"name":"nginx-f89759699-pqbp7","namespace":"default","selfLink":"/api/v1/namespaces/default/pods/nginx-f89759699-pqbp7/ephemeralcontainers","uid":"8ac26ecc-eb9c-463f-9f88-215a647dbae7","resourceVersion":"698000","creationTimestamp":"2021-12-08T03:05:08Z"},"ephemeralContainers":[{"name":"debug","image":"busybox","command":["sh"],"resources":{},"terminationMessagePolicy":"File","imagePullPolicy":"IfNotPresent","stdin":true,"tty":true}]} #引數詳解:default 容器所在名稱空間名字, # nginx-f89759699-pqbp7:被注入容器名字
# 看不出任何變化 [root@master01 yaml2]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-f89759699-pqbp7 1/1 Running 4 7d5h [root@master01 yaml2]# kubectl describe pod nginx-f89759699-pqbp7 …… Normal SandboxChanged 60m kubelet Pod sandbox changed, it will be killed and re-created. Normal Pulling 60m kubelet Pulling image "nginx" Normal Pulled 60m kubelet Successfully pulled image "nginx" Normal Created 60m kubelet Created container nginx Normal Started 60m kubelet Started container nginx Warning FailedMount 58m kubelet MountVolume.SetUp failed for volume "default-token-2mc48" : failed to sync secret cache: timed out waiting for the condition Normal SandboxChanged 58m kubelet Pod sandbox changed, it will be killed and re-created. Normal Pulling 58m kubelet Pulling image "nginx" Normal Pulled 57m kubelet Successfully pulled image "nginx" Normal Created 57m kubelet Created container nginx Normal Started 57m kubelet Started container nginx Normal SandboxChanged 28m kubelet Pod sandbox changed, it will be killed and re-created. Normal Pulling 28m kubelet Pulling image "nginx" Normal Pulled 28m kubelet Successfully pulled image "nginx" in 15.358856363s Normal Created 28m kubelet Created container nginx Normal Started 28m kubelet Started container nginx Normal Pulling 4m50s kubelet Pulling image "busybox" Normal Pulled 4m33s kubelet Successfully pulled image "busybox" in 16.452286802s Normal Created 4m33s kubelet Created container debug Normal Started 4m33s kubelet Started container debug
kubectl exec -it nginx-f89759699-pqbp7 -c debug -- sh / # netstat -anptu Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 :::80 :::* LISTEN -