标签:kube kubernetes kubelet -- etc 十二 概念 nginx k8s
官网:https://v1-19.docs.kubernetes.io/zh/docs/concepts/workloads/pods/ephemeral-containers/
说明
涉及k8s所有组件添加参数,修改前建议停止etcd,并且备份数据,实验过程中,etcd崩过一次未解决,
--feature-gates="EphemeralContainers=true"
给所有组件添加这一个选项,放在参数存放目录,
注:放在最末尾,注意双引号("")、反斜线(\),
实验步骤
#第一步 查找服务启动参数存放文件 [root@master03 system]# cat `ls /usr/lib/systemd/system | grep kube` | grep conf EnvironmentFile=/etc/kubernetes/cfg/kube-apiserver.conf EnvironmentFile=/etc/kubernetes/cfg/kube-controller-manager.conf EnvironmentFile=/etc/kubernetes/cfg/kubelet.conf EnvironmentFile=/etc/kubernetes/cfg/kube-proxy.conf EnvironmentFile=/etc/kubernetes/cfg/kube-scheduler.conf #第二步 停止etcd(所有master节点操作) systemctl stop etcd #第三步 在所有(node节点只有kubelet、kube-proxy也要修改,一样的方式)节点参数文件 添加参数 #过滤了所有参数文件夹,具体根据实际情况而定 [root@master03 cfg]# cat `ls | grep -e conf$` KUBE_APISERVER_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --advertise-address=172.16.1.12 \ --default-not-ready-toleration-seconds=360 \ --default-unreachable-toleration-seconds=360 \ --max-mutating-requests-inflight=2000 \ --max-requests-inflight=4000 \ --default-watch-cache-size=200 \ --delete-collection-workers=2 \ --bind-address=0.0.0.0 \ --secure-port=6443 \ --allow-privileged=true \ --service-cluster-ip-range=10.96.0.0/16 \ --service-node-port-range=10-52767 \ --enable-admission-plugins=NamespaceLifecycle,LimitRanger,ServiceAccount,ResourceQuota,NodeRestriction \ --authorization-mode=RBAC,Node \ --enable-bootstrap-token-auth=true \ --token-auth-file=/etc/kubernetes/cfg/token.csv \ --kubelet-client-certificate=/etc/kubernetes/ssl/server.pem \ --kubelet-client-key=/etc/kubernetes/ssl/server-key.pem \ --tls-cert-file=/etc/kubernetes/ssl/server.pem \ --tls-private-key-file=/etc/kubernetes/ssl/server-key.pem \ --client-ca-file=/etc/kubernetes/ssl/ca.pem \ --service-account-key-file=/etc/kubernetes/ssl/ca-key.pem \ --audit-log-maxage=30 \ --audit-log-maxbackup=3 \ --audit-log-maxsize=100 \ --audit-log-path=/var/log/kubernetes/k8s-audit.log \ --etcd-servers=https://172.16.1.11:2379,https://172.16.1.12:2379,https://172.16.1.13:2379 \ --etcd-cafile=/etc/etcd/ssl/ca.pem \ --etcd-certfile=/etc/etcd/ssl/etcd.pem \ --etcd-keyfile=/etc/etcd/ssl/etcd-key.pem \ --feature-gates="EphemeralContainers=true"" KUBE_CONTROLLER_MANAGER_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --leader-elect=true \ --cluster-name=kubernetes \ --bind-address=127.0.0.1 \ --allocate-node-cidrs=true \ --cluster-cidr=10.244.0.0/12 \ --service-cluster-ip-range=10.96.0.0/16 \ --cluster-signing-cert-file=/etc/kubernetes/ssl/ca.pem \ --cluster-signing-key-file=/etc/kubernetes/ssl/ca-key.pem \ --root-ca-file=/etc/kubernetes/ssl/ca.pem \ --service-account-private-key-file=/etc/kubernetes/ssl/ca-key.pem \ --kubeconfig=/etc/kubernetes/cfg/kube-controller-manager.kubeconfig \ --tls-cert-file=/etc/kubernetes/ssl/kube-controller-manager.pem \ --tls-private-key-file=/etc/kubernetes/ssl/kube-controller-manager-key.pem \ --experimental-cluster-signing-duration=87600h0m0s \ --controllers=*,bootstrapsigner,tokencleaner \ --use-service-account-credentials=true \ --node-monitor-grace-period=10s \ --horizontal-pod-autoscaler-use-rest-clients=true \ --feature-gates="EphemeralContainers=true"" KUBELET_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --hostname-override=master03 \ --container-runtime=docker \ --kubeconfig=/etc/kubernetes/cfg/kubelet.kubeconfig \ --bootstrap-kubeconfig=/etc/kubernetes/cfg/kubelet-bootstrap.kubeconfig \ --config=/etc/kubernetes/cfg/kubelet-config.yml \ --cert-dir=/etc/kubernetes/ssl \ --image-pull-progress-deadline=15m \ --pod-infra-container-image=registry.cn-hangzhou.aliyuncs.com/k8sos/pause:3.2 \ --feature-gates="EphemeralContainers=true"" KUBE_PROXY_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --config=/etc/kubernetes/cfg/kube-proxy-config.yml \ --feature-gates="EphemeralContainers=true"" KUBE_SCHEDULER_OPTS="--logtostderr=false \ --v=2 \ --log-dir=/var/log/kubernetes \ --kubeconfig=/etc/kubernetes/cfg/kube-scheduler.kubeconfig \ --leader-elect=true \ --master=http://127.0.0.1:8080 \ --bind-address=127.0.0.1 \ --feature-gates="EphemeralContainers=true"" #第四步yml文件添加参数 [root@master01 cfg]# vi kubelet-config.yml …… featureGates: EphemeralContainers: true # 第五步 启动服务 systemctl restart kube-apiserver kube-controller-manager kubelet kube-proxy kube-scheduler etcd systemctl status kube-apiserver kube-controller-manager kubelet kube-proxy kube-scheduler etcd | grep '(running)' #第六步 查看k8s集群状态 [root@master01 cfg]# kubectl get nodes NAME STATUS ROLES AGE VERSION master01 Ready master 12d v1.19.16 master02 Ready master 12d v1.19.16 master03 Ready master 12d v1.19.16 node01 Ready <none> 12d v1.19.16 node02 Ready <none> 12d v1.19.16
临时容器的使用
配置文件说明
cat ec.json
{
"apiVersion": "v1",
"kind": "EphemeralContainers",
"metadata": {
"name": "nginx-f89759699-pqbp7" #被注入的容器名字
},
"ephemeralContainers": [{
"command": [
"sh" #执行的命令
],
"image": "busybox", #注入容器名字
"imagePullPolicy": "IfNotPresent",
"name": "debug",
"stdin": true,
"tty": true,
"terminationMessagePolicy": "File"
}]
}
更新运行容器
[root@master01 yaml2]# kubectl replace --raw /api/v1/namespaces/default/pods/nginx-f89759699-pqbp7/ephemeralcontainers -f ec.json
{"kind":"EphemeralContainers","apiVersion":"v1","metadata":{"name":"nginx-f89759699-pqbp7","namespace":"default","selfLink":"/api/v1/namespaces/default/pods/nginx-f89759699-pqbp7/ephemeralcontainers","uid":"8ac26ecc-eb9c-463f-9f88-215a647dbae7","resourceVersion":"698000","creationTimestamp":"2021-12-08T03:05:08Z"},"ephemeralContainers":[{"name":"debug","image":"busybox","command":["sh"],"resources":{},"terminationMessagePolicy":"File","imagePullPolicy":"IfNotPresent","stdin":true,"tty":true}]}
#参数详解:default 容器所在命名空间名字,
# nginx-f89759699-pqbp7:被注入容器名字
查询更新结果
# 看不出任何变化 [root@master01 yaml2]# kubectl get pod NAME READY STATUS RESTARTS AGE nginx-f89759699-pqbp7 1/1 Running 4 7d5h [root@master01 yaml2]# kubectl describe pod nginx-f89759699-pqbp7 …… Normal SandboxChanged 60m kubelet Pod sandbox changed, it will be killed and re-created. Normal Pulling 60m kubelet Pulling image "nginx" Normal Pulled 60m kubelet Successfully pulled image "nginx" Normal Created 60m kubelet Created container nginx Normal Started 60m kubelet Started container nginx Warning FailedMount 58m kubelet MountVolume.SetUp failed for volume "default-token-2mc48" : failed to sync secret cache: timed out waiting for the condition Normal SandboxChanged 58m kubelet Pod sandbox changed, it will be killed and re-created. Normal Pulling 58m kubelet Pulling image "nginx" Normal Pulled 57m kubelet Successfully pulled image "nginx" Normal Created 57m kubelet Created container nginx Normal Started 57m kubelet Started container nginx Normal SandboxChanged 28m kubelet Pod sandbox changed, it will be killed and re-created. Normal Pulling 28m kubelet Pulling image "nginx" Normal Pulled 28m kubelet Successfully pulled image "nginx" in 15.358856363s Normal Created 28m kubelet Created container nginx Normal Started 28m kubelet Started container nginx Normal Pulling 4m50s kubelet Pulling image "busybox" Normal Pulled 4m33s kubelet Successfully pulled image "busybox" in 16.452286802s Normal Created 4m33s kubelet Created container debug Normal Started 4m33s kubelet Started container debug
进入我们刚刚注入的容器
kubectl exec -it nginx-f89759699-pqbp7 -c debug -- sh / # netstat -anptu Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN - tcp 0 0 :::80 :::* LISTEN -
标签:kube,kubernetes,kubelet,--,etc,十二,概念,nginx,k8s 来源: https://www.cnblogs.com/RRecal/p/15699459.html
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。