一、集群可用性验证
1. 验证节点
[root@master ~]# kubectl get node # 全部为Ready,
是正常
NAME STATUS ROLES AGE
VERSION
k8s-node01 Ready <none> 156m
v1.28.2
k8s-node02 Ready <none> 155m
v1.28.2
master Ready control-plane 157m
v1.28.2
2. 验证 Pod
[root@master ~]# kubectl get po -A # 全部为
running,表示正常
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system calico-kube-controllers-
6d48795585-wj8g5 1/1 Running 0
156m
kube-system calico-node-bk4p5
1/1 Running 0 156m
kube-system calico-node-kmsh7
1/1 Running 0 156m
kube-system calico-node-qthgh
1/1 Running 0 156m
kube-system coredns-6554b8b87f-jdc2b
1/1 Running 0
159m
kube-system coredns-6554b8b87f-thftb
1/1 Running 0
159m
kube-system etcd-master
1/1 Running 0 159m
kube-system kube-apiserver-master
1/1 Running 0 159m
kube-system kube-controller-managermaster 1/1 Running 0
159m
kube-system kube-proxy-9sxt9
1/1 Running 0
5m6s
kube-system kube-proxy-g79z5
1/1 Running 0
5m7s
kube-system kube-proxy-scwgn
1/1 Running 0
5m9s
kube-system kube-scheduler-master
1/1 Running 0 159m
kube-system metrics-server-8df99c47fmkbfd 1/1 Running 0
154m
kubernetes-dashboard dashboard-metrics-scraper-
7b554c884f-92jwb 1/1 Running 0
24m
kubernetes-dashboard kubernetes-dashboard-
54b699784c-f7trp 1/1 Running 024m
3. 验证集群⽹段是否冲突
三⽅⽹段均不冲突( service 、 Pod 、宿主机)
[root@master ~]# kubectl get svc # 查看服务的⽹段
NAME TYPE CLUSTER-IP EXTERNAL-IPPORT(S) AGE
kubernetes ClusterIP 10.96.0.1 <none>
443/TCP 160m
[root@master ~]# kubectl get po -A -owide # 查看
所有命名空间下的所有⽹段,再与服务的⽹段进⾏⽐较
NAMESPACE NAME READY STATUS RESTARTS AGEIP NODE NOMINATED NODE
READINESS GATES
kube-system calico-kube-controllers-
6d48795585-wj8g5 1/1 Running 0
158m 172.16.58.194 k8s-node02 <none> <none>
kube-system calico-node-bk4p5
1/1 Running 0 158m
192.168.15.22 k8s-node01 <none>
<none>
kube-system calico-node-kmsh7
1/1 Running 0 158m
192.168.15.33 k8s-node02 <none>
<none>
kube-system calico-node-qthgh
1/1 Running 0 158m
192.168.15.11 master <none>
<none>
kube-system coredns-6554b8b87f-jdc2b
1/1 Running 0
160m 172.16.58.195 k8s-node02 <none> <none>
kube-system coredns-6554b8b87f-thftb
1/1 Running 0
160m 172.16.58.193 k8s-node02 <none> <none>
kube-system etcd-master
1/1 Running 0 160m
192.168.15.11 master <none>
<none>
kube-system kube-apiserver-master
1/1 Running 0 160m
192.168.15.11 master <none>
<none>
kube-system kube-controller-managermaster 1/1 Running 0
160m 192.168.15.11 master <none> <none>
kube-system kube-proxy-9sxt9
1/1 Running 0
6m29s 192.168.15.11 master <none> <none>
kube-system kube-proxy-g79z5
1/1 Running 0
6m30s 192.168.15.33 k8s-node02 <none> <none>
kube-system kube-proxy-scwgn
1/1 Running 0
6m32s 192.168.15.22 k8s-node01 <none> <none>
kube-system kube-scheduler-master
1/1 Running 0 160m
192.168.15.11 master <none>
<none>
kube-system metrics-server-8df99c47fmkbfd 1/1 Running 0
155m 172.16.85.193 k8s-node01 <none> <none>
kubernetes-dashboard dashboard-metrics-scraper-
7b554c884f-92jwb 1/1 Running 0
25m 172.16.85.195 k8s-node01 <none> <none>
kubernetes-dashboard kubernetes-dashboard-
54b699784c-f7trp 1/1 Running 025m 172.16.85.194 k8s-node01 <none> <none>
4. 验证是否可正常创建参数
[root@master ~]# kubectl create deploy clustertest --image=registry.cnbeijing.aliyuncs.com/dotbalo/debug-tools -- sleep
3600
deployment.apps/cluster-test created # 已创建,表
示正常
[root@master ~]# kubectl get po
NAME READY STATUS
RESTARTS AGE
cluster-test-66bb44bd88-sq8fx 1/1 Running
0 41s
[root@master ~]# kubectl get po -owide
NAME READY STATUS
RESTARTS AGE IP NODE
NOMINATED NODE READINESS GATES
cluster-test-66bb44bd88-sq8fx 1/1 Running
0 48s 172.16.58.196 k8s-node02
<none> <none>
5. Pod 必须能够解析 Service
同 namespace 和跨 namespace
( 1 ) nslookup kubernetes
[root@master ~]# kubectl exec -it cluster-test-
66bb44bd88-sq8fx -- bash # 进⼊pod下的某个容器
(06:36 cluster-test-66bb44bd88-sq8fx:/) nslookup
kubernetes
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kubernetes.default.svc.cluster.local
Address: 10.96.0.1
# 可以解析到server的IP地址说明同namespace可以解析
( 2 ) nslookup kube-dns.kube-system
(06:36 cluster-test-66bb44bd88-sq8fx:/) nslookup
kube-dns.kube-system
Server: 10.96.0.10
Address: 10.96.0.10#53
Name: kube-dns.kube-system.svc.cluster.local
Address: 10.96.0.10
# 可以解析到server的第⼗个ip,说明可以解析到kube-dns,说
明跨namespace也可解析
6. 确认是否可访问 Kubernetes 的 443 和 kube-dns 的 53
每个节点都必须能访问 Kubernetes 的 kubernetes svc 443 和kube-dns 的 service 53
[root@master ~]# curl https://10.96.0.1:443
curl: (60) SSL certificate problem: unable to get
local issuer certificate
More details here:
https://curl.haxx.se/docs/sslcerts.html
curl failed to verify the legitimacy of the server
and therefore could not
establish a secure connection to it. To learn more
about this situation and
how to fix it, please visit the web page mentioned
above.
[root@master ~]# curl 10.96.0.10:53
curl: (52) Empty reply from server
7. 确认各 Pod 之间是否可正常通信
同 namespace 和跨 namespace
[root@master ~]# kubectl get po -nkube-system -
owide
NAME READY
STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
calico-kube-controllers-6d48795585-wj8g5 1/1
Running 0 170m 172.16.58.194 k8snode02 <none> <none>
calico-node-bk4p5 1/1
Running 0 170m 192.168.15.22 k8snode01 <none> <none>
calico-node-kmsh7 1/1
Running 0 170m 192.168.15.33 k8snode02 <none> <none>
calico-node-qthgh 1/1
Running 0 170m 192.168.15.11 master<none> <none>
coredns-6554b8b87f-jdc2b 1/1
Running 0 173m 172.16.58.195 k8snode02 <none> <none>
coredns-6554b8b87f-thftb 1/1
Running 0 173m 172.16.58.193 k8snode02 <none> <none>
etcd-master 1/1
Running 0 173m 192.168.15.11 master<none> <none>
kube-apiserver-master 1/1
Running 0 173m 192.168.15.11 master<none> <none>
kube-controller-manager-master 1/1
Running 0 173m 192.168.15.11 master<none> <none>
kube-proxy-9sxt9 1/1
Running 0 19m 192.168.15.11 master<none> <none>
kube-proxy-g79z5 1/1
Running 0 19m 192.168.15.33 k8snode02 <none> <none>
kube-proxy-scwgn 1/1
Running 0 19m 192.168.15.22 k8snode01 <none> <none>
kube-scheduler-master 1/1
Running 0 173m 192.168.15.11 master<none> <none>
metrics-server-8df99c47f-mkbfd 1/1
Running 0 168m 172.16.85.193 k8snode01 <none> <none>
[root@master ~]# kubectl get po -owide
NAME READY STATUS
RESTARTS AGE IP NODE
NOMINATED NODE READINESS GATES
cluster-test-66bb44bd88-sq8fx 1/1 Running
0 12m 172.16.58.196 k8s-node02
<none> <none>
[root@master ~]# kubectl exec -it cluster-test-
66bb44bd88-sq8fx -- bash
(06:46 cluster-test-66bb44bd88-sq8fx:/) ping
172.16.58.195 -c 3
PING 172.16.58.195 (172.16.58.195) 56(84) bytes of
data.
64 bytes from 172.16.58.195: icmp_seq=1 ttl=63
time=0.455 ms
64 bytes from 172.16.58.195: icmp_seq=2 ttl=63
time=0.082 ms
64 bytes from 172.16.58.195: icmp_seq=3 ttl=63
time=0.082 ms
--- 172.16.58.195 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss,
time 2083ms
rtt min/avg/max/mdev = 0.082/0.206/0.455/0.176 ms
同机器和跨机器
[root@master ~]# kubectl get po -owide
NAME READY STATUS
RESTARTS AGE IP NODE
NOMINATED NODE READINESS GATES
cluster-test-66bb44bd88-sq8fx 1/1 Running
0 13m 172.16.58.196 k8s-node02
<none> <none>
[root@master ~]# ping 172.16.58.196 -c 3
PING 172.16.58.196 (172.16.58.196) 56(84) bytes of
data.
64 bytes from 172.16.58.196: icmp_seq=1 ttl=63
time=0.676 ms
64 bytes from 172.16.58.196: icmp_seq=2 ttl=63
time=0.303 ms
64 bytes from 172.16.58.196: icmp_seq=3 ttl=63
time=0.284 ms
--- 172.16.58.196 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss,
time 2043ms
rtt min/avg/max/mdev = 0.284/0.421/0.676/0.180 ms