我的书签
添加书签
移除书签Application Introspection and Debugging
Once your application is running, you’ll inevitably need to debug problems with it. Earlier we described how you can use kubectl get pods to retrieve simple status information about your pods. But there are a number of ways to get even more information about your application.
Using kubectl describe pod to fetch details about pods
For this example we’ll use a Deployment to create two pods, similar to the earlier example.
application/nginx-with-request.yaml 
apiVersion: apps/v1kind: Deploymentmetadata:name: nginx-deploymentspec:selector:matchLabels:app: nginxreplicas: 2template:metadata:labels:app: nginxspec:containers:- name: nginximage: nginxresources:limits:memory: "128Mi"cpu: "500m"ports:- containerPort: 80
Create deployment by running following command:
kubectl apply -f https://k8s.io/examples/application/nginx-with-request.yaml
deployment.apps/nginx-deployment created
Check pod status by following command:
kubectl get pods
NAME READY STATUS RESTARTS AGEnginx-deployment-1006230814-6winp 1/1 Running 0 11snginx-deployment-1006230814-fmgu3 1/1 Running 0 11s
We can retrieve a lot more information about each of these pods using kubectl describe pod. For example:
kubectl describe pod nginx-deployment-1006230814-6winp
Name: nginx-deployment-1006230814-6winpNamespace: defaultNode: kubernetes-node-wul5/10.240.0.9Start Time: Thu, 24 Mar 2016 01:39:49 +0000Labels: app=nginx,pod-template-hash=1006230814Annotations: kubernetes.io/created-by={"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"nginx-deployment-1956810328","uid":"14e607e7-8ba1-11e7-b5cb-fa16" ...Status: RunningIP: 10.244.0.6Controllers: ReplicaSet/nginx-deployment-1006230814Containers:nginx:Container ID: docker://90315cc9f513c724e9957a4788d3e625a078de84750f244a40f97ae355eb1149Image: nginxImage ID: docker://6f62f48c4e55d700cf3eb1b5e33fa051802986b77b874cc351cce539e5163707Port: 80/TCPQoS Tier:cpu: Guaranteedmemory: GuaranteedLimits:cpu: 500mmemory: 128MiRequests:memory: 128Micpu: 500mState: RunningStarted: Thu, 24 Mar 2016 01:39:51 +0000Ready: TrueRestart Count: 0Environment: <none>Mounts:/var/run/secrets/kubernetes.io/serviceaccount from default-token-5kdvl (ro)Conditions:Type StatusInitialized TrueReady TruePodScheduled TrueVolumes:default-token-4bcbi:Type: Secret (a volume populated by a Secret)SecretName: default-token-4bcbiOptional: falseQoS Class: GuaranteedNode-Selectors: <none>Tolerations: <none>Events:FirstSeen LastSeen Count From SubobjectPath Type Reason Message--------- -------- ----- ---- ------------- -------- ------ -------54s 54s 1 {default-scheduler } Normal Scheduled Successfully assigned nginx-deployment-1006230814-6winp to kubernetes-node-wul554s 54s 1 {kubelet kubernetes-node-wul5} spec.containers{nginx} Normal Pulling pulling image "nginx"53s 53s 1 {kubelet kubernetes-node-wul5} spec.containers{nginx} Normal Pulled Successfully pulled image "nginx"53s 53s 1 {kubelet kubernetes-node-wul5} spec.containers{nginx} Normal Created Created container with docker id 90315cc9f51353s 53s 1 {kubelet kubernetes-node-wul5} spec.containers{nginx} Normal Started Started container with docker id 90315cc9f513
Here you can see configuration information about the container(s) and Pod (labels, resource requirements, etc.), as well as status information about the container(s) and Pod (state, readiness, restart count, events, etc.).
The container state is one of Waiting, Running, or Terminated. Depending on the state, additional information will be provided — here you can see that for a container in Running state, the system tells you when the container started.
Ready tells you whether the container passed its last readiness probe. (In this case, the container does not have a readiness probe configured; the container is assumed to be ready if no readiness probe is configured.)
Restart Count tells you how many times the container has been restarted; this information can be useful for detecting crash loops in containers that are configured with a restart policy of ‘always.’
Currently the only Condition associated with a Pod is the binary Ready condition, which indicates that the pod is able to service requests and should be added to the load balancing pools of all matching services.
Lastly, you see a log of recent events related to your Pod. The system compresses multiple identical events by indicating the first and last time it was seen and the number of times it was seen. “From” indicates the component that is logging the event, “SubobjectPath” tells you which object (e.g. container within the pod) is being referred to, and “Reason” and “Message” tell you what happened.
Example: debugging Pending Pods
A common scenario that you can detect using events is when you’ve created a Pod that won’t fit on any node. For example, the Pod might request more resources than are free on any node, or it might specify a label selector that doesn’t match any nodes. Let’s say we created the previous Deployment with 5 replicas (instead of 2) and requesting 600 millicores instead of 500, on a four-node cluster where each (virtual) machine has 1 CPU. In that case one of the Pods will not be able to schedule. (Note that because of the cluster addon pods such as fluentd, skydns, etc., that run on each node, if we requested 1000 millicores then none of the Pods would be able to schedule.)
kubectl get pods
NAME READY STATUS RESTARTS AGEnginx-deployment-1006230814-6winp 1/1 Running 0 7mnginx-deployment-1006230814-fmgu3 1/1 Running 0 7mnginx-deployment-1370807587-6ekbw 1/1 Running 0 1mnginx-deployment-1370807587-fg172 0/1 Pending 0 1mnginx-deployment-1370807587-fz9sd 0/1 Pending 0 1m
To find out why the nginx-deployment-1370807587-fz9sd pod is not running, we can use kubectl describe pod on the pending Pod and look at its events:
kubectl describe pod nginx-deployment-1370807587-fz9sd
Name: nginx-deployment-1370807587-fz9sdNamespace: defaultNode: /Labels: app=nginx,pod-template-hash=1370807587Status: PendingIP:Controllers: ReplicaSet/nginx-deployment-1370807587Containers:nginx:Image: nginxPort: 80/TCPQoS Tier:memory: Guaranteedcpu: GuaranteedLimits:cpu: 1memory: 128MiRequests:cpu: 1memory: 128MiEnvironment Variables:Volumes:default-token-4bcbi:Type: Secret (a volume populated by a Secret)SecretName: default-token-4bcbiEvents:FirstSeen LastSeen Count From SubobjectPath Type Reason Message--------- -------- ----- ---- ------------- -------- ------ -------1m 48s 7 {default-scheduler } Warning FailedScheduling pod (nginx-deployment-1370807587-fz9sd) failed to fit in any nodefit failure on node (kubernetes-node-6ta5): Node didn't have enough resource: CPU, requested: 1000, used: 1420, capacity: 2000fit failure on node (kubernetes-node-wul5): Node didn't have enough resource: CPU, requested: 1000, used: 1100, capacity: 2000
Here you can see the event generated by the scheduler saying that the Pod failed to schedule for reason FailedScheduling (and possibly others). The message tells us that there were not enough resources for the Pod on any of the nodes.
To correct this situation, you can use kubectl scale to update your Deployment to specify four or fewer replicas. (Or you could just leave the one Pod pending, which is harmless.)
Events such as the ones you saw at the end of kubectl describe pod are persisted in etcd and provide high-level information on what is happening in the cluster. To list all events you can use
kubectl get events
but you have to remember that events are namespaced. This means that if you’re interested in events for some namespaced object (e.g. what happened with Pods in namespace my-namespace) you need to explicitly provide a namespace to the command:
kubectl get events --namespace=my-namespace
To see events from all namespaces, you can use the --all-namespaces argument.
In addition to kubectl describe pod, another way to get extra information about a pod (beyond what is provided by kubectl get pod) is to pass the -o yaml output format flag to kubectl get pod. This will give you, in YAML format, even more information than kubectl describe pod--essentially all of the information the system has about the Pod. Here you will see things like annotations (which are key-value metadata without the label restrictions, that is used internally by Kubernetes system components), restart policy, ports, and volumes.
kubectl get pod nginx-deployment-1006230814-6winp -o yaml
apiVersion: v1kind: Podmetadata:annotations:kubernetes.io/created-by: |{"kind":"SerializedReference","apiVersion":"v1","reference":{"kind":"ReplicaSet","namespace":"default","name":"nginx-deployment-1006230814","uid":"4c84c175-f161-11e5-9a78-42010af00005","apiVersion":"extensions","resourceVersion":"133434"}}creationTimestamp: 2016-03-24T01:39:50ZgenerateName: nginx-deployment-1006230814-labels:app: nginxpod-template-hash: "1006230814"name: nginx-deployment-1006230814-6winpnamespace: defaultresourceVersion: "133447"uid: 4c879808-f161-11e5-9a78-42010af00005spec:containers:- image: nginximagePullPolicy: Alwaysname: nginxports:- containerPort: 80protocol: TCPresources:limits:cpu: 500mmemory: 128Mirequests:cpu: 500mmemory: 128MiterminationMessagePath: /dev/termination-logvolumeMounts:- mountPath: /var/run/secrets/kubernetes.io/serviceaccountname: default-token-4bcbireadOnly: truednsPolicy: ClusterFirstnodeName: kubernetes-node-wul5restartPolicy: AlwayssecurityContext: {}serviceAccount: defaultserviceAccountName: defaultterminationGracePeriodSeconds: 30volumes:- name: default-token-4bcbisecret:secretName: default-token-4bcbistatus:conditions:- lastProbeTime: nulllastTransitionTime: 2016-03-24T01:39:51Zstatus: "True"type: ReadycontainerStatuses:- containerID: docker://90315cc9f513c724e9957a4788d3e625a078de84750f244a40f97ae355eb1149image: nginximageID: docker://6f62f48c4e55d700cf3eb1b5e33fa051802986b77b874cc351cce539e5163707lastState: {}name: nginxready: truerestartCount: 0state:running:startedAt: 2016-03-24T01:39:51ZhostIP: 10.240.0.9phase: RunningpodIP: 10.244.0.6startTime: 2016-03-24T01:39:49Z
Example: debugging a down/unreachable node
Sometimes when debugging it can be useful to look at the status of a node — for example, because you’ve noticed strange behavior of a Pod that’s running on the node, or to find out why a Pod won’t schedule onto the node. As with Pods, you can use kubectl describe node and kubectl get node -o yaml to retrieve detailed information about nodes. For example, here’s what you’ll see if a node is down (disconnected from the network, or kubelet dies and won’t restart, etc.). Notice the events that show the node is NotReady, and also notice that the pods are no longer running (they are evicted after five minutes of NotReady status).
kubectl get nodes
NAME STATUS ROLES AGE VERSIONkubernetes-node-861h NotReady <none> 1h v1.13.0kubernetes-node-bols Ready <none> 1h v1.13.0kubernetes-node-st6x Ready <none> 1h v1.13.0kubernetes-node-unaj Ready <none> 1h v1.13.0
kubectl describe node kubernetes-node-861h
Name: kubernetes-node-861hRoleLabels: kubernetes.io/arch=amd64kubernetes.io/os=linuxkubernetes.io/hostname=kubernetes-node-861hAnnotations: node.alpha.kubernetes.io/ttl=0volumes.kubernetes.io/controller-managed-attach-detach=trueTaints: <none>CreationTimestamp: Mon, 04 Sep 2017 17:13:23 +0800Phase:Conditions:Type Status LastHeartbeatTime LastTransitionTime Reason Message---- ------ ----------------- ------------------ ------ -------OutOfDisk Unknown Fri, 08 Sep 2017 16:04:28 +0800 Fri, 08 Sep 2017 16:20:58 +0800 NodeStatusUnknown Kubelet stopped posting node status.MemoryPressure Unknown Fri, 08 Sep 2017 16:04:28 +0800 Fri, 08 Sep 2017 16:20:58 +0800 NodeStatusUnknown Kubelet stopped posting node status.DiskPressure Unknown Fri, 08 Sep 2017 16:04:28 +0800 Fri, 08 Sep 2017 16:20:58 +0800 NodeStatusUnknown Kubelet stopped posting node status.Ready Unknown Fri, 08 Sep 2017 16:04:28 +0800 Fri, 08 Sep 2017 16:20:58 +0800 NodeStatusUnknown Kubelet stopped posting node status.Addresses: 10.240.115.55,104.197.0.26Capacity:cpu: 2hugePages: 0memory: 4046788Kipods: 110Allocatable:cpu: 1500mhugePages: 0memory: 1479263Kipods: 110System Info:Machine ID: 8e025a21a4254e11b028584d9d8b12c4System UUID: 349075D1-D169-4F25-9F2A-E886850C47E3Boot ID: 5cd18b37-c5bd-4658-94e0-e436d3f110e0Kernel Version: 4.4.0-31-genericOS Image: Debian GNU/Linux 8 (jessie)Operating System: linuxArchitecture: amd64Container Runtime Version: docker://1.12.5Kubelet Version: v1.6.9+a3d1dfa6f4335Kube-Proxy Version: v1.6.9+a3d1dfa6f4335ExternalID: 15233045891481496305Non-terminated Pods: (9 in total)Namespace Name CPU Requests CPU Limits Memory Requests Memory Limits--------- ---- ------------ ---------- --------------- -------------......Allocated resources:(Total limits may be over 100 percent, i.e., overcommitted.)CPU Requests CPU Limits Memory Requests Memory Limits------------ ---------- --------------- -------------900m (60%) 2200m (146%) 1009286400 (66%) 5681286400 (375%)Events: <none>
kubectl get node kubernetes-node-861h -o yaml
apiVersion: v1kind: Nodemetadata:creationTimestamp: 2015-07-10T21:32:29Zlabels:kubernetes.io/hostname: kubernetes-node-861hname: kubernetes-node-861hresourceVersion: "757"uid: 2a69374e-274b-11e5-a234-42010af0d969spec:externalID: "15233045891481496305"podCIDR: 10.244.0.0/24providerID: gce://striped-torus-760/us-central1-b/kubernetes-node-861hstatus:addresses:- address: 10.240.115.55type: InternalIP- address: 104.197.0.26type: ExternalIPcapacity:cpu: "1"memory: 3800808Kipods: "100"conditions:- lastHeartbeatTime: 2015-07-10T21:34:32ZlastTransitionTime: 2015-07-10T21:35:15Zreason: Kubelet stopped posting node status.status: Unknowntype: ReadynodeInfo:bootID: 4e316776-b40d-4f78-a4ea-ab0d73390897containerRuntimeVersion: docker://UnknownkernelVersion: 3.16.0-0.bpo.4-amd64kubeProxyVersion: v0.21.1-185-gffc5a86098dc01kubeletVersion: v0.21.1-185-gffc5a86098dc01machineID: ""osImage: Debian GNU/Linux 7 (wheezy)systemUUID: ABE5F6B4-D44B-108B-C46A-24CCE16C8B6E
What’s next
Learn about additional debugging tools, including:
