Shulou(Shulou.com)06/01 Report--

This article is to share with you about how to get the Pod name according to PID in Kubernetes. The editor thinks it is very practical, so I share it with you. I hope you can get something after reading this article.

In the process of managing a Kubernetes cluster, we often encounter such a situation: we find that a certain process takes up a lot of resources on a node, but we don't know which container it is. Is there any way to quickly find the Pod name based on PID?

Suppose there is now a prometheus process with a PID of 14338:

In order to further mine information, there are two ways of thinking, one is to mine the information of the container corresponding to PID, and the other is to mine the information of Pod corresponding to PID.

1. Container ID

To obtain the ID of the container, you can view the cgroup information corresponding to PID:

$cat / proc/14338/cgroup11:blkio:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c10:cpuset:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c9:freezer:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c8:hugetlb:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c7:perf_event:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c6:cpuacct Cpu:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c5:pids:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c4:devices:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986aRa1a5133a4bcf1Universe d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c3lanetpriogramnetclsploughthe kubepodsspur burstableash pod018a8e4aaly4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c2:memory:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c1:name=systemd:/kubepods/burstable/pod8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/d6f24b62ea28e9e67f7bc06f98de083cc49454f353389cd396f5d3ac6448f19c

You can see that the container ID for this process is d6f24b62... You can optimize the above command to obtain the container ID directly:

$CID=$ (cat / proc/14338/cgroup | awk-F'/'{print $5}') $echo ${CID:0:8} d6f24b62

The last step is to obtain the Pod name according to the container ID. If your container runtime is containerd or crio, you can use crictl to get the container information:

# Go Template$ crictl inspect-o go-template-- template=' {{index .status.labels "io.kubernetes.pod.name"} 'd6f24b62prometheus-k8s-0# jq$ crictl inspect d6f24b62 | jq' .status.labels ["io.kubernetes.pod.name"]'"prometheus-k8s-0"

You can get the Pod name using either Go template or jq, depending on your preferences.

If your container runs as Docker, you can use the command line tool docker to get it, similar to the above.

2. Pod UID

Let's take a look at the second method, which first obtains the Pod UID directly according to PID:

$cat / proc/14338/mountinfo | grep "etc-hosts" | awk-F / {'print $6'} 8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1

Then get the Pod name according to Pod UID:

$crictl ps-o json | jq'. [] [] .labels | select (. ["io.kubernetes.pod.uid"] = = "8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1") |. ["io.kubernetes.pod.name"]'| uniq "prometheus-k8s-0" 3. Integration

With the method in place, how can you combine all the steps into one step to get the Pod name in one step? You can add a shell function to ~ / .bashrc, select method 1 above, and format it using go template (you can also use the other methods mentioned above, but you need to install jq):

Podinfo () {CID=$ (cat / proc/$1/cgroup | awk-F'/'{print $5}') CID=$ (echo ${CID:0:8}) crictl inspect-o go-template-- template=' {{index .status.labels "io.kubernetes.pod.name"}'$CID}

Execute the following command to make the changes take effect immediately:

$source ~ / .bashrc

You can then use this function to get the Pod name:

$podinfo 14338prometheus-k8s-04. infer other things from one fact

This idea can also be used to solve other problems. We should learn to cite examples. Let me give you an example. Many components in Kubernetes expose metrics through the HTTPS protocol, such as kubelet, so how do you use API to access these metrics?

First select a container, such as prometheus, and find its PID:

Ps-ef | grep "/ bin/prometheus" 1000 14338 14246 4 July 10? 04:29:02 / bin/prometheus-- web.console.templates=/etc/prometheus/consoles-- web.console.libraries=/etc/prometheus/console_libraries-- config.file=/etc/prometheus/config_out/prometheus.env.yaml-- storage.tsdb.path=/prometheus-- storage.tsdb.retention.time=24h-- web.enable-lifecycle-- storage.tsdb.no-lockfile-- web.route-prefix= / 1000 14402 14246 July 10? 00:00:10 / bin/prometheus-config-reloader-- log-format=logfmt-- reload-url= http://localhost:9090/-/reload-- config-file=/etc/prometheus/config/prometheus.yaml.gz-- config-envsubst-file=/etc/prometheus/config_out/prometheus.env.yamlroot 15956 555 0 18:19 pts/0 00:00:00 grep-- color=auto / bin/prometheus

Find Pod UID according to PID:

$cat / proc/14338/mountinfo | grep "etc-hosts" | awk-F / {'print $6'} 8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1

Find the token mount directory of Service Account according to Pod UID:

Total amount of ll / var/lib/kubelet/pods/8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/volumes/kubernetes.io~secret/prometheus-k8s-token-p7bgb/ 0lrwxrwxrwx 1 root root 13 July 10 21:24 ca.crt->.. data/ca.crtlrwxrwxrwx 1 root root 16 July 10 21:24 namespace->.. data/namespacelrwxrwxrwx 1 root root 12 July 10 21:24 token- >.. data/token

Get token information:

$export TOKEN=$ (cat / var/lib/kubelet/pods/8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/volumes/kubernetes.io~secret/prometheus-k8s-token-p7bgb/token)

Access metrics directly through curl:

$curl-s-H "Authorization: Bearer $TOKEN"-- cacert / var/lib/kubelet/pods/8e018a8e-4aaa-4ac6-986a-1a5133a4bcf1/volumes/kubernetes.io~secret/prometheus-k8s-token-p7bgb/ca.crt-- insecure https://127.0.0.1:10250/metrics/cadvisor

Of course, if you can find the certificates, keys, and CA certificates of the cluster administrator, and you can access them directly, I won't expand on them.

5. What a marvelous skill

Finally, I would like to introduce a strange way of thinking, although there are some small flaws, but the train of thought is very clever, we can learn from it. The hostname in the container created by Kubernetes corresponds to the Pod name. Along this way, we can get a more ingenious way to obtain the hostname of the container through the uts namespace of PID, and then we can know the Pod name. You can use nsenter as a tool:

$nsenter-t 14338-- uts hostnameprometheus-k8s-0

From this point of view, it is much more elegant than the above method, but there is a slight problem with this method. When the container runs in HostNetwork mode, hostname is the hostname of the host, so you can't get the Pod name in this way. Although it is not a general method, the idea can be used for reference. In addition to using nsenter to obtain the host name, it can also be obtained through environment variables. The command is as follows:

$xargs-0-L1-a / proc/14338/environ | grep HOSTNAMEHOSTNAME=prometheus-k8s-0

Explain these parameters:

-0: use null as the delimiter

-L: indicates how many lines are specified as a command line argument. -L1 means that 1 line is specified as the command line argument, that is, each line runs the command once. The role of xargs is to convert standard input into command-line arguments, and if xargs is not followed by the actual command to be executed, it means that the default echo is used. So the-L1 here means that each separated line runs the echo command once.

-a: read from a file, not from standard input.

If you don't understand, well, I did my best.

Finally, we recommend another project. You can find the PID of all containers and the corresponding Pod information. Project address: pid2pod.

Kubernetes 1.18.2 1.17.5 1.16.9 1.15.12 offline installation package release address http://store.lameleg.com, welcome to experience. The latest version of sealos v3.3.6 is used. The host name resolution configuration is optimized, lvscare mount / lib/module solves the boot ipvs loading problem, fixes the incompatibility between lvscare community netlink and 3.10 kernel, sealos generates century-old certificate and so on.

The above is how to get the Pod name according to PID in Kubernetes. The editor believes that there are some knowledge points that we may see or use in our daily work. I hope you can learn more from this article. For more details, please follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.