Yadda ake buɗe rami a cikin kwas ɗin Kubernetes ko akwati tare da tcpserver da netcat

Lura. fassara: Wannan bayanin kula mai amfani daga mahaliccin LayerCI kyakkyawan misali ne na abin da ake kira tukwici & dabaru don Kubernetes (da ƙari). Maganin da aka gabatar a nan ɗaya ne kawai daga cikin ƴan kaɗan kuma, watakila, ba mafi bayyane ba (ga wasu lokuta, "ɗan ƙasa" na K8s da aka riga aka ambata a cikin sharhin na iya dacewa da su. kubectl port-forward). Duk da haka, yana ba ku damar aƙalla duba matsalar ta hanyar yin amfani da kayan aikin gargajiya da kuma ƙara haɗa su - a lokaci guda mai sauƙi, sassauƙa da ƙarfi (duba "sauran ra'ayoyin" a karshen don wahayi).

Ka yi tunanin wani yanayi na yau da kullun: kana son tashar jiragen ruwa a kan na'ura na gida don tura zirga-zirga cikin sihiri zuwa kwafsa/kwantena (ko akasin haka).

Abubuwan da za a yi amfani da su

1. Duba abin da ƙarshen HTTP ya dawo /healthz kwafsa a cikin gungu na samarwa.
2. Haɗa mai gyara TCP zuwa kwafsa akan injin gida.
3. Samun damar yin amfani da bayanan samarwa daga kayan aikin bayanan gida ba tare da damuwa tare da tantancewa ba (yawanci localhost yana da haƙƙin tushen).
4. Gudanar da rubutun ƙaura na lokaci ɗaya don bayanai a cikin gungu mai tsarawa ba tare da ƙirƙirar akwati don shi ba.
5. Haɗa zaman VNC zuwa kwas ɗin tebur mai kama da tebur (duba XVFB).

Kalmomi kaɗan game da kayan aikin da ake buƙata

Tcpserver - Mai amfani Buɗewa yana samuwa a yawancin ma'ajiyar fakitin Linux. Yana ba ku damar buɗe tashar jiragen ruwa na gida da tura zirga-zirgar zirga-zirgar da aka karɓa ta hanyar stdin/stdout daga kowane takamaiman umarni zuwa gare shi:

colin@colin-work:~$ tcpserver 127.0.0.1 8080 echo -e 'HTTP/1.0 200 OKrnContent-Length: 19rnrn<body>hello!</body>'&
[1] 17377
colin@colin-work:~$ curl localhost:8080
<body>hello!</body>colin@colin-work:~$

(asciinema.org)

Netcat yayi akasin haka. Yana ba ku damar haɗawa zuwa buɗaɗɗen tashar jiragen ruwa kuma ku wuce I/O da aka karɓa daga gare ta zuwa stdin/stdout:

colin@colin-work:~$ nc -C httpstat.us 80
GET /200 HTTP/1.0
Host: httpstat.us
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.1
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=93fdbab9d364704de8ef77182b4d13811344b7dd1ec45d3a9682bbd6fa154ead;Path=/;HttpOnly;Domain=httpstat.us
Date: Fri, 01 Nov 2019 17:53:04 GMT
Connection: close
Content-Length: 0

^C
colin@colin-work:~$

(asciinema.org)

A cikin misalin da ke sama, netcat yana buƙatar shafin akan HTTP. Tuta -C yana sa shi haɗa CRLF zuwa ƙarshen layin.

Haɗi tare da kubectl: saurara a kan mai watsa shiri kuma haɗa zuwa kwafsa

Idan muka haɗa kayan aikin da ke sama tare da kubectl, muna samun umarni kamar haka:

tcpserver 127.0.0.1 8000 kubectl exec -i web-pod nc 127.0.0.1 8080

Ta hanyar kwatance, don samun damar tashar jiragen ruwa 80 a cikin kwaf ɗin zai isa a yi curl "127.0.0.1:80":

colin@colin-work:~$ sanic kubectl exec -it web-54dfb667b6-28n85 bash
root@web-54dfb667b6-28n85:/web# apt-get -y install netcat-openbsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
netcat-openbsd is already the newest version (1.195-2).
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
root@web-54dfb667b6-28n85:/web# exit
colin@colin-work:~$ tcpserver 127.0.0.1 8000 sanic kubectl exec -i web-54dfb667b6-28n85 nc 127.0.0.1 8080&
[1] 3232
colin@colin-work:~$ curl localhost:8000/healthz
{"status":"ok"}colin@colin-work:~$ exit

(asciinema.org)

Jadawalin hulɗar mai amfani

A cikin kishiyar hanya: saurare a cikin kwafsa kuma haɗa zuwa mai watsa shiri

nc 127.0.0.1 8000 | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

Wannan umarnin yana ba da damar kwas ɗin don samun damar tashar jiragen ruwa 8000 akan injin gida.

Rubutun Bash

Na rubuta rubutu na musamman don Bash wanda ke ba ku damar sarrafa tarin samar da Kubernetes LayerCIta amfani da hanyar da aka bayyana a sama:

kubetunnel() {
    POD="$1"
    DESTPORT="$2"
    if [ -z "$POD" -o -z "$DESTPORT" ]; then
        echo "Usage: kubetunnel [pod name] [destination port]"
        return 1
    fi
    pkill -f 'tcpserver 127.0.0.1 6666'
    tcpserver 127.0.0.1 6666 kubectl exec -i "$POD" nc 127.0.0.1 "$DESTPORT"&
    echo "Connect to 127.0.0.1:6666 to access $POD:$DESTPORT"
}

Idan kun ƙara wannan aikin zuwa ~/.bashrc, zaka iya buɗe rami cikin sauƙi a cikin kwasfa tare da umarnin kubetunnel web-pod 8080 kuma yi curl localhost:6666.

• Don rami a ciki Docker zaka iya maye gurbin babban layin da:

  tcpserver 127.0.0.1 6666 docker exec -i "$CONTAINER" nc 127.0.0.1 "$DESTPORT"

• don tunnel in K3s ku - canza shi zuwa:

  tcpserver 127.0.0.1 6666 k3s kubectl exec …

• da sauransu.

Sauran ra'ayoyin

• Kuna iya tura zirga-zirgar UDP ta amfani da umarni netcat -l -u -c maimakon tcpserver и netcat -u maimakon netcat daidai da.
• Duba I/O ta mai duba bututu:

  nc 127.0.0.1 8000 | pv --progress | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

• Kuna iya damfara da rage cunkoson ababen hawa a kan iyakar biyu ta amfani da gzip.
• Haɗa ta hanyar SSH zuwa wata kwamfuta tare da fayil ɗin da ya dace kubeconfig:

  tcpserver ssh workcomputer "kubectl exec -i my-pod nc 127.0.0.1 80"

• Kuna iya haɗa kwasfa biyu a cikin gungu daban-daban ta amfani da mkfifo kuma gudanar da umarni daban-daban guda biyu kubectl.

Yiwuwar ba su da iyaka!

PS daga mai fassara

Karanta kuma a kan shafinmu:

• «Kayan aiki don masu haɓaka aikace-aikacen da ke gudana akan Kubernetes";
• «Kubernetes tukwici & dabaru: game da ci gaban gida da Telepresence";
• «kubectl-debug plugin don gyara kurakurai a cikin Kubernetes pods";
• «Abubuwan amfani masu amfani lokacin aiki tare da Kubernetes".

source: www.habr.com