Pehea e wehe ai i kahi tunnel ma kahi pahu Kubernetes a i ʻole pahu me ka tcpserver a me ka netcat

Nānā. unuhi.: ʻO kēia memo kūpono mai ka mea nāna i hana iā LayerCI he hōʻailona maikaʻi loa ia o nā mea i kapa ʻia ʻo nā ʻōlelo aʻoaʻo a me nā hoʻopunipuni no Kubernetes (a ʻoi aku). ʻO ka hoʻonā i manaʻo ʻia ma ʻaneʻi he hoʻokahi wale nō o nā mea liʻiliʻi a, ʻaʻole paha, ʻaʻole i maopopo loa (no kekahi mau hihia, ʻo ka "kūpono" no K8s i ʻōlelo ʻia ma nā ʻōlelo he kūpono paha. kubectl port-forward). Eia nō naʻe, hiki iā ʻoe ke nānā liʻiliʻi i ka pilikia mai ka manaʻo o ka hoʻohana ʻana i nā pono hana maʻamau a hoʻohui hou iā lākou - i ka manawa like maʻalahi, maʻalahi a ikaika (e ʻike i nā "manaʻo ʻē aʻe" ma ka hopena no ka hoʻoikaika ʻana).

E noʻonoʻo ʻoe i kahi kūlana maʻamau: makemake ʻoe i kahi awa ma kāu mīkini kūloko e hoʻouna aku i nā kaʻa i kahi pod/container (a i ʻole ʻē aʻe).

Hiki ke hoʻohana ʻia

1. E nānā i ka mea e hoʻihoʻi mai ai ka hopena HTTP /healthz pod i loko o ka hui hana.
2. Hoʻohui i kahi debugger TCP i ka pod ma ka mīkini kūloko.
3. E kiʻi i ka ʻikepili hana mai nā mea hana ʻikepili kūloko me ka ʻole e hoʻopilikia i ka hōʻoia (ʻo ka maʻamau he kuleana kumu ko localhost).
4. E holo i ka palapala neʻe hoʻokahi manawa no ka ʻikepili i loko o kahi pūʻulu hoʻokūkū me ka ʻole e hana i kahi pahu no ia.
5. Hoʻohui i kahi hālāwai VNC i kahi pod e holo ana i kahi papapihi virtual (e ʻike i ka XVFB).

He mau hua'ōlelo e pili ana i nā mea hana pono

Tcpserver - Loaʻa kahi pono Open Source i ka hapa nui o nā waihona waihona Linux. Hāʻawi ia iā ʻoe e wehe i kahi awa kūloko a hoʻihoʻi hou i nā kaʻa i loaʻa ma o stdin/stdout mai kekahi kauoha i kuhikuhi ʻia iā ia:

colin@colin-work:~$ tcpserver 127.0.0.1 8080 echo -e 'HTTP/1.0 200 OKrnContent-Length: 19rnrn<body>hello!</body>'&
[1] 17377
colin@colin-work:~$ curl localhost:8080
<body>hello!</body>colin@colin-work:~$

(asciinema.org)

Hana ʻo Netcat i ka ʻokoʻa. Hiki iā ʻoe ke hoʻohui i kahi awa hāmama a hāʻawi i ka I/O i loaʻa mai ia mea i stdin/stdout:

colin@colin-work:~$ nc -C httpstat.us 80
GET /200 HTTP/1.0
Host: httpstat.us
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.1
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=93fdbab9d364704de8ef77182b4d13811344b7dd1ec45d3a9682bbd6fa154ead;Path=/;HttpOnly;Domain=httpstat.us
Date: Fri, 01 Nov 2019 17:53:04 GMT
Connection: close
Content-Length: 0

^C
colin@colin-work:~$

(asciinema.org)

Ma ka laʻana i luna, noi ʻo netcat i ka ʻaoʻao ma HTTP. Hae -C e hoʻopili iā CRLF i ka hope o ka laina.

Pili me kubectl: hoʻolohe i ka mea hoʻokipa a hoʻopili i ka pod

Inā hoʻohui mākou i nā mea hana i luna me kubectl, loaʻa iā mākou kahi kauoha e like me kēia:

tcpserver 127.0.0.1 8000 kubectl exec -i web-pod nc 127.0.0.1 8080

Ma ka hoʻohālikelike, e komo i ke awa 80 i loko o ka pod e lawa ia e hana curl "127.0.0.1:80":

colin@colin-work:~$ sanic kubectl exec -it web-54dfb667b6-28n85 bash
root@web-54dfb667b6-28n85:/web# apt-get -y install netcat-openbsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
netcat-openbsd is already the newest version (1.195-2).
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
root@web-54dfb667b6-28n85:/web# exit
colin@colin-work:~$ tcpserver 127.0.0.1 8000 sanic kubectl exec -i web-54dfb667b6-28n85 nc 127.0.0.1 8080&
[1] 3232
colin@colin-work:~$ curl localhost:8000/healthz
{"status":"ok"}colin@colin-work:~$ exit

(asciinema.org)

Kiʻikuhi pili pono

Ma ka ʻaoʻao ʻē aʻe: hoʻolohe i ka pod a hoʻopili i ka mea hoʻokipa

nc 127.0.0.1 8000 | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

Hāʻawi kēia kauoha i ka pod e komo i ke awa 8000 ma ka mīkini kūloko.

Palapala Bash

Ua kākau wau i kahi palapala kūikawā no Bash e hiki ai iā ʻoe ke hoʻokele i kahi hui hana Kubernetes LayerCIme ka hoʻohana ʻana i ke ala i hōʻike ʻia ma luna nei:

kubetunnel() {
    POD="$1"
    DESTPORT="$2"
    if [ -z "$POD" -o -z "$DESTPORT" ]; then
        echo "Usage: kubetunnel [pod name] [destination port]"
        return 1
    fi
    pkill -f 'tcpserver 127.0.0.1 6666'
    tcpserver 127.0.0.1 6666 kubectl exec -i "$POD" nc 127.0.0.1 "$DESTPORT"&
    echo "Connect to 127.0.0.1:6666 to access $POD:$DESTPORT"
}

Inā ʻoe e hoʻohui i kēia hana i ~/.bashrc, hiki iā ʻoe ke wehe maʻalahi i kahi tunnel i loko o kahi pod me ke kauoha kubetunnel web-pod 8080 a hana curl localhost:6666.

• No ka tunnel i loko Docker hiki iā ʻoe ke pani i ka laina nui me:

  tcpserver 127.0.0.1 6666 docker exec -i "$CONTAINER" nc 127.0.0.1 "$DESTPORT"

• no ka tunnel i loko K3s - hoʻololi iā:

  tcpserver 127.0.0.1 6666 k3s kubectl exec …

• a pēlā aku nō.

Nā manaʻo ʻē aʻe

• Hiki iā ʻoe ke hoʻihoʻi hou i ka lele UDP me ka hoʻohana ʻana i nā kauoha netcat -l -u -c ma kahi o tcpserver и netcat -u ma kahi o netcat ʻo kēlā me kēia.
• Nānā I/O ma o ka paipu nānā:

  nc 127.0.0.1 8000 | pv --progress | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

• Hiki iā ʻoe ke hoʻopaʻa a hoʻokaʻawale i nā kaʻa ma nā ʻaoʻao ʻelua me ka hoʻohana ʻana gzip.
• Hoʻohui ma SSH i kahi kamepiula ʻē aʻe me ka faila pili kubeconfig:

  tcpserver ssh workcomputer "kubectl exec -i my-pod nc 127.0.0.1 80"

• Hiki iā ʻoe ke hoʻohui i ʻelua pods i nā hui like ʻole me ka hoʻohana ʻana mkfifo a holo i elua kauoha kaawale kubectl.

ʻAʻole pau nā mea hiki!

PS mai ka unuhi

E heluhelu pū ma kā mākou blog:

• «Nā mea hana no nā mea hoʻomohala o nā noi e holo ana ma Kubernetes";
• «Nā ʻōlelo aʻoaʻo a me nā hoʻopunipuni Kubernetes: e pili ana i ka hoʻomohala kūloko a me Telepresence";
• «kubectl-debug plugin no ka hoʻopau ʻana i nā pods Kubernetes";
• «Nā mea hoʻohana pono ke hana pū me Kubernetes".

Source: www.habr.com