ProHoster > Π‘Π»ΠΎΠ³ > Administrasi > Cara mbukak trowongan ing pod utawa wadhah Kubernetes nganggo tcpserver lan netcat

Cara mbukak trowongan ing pod utawa wadhah Kubernetes nganggo tcpserver lan netcat

Cathetan. nerjemahake.: Cathetan praktis saka pangripta LayerCI iki minangka ilustrasi sing apik babagan tips & trik kanggo Kubernetes (lan liya-liyane). Solusi sing diusulake ing kene mung salah siji saka sawetara lan, mbok menawa, ora paling jelas (kanggo sawetara kasus, "native" kanggo K8s sing wis kasebut ing komentar bisa uga cocog. kubectl port-forward). Nanging, ngidini sampeyan paling sethithik ndeleng masalah saka perspektif nggunakake utilitas klasik lan luwih nggabungake - ing wektu sing padha prasaja, fleksibel lan kuat (ndeleng "ide liyane" ing pungkasan kanggo inspirasi).

Cara mbukak trowongan ing pod utawa wadhah Kubernetes nganggo tcpserver lan netcat

Mbayangno kahanan sing khas: sampeyan pengin port ing mesin lokal sampeyan bisa nerusake lalu lintas menyang pod / wadhah (utawa kosok balene).

Kasus panggunaan sing bisa ditindakake

  1. Priksa apa sing ngasilake titik pungkasan HTTP /healthz pod ing kluster produksi.
  2. Sambungake debugger TCP menyang pod ing mesin lokal.
  3. Entuk akses menyang basis data produksi saka alat basis data lokal tanpa kudu repot karo otentikasi (biasane localhost duwe hak root).
  4. Jalanake skrip migrasi siji-wektu kanggo data ing kluster pementasan tanpa kudu nggawe wadhah kasebut.
  5. Sambungake sesi VNC menyang pod sing nganggo desktop virtual (pirsani XVFB).

Sawetara tembung babagan alat sing dibutuhake

Tcpserver - Utilitas Open Source kasedhiya ing paling repositori paket Linux. Ngidini sampeyan mbukak port lokal lan ngarahake lalu lintas sing ditampa liwat stdin/stdout saka prentah sing ditemtokake:

colin@colin-work:~$ tcpserver 127.0.0.1 8080 echo -e 'HTTP/1.0 200 OKrnContent-Length: 19rnrn<body>hello!</body>'&
[1] 17377
colin@colin-work:~$ curl localhost:8080
<body>hello!</body>colin@colin-work:~$

(asciinema.org)

Netcat nindakake sebaliknya. Iki ngidini sampeyan nyambung menyang port sing mbukak lan ngirim I / O sing ditampa saka stdin / stdout:

colin@colin-work:~$ nc -C httpstat.us 80
GET /200 HTTP/1.0
Host: httpstat.us
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.1
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=93fdbab9d364704de8ef77182b4d13811344b7dd1ec45d3a9682bbd6fa154ead;Path=/;HttpOnly;Domain=httpstat.us
Date: Fri, 01 Nov 2019 17:53:04 GMT
Connection: close
Content-Length: 0

^C
colin@colin-work:~$

(asciinema.org)

Ing conto ing ndhuwur, netcat njaluk kaca liwat HTTP. GendΓ©ra -C nyebabake kanggo nambah CRLF ing mburi baris.

Sambungan karo kubectl: ngrungokake host lan nyambung menyang pod

Yen kita gabungke alat ing ndhuwur karo kubectl, kita entuk printah kaya iki:

tcpserver 127.0.0.1 8000 kubectl exec -i web-pod nc 127.0.0.1 8080

Kanthi analogi, kanggo ngakses port 80 ing njero pod bakal cukup curl "127.0.0.1:80":

colin@colin-work:~$ sanic kubectl exec -it web-54dfb667b6-28n85 bash
root@web-54dfb667b6-28n85:/web# apt-get -y install netcat-openbsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
netcat-openbsd is already the newest version (1.195-2).
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
root@web-54dfb667b6-28n85:/web# exit
colin@colin-work:~$ tcpserver 127.0.0.1 8000 sanic kubectl exec -i web-54dfb667b6-28n85 nc 127.0.0.1 8080&
[1] 3232
colin@colin-work:~$ curl localhost:8000/healthz
{"status":"ok"}colin@colin-work:~$ exit

(asciinema.org)

Cara mbukak trowongan ing pod utawa wadhah Kubernetes nganggo tcpserver lan netcat
Diagram interaksi sarana

Ing arah ngelawan: ngrungokake ing pod lan nyambung menyang inang

nc 127.0.0.1 8000 | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

Printah iki ngidini pod ngakses port 8000 ing mesin lokal.

Skrip Bash

Aku nulis skrip khusus kanggo Bash sing ngidini sampeyan ngatur klompok produksi Kubernetes LapisanCInggunakake metode kasebut ing ndhuwur:

kubetunnel() {
    POD="$1"
    DESTPORT="$2"
    if [ -z "$POD" -o -z "$DESTPORT" ]; then
        echo "Usage: kubetunnel [pod name] [destination port]"
        return 1
    fi
    pkill -f 'tcpserver 127.0.0.1 6666'
    tcpserver 127.0.0.1 6666 kubectl exec -i "$POD" nc 127.0.0.1 "$DESTPORT"&
    echo "Connect to 127.0.0.1:6666 to access $POD:$DESTPORT"
}

Yen sampeyan nambah fungsi iki kanggo ~/.bashrc, sampeyan bisa kanthi gampang mbukak trowongan ing pod kanthi printah kubetunnel web-pod 8080 lan nindakake curl localhost:6666.

  • Kanggo trowongan ing docker sampeyan bisa ngganti baris utama karo: 
    tcpserver 127.0.0.1 6666 docker exec -i "$CONTAINER" nc 127.0.0.1 "$DESTPORT"
  • kanggo trowongan ing K3s - ganti dadi: 
    tcpserver 127.0.0.1 6666 k3s kubectl exec …
  • lan liya-liyane.

Gagasan liyane

  • Sampeyan bisa ngarahake lalu lintas UDP nggunakake printah netcat -l -u -c tinimbang tcpserver ΠΈ netcat -u tinimbang netcat masing-masing.
  • Ndeleng I/O liwat pipe viewer:

    nc 127.0.0.1 8000 | pv --progress | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

  • Sampeyan bisa compress lan decompress lalu lintas ing loro ends nggunakake gzip.
  • Sambungake liwat SSH menyang komputer liyane kanthi file sing cocog kubeconfig:

    tcpserver ssh workcomputer "kubectl exec -i my-pod nc 127.0.0.1 80"

  • Sampeyan bisa nyambungake rong pods ing kluster beda nggunakake mkfifo lan mbukak loro printah kapisah kubectl.

Π’Π’Π·ΠΌ Π± Π±Π΅Π΅Π΅

PS saka penerjemah

Waca uga ing blog kita:

Source: www.habr.com

Add a comment