Quomodo aperire cuniculum in vasculo Kubernetes seu vase cum tcpservore et netcat

Nota. transl.: Haec practica nota ab creatore LayerCI praeclara est illustrationis apicibus & artificiis sic dictae pro Kubernetes (ac magis). Solutio hic proposita est una tantum ex paucis et fortasse non manifestissima (pro aliquibus casibus congruere potest "patria" una pro K8s iam dicta in comment. kubectl port-forward). Attamen permittit ut saltem quaestionem inspicias e prospectu utendi utendi classicis utilitatibus et ulterioribus coniungendis - simul simplex, flexibilis et potens (vide "alias notiones" in fine inspirationis).

Finge condicionem typicam: portum vis localis machinae tuae ad magicam transmittere negotiationem ad vasculum/continentem (vel vice versa).

Potest uti casibus

1. Reprehendo quid HTTP endpoint redit /healthz vasculum in productione botri.
2. Coniungere TCP debugger ad vasculum in machina locali.
3. Accedere ad datorum productionem e instrumentis datorum localibus sine molestia authenticas habere (solet localhost iura radicitus habet).
4. Migratio scriptionis tempus unum currite pro notitia in botro cervo sine vase creare pro eo.
5. Coniunge sessionem VNC ad legumen currentem virtualem desktop (vide XVFB).

Paucis verbis de necessariis instrumentis

Tcpserver — Patefacio fons utilitas in plerisque Linux sarcina repositoria praesto est. Permittit tibi portum localem aperire et negotiatio redirecta per stdin/sdout ab aliquo certo mandato ad eam recepta;

colin@colin-work:~$ tcpserver 127.0.0.1 8080 echo -e 'HTTP/1.0 200 OKrnContent-Length: 19rnrn<body>hello!</body>'&
[1] 17377
colin@colin-work:~$ curl localhost:8080
<body>hello!</body>colin@colin-work:~$

(asciinema.org)

Contrarium netcat facit. Portum apertum te permittit coniungere et I/O ab eo receptum ad stdin/stdout transire;

colin@colin-work:~$ nc -C httpstat.us 80
GET /200 HTTP/1.0
Host: httpstat.us
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.1
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=93fdbab9d364704de8ef77182b4d13811344b7dd1ec45d3a9682bbd6fa154ead;Path=/;HttpOnly;Domain=httpstat.us
Date: Fri, 01 Nov 2019 17:53:04 GMT
Connection: close
Content-Length: 0

^C
colin@colin-work:~$

(asciinema.org)

In exemplo superiore, netcat paginam per HTTP petit. Flag -C facitque CRLF ad finem lineae apponi.

Connection cum kubectl: audi hostiam et cum vasculo coniungere

Si superiora instrumenta cum kubectl coniungimus, praeceptum obtinemus sic:

tcpserver 127.0.0.1 8000 kubectl exec -i web-pod nc 127.0.0.1 8080

Per analogiam ad portum 80 intra vasculum accedere satis erit facere curl "127.0.0.1:80":

colin@colin-work:~$ sanic kubectl exec -it web-54dfb667b6-28n85 bash
root@web-54dfb667b6-28n85:/web# apt-get -y install netcat-openbsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
netcat-openbsd is already the newest version (1.195-2).
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
root@web-54dfb667b6-28n85:/web# exit
colin@colin-work:~$ tcpserver 127.0.0.1 8000 sanic kubectl exec -i web-54dfb667b6-28n85 nc 127.0.0.1 8080&
[1] 3232
colin@colin-work:~$ curl localhost:8000/healthz
{"status":"ok"}colin@colin-work:~$ exit

(asciinema.org)

Utilitas commercium tabula

In oppositum: vasculum audi et coniunge hostiam

nc 127.0.0.1 8000 | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

Hoc mandatum vasculum permittit accedere ad portum 8000 in machina locali.

Pagina script

Scripsi singulare scriptum pro Bash quod sinit vos ad productionem botri Kubernetes regendam LayerCIutendi modum supra scriptum;

kubetunnel() {
    POD="$1"
    DESTPORT="$2"
    if [ -z "$POD" -o -z "$DESTPORT" ]; then
        echo "Usage: kubetunnel [pod name] [destination port]"
        return 1
    fi
    pkill -f 'tcpserver 127.0.0.1 6666'
    tcpserver 127.0.0.1 6666 kubectl exec -i "$POD" nc 127.0.0.1 "$DESTPORT"&
    echo "Connect to 127.0.0.1:6666 to access $POD:$DESTPORT"
}

Si hoc munus addere to ~/.bashrc, , cuniculum facillime in folliculo cum imperio aperire potes kubetunnel web-pod 8080 et do curl localhost:6666.

• Nam cuniculum in Docker potes pro acie:

  tcpserver 127.0.0.1 6666 docker exec -i "$CONTAINER" nc 127.0.0.1 "$DESTPORT"

• in cuniculum K3s — mutare;

  tcpserver 127.0.0.1 6666 k3s kubectl exec …

• etc.

Aliae notiones

• UDP redirect potes traffic utens mandata netcat -l -u -c pro tcpserver и netcat -u pro netcat respectively.
• Visum I/O per pipe videntium:

  nc 127.0.0.1 8000 | pv --progress | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

• Potes comprimere et decompress traffic ad utrumque utens gzip.
• Connect per SSH ad alium computatrum cum file correspondentes kubeconfig:

  tcpserver ssh workcomputer "kubectl exec -i my-pod nc 127.0.0.1 80"

• Siliquas duas ligaturas in diversis utens coniungere potes mkfifo currunt duo mandata kubectl.

Facultates infinitae sunt!

PS ab translator

Lege etiam in nostro diario:

• «Instrumenta tincidunt applicationum in Kubernetes";
• «Kubernetes apicibus & praestigiis: de progressu locali ac telepraesentia";
• «kubectl-debug plugin for debugging in Kubernetes pods";
• «Utilis utilitas cum cooperante Kubernetes".

Source: www.habr.com