Maitiro ekuvhura mugero muKubernetes pod kana mudziyo une tcpserver uye netcat

Cherechedza. transl.: Ichi chinyorwa chinoshanda kubva kumusiki weLayerCI mufananidzo wakanakisa weanonzi matipi & matipi eKubernetes (nezvimwe). Mhinduro inotsanangurwa pano ingori yevashoma uye, pamwe, isiri iyo iri pachena (kune zvimwe zviitiko, iyo "yekuzvarwa" yeK8s yatotaurwa mumashoko inogona kunge yakakodzera. kubectl port-forward) Nekudaro, zvinokutendera kuti utarise dambudziko kubva pakuona kwekushandisa zvechinyakare zvishandiso uye nekuwedzera kuzvisanganisa - panguva imwechete yakapusa, inochinjika uye ine simba (ona "mamwe mazano" kumagumo ekufemerwa).

Fungidzira mamiriro akajairwa: iwe unoda chiteshi pamushini wako wemunharaunda kuti uendese nemashiripiti traffic kune pod / mudziyo (kana zvinopesana).

Zvinogoneka kushandiswa zviitiko

1. Tarisa kuti HTTP endpoint inodzosa chii /healthz pod muchikwata chekugadzira.
2. Batanidza TCP debugger kune pod pamushini wemuno.
3. Wana mukana weiyo dhatabhesi yekugadzira kubva emunharaunda dhatabhesi maturusi pasina kunetsekana nekusimbisa (kazhinji localhost ine midzi kodzero).
4. Mhanyai imwe-nguva yekufambisa script yedata muchikwata chekugadzirisa pasina kugadzira mudziyo wayo.
5. Batanidza sesheni yeVNC kune pod inomhanyisa desktop desktop (ona XVFB).

Mashoko mashomanana pamusoro pezvishandiso zvinodiwa

Tcpserver — Open Source-утилита, доступная в большинстве репозиториев пакетов Linux. Она позволяет открыть локальный порт и перенаправить на него трафик, получаемый через stdin/stdout от любой указанной команды:

colin@colin-work:~$ tcpserver 127.0.0.1 8080 echo -e 'HTTP/1.0 200 OKrnContent-Length: 19rnrn<body>hello!</body>'&
[1] 17377
colin@colin-work:~$ curl localhost:8080
<body>hello!</body>colin@colin-work:~$

(asciinema.org)

Netcat inoita zvinopesana. Iyo inokutendera kuti ubatanidze kune yakavhurika chiteshi uye kupfuudza iyo I / O yakagamuchirwa kubva kwairi kuenda ku stdin/stdout:

colin@colin-work:~$ nc -C httpstat.us 80
GET /200 HTTP/1.0
Host: httpstat.us
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.1
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=93fdbab9d364704de8ef77182b4d13811344b7dd1ec45d3a9682bbd6fa154ead;Path=/;HttpOnly;Domain=httpstat.us
Date: Fri, 01 Nov 2019 17:53:04 GMT
Connection: close
Content-Length: 0

^C
colin@colin-work:~$

(asciinema.org)

Mumuenzaniso wepamusoro, netcat inokumbira peji pamusoro peHTTP. Flag -C inoita kuti iwedzere CRLF kusvika kumagumo emutsara.

Kubatana ne kubectl: teerera pane iyo host uye ubatanidze kune pod

Kana tikabatanidza maturusi ari pamusoro ne kubectl, tinowana rairo seizvi:

tcpserver 127.0.0.1 8000 kubectl exec -i web-pod nc 127.0.0.1 8080

Nekufananidza, kuwana port 80 mukati mepodhi ichave yakakwana kuita curl "127.0.0.1:80":

colin@colin-work:~$ sanic kubectl exec -it web-54dfb667b6-28n85 bash
root@web-54dfb667b6-28n85:/web# apt-get -y install netcat-openbsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
netcat-openbsd is already the newest version (1.195-2).
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
root@web-54dfb667b6-28n85:/web# exit
colin@colin-work:~$ tcpserver 127.0.0.1 8000 sanic kubectl exec -i web-54dfb667b6-28n85 nc 127.0.0.1 8080&
[1] 3232
colin@colin-work:~$ curl localhost:8000/healthz
{"status":"ok"}colin@colin-work:~$ exit

(asciinema.org)

Utility interaction diagram

Munzira yakapesana: teerera mupodhi uye ubatanidze kune muridzi

nc 127.0.0.1 8000 | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

Uyu murairo unobvumira iyo pod kuwana port 8000 pamushini wemuno.

Bash script

Ndakanyora yakakosha script yeBash iyo inokutendera iwe kubata Kubernetes yekugadzira cluster LayerCIuchishandisa nzira yatsanangurwa pamusoro apa:

kubetunnel() {
    POD="$1"
    DESTPORT="$2"
    if [ -z "$POD" -o -z "$DESTPORT" ]; then
        echo "Usage: kubetunnel [pod name] [destination port]"
        return 1
    fi
    pkill -f 'tcpserver 127.0.0.1 6666'
    tcpserver 127.0.0.1 6666 kubectl exec -i "$POD" nc 127.0.0.1 "$DESTPORT"&
    echo "Connect to 127.0.0.1:6666 to access $POD:$DESTPORT"
}

Kana iwe ukawedzera basa iri ku ~/.bashrc, unogona kuvhura nyore mugero mune pod nemurairo kubetunnel web-pod 8080 uye ita curl localhost:6666.

• Yemugero wekupinda Docker unogona kutsiva mutsara mukuru ne:

  tcpserver 127.0.0.1 6666 docker exec -i "$CONTAINER" nc 127.0.0.1 "$DESTPORT"

• ye tunnel in K3s - shandura kuti:

  tcpserver 127.0.0.1 6666 k3s kubectl exec …

• uye zvakadaro.

Mamwe mazano

• Iwe unogona kutungamira UDP traffic uchishandisa iyo mirairo netcat -l -u -c panzvimbo ye tcpserver и netcat -u panzvimbo ye netcat maererano.
• Tarisa I/O kuburikidza nemuoni wepombi:

  nc 127.0.0.1 8000 | pv --progress | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

• Unogona kumanikidza uye decompress traffic pamativi ese uchishandisa gzip.
• Batanidza neSSH kune imwe komputa ine faira rinoenderana kubeconfig:

  tcpserver ssh workcomputer "kubectl exec -i my-pod nc 127.0.0.1 80"

• Unogona kubatanidza mapodhi maviri mumasumbu akasiyana uchishandisa mkfifo uye shandisa mirairo miviri yakasiyana kubectl.

Возмоamva.

PS kubva kumushanduri

Verenga zvakare pablog yedu:

• «Zvishandiso zvevagadziri vezvishandiso zvinomhanya paKubernetes";
• «Kubernetes matipi & matipi: nezve budiriro yenzvimbo uye Telepresence";
• «kubectl-debug plugin ye debugging muKubernetes pods";
• «Zvishandiso zvinobatsira paunenge uchishanda neKubernetes".

Source: www.habr.com