Sida loo furo tunnel gudaha Kubernetes pod ama weel leh tcpserver iyo netcat

Ogow. turjumiQoraalkan wax ku oolka ah ee ka soo baxay abuuraha LayerCI waa sawir aad u fiican oo loogu yeero talooyinka iyo tabaha Kubernetes (iyo in ka badan). Xalka halkan lagu soo jeediyay waa mid ka mid ah kuwa yar oo, laga yaabee, ma aha kan ugu cad (xaaladaha qaarkood, kan "hooyo" ee K8s ee horay loogu sheegay faallooyinka ayaa laga yaabaa inuu ku habboon yahay. kubectl port-forward). Si kastaba ha ahaatee, waxay kuu ogolaaneysaa inaad ugu yaraan dhibaatada ka eegto isticmaalka qalabka qadiimiga ah oo aad si dheeraad ah u isku darsato - isla mar ahaantaana fudud, dabacsanaan iyo awood leh (eeg "fikradaha kale" dhamaadka dhiirigelinta).

Bal qiyaas xaalad caadi ah: waxaad rabtaa deked ku taal mishiinka deegaankaaga si aad si sax ah ugu gudbiso taraafikada boodhka/konteenada (ama lidkeeda).

Kiisaska la isticmaali karo ee suurtogalka ah

1. Hubi waxa soo celinaya barta dhamaadka HTTP /healthz pods ee kooxda wax soo saarka.
2. Ku xidh cilladaha TCP-ga godka mashiinka deegaanka.
3. Ka hel xogta wax-soo-saarka aaladaha xogta deegaanka adiga oo aan ku dhibin xaqiijinta (sida caadiga ah localhost waxa ay leedahay xuquuqaha xididka).
4. Ku samee xogta socdaalka hal mar ah kooxda diyaarinta adoon u samayn weel.
5. Ku xidh fadhiga VNC-ga pod-ku-shaqeeya desktop-ka (eeg XVFB).

Dhowr eray oo ku saabsan qalabka lagama maarmaanka ah

Tcpserver -Isha Furan ee laga heli karo inta badan baakadaha Linux. Waxay kuu oggolaaneysaa inaad furto deked maxalli ah oo aad dib u jiheyso taraafikada laga helo stdin/stdout amar kasta oo la cayimay:

colin@colin-work:~$ tcpserver 127.0.0.1 8080 echo -e 'HTTP/1.0 200 OKrnContent-Length: 19rnrn<body>hello!</body>'&
[1] 17377
colin@colin-work:~$ curl localhost:8080
<body>hello!</body>colin@colin-work:~$

(asciinema.org)

Netcat waxay qabataa lidkeeda. Waxay kuu ogolaanaysaa inaad ku xidho deked furan oo aad u gudbiso I/O aad ka heshay stdin/stdout:

colin@colin-work:~$ nc -C httpstat.us 80
GET /200 HTTP/1.0
Host: httpstat.us
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.1
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=93fdbab9d364704de8ef77182b4d13811344b7dd1ec45d3a9682bbd6fa154ead;Path=/;HttpOnly;Domain=httpstat.us
Date: Fri, 01 Nov 2019 17:53:04 GMT
Connection: close
Content-Length: 0

^C
colin@colin-work:~$

(asciinema.org)

Tusaalaha kore, netcat waxay ka codsataa bogga HTTP. Calan -C waxay keenaysaa inay CRLF ku dhejiso dhamaadka khadka.

Ku xidhidhiyaha kubectl: dhegayso martigeliyaha oo ku xidh boodhka

Haddii aan isku darno qalabka kor ku xusan kubectl, waxaan helnaa amar sidan oo kale ah:

tcpserver 127.0.0.1 8000 kubectl exec -i web-pod nc 127.0.0.1 8080

Marka la barbardhigo, si aad u gasho dekedda 80 ee gudaha boodhka waa ku filan tahay in la sameeyo curl "127.0.0.1:80":

colin@colin-work:~$ sanic kubectl exec -it web-54dfb667b6-28n85 bash
root@web-54dfb667b6-28n85:/web# apt-get -y install netcat-openbsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
netcat-openbsd is already the newest version (1.195-2).
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
root@web-54dfb667b6-28n85:/web# exit
colin@colin-work:~$ tcpserver 127.0.0.1 8000 sanic kubectl exec -i web-54dfb667b6-28n85 nc 127.0.0.1 8080&
[1] 3232
colin@colin-work:~$ curl localhost:8000/healthz
{"status":"ok"}colin@colin-work:~$ exit

(asciinema.org)

jaantuska is dhexgalka utility

Jihada ka soo horjeeda: ka dhegayso godka oo ku xidh martigeliyaha

nc 127.0.0.1 8000 | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

Amarkani wuxuu u oggolaanayaa pods-ku inuu galo dekedda 8000 mashiinka maxalliga ah.

qoraalka Bash

Waxaan u qoray qoraal gaar ah oo loogu talagalay Bash kaas oo kuu ogolaanaya inaad maamusho kooxda wax soo saarka Kubernetes LayerCIiyadoo la adeegsanayo habka kor lagu tilmaamay:

kubetunnel() {
    POD="$1"
    DESTPORT="$2"
    if [ -z "$POD" -o -z "$DESTPORT" ]; then
        echo "Usage: kubetunnel [pod name] [destination port]"
        return 1
    fi
    pkill -f 'tcpserver 127.0.0.1 6666'
    tcpserver 127.0.0.1 6666 kubectl exec -i "$POD" nc 127.0.0.1 "$DESTPORT"&
    echo "Connect to 127.0.0.1:6666 to access $POD:$DESTPORT"
}

Haddii aad ku darto shaqadan ~/.bashrc, waxaad si fudud u furi kartaa tunnel-ka pod-ka oo leh amarka kubetunnel web-pod 8080 oo samee curl localhost:6666.

• Ee tunnelka gudaha Docker waxaad ku bedeli kartaa khadka ugu muhiimsan:

  tcpserver 127.0.0.1 6666 docker exec -i "$CONTAINER" nc 127.0.0.1 "$DESTPORT"

• tunnel gudaha K3s u beddel:

  tcpserver 127.0.0.1 6666 k3s kubectl exec …

• iyo wixii la mid ah.

Fikrado kale

• Waxaad dib u habeyn kartaa taraafikada UDP adoo adeegsanaya amarrada netcat -l -u -c halkii tcpserver и netcat -u halkii netcat siday u kala horreeyaan.
• Ku arag I/O adigoo isticmaalaya daawada tuubada:

  nc 127.0.0.1 8000 | pv --progress | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

• Waad ku cadaadin kartaa oo aad demi kartaa socodka labada daraf adiga oo isticmaalaya gzip.
• Ku xidh SSH kombuyuutar kale oo wata faylka u dhigma kubeconfig:

  tcpserver ssh workcomputer "kubectl exec -i my-pod nc 127.0.0.1 80"

• Waxaad ku xidhi kartaa laba gadhood oo rucubyo kala duwan isticmaalaya mkfifo oo wada laba amar oo kala duwan kubectl.

Suurtogalyadu waa kuwo aan dhammaad lahayn!

PS ka turjumaan

Sidoo kale ka akhri boggayaga:

• «Aaladaha loogu talagalay horumarinta codsiyada ka socda Kubernetes";
• «Kubernetes talooyinka & tabaha: ku saabsan horumarka deegaanka iyo telepresence";
• «kubectl-debug plugin si loogu saxo Kubernetes pods";
• «Utility faa'iido leh markaad la shaqeyneyso Kubernetes".

Source: www.habr.com