Ungawuvula kanjani umhubhe ku-Kubernetes pod noma esitsheni esine-tcpserver ne-netcat

Qaphela. transl.: Leli nothi elisebenzayo elivela kumdali we-LayerCI liwumfanekiso omuhle kakhulu walokho okubizwa ngamathiphu namaqhinga we-Kubernetes (hhayi kuphela). Isixazululo esihlongozwe lapha singesinye kuphela kwezimbalwa futhi, mhlawumbe, hhayi esisobala kakhulu (kwezinye izimo, “esomdabu” sama-K8 aseshiwo emazwaneni singase sifaneleke. kubectl port-forward). Kodwa-ke, kukuvumela ukuthi okungenani ubheke inkinga ngombono wokusebenzisa izinsiza zakudala futhi uqhubeke uzihlanganise - ngesikhathi esifanayo ezilula, eziguquguqukayo futhi ezinamandla (bona "eminye imibono" ekugcineni ukuze uthole ugqozi).

Cabanga ngesimo esijwayelekile: ufuna ichweba emshinini wakho wendawo ukuze lidlulisele ngomlingo ithrafikhi ku-pod/container (noma okuphambene nalokho).

Amacala okusetshenziswa okungenzeka

1. Hlola ukuthi i-HTTP endpoint ibuya ini /healthz i-pod kuqoqo lokukhiqiza.
2. Xhuma i-debugger ye-TCP ku-pod emshinini wendawo.
3. Thola ukufinyelela kusizindalwazi sokukhiqiza kusuka kumathuluzi esizindalwazi sasendaweni ngaphandle kokuzihlupha ngokufakazela ubuqiniso (imvamisa i-localhost inamalungelo ezimpande).
4. Qalisa iskripthi sokuthutha sesikhathi esisodwa sedatha kuqoqo lesiteji ngaphandle kokuthi udale isiqukathi saso.
5. Xhuma iseshini ye-VNC ku-pod esebenzisa ideskithophu ebonakalayo (bona i-XVFB).

Amagama ambalwa mayelana namathuluzi adingekayo

I-Tcpserver - Isisetshenziswa soMthombo ovulekile esitholakala ezindaweni eziningi zokugcina amaphakheji e-Linux. Ikuvumela ukuthi uvule ichweba lendawo futhi uqondise kabusha ithrafikhi etholwe nge-stdin/stdout kusuka kunoma yimuphi umyalo oshiwo kuyo:

colin@colin-work:~$ tcpserver 127.0.0.1 8080 echo -e 'HTTP/1.0 200 OKrnContent-Length: 19rnrn<body>hello!</body>'&
[1] 17377
colin@colin-work:~$ curl localhost:8080
<body>hello!</body>colin@colin-work:~$

(asciinema.org)

I-Netcat yenza okuphambene. Ikuvumela ukuthi uxhume echwebeni elivulekile futhi udlulise i-I/O eyamukelwe kuyo iye ku-stdin/stdout:

colin@colin-work:~$ nc -C httpstat.us 80
GET /200 HTTP/1.0
Host: httpstat.us
HTTP/1.1 200 OK
Cache-Control: private
Server: Microsoft-IIS/10.0
X-AspNetMvc-Version: 5.1
Access-Control-Allow-Origin: *
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Set-Cookie: ARRAffinity=93fdbab9d364704de8ef77182b4d13811344b7dd1ec45d3a9682bbd6fa154ead;Path=/;HttpOnly;Domain=httpstat.us
Date: Fri, 01 Nov 2019 17:53:04 GMT
Connection: close
Content-Length: 0

^C
colin@colin-work:~$

(asciinema.org)

Esibonelweni esingenhla, i-netcat icela ikhasi nge-HTTP. Hlaba umkhosi -C ibangela ukuthi ifake i-CRLF ekupheleni komugqa.

Ukuxhumana ne-kubectl: lalela kumsingathi bese uxhuma ku-pod

Uma sihlanganisa amathuluzi angenhla ne-kubectl, sithola umyalo onje:

tcpserver 127.0.0.1 8000 kubectl exec -i web-pod nc 127.0.0.1 8080

Ngokufanisa, ukufinyelela i-port 80 ngaphakathi kwe-pod kuyoba okwanele ukukwenza curl "127.0.0.1:80":

colin@colin-work:~$ sanic kubectl exec -it web-54dfb667b6-28n85 bash
root@web-54dfb667b6-28n85:/web# apt-get -y install netcat-openbsd
Reading package lists... Done
Building dependency tree
Reading state information... Done
netcat-openbsd is already the newest version (1.195-2).
0 upgraded, 0 newly installed, 0 to remove and 10 not upgraded.
root@web-54dfb667b6-28n85:/web# exit
colin@colin-work:~$ tcpserver 127.0.0.1 8000 sanic kubectl exec -i web-54dfb667b6-28n85 nc 127.0.0.1 8080&
[1] 3232
colin@colin-work:~$ curl localhost:8000/healthz
{"status":"ok"}colin@colin-work:~$ exit

(asciinema.org)

Umdwebo wokusebenzelana wosizo

Ngakolunye uhlangothi: lalela ku-pod bese uxhuma kumsingathi

nc 127.0.0.1 8000 | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

Lo myalo uvumela i-pod ukuthi ifinyelele ku-port 8000 emshinini wendawo.

Isikripthi se-Bash

Ngibhale umbhalo okhethekile we-Bash okuvumela ukuthi uphathe iqoqo lokukhiqiza le-Kubernetes I-LayerCIusebenzisa indlela echazwe ngenhla:

kubetunnel() {
    POD="$1"
    DESTPORT="$2"
    if [ -z "$POD" -o -z "$DESTPORT" ]; then
        echo "Usage: kubetunnel [pod name] [destination port]"
        return 1
    fi
    pkill -f 'tcpserver 127.0.0.1 6666'
    tcpserver 127.0.0.1 6666 kubectl exec -i "$POD" nc 127.0.0.1 "$DESTPORT"&
    echo "Connect to 127.0.0.1:6666 to access $POD:$DESTPORT"
}

Uma wengeza lo msebenzi ku ~/.bashrc, ungakwazi ukuvula kalula umhubhe ku-pod ngomyalo kubetunnel web-pod 8080 futhi wenze curl localhost:6666.

• Okomhubhe ongaphakathi Docker ungashintsha umugqa oyinhloko ngokuthi:

  tcpserver 127.0.0.1 6666 docker exec -i "$CONTAINER" nc 127.0.0.1 "$DESTPORT"

• ngomhubhe phakathi K3s - shintshela ku:

  tcpserver 127.0.0.1 6666 k3s kubectl exec …

• nokunye.

Eminye imibono

• Ungaqondisa kabusha ithrafikhi ye-UDP usebenzisa imiyalo netcat -l -u -c esikhundleni salokho tcpserver и netcat -u esikhundleni salokho netcat ngokulandelana.
• Buka i-I/O ngesibuki sepayipi:

  nc 127.0.0.1 8000 | pv --progress | kubectl exec -i web-pod tcpserver 127.0.0.1 8080 cat

• Ungacindezela futhi unciphise ithrafikhi kuzo zombili iziphetho usebenzisa gzip.
• Xhuma nge-SSH kwenye ikhompuyutha enefayela elihambisanayo kubeconfig:

  tcpserver ssh workcomputer "kubectl exec -i my-pod nc 127.0.0.1 80"

• Ungaxhuma ama-pod amabili ngamaqoqo ahlukene usebenzisa mkfifo bese usebenzisa imiyalo emibili ehlukene kubectl.

Amathuba awapheli!

I-PS evela kumhumushi

Funda futhi kubhulogi yethu:

• «Amathuluzi onjiniyela bezinhlelo zokusebenza ezisebenza ku-Kubernetes";
• «Amathiphu namasu we-Kubernetes: mayelana nokuthuthukiswa kwendawo kanye ne-Telepresence";
• «i-plugin ye-kubectl-debug yokususa iphutha kuma-pods e-Kubernetes";
• «Izinsiza eziwusizo lapho usebenza ne-Kubernetes".

Source: www.habr.com