k8s-临时容器学习

临时容器学习

  • [1. 什么是临时容器](#1. 什么是临时容器)
  • [2. 实验](#2. 实验)

1. 什么是临时容器

在官网:https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/ephemeral-containers/ 中有介绍

临时容器是用于调试Pod中崩溃的容器或者不具备调试工具,比如在一个运行着业务的容器中,加入一个带有tcpdump抓包工具的容器,获取数据包分析。

2. 实验

创建一个Pod

复制代码
kubectl run nginx --image=nginx --restart=Never

将带有tcpdump工具的容器加入到nginx

复制代码
kubectl debug -it nginx --image=nicolaka/netshoot --target=nginx 
clike 复制代码
[root@k8s-master01 ~]# kubectl debug -it nginx --image=nicolaka/netshoot --target=nginx
Targeting container "nginx". If you don't see processes from this container it may be because the container runtime doesn't support this feature.
--profile=legacy is deprecated and will be removed in the future. It is recommended to explicitly specify a profile, for example "--profile=general".
Defaulting debug container name to debugger-x6qrr.
All commands and output from this session will be recorded in container logs, including credentials and sensitive information passed through the command prompt.
If you don't see a command prompt, try pressing enter.
                    dP            dP                           dP
                    88            88                           88
88d888b. .d8888b. d8888P .d8888b. 88d888b. .d8888b. .d8888b. d8888P
88'  `88 88ooood8   88   Y8ooooo. 88'  `88 88'  `88 88'  `88   88
88    88 88.  ...   88         88 88    88 88.  .88 88.  .88   88
dP    dP `88888P'   dP   `88888P' dP    dP `88888P' `88888P'   dP

Welcome to Netshoot! (github.com/nicolaka/netshoot)
Version: 0.14
nginx  ~ 
  • kubectl debug :添加调试容器
  • -it nginx:指向Pod名
  • --target=nginx : 指向容器名
  • --image=nicolaka/netshoot:用于调试的镜像名称

通过窗口打印可以看出,创建了一个临时容器debugger-x6qrr

在调试窗口使用tcpdump抓取本地接口的流量:

复制代码
nginx  ~  tcpdump -i eth0 port 80 -n
clike 复制代码
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:59:38.396705 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [S], seq 3030192777, win 64860, options [mss 1410,sackOK,TS val 1255526443 ecr 0,nop,wscale 7], length 0
01:59:38.396766 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [S.], seq 3346276368, ack 3030192778, win 64308, options [mss 1410,sackOK,TS val 1694919818 ecr 1255526443,nop,wscale 7], length 0
01:59:38.397115 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 1, win 507, options [nop,nop,TS val 1255526444 ecr 1694919818], length 0
01:59:38.397115 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [P.], seq 1:75, ack 1, win 507, options [nop,nop,TS val 1255526444 ecr 1694919818], length 74: HTTP: GET / HTTP/1.1
01:59:38.397166 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [.], ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 0
01:59:38.397362 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [P.], seq 1:239, ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 238: HTTP: HTTP/1.1 200 OK
01:59:38.397452 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [P.], seq 239:854, ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 615: HTTP
01:59:38.397786 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 239, win 506, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.397832 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 854, win 502, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.398417 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [F.], seq 75, ack 854, win 502, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.398507 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [F.], seq 854, ack 76, win 502, options [nop,nop,TS val 1694919820 ecr 1255526445], length 0
01:59:38.398786 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 855, win 502, options [nop,nop,TS val 1255526446 ecr 1694919820], length 0
相关推荐
lichenyang4532 天前
Docker 学习笔记(四):Dockerfile,把项目打成自己的镜像
docker·容器
lichenyang4532 天前
Docker 学习笔记(三):Docker 网络、bridge、子网和容器互通
docker·容器
lichenyang4532 天前
Docker 学习笔记(二):docker run 的参数到底在控制什么?
docker·容器
运维开发故事5 天前
基于 Arthas 的多集群在线诊断系统设计与实现
kubernetes
Patrick_Wilson6 天前
从「改个端口」到 502:Next.js on k8s 的容器端口、Service 映射与 env 覆盖
docker·kubernetes·next.js
探索云原生7 天前
K8s 1.36 这个 GA 特性,把 initContainer 拉模型的 hack 干掉了
ai·云原生·kubernetes
云恒要逆袭7 天前
运行你的第一个Docker容器
后端·docker·容器
Java之美8 天前
一次k8s升级引发的DevicePlugin注册失败
云原生·kubernetes
程序员老赵8 天前
10 分钟部署 OpenCode:Docker 一键安装,浏览器打开就能用 AI 写代码(附完整命令与排错)
docker·容器·ai编程