临时容器学习
- [1. 什么是临时容器](#1. 什么是临时容器)
- [2. 实验](#2. 实验)
1. 什么是临时容器
在官网:https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/ephemeral-containers/ 中有介绍
临时容器是用于调试Pod中崩溃的容器或者不具备调试工具,比如在一个运行着业务的容器中,加入一个带有tcpdump抓包工具的容器,获取数据包分析。
2. 实验
创建一个Pod
kubectl run nginx --image=nginx --restart=Never将带有tcpdump工具的容器加入到nginx
kubectl debug -it nginx --image=nicolaka/netshoot --target=nginx
clike
[root@k8s-master01 ~]# kubectl debug -it nginx --image=nicolaka/netshoot --target=nginx
Targeting container "nginx". If you don't see processes from this container it may be because the container runtime doesn't support this feature.
--profile=legacy is deprecated and will be removed in the future. It is recommended to explicitly specify a profile, for example "--profile=general".
Defaulting debug container name to debugger-x6qrr.
All commands and output from this session will be recorded in container logs, including credentials and sensitive information passed through the command prompt.
If you don't see a command prompt, try pressing enter.
dP dP dP
88 88 88
88d888b. .d8888b. d8888P .d8888b. 88d888b. .d8888b. .d8888b. d8888P
88' `88 88ooood8 88 Y8ooooo. 88' `88 88' `88 88' `88 88
88 88 88. ... 88 88 88 88 88. .88 88. .88 88
dP dP `88888P' dP `88888P' dP dP `88888P' `88888P' dP
Welcome to Netshoot! (github.com/nicolaka/netshoot)
Version: 0.14
nginx ~ kubectl debug:添加调试容器-it nginx:指向Pod名--target=nginx: 指向容器名--image=nicolaka/netshoot:用于调试的镜像名称
通过窗口打印可以看出,创建了一个临时容器debugger-x6qrr
在调试窗口使用tcpdump抓取本地接口的流量:
nginx ~ tcpdump -i eth0 port 80 -n
clike
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:59:38.396705 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [S], seq 3030192777, win 64860, options [mss 1410,sackOK,TS val 1255526443 ecr 0,nop,wscale 7], length 0
01:59:38.396766 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [S.], seq 3346276368, ack 3030192778, win 64308, options [mss 1410,sackOK,TS val 1694919818 ecr 1255526443,nop,wscale 7], length 0
01:59:38.397115 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 1, win 507, options [nop,nop,TS val 1255526444 ecr 1694919818], length 0
01:59:38.397115 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [P.], seq 1:75, ack 1, win 507, options [nop,nop,TS val 1255526444 ecr 1694919818], length 74: HTTP: GET / HTTP/1.1
01:59:38.397166 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [.], ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 0
01:59:38.397362 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [P.], seq 1:239, ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 238: HTTP: HTTP/1.1 200 OK
01:59:38.397452 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [P.], seq 239:854, ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 615: HTTP
01:59:38.397786 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 239, win 506, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.397832 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 854, win 502, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.398417 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [F.], seq 75, ack 854, win 502, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.398507 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [F.], seq 854, ack 76, win 502, options [nop,nop,TS val 1694919820 ecr 1255526445], length 0
01:59:38.398786 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 855, win 502, options [nop,nop,TS val 1255526446 ecr 1694919820], length 0