k8s-临时容器学习

临时容器学习

[1. 什么是临时容器](#1. 什么是临时容器)
[2. 实验](#2. 实验)

1. 什么是临时容器

在官网：https://kubernetes.io/zh-cn/docs/concepts/workloads/pods/ephemeral-containers/ 中有介绍

临时容器是用于调试Pod中崩溃的容器或者不具备调试工具，比如在一个运行着业务的容器中，加入一个带有tcpdump抓包工具的容器，获取数据包分析。

2. 实验

创建一个Pod

复制代码

kubectl run nginx --image=nginx --restart=Never

将带有tcpdump工具的容器加入到nginx

复制代码

kubectl debug -it nginx --image=nicolaka/netshoot --target=nginx

clike 复制代码

[root@k8s-master01 ~]# kubectl debug -it nginx --image=nicolaka/netshoot --target=nginx
Targeting container "nginx". If you don't see processes from this container it may be because the container runtime doesn't support this feature.
--profile=legacy is deprecated and will be removed in the future. It is recommended to explicitly specify a profile, for example "--profile=general".
Defaulting debug container name to debugger-x6qrr.
All commands and output from this session will be recorded in container logs, including credentials and sensitive information passed through the command prompt.
If you don't see a command prompt, try pressing enter.
                    dP            dP                           dP
                    88            88                           88
88d888b. .d8888b. d8888P .d8888b. 88d888b. .d8888b. .d8888b. d8888P
88'  `88 88ooood8   88   Y8ooooo. 88'  `88 88'  `88 88'  `88   88
88    88 88.  ...   88         88 88    88 88.  .88 88.  .88   88
dP    dP `88888P'   dP   `88888P' dP    dP `88888P' `88888P'   dP

Welcome to Netshoot! (github.com/nicolaka/netshoot)
Version: 0.14
nginx  ~

kubectl debug ：添加调试容器
-it nginx：指向Pod名
--target=nginx ：指向容器名
--image=nicolaka/netshoot：用于调试的镜像名称

通过窗口打印可以看出，创建了一个临时容器debugger-x6qrr

在调试窗口使用tcpdump抓取本地接口的流量：

复制代码

nginx  ~  tcpdump -i eth0 port 80 -n

clike 复制代码

tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
01:59:38.396705 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [S], seq 3030192777, win 64860, options [mss 1410,sackOK,TS val 1255526443 ecr 0,nop,wscale 7], length 0
01:59:38.396766 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [S.], seq 3346276368, ack 3030192778, win 64308, options [mss 1410,sackOK,TS val 1694919818 ecr 1255526443,nop,wscale 7], length 0
01:59:38.397115 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 1, win 507, options [nop,nop,TS val 1255526444 ecr 1694919818], length 0
01:59:38.397115 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [P.], seq 1:75, ack 1, win 507, options [nop,nop,TS val 1255526444 ecr 1694919818], length 74: HTTP: GET / HTTP/1.1
01:59:38.397166 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [.], ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 0
01:59:38.397362 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [P.], seq 1:239, ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 238: HTTP: HTTP/1.1 200 OK
01:59:38.397452 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [P.], seq 239:854, ack 75, win 502, options [nop,nop,TS val 1694919819 ecr 1255526444], length 615: HTTP
01:59:38.397786 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 239, win 506, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.397832 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 854, win 502, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.398417 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [F.], seq 75, ack 854, win 502, options [nop,nop,TS val 1255526445 ecr 1694919819], length 0
01:59:38.398507 IP 10.244.2.10.80 > 10.244.0.0.57200: Flags [F.], seq 854, ack 76, win 502, options [nop,nop,TS val 1694919820 ecr 1255526445], length 0
01:59:38.398786 IP 10.244.0.0.57200 > 10.244.2.10.80: Flags [.], ack 855, win 502, options [nop,nop,TS val 1255526446 ecr 1694919820], length 0