拦截/捕获Kubernetes中Pod /服务的传入流量
[英]Intercept/capture incoming traffic to pods/services in Kubernetes
问题描述
I'm using Openshift and Kubernetes as cloud platform for my application. 
我正在使用Openshift和Kubernetes作为我的应用程序的云平台。 For test purposes I need to intercept incoming http requests to my pods. 出于测试目的,我需要拦截传入到我的pod的http请求。 Is this possible to do that with Kubernetes client library or maybe it can be configured with yaml? 是否可以使用Kubernetes客户端库做到这一点,或者可以使用yaml配置它?
2 个解决方案
解决方案1
1 已采纳 2018-01-19 10:49:53
Simple answer is no, you can't. 简单的答案是不,你不能。
One of the ways to overcome this is to exec into your container ( kubectl exec -it <pod> bash ), install tcpdump and run something like tcpdump -i eth0 -n . 解决此问题的方法之一是在容器中执行( kubectl exec -it <pod> bash ),安装tcpdump并运行类似tcpdump -i eth0 -n 。
A more reasonable way to have it solved on infra level is to use some tracing tool like Jaeger/Zipkin 在基础上解决此问题的一种更合理的方法是使用一些跟踪工具,例如Jaeger / Zipkin
解决方案2
1 2019-01-02 10:49:54
You can try something like below it will work. 您可以尝试以下类似的操作。 First you need create a job. 首先,您需要创建工作。 Let's say with name (tcpdumppod.yaml) 用名称(tcpdumppod.yaml)说
apiVersion: batch/v1
kind: Job
metadata:
name: tcpdump-capture-job
namespace: blue
spec:
template:
metadata:
name: "tcpdumpcapture-pod"
spec:
hostNetwork: true
nodeSelector:
kubernetes.io/hostname: "ip-xx-x-x-xxx.ap-south-1.compute.internal"
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
containers:
- name: "job-container"
image: "docker.io/centos/tools"
command: ["/bin/bash", "-c", "--"]
args: [ "tcpdump -i any -s0 -vv -n dst host 10.233.6.70 and port 7776 || src 10.233.64.23" ]
restartPolicy: Never
backoffLimit: 3
activeDeadlineSeconds: 460
=> kubectl create -f tcpdumppod.yaml And check the pod logs which is created by the job when the container is running. => kubectl create -f tcpdumppod.yaml并检查容器运行时作业创建的pod日志。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.