k8s 进行pod级的抓包
程序员文章站
2024-03-11 19:22:01
...
1 列出待抓包的pod 及分布在哪些节点上
[[email protected] ~]# kubectl get pod -l app=sso-gateway2 -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
sso-gateway2-deployment-5c48bc855b-gqb5t 1/1 Running 0 123m 172.20.0.65 172.16.0.217 <none> <none>
[[email protected] ~]#
2.进入目标pod容器
[[email protected] ~]# kubectl exec -ti sso-gateway2-deployment-5c48bc855b-gqb5t /bin/bash
bash-4.4# cat /sys/class/net/eth0/iflink
79
bash-4.4#
3.在pod所在node,去找对应的虚拟网卡地址:
[[email protected] ~]# cd /sys/class/net/
[[email protected] net]# ls
cni0 eth0 lo veth2e37e4ea veth6e37f52e veth8252e210 veth91191ef8 vetha1df5495 vethcc8599fe vethf22c53c9
docker0 flannel.1 veth0d3fb64a veth3c2a4c7d veth7a2cdc06 veth8826aa04 veth98167868 vethaf46f526 vethdab0065f
dummy0 kube-ipvs0 veth12b77bb7 veth6b98bc98 veth7e88ce26 veth898963f0 vetha0188c74 vethcb62024f vethe81593b5
[[email protected] net]# pwd
/sys/class/net
[[email protected] net]# grep -E '79' veth*/ifindex
veth898963f0/ifindex:79
[[email protected] net]#
- 这样就可以在宿主机上抓包:
tcpdump -i veth898963f0 -w /root/tcpdump.cap - 也可以用wireshark分析
上一篇: docker容器内执行命令不自动换行