使用 telepresence 在本地调试Kubernetes中的服务

发布于:2024-05-14 ⋅ 阅读:(282) ⋅ 点赞:(0)

https://kubernetes.io/zh-cn/docs/tasks/debug/debug-cluster/local-debugging/
https://www.getambassador.io/docs/telepresence-oss

telepresence架构&原理

telepresence 是一个工具,用于简化本地开发和调试服务的过程,同时可以将服务代理到远程 Kubernetes 集群。 telepresence 允许你使用自定义工具(例如调试器和 IDE)调试本地服务, 并能够让此服务完全访问 ConfigMap、Secret 和远程集群上运行的服务。被调试的服务可以正常和集群中的其他服务进行通信(被访问和访问其他服务都可以)。
在这里插入图片描述

telepresence组件说明

  • Telepresence CLI:控制入口,也用于启动或安装其他的组件,如telepresence daemon,traffic manager,授权Ambassador Cloud等。既起到bootstrap作用,又起到发送控制命令作用。初次执行telepresence cli时,其先启动了telepresence daemon,紧接着安装并连接traffic manager,最后才返回对应cmd的结果。
  • Telepresence Daemon
    • User Daemon: 通过和Traffic Manager的通信对目标服务注入(Agent),所有和集群的请求都经过它
    • Root Daemon: Root-Daemon设置虚拟网络设备(Virtual Network Device, VIF),建立了虚拟网络,来管理本地和集群之间通信。使得本地可以直接访问Kubernetes集群中的服务。
  • Traffic Manager:集群流量入口点,也是流量控制的中枢代理。同时它会与Ambassador Cloud交互以支持Preview URL的特性。
  • **Traffic Agent:**注入到Pod的边车,拦截到目标容器的通信,并转发到Traffic Manager
  • Ambassador Cloud:如果使用Preview URL功能时,需要在其上事先注册,是收费功能。PreviewURL功能提供了一个公开的URL供其他成员访问服务(默认只能在本地访问)。非必需服务。

Windows上安装Telepresence

安装前提kubectl,所以要首先安装kubectl

kubectl安装&配置

https://kubernetes.io/zh-cn/docs/tasks/tools/install-kubectl-windows/

# 下载
curl.exe -LO "https://dl.k8s.io/release/v1.30.0/bin/windows/amd64/kubectl.exe"

# 将kubectl所在路径加入PATH环境变量

# 复制kubernetes的访问配置文件到windows路径,默认为
C:\Users\<UserName>\.kube\config

# 测试
kubectl version
kubectl get nodes

安装telepresence

https://www.getambassador.io/docs/telepresence/latest/install

# To install Telepresence, run the following commands
# from PowerShell as Administrator.

# 1. Download the latest windows zip containing telepresence.exe and its dependencies (~50 MB):
Invoke-WebRequest https://app.getambassador.io/download/tel2/windows/amd64/latest/telepresence.zip -OutFile telepresence.zip

# 2. Unzip the telepresence.zip file to the desired directory, then remove the zip file:
Expand-Archive -Path telepresence.zip -DestinationPath telepresenceInstaller/telepresence
Remove-Item 'telepresence.zip'
cd telepresenceInstaller/telepresence

# 3. Run the install-telepresence.ps1 to install telepresence's dependencies. It will install telepresence to
# C:\telepresence by default, but you can specify a custom path by passing in -Path C:\my\custom\path
powershell.exe -ExecutionPolicy bypass -c " . '.\install-telepresence.ps1';"

# 4. Remove the unzipped directory:
cd ../..
Remove-Item telepresenceInstaller -Recurse -Confirm:$false -Force

# 5. Telepresence is now installed and you can use telepresence commands in PowerShell.

简化版安装

# 下载
https://app.getambassador.io/download/tel2/windows/amd64/latest/telepresence.zip

# 解压
telepresence.zip

# Powershell下执行install-telepresence.ps1
install-telepresence.ps1

# 加入环境变量PATH

(在集群中)安装telepresence manager

# 默认装在ambassador命名空间下
D:\telepresence-windows-amd64>telepresence helm install

Traffic Manager installed successfully

# 本质是helm安装,所以也可以指定各种参数,如下
D:\telepresence-windows-amd64>telepresence helm install traffic-manager --namespace staging datawire/telepresence

注意安装的时间比较长,如果安装超时失败,可以telepresence helm uninstall后重新安装

安装后在起群中查看状况(ambassador空间),可以看到traffic-manager和agent-injector服务以及deploy


D:\telepresence-windows-amd64>kubectl get all -n ambassador
NAME                                   READY   STATUS    RESTARTS        AGE
pod/traffic-manager-8687c6f898-74sjd   1/1     Running   1 (5d18h ago)   6d20h

NAME                      TYPE        CLUSTER-IP     EXTERNAL-IP   PORT(S)              AGE
service/agent-injector    ClusterIP   10.102.30.60   <none>        443/TCP              6d20h
service/traffic-manager   ClusterIP   None           <none>        8081/TCP,15766/TCP   6d20h

NAME                              READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/traffic-manager   1/1     1            1           6d20h

NAME                                         DESIRED   CURRENT   READY   AGE
replicaset.apps/traffic-manager-8687c6f898   1         1         1       6d20h

运行

命令列表

  • completion Generate a shell completion script
  • config
  • ** connect Connect to a cluster**
  • gather-logs Gather logs from traffic-manager, traffic-agent, user and root daemons
  • gather-traces Gather Traces
  • genyaml Generate YAML for use in kubernetes manifests.
  • helm
  • help Help about any command
  • ** intercept Intercept a service**
  • ** leave Remove existing intercept**
  • ** list List current intercepts**
  • list-contexts Show all contexts
  • list-namespaces Show all namespaces
  • loglevel change the log-level of the traffic-manager/traffic-agent/user-root daemons
  • ** quit Tell telepresence daemon to quit**
  • status Show connectivity status
  • test-vpn Test VPN configuration for compatibility with telepresence
  • uninstall Uninstall telepresence agents
  • upload-traces Upload Traces
  • version Show version

连接环境

# 注意:
# 1. 连接时需要指明目标ns,默认为default

D:\telepresence-windows-amd64>telepresence connect
Launching Telepresence User Daemon
Launching Telepresence Root Daemon
Connected to context kubernetes-admin@ck8s, namespace default (https://172.28.74.27:6443)

# 2. 因为要创建虚拟网络映射集群,所以如果和本地的既有网络出现CIDR冲突,可以强行忽略
D:\telepresence-windows-amd64>telepresence connect --namespace default --allow-conflicting-subnets 192.168.80.0/16

# 连接成功后可以查看可以注入的服务目标(注意必须是svc)
D:\telepresence-windows-amd64>telepresence list
nginx      : ready to intercept (traffic-agent not yet installed)
querysurvey: ready to intercept (traffic-agent not yet installed)

# 查看状态
D:\telepresence-windows-amd64>telepresence status
OSS User Daemon: Running
  Version           : v2.17.0
  Executable        : D:\telepresence-windows-amd64\telepresence.exe
  Install ID        : b7bc2f09-bc9b-4cb9-b2a3-d59205c20e99
  Status            : Connected
  Kubernetes server : https://172.28.74.27:6443
  Kubernetes context: kubernetes-admin@ck8s
  Connection name   : kubernetes-admin_ck8s-default
  Namespace         : default
  Manager namespace : ambassador
  Intercepts        : 0 total
OSS Root Daemon: Running
  Version    : v2.17.0
  Version    : v2.17.0
  DNS        :
    Remote IP       : 127.0.0.1
    Exclude suffixes: [.com .io .net .org .ru]
    Include suffixes: []
    Timeout         : 8s
  Also Proxy : (0 subnets)
  Never Proxy: (1 subnets)
    - 172.28.74.27/32

Kubernetes集群内部的服务访问

# 此时因为VIF的虚拟网络已经建立,所以可以通过服务名直接访问default中的服务
D:\telepresence-windows-amd64>kubectl get svc -o wide
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)    AGE     SELECTOR
kubernetes    ClusterIP   10.96.0.1        <none>        443/TCP    99d     <none>
nginx-svc     ClusterIP   10.101.254.100   <none>        80/TCP     99d     app=nginx
querysurvey   ClusterIP   10.96.242.133    <none>        8080/TCP   6d19h   app=querysurvey

# 短域名访问
D:\telepresence-windows-amd64>curl http://nginx-svc:80

# 完整域名解析访问
D:\telepresence-windows-amd64>curl http://nginx-svc.default.svc.cluster.local

# 访问其他ns下的svc
D:\telepresence-windows-amd64>curl http://gitlab-ce.psg.svc.cluster.local -L

查看网络状况,可发现由Root-daemon建立的虚拟网络

D:\telepresence-windows-amd64>ipconfig
Unknown adapter tel0:

   Connection-specific DNS Suffix  . : tel2-search.cluster.local.
   Link-local IPv6 Address . . . . . : fe80::c66a:8507:825e:c49e%116
   IPv4 Address. . . . . . . . . . . : 10.96.0.0
   Subnet Mask . . . . . . . . . . . : 255.240.0.0
   IPv4 Address. . . . . . . . . . . : 172.28.74.0
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   IPv4 Address. . . . . . . . . . . : 192.168.0.0
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

telepresence agent注入目标服务

核心选项

  • –service querysurvey
  • –address 0.0.0.0
  • -p 8080:8080
# <本地端口>:[服务端口]
# querysurvey是一个基于python flask的示例服务
D:\telepresence-windows-amd64>telepresence intercept querysurvey --service querysurvey --address 0.0.0.0 -p 8080:8080
Using Deployment querysurvey
   Intercept name    : querysurvey
   State             : ACTIVE
   Workload kind     : Deployment
   Destination       : 0.0.0.0:8080
   Volume Mount Error: sshfs is not installed on your local machine
   Intercepting      : all TCP connections

# 再次查看,可以看到已经是注入状态
D:\telepresence-windows-amd64>telepresence list
nginx      : ready to intercept (traffic-agent not yet installed)
querysurvey: intercepted
   Intercept name: querysurvey
   State         : ACTIVE
   Workload kind : Deployment
   Destination   : 0.0.0.0:8080
   Intercepting  : all TCP connections

如果安装了sshfs for windows,则还可以将远程的volume绑定到本地
https://github.com/winfsp/sshfs-win

调试服务测试

在上一步因为本地服务还没有启动,虽然agent已经开始转发,但是肯定还不能访问。
使用IDE,如PyCharm中debug启动目标服务querysurvey的调试,启动在8080端口,

直接在浏览器中访问(通过Root-Daemon建立的虚拟网络):
http://querysurvey.default.svc.cluster.local:8080

或者通过集群中的服务访问(比如通过工具镜像netshoot或busybox)

# 在Kubernetes集群中通过netshoot测试访问目标服务,看请求是否到达本地
# 事先运行netshoot镜像(kubectl run netshoot --image=nicolaka/netshoot -- sleep 24h)
kubectl exec netshoot -it -- bash
curl http://querysurvey:8080
curl http://querysurvey.default.svc.cluster.local:8080

均可以在本地运行的PyCharm中看到进入单步调试状态

定制化注入

指定header

通过这个选项,可以使不同的访问转发到不同的机器上,适合多人同时调试
–http-header=Coder=tester1
–http-header=Coder=tester2

指定拦截的目标endpoint
–http-path-equal 仅截获此确切路径的终结点
–http-path-prefix 仅拦截具有匹配路径前缀的终结点
–http-path-regex 仅截获与给定正则表达式匹配的端点 
# --http-path-prefix=/api 指定ep
# --http-header=Coder=test 指定header
D:\telepresence-windows-amd64>telepresence intercept querysurvey --service querysurvey --address 0.0.0.0 -p 8080:8080 --http-path-prefix=/api

Configmap/Sercet/Volume的访问(TBD)

PyCharm的telepresence插件(TBD)

解除注入&环境清理

# 解除注入(需指定注入名, intercept命令时指定的参数)
D:\telepresence-windows-amd64>telepresence leave querysurvey

D:\telepresence-windows-amd64>telepresence list
nginx      : ready to intercept (traffic-agent not yet installed)
querysurvey: ready to intercept (traffic-agent already installed)

# 关闭daemon(虚拟网络),注意-s
D:\telepresence-windows-amd64>telepresence.exe quit -s
Telepresence Daemons disconnecting...done

网站公告

今日签到

点亮在社区的每一天
去签到

热门文章

最新发布