若pod内服务没有通过service对外暴露的话,无法去调试pod内的服务,不方便。因此就有了 kubectl port-forward 这个功能。
可以把 Node 主机端口 转发 到 pod 内某个端口。
[root@VM-74-100-centos ~]# kubectl port-forward -h
Forward one or more local ports to a pod. This command requires the node to have 'socat' installed.
Use resource type/name such as deployment/mydeployment to select a pod. Resource type defaults to 'pod' if omitted.
If there are multiple pods matching the criteria, a pod will be selected automatically. The forwarding session ends
when the selected pod terminates, and rerun of the command is needed to resume forwarding.
Examples:
# Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in the pod
kubectl port-forward pod/mypod 5000 6000
# Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the
deployment
kubectl port-forward deployment/mydeployment 5000 6000
# Listen on ports 5000 and 6000 locally, forwarding data to/from ports 5000 and 6000 in a pod selected by the service
kubectl port-forward service/myservice 5000 6000
# Listen on port 8888 locally, forwarding to 5000 in the pod
kubectl port-forward pod/mypod 8888:5000
# Listen on port 8888 on all addresses, forwarding to 5000 in the pod
kubectl port-forward --address 0.0.0.0 pod/mypod 8888:5000
# Listen on port 8888 on localhost and selected IP, forwarding to 5000 in the pod
kubectl port-forward --address localhost,10.19.21.23 pod/mypod 8888:5000
# Listen on a random port locally, forwarding to 5000 in the pod
kubectl port-forward pod/mypod :5000
Options:
--address=[localhost]: Addresses to listen on (comma separated). Only accepts IP addresses or localhost as a
value. When localhost is supplied, kubectl will try to bind on both 127.0.0.1 and ::1 and will fail if neither of these
addresses are available to bind.
--pod-running-timeout=1m0s: The length of time (like 5s, 2m, or 3h, higher than zero) to wait until at least one
pod is running
Usage:
kubectl port-forward TYPE/NAME [options] [LOCAL_PORT:]REMOTE_PORT [...[LOCAL_PORT_N:]REMOTE_PORT_N]
现在有个 pod,端口是 25273,podip:9.9.9.171, 位于 Node, ip:11.11.11.100 上
[root@VM-74-100-centos ~]# kubectl port-forward --address 0.0.0.0 -n xxx pod/tipmp.tools.sensitivefile.deploy-bb86d455f-2nkjf 8080:25273
Forwarding from 0.0.0.0:8080 -> 25273
Handling connection for 8080
从另一个机器上
telnet 11.11.11.100 8080
立即被关闭连接了。。。
Node那一次报错误:
E0813 11:55:25.713491 1522266 portforward.go:400] an error occurred forwarding 8080 -> 25273: error forwarding port 25273 to pod b020d51d8787f69734c7f344c8843fb7fdfefa5cb3fe9325f88b7348ed9894b7, uid : exit status 1: 2021/08/13 11:55:25 socat[1522469] E connect(3, AF=2 127.0.0.1:25273, 16): Connection refused
提示的是: 2127.0.0.1:25273 refused.
为什么:https://github.com/yugabyte/yugabyte-db/issues/4677
Hello @sstubbs, thanks for reporting this issue. This is a known limitation due to the way kubectl port-forward works. port-forward setups a socat proxy that binds to 127.0.0.1:remote_port inside the pod. In the case of our chart, the client interface is not bound to 127.0.0.1 inside the pod (it is bound the to pod IP instead).
To work around this, one option would be to change the helm chart to bind to 0.0.0.0:5433 at https://github.com/yugabyte/charts/blob/master/stable/yugabyte/templates/service.yaml#L290. If you make that change in a local helm chart, that should get your port-forward workflow unblocked.
We are going to consider making this change in our helm chart by default too.
Edit: relevant issue on k8s: kubernetes/kubernetes#72597
意思是,pod 内 监听的地址 不是 127.0.0.1,而 kubectl pod-forward socat 默认只转发到 pod 的 127.0.0.1 地址上。
检查下,下面果然没有监听127.0.0.1
[root@VM-74-100-centos ~]# kubectl exec -it -n xxx tipmp.tools.sensitivefile.deploy-bb86d455f-2nkjf -- netstat -antp | grep 25273
tcp 0 0 9.9.9.117:25273 0.0.0.0:* LISTEN 20/./tipmp.tools.se
解决办法:
1. 在pod内起一个端口转发,可以借助netcat,也很很多其他方法如:https://cloud.tencent.com/developer/article/1688152
# yum install nmap-ncat
# ncat --sh-exec "ncat 9.9.9.117 25273" -l 8080 // 把本地8080端口转发到 ip的25273端口上
2. 再次使用kubectl port-forward
# kubectl port-forward --address 0.0.0.0 -n xxx pod/tipmp.tools.sensitivefile.deploy-bb86d455f-2nkjf 8080:8080
ok了
(上面两个命令ncat, kubectl port-forward 都是前台执行,ctrl+c 就可以终止)
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。
原创声明:本文系作者授权腾讯云开发者社区发表,未经许可,不得转载。
如有侵权,请联系 cloudcommunity@tencent.com 删除。