背景

有没有对Pod抓包而感到苦恼,下面针对在线上出现问题之后,针对Pod进行抓包

1. 宿主机上捕获

应用其实是运行在 Pod 内的 Container 里的，所以只要定位到 Container 被调度到了哪个 Node 上，在相应的 Node 里，对容器进行抓包即可。

2.1 定位Pod ip和containerID

定位 Pod 的 containerID 以及它所运行的宿主机 IP

INFO[0000]usingtcpdumppathat:'/root/.krew/store/sniff/v1.6.2/static-tcpdump'INFO[0000]nocontainerspecified,takingfirstcontainerwefoundinpod.INFO[0000]selectedcontainer:'app'INFO[0000]sniffingmethod:uploadstatictcpdumpINFO[0000]sniffingonpod:'app-prod-97dfb4bf-h59vq'[namespace:'default',container:'app',filter:'',interface:'any']INFO[0000]uploadingstatictcpdumpbinaryfrom:'/root/.krew/store/sniff/v1.6.2/static-tcpdump'to:'/tmp/static-tcpdump'INFO[0000]uploadingfile:'/root/.krew/store/sniff/v1.6.2/static-tcpdump'to'/tmp/static-tcpdump'oncontainer:'app'INFO[0000]executingcommand:'[/bin/sh-ctest-f/tmp/static-tcpdump]'oncontainer:'app',pod:'app-prod-97dfb4bf-h59vq',namespace:'default'INFO[0000]command:'[/bin/sh-ctest-f/tmp/static-tcpdump]'executingsuccessfullyexitCode:'0',stdErr:''INFO[0000]filefound:''INFO[0000]filewasalreadyfoundonremotepodINFO[0000]tcpdumpuploadedsuccessfullyINFO[0000]outputfileoptionspecified,storingoutputin:'text.pcap'INFO[0000]startsniffingonremotecontainerINFO[0000]executingcommand:'[/tmp/static-tcpdump-iany-U-w-]'oncontainer:'app',pod:'app-prod-97dfb4bf-h59vq',namespace:'default'

看原理是通过本地的/tmp/static-tcpdump 文件弄到pod中去抓包