如何在kubernetes中查看pod和veth的关系 [英] how to see the pod and veth relationship in kubernetes

问题描述

有没有看到kubernetes v1.15.2 pod和veth的关系?现在我可以在主持人中看到veth，但不知道哪个pod拥有.

is there anyway to see the relationship of kubernetes v1.15.2 pod and veth? now I could see the veth in host but do not know which pod owned.

vethe4297f4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        ether ba:01:db:4a:7d:d0  txqueuelen 0  (Ethernet)
        RX packets 9999796  bytes 1671107011 (1.5 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 9231477  bytes 2153738950 (2.0 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf059d46: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        ether 6a:8f:a3:65:dd:4c  txqueuelen 0  (Ethernet)
        RX packets 11724557  bytes 5581499446 (5.1 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 12847645  bytes 2142367255 (1.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vethf9efebf: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1450
        ether fa:c7:76:53:4a:36  txqueuelen 0  (Ethernet)
        RX packets 11103657  bytes 2587046474 (2.4 GiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8993500  bytes 1816804215 (1.6 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

顺便说一句，我正在从体系结构中学习法兰绒通信过程:

by the way, I am learning the flannel communication procedure from the architecture :

推荐答案

反正有没有看到kubernetes v1.15.2 pod和veth的关系?

is there anyway to see the relationship of kubernetes v1.15.2 pod and veth?

TL; DR: 是的.
在StackOverflow上甚至有类似主题束，甚至还有一些

TL;DR : Yes.
There is a bunch of similar topics on StackOverflow and even some scripts on Github.

有一篇很好的文章在Kubernetes(K8s)网络上.

There is a very good article on Kubernetes (K8s) networking.

过于简化的"K8s网络"由Linux的网络名称空间和虚拟接口处理.

Oversimplified, "K8s networking" handled by Linux’s network namespaces and virtual interfaces.

以下控制台输出已在我的GKE群集上使用，但也适用于独立群集.

Below console output has been taken on my GKE cluster, but shall be applicable to standalone cluster as well.

$ sudo ip link show | egrep "veth|docker" | awk -F":" '{print $1": "$2}'
3:  docker0
5:  vethcf35c1bb@if3
6:  veth287168da@if3
7:  veth5c70f15b@if3
11:  veth62f193f7@if3
12:  vetha38273b3@if3
14:  veth240a8f81@if3

sudo docker ps --format '{{.ID}} {{.Names}} {{.Image}}' "$@"  | wc -l
25

如您所见，我有25个Docker容器有6个veth的服务流量.让我们找到为其中一个Pod提供流量的veth.

As you can see, I have 6 veth's serving traffic for 25 docker containers. Let's find the veth that serves traffic for one of the pods.

$ kubectl get pods 
NAME                         READY   STATUS    RESTARTS   AGE
server-go-7b57857cfb-p6m62   1/1     Running   0          7m41s

1. 让我们找到该容器的docker容器ID.

$ sudo docker ps --format '{{.ID}} {{.Pid}} {{.Names}} {{.Image}}' "$@" | grep POD_server
6aa1d952a9f3 k8s_POD_server-go-7b57857cfb-p6m62_default_02206a28-42e1-43a5-adb8-f6ab13258fb1_0 k8s.gcr.io/pause:3.1

1. 为其检查pid:

$ sudo docker inspect --format '{{.State.Pid}}' 6aa1d952a9f3
4012085

1. 允许系统工具访问该pid的名称空间:

1. Allowing system tools accessing the namespace of that pid:

$ sudo ln -sf /proc/${pid}/ns/net /var/run/netns/ns-${pid}

#in my case the commands were :
$ if [ ! -d /var/run/netns ]; then sudo  mkdir -p /var/run/netns; fi
$ sudo ln -sf /proc/4012085/ns/net /var/run/netns/ns-4012085

$ sudo ip netns exec "ns-4012085" ip link show type veth | grep "eth0"
3: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc noqueue state UP mode DEFAULT group default 

1. 检查为容器提供服务的确切接口.

从输出(eth0@if14)中，我们可以说6aa1d952a9f3 docker容器的eth0链接到主机上的接口14: veth240a8f81@if3.

From that output (eth0@if14) we can say that the eth0 for the 6aa1d952a9f3 docker container is linked to the interface 14: veth240a8f81@if3 on host machine.

根据此示例，您可以编写自己的脚本以将veth接口与Pod，容器等匹配.

Based on this example you can write your own script to match veth interfaces to Pods, containers, etc.

希望有帮助.

这篇关于如何在kubernetes中查看pod和veth的关系的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！