使用 telepresence 调试 k8s 线上环境

发表于 分类于

下载

安装请看 官方文档

需要注意的是文档内所用的版本是 Pro版,与 Github Release 中下载的 开源版 非同一版本。

以下使用的版本为 v2.19.0 Pro版

安装

在本机配置 Kubectl Context 并使用 kubectl config use-context dev 切换到指定集群,或者直接在线上服务器执行以下命令安装 Traffic Manager

1
telepresence helm install

安装参数请参考 ArtifactHub

安装完成后 kubectl get pod -n ambassador 查看状态:

1
2
3
NAME                                                READY   STATUS    RESTARTS   AGE
traffic-manager-ambassador-agent-56654cffd7-8qqdh   1/1     Running   0          46s
traffic-manager-5b77fb5-62lr4                       1/1     Running   0          46s

连接集群

1
telepresence connect --namespace biz # 指定 namespace
1
2
3
4
Launching Telepresence User Daemon
Launching Telepresence Root Daemon
...
Connected to context dev, namespace biz (https://10.x.x.x:6443)
1
telepresence list
1
bill              : ready to intercept (traffic-agent not yet installed)

拦截转发流量

查看指定服务的 yaml 配置:

1
kubectl get svc -n biz bill -o yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
apiVersion: v1
kind: Service
metadata:
  name: bill
  namespace: biz
spec:
  clusterIP: 10.43.57.126
  clusterIPs:
  - 10.43.57.126
  internalTrafficPolicy: Cluster
  ipFamilies:
  - IPv4
  ipFamilyPolicy: SingleStack
  ports:
  - name: http
    port: 80
    protocol: TCP
    targetPort: 10000
  - name: grpc
    port: 81
    protocol: TCP
    targetPort: 10000
  selector:
    app: bill
  sessionAffinity: None
  type: ClusterIP

可以看到 bill 服务中监听了 10000 端口,所以拦截时指定 10000:10000<local port>:<remote port>):

1
telepresence intercept bill -p 10000:10000
1
2
3
4
5
6
7
8
Using Deployment bill
   Intercept name         : bill
   State                  : ACTIVE
   Workload kind          : Deployment
   Destination            : 127.0.0.1:10000
   Service Port Identifier: port
   Volume Mount Error     : sshfs is not installed on your local machine
   Intercepting           : all TCP requests
1
kubectl describe pod -n biz bill-779b9c6bf7-mdmv6
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
Init Containers:
  tel-agent-init:
    Container ID:  containerd://a8c5d0eff4714d77b8299ebe698dfe7907f521524f8ca267e9a1c24958e3ed9d
    Image:         docker.io/datawire/ambassador-telepresence-agent:1.14.5
    Image ID:      docker.io/datawire/ambassador-telepresence-agent@sha256:3f6f3076b1eca26c460ef166993c3d9e7527fcc2a3d74709e01869a39cfebd91
    Port:          <none>
    Host Port:     <none>
    Args:
      agent-init
    State:          Terminated
      Reason:       Completed
      Exit Code:    0
      Started:      Tue, 19 Mar 2024 10:02:21 +0800
      Finished:     Tue, 19 Mar 2024 10:02:21 +0800
    Ready:          True

Containers:
  bill:
    Container ID:   containerd://e43df533e5f3834fcb9d7f5b62bef63b6a01375a3d94cee3f2a5ef8c83592966
    Image:          ...
    Image ID:       ...
    Port:           10000/TCP
    Host Port:      0/TCP
    State:          Running
    Ready:          True

  traffic-agent:
    Container ID:  containerd://356cdc8b7f423871907778085f43804a5e6c19c98884b0342e88b073d4926c8a
    Image:         docker.io/datawire/ambassador-telepresence-agent:1.14.5
    Image ID:      docker.io/datawire/ambassador-telepresence-agent@sha256:3f6f3076b1eca26c460ef166993c3d9e7527fcc2a3d74709e01869a39cfebd91
    Port:          9900/TCP
    Host Port:     0/TCP
    Args:
      agent
    State:          Running
      Started:      Tue, 19 Mar 2024 10:02:22 +0800
    Ready:          True

然后访问远程集群地址 https://10.x.x.x:8888/bill/_health 可以看到流量已经转发到本地的 10000 端口。

恢复

1
2
3
telepresence leave bill # stop `bill` intercept

telepresence quit -s # stop all local telepresence daemons

Ref

  • https://www.getambassador.io/docs/telepresence