Join Log in
Score:0
drifter avatar Server

Trace Packets in Kubernetes

jm flag
drifter

I am trying to trace packets using sniffer using (https://github.com/eldadru/ksniff) but I am unable to make out how to trace packets and check if cluster IP is in use for Nodeport SVC.

I have the following scenario:

app1_sts.yaml
===

apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    cluster: appcluster
  name: app1
  namespace: app
spec:
  selector:
    matchLabels:
      cluster: appcluster
  serviceName: app1cluster
  template:
    metadata:
      labels:
        cluster: appcluster
    spec:
     containers:
       - name: app1-0
         image: localhost/linux:8
         imagePullPolicy: Always
         securityContext:
          privileged: false
         command: [/usr/sbin/init]
         ports:
         - containerPort: 8080
           name: appport
         readinessProbe:
            tcpSocket:
              port: 8080
            initialDelaySeconds: 120
            periodSeconds: 30
            failureThreshold: 20
         env:
         - name: container
           value: "true"
         - name: applist
           value: "app2-0"

app2_sts.yaml

apiVersion: apps/v1
kind: StatefulSet
metadata:
  labels:
    cluster: appcluster
  name: app2
  namespace: app
spec:
  selector:
    matchLabels:
      cluster: appcluster
  serviceName: app2cluster
  template:
    metadata:
      labels:
        cluster: appcluster
    spec:
     containers:
       - name: app2-0
         image: localhost/linux:8
         imagePullPolicy: Always
         securityContext:
          privileged: false
         command: [/usr/sbin/init]
         ports:
         - containerPort: 8080
           name: appport
         readinessProbe:
            tcpSocket:
              port: 8080
            initialDelaySeconds: 120
            periodSeconds: 30
            failureThreshold: 20
         env:
         - name: container
           value: "true"
         - name: applist
           value: "app1-0"

Services:

app-svc.yaml

apiVersion: v1
kind: Service
metadata:
  labels:
   cluster: appcluster
  name: appsvc
  namespace: rac
spec:
  clusterIP: None
  selector:
   cluster: appcluster
  type: ClusterIP

app_nodeport.svc.yaml

apiVersion: v1
kind: Service
metadata:
  name: app-svc-1
  namespace: app
spec:
  type: NodePort
  ports:
    - port: 8080
      nodePort: 33000
      targetPort: 8080
  selector:
    cluster: appcluster

Check the EP and Service:

[root@oper01 yaml_files]# kubectl get svc -n rac
NAME                TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)                          AGE
app-svc-1           NodePort    10.97.133.80     <none>        8080:31000/TCP                   46s
appsvc              ClusterIP   None             <none>        <none>                           66s

[root@oper01 yaml_files]# kubectl get ep -n rac
NAME                ENDPOINTS                            AGE
app-svc-1           10.244.1.19:8080,10.244.2.10:8080    81s
appsvc              10.244.1.19,10.244.2.10              101s

As per the following link:

https://kubernetes.io/docs/concepts/services-networking/service/

NodePort: Exposes the Service on each Node's IP at a static port (the NodePort). To make the node port available, Kubernetes sets up a cluster IP address, the same as if you had requested a Service of type: ClusterIP.

It states that cluster Ip is being used for nodeport but when I am using sniffer I do not see any packet coming to the pod from the cluster IP.

83
0 + 1
pt flag
larsks
How exactly are you trying to trace packets? Please update your question to show exactly what commands you're running and where you are running them. Also note that Kubernetes will typically make extensive use of netfilter rules to handle connectivity to services, so you'll want to look at and understand your local host firewall configuration.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.