From 2afc4b58194e4fe91b88410f5a3420bf0278a414 Mon Sep 17 00:00:00 2001
From: iProbe <iprobe@noreply.localhost>
Date: Tue, 9 Jul 2024 13:33:47 +0800
Subject: [PATCH] =?UTF-8?q?=E6=B7=BB=E5=8A=A0=20CloudNative/Kubernetes/Bas?=
 =?UTF-8?q?e/k8s=E6=8A=93=E5=8C=85.md?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 CloudNative/Kubernetes/Base/k8s抓包.md | 30 ++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)
 create mode 100644 CloudNative/Kubernetes/Base/k8s抓包.md

diff --git a/CloudNative/Kubernetes/Base/k8s抓包.md b/CloudNative/Kubernetes/Base/k8s抓包.md
new file mode 100644
index 0000000..7f80e6e
--- /dev/null
+++ b/CloudNative/Kubernetes/Base/k8s抓包.md
@@ -0,0 +1,30 @@
+## 通过 ephemeral containers 抓包
+```shell
+# 临时容器
+# 1.16引入该功能，1.23以上版本默认开启该功能
+# 修改POD_NAME及CONTAINER_NAME
+kubectl debug -i ${POD_NAME} --image=nicolaka/netshoot --target=${CONTAINER_NAME} -- tcpdump -i eth0 -w - | wireshark -k -i -
+```
+
+## ksniff
+ksniff 是一个 kubectl 的插件，它利用 tcpdump 和 Wireshark 对 Kubernetes 集群中的任何 Pod 启动远程抓包
+#### 安装 Krew
+```shell
+( set -x; cd "$(mktemp -d)" && \
+curl -fsSLO "https://github.com/kubernetes-sigs/krew/releases/latest/download/krew.tar.gz" && \
+tar zxvf krew.tar.gz && \
+KREW=./krew-"$(uname | tr '[:upper:]' '[:lower:]')_$(uname -m | sed -e 's/x86_64/amd64/' -e 's/arm.*$/arm/')" && \
+"$KREW" install krew )
+export PATH="${KREW_ROOT:-$HOME/.krew}/bin:$PATH"
+```
+
+#### 安装 sniff 插件
+```shell
+kubectl krew install sniff
+```
+
+#### 远程抓包
+```shell
+# 修改POD_NAME及NAMESPACE
+kubectl sniff ${POD_NAME} -n ${NAMESPACE} -o tcpdump.pcap
+```
\ No newline at end of file