容器网络Debug工具箱

Net Tools

查询服务内部TCP状态

1	PATTERN=redis sh -c "nsenter -t `docker ps \| grep $PATTERN \| awk '{print $1}' \| xargs docker inspect -f '{{.State.Pid}}'` -n netstat -ntuo"

Mac下容器内部访问宿主机网络

Use your internal IP address or connect to the special DNS name host.docker.internal which will resolve to the internal IP address used by the host.

1	host.docker.internal

快速启动一个Echo服务

1	ncat -l 2000 --keep-open --exec "/bin/cat"

Net Tools Continar

推荐使用 netshoot

apiVersion: v1
kind: ReplicationController
metadata:
  name: nginx
spec:
  replicas: 2
  selector:
    app: nginx
  template:
    metadata:
      name: nginx
      labels:
        app: nginx
    spec:
      containers:
      - name: nginx
        image: nginx
        ports:
        - containerPort: 80
      - name: nettool
        image: nicolaka/netshoot
        command: [ "/bin/bash", "-c", "--" ]
        args: [ "while true; do sleep 30; done;" ]

IPtables

将某Port的请求转发到另外一个Port

1	iptables -t nat -I PREROUTING --src 0/0 --dst 172.17.0.2 -p tcp --dport 2526 -j REDIRECT --to-ports 2000

参考

A tcpdump Tutorial with Examples: 50 Ways to Isolate Traffic