1. 创建脚本 sniff
#!/usr/bin/env bash
set -euxo pipefail
NAMESPACE=${1}; shift
POD=${1}; shift
readarray -t LINES <<<"$(kubectl get pod --namespace "${NAMESPACE}" "${POD}" --output=jsonpath="{.status.containerStatuses[0].containerID}{\"\\n\"}{.status.hostIP}")"
CONTAINER_ID=${LINES[0]}
CONTAINER_ID=${CONTAINER_ID#‘docker://‘}
HOST_IP=${LINES[1]}
if [[ -z $(ip address | sed -n "s/inet ${HOST_IP}\//found/p") ]]; then
SHELL_COMMAND=‘eval ssh ${HOST_IP} bash -euxo pipefail -‘
else
SHELL_COMMAND=‘source /dev/stdin‘
fi
${SHELL_COMMAND} <<EOF
IMAGE_ID=\$(docker images rancher/library-busybox --format=‘{{.ID}}‘ | head -1)
IF_NO=\$(docker run --rm --net=container:${CONTAINER_ID@Q} "\${IMAGE_ID}" cat /sys/class/net/eth0/iflink)
IF=\$(ip link | sed -n "s/^\${IF_NO}: \([^@]\+\).*$/\1/p")
tcpdump -i "\${IF}" ${@@Q}
EOF
2. 使用
./sniff <NAMESPACE> <POD> [TCPDUMP ARG]...
# 例子:./sniff kubernetes-dashboard kubernetes-dashboard-7c4b498cb4-slkk8 -U -w -
原文:https://www.cnblogs.com/roy2220/p/14799536.html