티스토리 뷰
안녕하세요, 2022 kubecon 세션 중 Whose Packet Is It Anyway? Life of a Packet Through a Service Mesh — Kevin Leimkuhler, Buoyant & Doug Jordan, Airbnb 를 참고하여 주요 내용 위주로 정리했습니다.
What is a container?
- Linux doesn’t have containers. It has namespaces
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
현재 리눅스에서 지원하는 네임스페이스는 크게 보면 다음과 같습니다.참고
- Cgroup 네임스페이스(cgorup)
- 네트워크 네임스페이스(network)
- IPC 네임스페이스(ipc)
- PID 네임스페이스(pid)
- UTS 네임스페이스(user)
- 사용자 네임스페이스(uts)
- 마운트 네임스페이스(mnt)
- 시간 네임스페이스(time)
각 컨테이너(Container)는 네트워크 리소스를 공유하는 프로세스입니다.
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
How does a proxy redirect a packet?
- The packet headers were changed by iptables
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
- A proxy checks the TCP stream’s socket options
What is responsible for configuring iptables?
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
TCP Debugging
Kafka
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
tcpdump + wireshark
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
install tcpdump
$ apt update && apt install tcpdump
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Whose Packet Is It Anyways?, Kevin Leimkuhler & Douglas Jordan KubeCon NA 2022
Summary
- Linux doesn’t have containers
- The network namespace isolates network resources
- iptables rewrite the packet header
- The proxy looks at the socket table
- TCP observability is limited
- tcpdump the pod on loopback via nsenter
- tcpdump the proxy via host + interface
- Ephemeral containers will save us
blog migration project
written in 2022.10.29
https://medium.com/techblog-hayleyshim/k8s-network-d23581d3986a
'IT > Container&k8s' 카테고리의 다른 글
| [k8s] Kubernetes Operations (kOps) Install in AWS (0) | 2023.10.29 |
|---|---|
| [k8s] OpenInfra & Cloud Native Day Korea 2022 (0) | 2023.10.29 |
| [k8s] 2022 kubecon- Security (0) | 2023.10.29 |
| [k8s] Debugging a k8s cluster (0) | 2023.10.29 |
| [k8s] performance (0) | 2023.10.29 |
- Total
- Today
- Yesterday
- GKE
- IaC
- PYTHON
- 국제 개발 협력
- handson
- k8s calico
- EKS
- VPN
- GCP
- terraform
- cni
- NFT
- NW
- OS
- S3
- 혼공챌린지
- operator
- k8s
- cloud
- 도서
- security
- 혼공파
- SDWAN
- k8s cni
- 혼공단
- AWS
- controltower
- AI
- 파이썬
- gcp serverless
| 일 | 월 | 화 | 수 | 목 | 금 | 토 |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 |