Kubernetes 使用 Telepresence 转发内部流量到本地开发环境

连接 Kubernetes

会自动安装traffic-manager，如果安装失败（如镜像拉取失败等原因），需要手动执行Helm安装。

PS C:\> telepresence connect
Launching Telepresence Root Daemon
Launching Telepresence User Daemon
telepresence: error: connector.Connect: failed to ensure traffic manager: the helm operation timed out.  The current timeout 30s can be configured as "timeouts.helm" in "C:\\Users\\fendoudebb\\AppData\\Roaming\\telepresence\\config.yml"

See logs for details (3 errors found): "C:\\Users\\fendoudebb\\AppData\\Local\\telepresence\\logs\\connector.log"
If you think you have encountered a bug, please run `telepresence gather-logs` and attach the telepresence_logs.zip to your github issue or create a new one: https://github.com/telepresenceio/telepresence/issues/new?template=Bug_report.md .

安装 traffic-manager

添加 Helm 仓库

helm repo add datawire https://app.getambassador.io

输出

PS C:\Users\fendoudebb> helm repo add datawire https://app.getambassador.io
"datawire" has been added to your repositories

更新 Helm 仓库

helm repo update datawire

输出

PS C:\Users\fendoudebb> helm repo update datawire
Hang tight while we grab the latest from your chart repositories...
...Successfully got an update from the "datawire" chart repository
Update Complete. ⎈Happy Helming!⎈

安装 traffic-manager

首次安装：traffic-manager安装在ambassador命名空间下，故需要创建Namespace。

helm install traffic-manager -n ambassador datawire/telepresence --create-namespace

非首次安装：前提是ambassador命名空间已经存在。

helm install traffic-manager -n ambassador datawire/telepresence

输出

PS C:\Users\fendoudebb> helm install traffic-manager -n ambassador datawire/telepresence
NAME: traffic-manager
LAST DEPLOYED: Sat Jun 11 21:42:47 2022
NAMESPACE: ambassador
STATUS: deployed
REVISION: 1
NOTES:
--------------------------------------------------------------------------------
Congratulations!


You have successfully installed the Traffic Manager component of Telepresence!
Now your users will be able to `telepresence connect` to this Cluster and create
intercepts for their services!

--------------------------------------------------------------------------------
Next Steps
--------------------------------------------------------------------------------

- Take a look at our RBAC documentation for setting up the minimal required RBAC
roles for your users at
https://www.getambassador.io/docs/telepresence/latest/reference/rbac/

- Ensure that you are keeping up to date with Telepresence releases
https://github.com/telepresenceio/telepresence/releases so that your Traffic
Manager is the same version as the telepresence client your users are running!

查看运行的 Pod

kubectl get pod -n ambassador

卸载 traffic-manager

helm uninstall traffic-manager -n ambassador

输出

PS C:\Users\fendoudebb> helm uninstall traffic-manager -n ambassador
release "traffic-manager" uninstalled

连接完成

PS C:\Users\fendoudebb\Desktop> telepresence.exe connect
Launching Telepresence Root Daemon
Launching Telepresence User Daemon
Connected to context minikube (https://172.26.85.84:8443)

退出连接

退出 Root Daemon 进程

telepresence.exe quit -r

退出 User Daemon 进程

telepresence.exe quit -u

输出

PS C:\Users\fendoudebb\Desktop> telepresence.exe quit -r
Telepresence Network quitting...done
Telepresence Traffic Manager disconnecting...done
PS C:\Users\fendoudebb\Desktop> telepresence.exe quit -u
Telepresence Network is already disconnected
Telepresence Traffic Manager quitting...done

显示工作负载

只有Deployment、StatefulSet、ReplicaSet，可以被拦截。

telepresence list

输出

PS C:\Users\fendoudebb> telepresence list
No Workloads (Deployments, StatefulSets, or ReplicaSets)

创建 Spring Boot Deployment yaml

kubectl create deployment mydepoly --image=myspringboot --port=8080 --dry-run -o yaml

输出

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: mydepoly
  name: mydepoly
spec:
  replicas: 1
  selector:
    matchLabels:
      app: mydepoly
  strategy: {}
  template:
    metadata:
      labels:
        app: mydepoly
    spec:
      containers:
      - image: myspringboot
        name: myspringboot
        imagePullPolicy: Never
        ports:
        - containerPort: 8080
        resources: {}

运行 Spring Boot Deployment

kubectl apply -f .\mydeploy-deployment.yaml

输出

PS C:\Users\fendoudebb\Desktop> kubectl apply -f .\mydeploy-deployment.yaml
deployment.apps/mydepoly created

创建 Deployment 的 Service yaml

kubectl expose deployment mydepoly --port=8080 --type=ClusterIP --dry-run -o yaml

输出

apiVersion: v1
kind: Service
metadata:
  creationTimestamp: null
  labels:
    app: mydepoly
  name: mydepoly
spec:
  ports:
  - port: 8080
    protocol: TCP
    targetPort: 8080
  selector:
    app: mydepoly
  type: ClusterIP
status:
  loadBalancer: {}

运行 Service

kubectl apply -f .\mydeploy-service.yaml

再次查看转发列表

telepresence list

输出：mydepoly服务可以被拦截，但traffic-agent还没安装。

PS C:\Users\fendoudebb\Desktop> telepresence list
mydepoly: ready to intercept (traffic-agent not yet installed)

拦截流量转发到本地

<service-name>：指定Kubernetes中Service的名字。

<local-port>：指定需要转发到本地的端口。

<remote-port>：指定拦截Kubernetes内部的端口，如果和<local-port>一致可省略。

--env-file：指定本地保存Kubernetes内部环境变量的文件，可用于导入本地开发环境。

-n：指定命名空间。

telepresence intercept <service-name> --port <local-port>[:<remote-port>] --env-file <path-to-env-file>

示例

拦截流量需要用到traffic-agent镜像，可提前下载避免出现错误。

相关镜像地址：https://hub.docker.com/u/datawire

telepresence intercept mydepoly --port 8080:8080

输出

PS C:\Users\fendoudebb\Desktop> telepresence intercept mydepoly --port 8080:8080
Using Deployment mydepoly
intercepted
    Intercept name    : mydepoly
    State             : ACTIVE
    Workload kind     : Deployment
    Destination       : 127.0.0.1:8080
    Volume Mount Point: T:
    Intercepting      : all TCP requests
Intercepting all traffic to your service. To route a subset of the traffic instead, use a personal intercept. You can enable personal intercepts by authenticating to Ambassador Cloud with "telepresence login".

本机电脑环境访问

curl mydepoly.default.svc.cluster.local:8080

假设指定了命名空间yournamespace：

curl mydepoly.yournamespace.svc.cluster.local:8080

可能出现的错误

原因：本地开发机器内存不足。

PS C:\Users\fendoudebb\Desktop> telepresence intercept mydepoly --port 8080:8080
telepresence: error: Get "https://10.96.0.1:443/apis/apps/v1/namespaces/default/deployments/mydepoly": context deadline exceeded

原因：traffic-agent镜像拉取失败。

PS C:\Users\fendoudebb\Desktop> telepresence intercept mydepoly --port 8080:8080
telepresence: error: rpc error: code = DeadlineExceeded desc = request timed out while waiting for agent mydepoly.default to arrive

取消拦截

telepresence leave mydepoly

卸载 traffic manager 和 agent

telepresence uninstall --everything

IDEA 安装插件

IDEA安装EnvFile，导入--env-file指定的路径的文件。这样在运行时就具有Kubernetes内部的环境了。

参考

https://blog.jetbrains.com/idea/2021/05/easily-debug-java-microservices-running-on-kubernetes-with-intellij-idea

https://github.com/telepresenceio/telepresence/issues/2504

https://github.com/telepresenceio/telepresence/issues/2389

traffic manager Helm

https://github.com/telepresenceio/telepresence/tree/release/v2/charts/telepresence

官方文档

https://www.telepresence.io/docs/latest/quick-start

开源地址

https://github.com/telepresenceio/telepresence