전체 글95 ksniff 로 kubernetes 컨테이너 패킷 캡쳐 일반적으로 파드 내부의 컨테이너로 들어오고 나가는 네트워크 패킷은 확인할 일은 많지 않지만, 간혹 트러블 슈팅 목적으로 HTTP 헤더 등 패킷 상의 Raw 데이터를 직접 확인하고자 하는 경우 컨테이너 안에서 패킷 캡쳐를 하고 싶을 때가 있습니다. ksniff 는 kubectl CLI의 플러그인 중 하나로, 파드 내부에 tcpdump 를 실행하여 로컬 랩탑의 wireshark 로 패킷 덤프를 전달해줍니다. root 로 실행되는 컨테이너는 바로 파드 내부에서 tcpdump 를 실행하며, 일반 사용자로 실행되는 컨테이너는 -p 옵션을 부여하여 별도의 파드가 실행되어 대상 컨테이너의 패킷을 전달해줍니다. (아래 커맨드는 Mac OS를 기준으로 작성되었습니다.) # ksniff 설치 kubectl krew ins.. 2024. 4. 6. how to install knative and create service knative official docs https://knative.dev/docs/ Migrating a Cloud Run for Anthos service to Knative https://cloud.google.com/anthos/run/docs/migrate/knative # install knative cli https://knative.dev/docs/client/install-kn/#install-the-knative-cli brew install knative/client/kn kn version # install knative operator check latest release https://github.com/knative/operator/releases kubectl apply -f.. 2023. 10. 30. [cdk8s] Define k8s yaml file in programming language cdk8s - A framework that allows defining/creating yaml files that define k8s resources in programming languages such as python, typescript, and java.(official site - https://cdk8s.io/) -> In order to configure a yaml file for k8s resources, understanding the yaml file is necessary, and cdk8s provides an alternative to understanding yaml files by abstracting k8s resources. # install cli brew inst.. 2023. 9. 8. kube API server and kubernetes python client Although I briefly covered this in the previous post, I would like to think again about how to access the kube API server and Kubernetes, and briefly record how to interact with the Kubernetes cluster using python. 1. kube API server As described in the k8s official documentation, the core of the various components of the control plane that makes up Kubernetes is the kube API server. It is a com.. 2023. 8. 13. workload identity federation with keycloak workload identity federation with keycloak -> Authenticate without gcp service account json key by linking keycloak with oidc provider workload identity federation https://cloud.google.com/iam/docs/workload-identity-federation Integrate Cloud Run and workload identity federation https://cloud.google.com/iam/docs/tutorial-cloud-run-workload-id-federation Configure workload identity federation wit.. 2023. 7. 9. workload identity federation with k8s cluster This post covers how to use Kubernetes as an OIDC provider role to use GCP's workload identity federation service by delegating an IAM role without a json key for your GCP service account. It can be used when an application running on a Kubernetes cluster in a non-GCP environment wants to access GCP's services, or when an application running on a server in a non-GCP environment wants to access G.. 2023. 7. 2. GKE workload identity # Grant gcp permissions to pods using workload identity -> Rather than granting a gcp service account to individual nodes or the entire cluster, a k8s service account is created, and the k8s service account is set to assume the gcp service account role, thereby granting gcp specific service permissions only to the pod. https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity?hl=k.. 2023. 7. 1. zabbix graph Korean language is broken zabbix graph Korean language is broken # Zabbix default graph font ## zabbix 3.x version [root@ip-172-16-100-106 fonts]# ll /usr/share/zabbix/assets/fonts/ total 0 lrwxrwxrwx. 1 root root 33 Jul 30 11:32 graphfont.ttf -> /etc/alternatives/zabbix-web-font ## zabbix 5.2 version [root@bb4046033bc6 zabbix]# cd /usr/share/zabbix/assets/fonts/ [root@bb4046033bc6 fonts]# ls -al total 2988 drwxr-xr-x. 1.. 2023. 6. 17. Restore from CloudSQL MSSQL backup data Restore from CloudSQL MSSQL backup data https://cloud.google.com/sql/docs/sqlserver/import-export/import-export-bak#import # Grant GCS permissions to the CloudSQL service account Check the service account for your CloudSQL instance gcloud sql instances describe premisan-test-mssql --project my-project | grep serviceAccountEmailAddress Add access to GCS bucket gcloud projects add-iam-policy-bindi.. 2023. 5. 12. 이전 1 2 3 4 ··· 11 다음 반응형
