how to see the pod and veth relationship in kubernetes
is there anyway to see the relationship of kubernetes v1.15.2 pod and veth? now I could see the veth in host but do not know which pod owned.
vethe4297f4: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
ether ba:01:db:4a:7d:d0 txqueuelen 0 (Ethernet)
RX packets 9999796 bytes 1671107011 (1.5 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 9231477 bytes 2153738950 (2.0 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethf059d46: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
ether 6a:8f:a3:65:dd:4c txqueuelen 0 (Ethernet)
RX packets 11724557 bytes 5581499446 (5.1 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 12847645 bytes 2142367255 (1.9 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vethf9efebf: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1450
ether fa:c7:76:53:4a:36 txqueuelen 0 (Ethernet)
RX packets 11103657 bytes 2587046474 (2.4 GiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8993500 bytes 1816804215 (1.6 GiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0by the way, I am learning the flannel communication procedure from the architecture :
Similar Questions
2 Answers
is there anyway to see the relationship of kubernetes v1.15.2 pod and veth?
TL;DR :
Yes.
There is a bunch of similar topics on StackOverflow and even some scripts on Github.
Explanation:
There is a very good article on Kubernetes (K8s) networking.
Oversimplified, "K8s networking" handled by Linux’s network namespaces and virtual interfaces.
Below console output has been taken on my GKE cluster, but shall be applicable to standalone cluster as well.
$ sudo ip link show | egrep "veth|docker" | awk -F":" '{print $1": "$2}'
3: docker0
5: vethcf35c1bb@if3
6: veth287168da@if3
7: veth5c70f15b@if3
11: veth62f193f7@if3
12: vetha38273b3@if3
14: veth240a8f81@if3
sudo docker ps --format '{{.ID}} {{.Names}} {{.Image}}' "$@" | wc -l
25As you can see, I have 6 veth's serving traffic for 25 docker containers. Let's find the veth that serves traffic for one of the pods.
$ kubectl get pods
NAME READY STATUS RESTARTS AGE
server-go-7b57857cfb-p6m62 1/1 Running 0 7m41s- Lets find the docker container id for the pod.
$ sudo docker ps --format '{{.ID}} {{.Pid}} {{.Names}} {{.Image}}' "$@" | grep POD_server
6aa1d952a9f3 k8s_POD_server-go-7b57857cfb-p6m62_default_02206a28-42e1-43a5-adb8-f6ab13258fb1_0 k8s.gcr.io/pause:3.1- Checking a
pidfor it:
$ sudo docker inspect --format '{{.State.Pid}}' 6aa1d952a9f3
4012085- Allowing system tools accessing the namespace of that
pid:
$ sudo ln -sf /proc/${pid}/ns/net /var/run/netns/ns-${pid}#in my case the commands were :
$ if [ ! -d /var/run/netns ]; then sudo mkdir -p /var/run/netns; fi
$ sudo ln -sf /proc/4012085/ns/net /var/run/netns/ns-4012085$ sudo ip netns exec "ns-4012085" ip link show type veth | grep "eth0"
3: eth0@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1460 qdisc noqueue state UP mode DEFAULT group default - Checking exact interface that serves traffic for the container.
From that output (eth0@if14) we can say that the eth0 for the 6aa1d952a9f3 docker container is linked to the interface 14: veth240a8f81@if3 on host machine.
Based on this example you can write your own script to match veth interfaces to Pods, containers, etc.
Hope that helps.
Thanks for this thread, very useful. I got the desired output using nsenter. So instead of tweaking the files, just do
sudo nsenter -t 4012085 -n ip link show type veth | grep "eth0"Worked at least for me ;-)