mirror of
https://github.com/kubenetworks/kubevpn.git
synced 2025-12-24 11:51:13 +08:00
9.2 KiB
9.2 KiB
KubeVPN
一个本地连接云端 kubernetes 网络的工具,可以在本地直接访问远端集群的服务。也可以在远端集群访问到本地服务,便于调试及开发
快速开始
从 Github release 下载编译好的二进制文件
从 自定义 Krew 仓库安装
(
kubectl krew index add kubevpn https://github.com/wencaiwulue/kubevpn.git && \
kubectl krew install kubevpn/kubevpn && kubectl kubevpn
)
自己构建二进制文件
(
git clone https://github.com/wencaiwulue/kubevpn.git && \
cd kubevpn && make kubevpn && ./bin/kubevpn
)
安装 bookinfo 作为 demo 应用
kubectl apply -f https://raw.githubusercontent.com/wencaiwulue/kubevpn/master/samples/bookinfo.yaml
功能
链接到集群网络
➜ ~ kubevpn connect
get cidr from cluster info...
get cidr from cluster info ok
get cidr from cni...
get cidr from svc...
get cidr from svc ok
traffic manager not exist, try to create it...
pod [kubevpn-traffic-manager] status is Pending
Container Reason Message
pod [kubevpn-traffic-manager] status is Pending
Container Reason Message
control-plane ContainerCreating
vpn ContainerCreating
webhook ContainerCreating
pod [kubevpn-traffic-manager] status is Running
Container Reason Message
control-plane ContainerRunning
vpn ContainerRunning
webhook ContainerRunning
update ref count successfully
port forward ready
your ip is 223.254.0.101
tunnel connected
dns service ok
---------------------------------------------------------------------------
Now you can access resources in the kubernetes cluster, enjoy it :)
---------------------------------------------------------------------------
有这个提示出来后, 当前 terminal 不要关闭,新打开一个 terminal, 执行新的操作
➜ ~ kubectl get pods -o wide
NAME READY STATUS RESTARTS AGE IP NODE NOMINATED NODE READINESS GATES
details-7db5668668-mq9qr 1/1 Running 0 7m 172.27.0.199 172.30.0.14 <none> <none>
kubevpn.traffic.manager 1/1 Running 0 74s 172.27.0.207 172.30.0.14 <none> <none>
productpage-8f9d86644-z8snh 1/1 Running 0 6m59s 172.27.0.206 172.30.0.14 <none> <none>
ratings-859b96848d-68d7n 1/1 Running 0 6m59s 172.27.0.201 172.30.0.14 <none> <none>
reviews-dcf754f9d-46l4j 1/1 Running 0 6m59s 172.27.0.202 172.30.0.14 <none> <none>
➜ ~ ping 172.27.0.206
PING 172.27.0.206 (172.27.0.206): 56 data bytes
64 bytes from 172.27.0.206: icmp_seq=0 ttl=63 time=49.563 ms
64 bytes from 172.27.0.206: icmp_seq=1 ttl=63 time=43.014 ms
64 bytes from 172.27.0.206: icmp_seq=2 ttl=63 time=43.841 ms
64 bytes from 172.27.0.206: icmp_seq=3 ttl=63 time=44.004 ms
64 bytes from 172.27.0.206: icmp_seq=4 ttl=63 time=43.484 ms
^C
--- 172.27.0.206 ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 43.014/44.781/49.563/2.415 ms
➜ ~ kubectl get services -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
details ClusterIP 172.27.255.92 <none> 9080/TCP 9m7s app=details
productpage ClusterIP 172.27.255.48 <none> 9080/TCP 9m6s app=productpage
ratings ClusterIP 172.27.255.154 <none> 9080/TCP 9m7s app=ratings
reviews ClusterIP 172.27.255.155 <none> 9080/TCP 9m6s app=reviews
➜ ~ curl 172.27.255.48:9080
<!DOCTYPE html>
<html>
<head>
<title>Simple Bookstore App</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
域名解析功能
➜ ~ curl productpage.default.svc.cluster.local:9080
<!DOCTYPE html>
<html>
<head>
<title>Simple Bookstore App</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
短域名解析功能
➜ ~ curl productpage:9080
<!DOCTYPE html>
<html>
<head>
<title>Simple Bookstore App</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
...
反向代理
➜ ~ kubevpn connect --workloads deployment/productpage
got cidr from cache
traffic manager not exist, try to create it...
pod [kubevpn-traffic-manager] status is Running
Container Reason Message
control-plane ContainerRunning
vpn ContainerRunning
webhook ContainerRunning
update ref count successfully
Waiting for deployment "productpage" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "productpage" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "productpage" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "productpage" rollout to finish: 1 old replicas are pending termination...
Waiting for deployment "productpage" rollout to finish: 1 old replicas are pending termination...
deployment "productpage" successfully rolled out
port forward ready
your ip is 223.254.0.101
tunnel connected
dns service ok
---------------------------------------------------------------------------
Now you can access resources in the kubernetes cluster, enjoy it :)
---------------------------------------------------------------------------
package main
import (
"io"
"net/http"
)
func main() {
http.HandleFunc("/", func(writer http.ResponseWriter, request *http.Request) {
_, _ = io.WriteString(writer, "Hello world!")
})
_ = http.ListenAndServe(":9080", nil)
}
➜ ~ curl productpage:9080
Hello world!%
➜ ~ curl productpage.default.svc.cluster.local:9080
Hello world!%
反向代理支持 service mesh
支持 HTTP, GRPC 和 WebSocket 等, 携带了指定 header "a: 1" 的流量,将会路由到本地
➜ ~ kubevpn connect --workloads=deployment/productpage --headers a=1
got cidr from cache
traffic manager not exist, try to create it...
pod [kubevpn-traffic-manager] status is Running
Container Reason Message
control-plane ContainerRunning
vpn ContainerRunning
webhook ContainerRunning
update ref count successfully
Waiting for deployment "productpage" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "productpage" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "productpage" rollout to finish: 1 out of 2 new replicas have been updated...
Waiting for deployment "productpage" rollout to finish: 1 old replicas are pending termination...
Waiting for deployment "productpage" rollout to finish: 1 old replicas are pending termination...
deployment "productpage" successfully rolled out
port forward ready
your ip is 223.254.0.101
tunnel connected
dns service ok
---------------------------------------------------------------------------
Now you can access resources in the kubernetes cluster, enjoy it :)
---------------------------------------------------------------------------
➜ ~ curl productpage:9080
<!DOCTYPE html>
<html>
<head>
<title>Simple Bookstore App</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
...
➜ ~ curl productpage:9080 -H "a: 1"
Hello world!%
支持多种协议
- TCP
- UDP
- HTTP
- ICMP
- ...
支持三大平台
- macOS
- Linux
- Windows
Windows 下需要安装 PowerShell
问答
- 依赖的镜像拉不下来,或者内网环境无法访问 docker.io 怎么办?
- 答:在可以访问 docker.io 的网络中,将命令
kubevpn version中的 image 镜像, 转存到自己的私有镜像仓库,然后启动命令的时候,加上--image 新镜像即可。 例如:
➜ ~ kubevpn version
KubeVPN: CLI
Version: v1.1.14
Image: docker.io/naison/kubevpn:v1.1.14
Branch: master
Git commit: 87dac42dad3d8f472a9dcdfc2c6cd801551f23d1
Built time: 2023-01-15 04:19:45
Built OS/Arch: linux/amd64
Built Go version: go1.18.10
➜ ~
镜像是 docker.io/naison/kubevpn:v1.1.14,将此镜像转存到自己的镜像仓库。
docker pull docker.io/naison/kubevpn:v1.1.14
docker tag docker.io/naison/kubevpn:v1.1.14 [镜像仓库地址]/[命名空间]/[镜像仓库]:[镜像版本号]
docker push [镜像仓库地址]/[命名空间]/[镜像仓库]:[镜像版本号]
然后就可以使用这个镜像了,如下:
➜ ~ kubevpn connect --image docker.io/naison/kubevpn:v1.1.14
got cidr from cache
traffic manager not exist, try to create it...
pod [kubevpn-traffic-manager] status is Running
...