Inspektor GadgetでKubernetesクラスタをデバッグしよう
2023/10/12 SRETT#7 satoken
k8sクラスタのデバッグ大変ですよね?
© 2023 3-shake Inc.
2
Inspektor Gadget
© 2023 3-shake Inc.
3
Inspektor Gadgetの仕組み
© 2023 3-shake Inc.
4
gadgetコマンド
$ kubectl gadget -h
Collection of gadgets for Kubernetes developers
Usage:
kubectl-gadget [command]
Available Commands:
advise Recommend system configurations based on collected information
audit Audit a subsystem
completion Generate the autocompletion script for the specified shell
deploy Deploy Inspektor Gadget on the cluster
help Help about any command
profile Profile different subsystems
prometheus Expose metrics using prometheus
script Run a bpftrace-compatible scripts
snapshot Take a snapshot of a subsystem and print it
sync Synchronize gadget information with your cluster
top Gather, sort and periodically report events according to a given criteria
trace Trace and print system events
traceloop Get strace-like logs of a container from the past
undeploy Undeploy Inspektor Gadget from cluster
version Show version
© 2023 3-shake Inc.
5
gadget traceコマンド
$ kubectl gadget trace -h
Trace and print system events
Usage:
kubectl-gadget trace [command]
Available Commands:
bind Trace socket bindings
capabilities Trace security capability checks
dns Trace DNS requests
exec Trace new processes
fsslower Trace open, read, write and fsync operations slower than a threshold
mount Trace mount and umount system calls
network Trace network streams
oomkill Trace when OOM killer is triggered and kills a process
open Trace open system calls
signal Trace signals received by processes
sni Trace Server Name Indication (SNI) from TLS requests
tcp Trace TCP connect, accept and close
tcpconnect Trace connect system calls
tcpdrop Trace TCP kernel-dropped packets/segments
tcpretrans Trace TCP retransmissions
ネットワークやプロセス
などいろいろなイベント
をトレース
© 2023 3-shake Inc.
6
gadget adviseコマンド
$ kubectl gadget advise -h
Recommend system configurations based on collected information
Usage:
kubectl-gadget advise [command]
Available Commands:
network-policy Generate network policies based on recorded network activity
seccomp-profile Generate seccomp profiles based on recorded syscalls activity
Network Policyやseccompの
ファイルを生成してくれる
© 2023 3-shake Inc.
7
あらかじめQA
© 2023 3-shake Inc.
8