k8s - WEB终端(gotty)

搭建K8S私有云之后,我们需要在私有云上提供一种能力,让研发可以直接登录 容器,参看容器或者应用程序当前的状态。研发人员不可直接登录宿主主机,登录宿主主机属于危险操作。

WEB终端的话,推荐使用gotty: github 地址: https://github.com/yudai/gotty

一、环境说明:

centos7

K8S: 1.8

gotty:1.0.1

二、gotty参数说明 :

--address value, -a value IP address to listen (default: "0.0.0.0") [$GOTTY_ADDRESS]

--port value, -p value Port number to liten (default: "8080") [$GOTTY_PORT]

--permit-write, -w Permit clients to write to the TTY (BE CAREFUL) [$GOTTY_PERMIT_WRITE]

--credential value, -c value Credential for Basic Authentication (ex: user:pass, default disabled) [$GOTTY_CREDENTIAL]

--random-url, -r Add a random string to the URL [$GOTTY_RANDOM_URL]

--random-url-length value Random URL length (default: 8) [$GOTTY_RANDOM_URL_LENGTH]

--tls, -t Enable TLS/SSL [$GOTTY_TLS]

--tls-crt value TLS/SSL certificate file path (default: "~/.gotty.crt") [$GOTTY_TLS_CRT]

--tls-key value TLS/SSL key file path (default: "~/.gotty.key") [$GOTTY_TLS_KEY]

--tls-ca-crt value TLS/SSL CA certificate file for client certifications (default: "~/.gotty.ca.crt") [$GOTTY_TLS_CA_CRT]

--index value Custom index.html file [$GOTTY_INDEX]

--title-format value Title format of browser window (default: "{{ .command }}@{{ .hostname }}") [$GOTTY_TITLE_FORMAT]

--reconnect Enable reconnection [$GOTTY_RECONNECT]

--reconnect-time value Time to reconnect (default: 10) [$GOTTY_RECONNECT_TIME]

--max-connection value Maximum connection to gotty (default: 0) [$GOTTY_MAX_CONNECTION]

--once Accept only one client and exit on disconnection [$GOTTY_ONCE]

--timeout value Timeout seconds for waiting a client(0 to disable) (default: 0) [$GOTTY_TIMEOUT]

--permit-arguments Permit clients to send command line arguments in URL (e.g. http://example.com:8080/?arg=AAA&arg=BBB) [$GOTTY_PERMIT_ARGUMENTS]

--width value Static width of the screen, 0(default) means dynamically resize (default: 0) [$GOTTY_WIDTH]

--height value Static height of the screen, 0(default) means dynamically resize (default: 0) [$GOTTY_HEIGHT]

--ws-origin value A regular expression that matches origin URLs to be accepted by WebSocket. No cross origin requests are acceptable by default [$GOTTY_WS_ORIGIN]

--term value Terminal name to use on the browser, one of xterm or hterm. (default: "xterm") [$GOTTY_TERM]

--close-signal value Signal sent to the command process when gotty close it (default: SIGHUP) (default: 1) [$GOTTY_CLOSE_SIGNAL]

--close-timeout value Time in seconds to force kill process after client is disconnected (default: -1) (default: -1) [$GOTTY_CLOSE_TIMEOUT]

--config value Config file path (default: "~/.gotty") [$GOTTY_CONFIG]

--version, -v print the version

三、启动gotty :

./gotty -w --permit-arguments docker exec -ti

或者 ./gotty -w -p 8081 --permit-arguments kubectl exec -ti &

浏览器直接传入容器的ID和进入容器需要执行的命令(/bin/bash)

http://172.172.241.180:8080/?arg=6f&arg=%2fbin%2fbash

k8s - WEB终端(gotty)_第1张图片

其他:使用浏览器频繁进入容器之后,容器内部会产生大量/bin/bash进程,这个需要注意一下,一般是不推荐直接进入容器的。

本文转自CSDN-k8s - WEB终端(gotty)

你可能感兴趣的:(java,网络)