prof 文件能够用于性能分析,如果 NeuVector 组件出现性能问题(如 CPU 使用率异常高等),可以通过如下方式获取。
部署在 Kubernetes 的 NV prof 获取方式 进入 NV Manager Pod:
1 2 3 4 5 6 7 8 9 root@rke2-cilium-01:~# kubectl -n cattle-neuvector-system exec -it neuvector-manager-pod-848d9dc7fd-gxdmr -- cli Welcome to the NeuVector command line. Type help or ? to list commands. Username: admin Password: The administrative account is using the default password. This is a security risk. It is recommended that you change the default password for this account. admin#neuvector-svc-controller.cattle-neuvector-system>
获取实例的 ID:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 admin#neuvector-svc-controller.cattle-neuvector-system> show controller Total controllers: 1 +--------------+---------------------------------------------------------------------------------------------------------------------------------------+----------------+---------+----------------------+------------+--------+------------------+-----------------+ | id | name | host_name | version | joined_at | cluster_ip | leader | connection_state | disconnected_at | +--------------+---------------------------------------------------------------------------------------------------------------------------------------+----------------+---------+----------------------+------------+--------+------------------+-----------------+ | c489de3bb3f8 | k8s_neuvector-controller-pod_neuvector-controller-pod-5dfc84b8c8-7s84z_cattle-neuvector-system_570d28c9-b0b5-4ce1-b40b-50c1a3c41d79_0 | rke2-cilium-02 | v5.4.8 | 2026-02-28T04:31:24Z | 10.42.1.9 | True | connected | | +--------------+---------------------------------------------------------------------------------------------------------------------------------------+----------------+---------+----------------------+------------+--------+------------------+-----------------+ admin#neuvector-svc-controller.cattle-neuvector-system> show enforcer Total enforcers: 5 +--------------+------------------------------------------------------------------------------------------------------------------------+----------------+---------+----------------------+-------------+------------------+-----------------+ | id | name | host_name | version | joined_at | cluster_ip | connection_state | disconnected_at | +--------------+------------------------------------------------------------------------------------------------------------------------+----------------+---------+----------------------+-------------+------------------+-----------------+ | 1153f8b99861 | k8s_neuvector-enforcer-pod_neuvector-enforcer-pod-7zr87_cattle-neuvector-system_ce6eebc8-c95f-40b1-99bc-15227b0c6955_1 | rke2-cilium-02 | v5.4.8 | 2026-02-28T04:31:59Z | 10.42.1.38 | connected | | | 0702aed4d797 | k8s_neuvector-enforcer-pod_neuvector-enforcer-pod-d2h66_cattle-neuvector-system_282e6db9-f07e-498c-a945-282251523bfc_1 | rke2-cilium-04 | v5.4.8 | 2026-02-28T04:31:58Z | 10.42.3.131 | connected | | | 58363dbc789a | k8s_neuvector-enforcer-pod_neuvector-enforcer-pod-njql5_cattle-neuvector-system_9d75bc1d-d55c-4d1a-81fa-6b6c7de1957c_1 | rke2-cilium-03 | v5.4.8 | 2026-02-28T04:31:58Z | 10.42.2.19 | connected | | | f177731f6173 | k8s_neuvector-enforcer-pod_neuvector-enforcer-pod-v7scq_cattle-neuvector-system_0bc1cc50-4672-4805-bbd1-fd6fed7a2d86_1 | rke2-cilium-05 | v5.4.8 | 2026-02-28T04:31:56Z | 10.42.4.97 | connected | | | b01b52339718 | k8s_neuvector-enforcer-pod_neuvector-enforcer-pod-zpvmc_cattle-neuvector-system_772958ac-5d1a-4565-ae40-a99b428ead98_1 | rke2-cilium-01 | v5.4.8 | 2026-02-28T04:31:57Z | 10.42.0.20 | connected | | +--------------+------------------------------------------------------------------------------------------------------------------------+----------------+---------+----------------------+-------------+------------------+-----------------+
发出请求,生成性能异常实例的 prof 文件:
1 2 3 4 admin#neuvector-svc-controller.cattle-neuvector-system> request controller c489de3bb3f8 profile -c all -d 30 admin#neuvector-svc-controller.cattle-neuvector-system> request enforcer b01b52339718 profile -c all -d 30
获取生成的 prof 之前,需要关闭 NV 的 nvprotest:https://warnerchen.github.io/2025/02/05/%E5%85%B3%E9%97%AD-NeuVector-%E7%9A%84-nvprotect-%E6%9C%BA%E5%88%B6/
关闭 nvprotest 后,在 Pod 的 /var/nv_debug/profile 即可获取 prof 文件:
1 2 3 4 5 6 7 8 9 10 11 12 root@rke2-cilium-01:~# kubectl -n cattle-neuvector-system exec -it neuvector-controller-pod-5dfc84b8c8-7s84z -- ls -l /var/nv_debug/profile Defaulted container "neuvector-controller-pod" out of: neuvector-controller-pod, init (init), prime-config-container (init) total 220 -rw-r--r-- 1 root root 8268 Mar 4 07:41 ctl.cpu.prof -rw-r--r-- 1 root root 8890 Mar 4 07:41 ctl.goroutine.prof -rw-r--r-- 1 root root 197378 Mar 4 07:41 ctl.memory.prof root@rke2-cilium-01:~# kubectl -n cattle-neuvector-system exec -it neuvector-enforcer-pod-zpvmc -- ls -l /var/nv_debug/profile total 176 -rw-r--r-- 1 root root 16985 Mar 4 07:42 enf.cpu.prof -rw-r--r-- 1 root root 9122 Mar 4 07:42 enf.goroutine.prof -rw-r--r-- 1 root root 145529 Mar 4 07:42 enf.memory.prof
获取 prof 文件后,不要忘记重新开启 nvprotest。
通过 Allinone 部署的 NV prof 获取方式 在 Allinone 容器内执行上述 cli 命令即可。