kubernetes Kuberenetes ExternalName服务将请求转发到群集外部的服务

我们需要将请求转发到群集外的服务。
/ -〉群集外的某些服务（someapi.com）
/API -〉集群内的服务
当我试图击中https://someapi.com/health时，它会给我适当的响应，但不是通过入口。
进入

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: custom-ingress
  annotations:
    kubernetes.io/ingress.class: haproxy
status:
  loadBalancer: {}
spec:
  tls:
    - hosts:
        - mytenant.com
      secretName: tenant-secret
  rules:
    - host: mytenant.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: external-service
                port:
                  number: 80

服务

apiVersion: v1
kind: Service
metadata:
  name: external-service
status:
  loadBalancer: {}
spec:
  type: ExternalName
  sessionAffinity: None
  externalName: someapi.com

curl -ikv https://mytenant.com/health给了我
503服务不可用
没有服务器可用于处理此请求。
到主机www.example.com的连接#0mytenant.com保持不变
我尝试了nslookup，它的计算结果为ip

/usr/src/app # nslookup external-service
Server:         901.63.1.11
Address:        901.63.1.11:53

external-service.default.svc.cluster.local    canonical name = someapi.com
someapi.com        canonical name = proxy-aws-can-55.elb.eu-central-1.amazonaws.com
Name:   proxy-aws-can-55.elb.eu-central-1.amazonaws.com
Address: 92.220.220.137
Name:   proxy-aws-can-55.elb.eu-central-1.amazonaws.com
Address: 33.43.161.163
Name:   proxy-aws-can-55.elb.eu-central-1.amazonaws.com
Address: 98.200.178.250

external-service.default.svc.cluster.local    canonical name = someapi.com
someapi.com        canonical name = proxy-aws-can-55.elb.eu-central-1.amazonaws.com

当我将外部服务端口更改为80时（还尝试将目标服务端口更改为443）

spec:
  ports:
    - protocol: TCP
      port: 80
      targetPort: 80
  type: ExternalName
  sessionAffinity: None
  externalName: someapi.com

它一直和301循环

< HTTP/2 301
< content-length: 0
< location: https://mytenant.com/health
< strict-transport-security: max-age=15768000

(With同样的设置，如果我只是将externalName更改为httpbin.org，它就可以正常工作。）
当我将入口（端口）和服务（端口和目标端口）更改为443时，

REFUSED_STREAM, retrying a fresh connect
Connection died, tried 5 times before giving up
Closing connection 5
curl: (56) Connection died, tried 5 times before giving up

我也尝试设置这里提到的主机头，https://www.haproxy.com/documentation/kubernetes/latest/configuration/ingress/#set-host，但仍然没有运气301。
请帮助我了解我应该如何使它工作。非常感谢！

我得到了工作配置，我将入口（端口）和服务（端口/目标端口）更改为443。此外，在入口上添加了注解ingress.kubernetes.io/backend-protocol: h1-ssl。
我认为我得到301是因为上游服务期望https请求，并且在添加后端协议注解之后，在HAProxy控制器处终止ssl之后，发起的新调用是https并且满足了请求。此外，我认为在ExternalName服务的情况下，服务targetPort的值并不重要。
进入

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: custom-ingress
  annotations:
    ingress.kubernetes.io/backend-protocol: h1-ssl
    kubernetes.io/ingress.class: haproxy
status:
  loadBalancer: {}
spec:
  tls:
    - hosts:
        - mytenant.com
      secretName: tenant-secret
  rules:
    - host: mytenant.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: external-service
                port:
                  number: 443

服务

apiVersion: v1
kind: Service
metadata:
  name: external-service
status:
  loadBalancer: {}
spec:
  ports:
    - protocol: TCP
      port: 443
      targetPort: 443
  type: ExternalName
  sessionAffinity: None
  externalName: someapi.com

kubernetes Kuberenetes ExternalName服务将请求转发到群集外部的服务

1条答案

相关问题

热门标签

最新问答