kubernetes - Kubernetes。如何使用集群内部服务的外部暴露 URL
问题描述
我想在 Kubernetes 中从服务 A 连接到服务 B (KeyCloak)。但是使用服务 B 的外部暴露 URL,例如“auth-dev.localhost”。
因为一般的原因。
通过浏览器连接到“auth-dev.localhost”正在工作。但我无法从服务 A 访问服务 B,此 url 声明为“kubernetes.oauth.server.url=http://auth-dev.localhost/auth/realms/test”
感谢任何想法...
Feb 17, 2021 4:16:00 PM io.quarkus.hibernate.orm.runtime.proxies.ProxyDefinitions
WARN: Unable to find a build time generated proxy for entity %s
Feb 17, 2021 4:16:01 PM org.jboss.threads
INFO: JBoss Threads version %s
Feb 17, 2021 4:16:01 PM io.quarkus.runtime.ApplicationLifecycleManager run
ERROR: Failed to start application (with profile prod)
java.net.ConnectException: Connection refused
at java.base/sun.nio.ch.SocketChannelImpl.checkConnect(Native Method)
at java.base/sun.nio.ch.SocketChannelImpl.finishConnect(SocketChannelImpl.java:779)
at io.netty.channel.socket.nio.NioSocketChannel.doFinishConnect(NioSocketChannel.java:330)
at io.netty.channel.nio.AbstractNioChannel$AbstractNioUnsafe.finishConnect(AbstractNioChannel.java:334)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:702)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:650)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:576)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:989)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
at java.base/java.lang.Thread.run(Thread.java:834)
附加信息
配置
服务 B (Keycloak)
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: keyclaok
name: keycloak
namespace: ${namespace}
spec:
progressDeadlineSeconds: 600
replicas: 1
revisionHistoryLimit: 10
selector:
matchLabels:
app: keycloak
strategy:
rollingUpdate:
maxSurge: 1
maxUnavailable: 0
type: RollingUpdate
template:
metadata:
labels:
app: keycloak
spec:
containers:
- image: ${image}
imagePullPolicy: Always
name: keycloak
ports:
- containerPort: 8080
name: http
protocol: TCP
- containerPort: 5005
name: https
protocol: TCP
envFrom:
- configMapRef:
name: keycloak-config
readinessProbe:
failureThreshold: 3
httpGet:
path: /auth/realms/master
port: 8080
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources: {}
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
dnsPolicy: ClusterFirst
imagePullSecrets:
- name: some-name
restartPolicy: Always
schedulerName: default-scheduler
securityContext: {}
terminationGracePeriodSeconds: 30
hostAliases:
- ip: "127.0.0.1"
hostnames:
- "auth-dev.localhost"
apiVersion: v1
kind: ConfigMap
metadata:
labels:
app: keycloak
name: keycloak-config
data:
KEYCLOAK_USER: ${user}
KEYCLOAK_PASSWORD: ${password}
PROXY_ADDRESS_FORWARDING: "true"
DB_VENDOR: "postgres"
DB_ADDR: ${db.host}
DB_PORT: ${db.port}
DB_DATABASE: "the-keycloak-DB"
DB_USER: ${db.user}
DB_PASSWORD: ${db.user.password}
apiVersion: v1
kind: Service
metadata:
labels:
app: keycloak
name: ${host}
namespace: ${namespace}
spec:
externalTrafficPolicy: Cluster
ports:
- name: http
port: ${port}
protocol: TCP
targetPort: 8080
selector:
app: keycloak
sessionAffinity: None
type: LoadBalancer
服务A
apiVersion: v1
kind: Service
metadata:
labels:
app: a-service
name: a-service
namespace: ${kubernetes.namespace}
spec:
externalTrafficPolicy: Cluster
ports:
- name: http
port: ${kubernete.port}
protocol: TCP
targetPort: 8080
- name: debug
port: ${kubernetes.debug.port}
protocol: TCP
targetPort: 5005
selector:
app: a-service
sessionAffinity: None
type: LoadBalancer
apiVersion: v1
kind: ConfigMap
metadata:
name: a-service-default
namespace: ${namespace}
data:
quarkus.oidc.auth-server-url: ${kubernetes.oauth.server.url}
quarkus.datasource.jdbc.url: jdbc:postgresql://db-service:5234/a-service
quarkus.datasource.username: my_user
quarkus.datasource.password: my_password
此外,配置了一个 Ingress,将 auth-dev.localhost 重定向到在浏览器中工作的 keycloak
解决方案
似乎对我的问题有用的是:
声明一个负载均衡器,它将 auth-dev.localhost 重定向到我的服务 B(Keycloak)并添加到正在运行的机器的“hosts”文件中
{服务 POD 的 IP} auth-dev.localhost
IP 取决于您如何配置 docker。默认范围为 192.168.65.0/28
而且我必须在服务 A 中声明使用端口以及 8080
推荐阅读
- python - 对于列表中的多个字符串,如何查找字符串中以大写字母开头的所有单词
- python - 如何通过 Selenium 和 Python 使用 classname 属性定位最后一个 Web 元素
- flutter - 在 Dart 中抛出异常的性能成本是多少?
- azure - Azure Devops Pipeline ACR 部署到 Web 应用容器
- python - input a number in a while loop for a python bowling program
- python-3.x - 使用 self 参数在循环中创建和调用自定义函数名称
- laravel - 如何重置 Xampp 的默认页面?
- postgresql - 针对多个值查询 Postgres 中的 jsonb 列
- swagger - 用于 Spring Data Rest 的 Swagger 2 或 3
- javascript - 我该如何解决 [Vue 警告]:数据()中的错误:Laravel Vue 中的“ReferenceError:total is not defined”